March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2475) Changing Elytron default-authentication-context ends in reload-required state

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2475?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8293 to WFCORE-2475: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2475 (was: WFLY-8293) Component/s: Security (was: Security) > Changing Elytron default-authentication-context ends in reload-required state > ----------------------------------------------------------------------------- > > Key: WFCORE-2475 > URL: https://issues.jboss.org/browse/WFCORE-2475 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > If I try to change Elytron default-authentication-context server ends in reload-required state. > {code} > /subsystem=elytron/authentication-context=auth-context:add() > /subsystem=elytron:write-attribute(name=default-authentication-context,value=auth-context) > { > "outcome" => "success", > "response-headers" => { > "operation-requires-reload" => true, > "process-state" => "reload-required" > } > } > {code} > However attribute {{default-authentication-context}} is marked as {{"restart-required" => "no-services"}} in model > {code} > /subsystem=elytron:read-resource-description(recursive=false) > { > ... > "default-authentication-context" => { > "type" => STRING, > "description" => "The default authentication context to be associated with all deployments.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "capability-reference" => "org.wildfly.security.authentication-context", > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > ... > } > {code} > According to documentation [1] if attribute is marked as {{"restart-required" => "no-services"}} no restart of service is necessary > no-services – Applying the operation to the runtime does not require the restart of any services. This value is the default if the restart-required descriptor is not present. > [1] https://docs.jboss.org/author/display/WFLY10/Description+of+the+Managemen... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2473) It is possible to create constant-name-rewriter without defined constant

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2473?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7670 to WFCORE-2473: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2473 (was: WFLY-7670) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > It is possible to create constant-name-rewriter without defined constant > ------------------------------------------------------------------------ > > Key: WFCORE-2473 > URL: https://issues.jboss.org/browse/WFCORE-2473 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Jan Tymel > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > If user adds a new {{constant-name-rewriter}} via following command {{/subsystem=elytron/constant-name-rewriter=name-rewriter:add(constant)}} then is a new rewriter created. > It shouldn't be possible since {{constant}} attribute isn't filled correctly. However, there is added a new rewriter with {{true}} value [1] instead. > [1] <constant-name-rewriter name="name-rewriter" constant="true"/> -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2476) Inconsistencies in using fileType/path+relative-to in Elytron XSD/DMR

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2476?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7578 to WFCORE-2476: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2476 (was: WFLY-7578) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Inconsistencies in using fileType/path+relative-to in Elytron XSD/DMR > --------------------------------------------------------------------- > > Key: WFCORE-2476 > URL: https://issues.jboss.org/browse/WFCORE-2476 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > *Issue description:* > In _wildfly-elytron_1_0.xsd_, a file type is represented inconsistently. There are {{basicFileType}} and {{fileType}} complex types used, but there are also {{path}} and {{relative-to}} attributes used ({{providerLoadersType}}, {{kerberosSecurityFactory}}). > In DMR, file is represented as object (e.g. {{properties-realm}}) or as attributes (e.g. {{filesystem-realm}}, {{key-store}}). > *Suggestions for improvement:* > The file representation should be consistent in XSD/DMR. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2474) keyStoreType in wildfly-elytron_1_0.xsd contains "password" attribute.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2474?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7423 to WFCORE-2474: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2474 (was: WFLY-7423) Component/s: Security (was: Security) > keyStoreType in wildfly-elytron_1_0.xsd contains "password" attribute. > ---------------------------------------------------------------------- > > Key: WFCORE-2474 > URL: https://issues.jboss.org/browse/WFCORE-2474 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Priority: Minor > > KeyStoreType in wildfly-elytron_1_0.xsd contains "password" attribute. > There is "credential-reference" element that is replacement for "password" attribute. > Please remove "password" attribute from keyStoreType. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2472) Review security-property resource in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2472?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7181 to WFCORE-2472: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2472 (was: WFLY-7181) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Review security-property resource in Elytron subsystem > ------------------------------------------------------ > > Key: WFCORE-2472 > URL: https://issues.jboss.org/browse/WFCORE-2472 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Minor > Fix For: 4.0.0.Alpha1 > > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2471) Elytron kerberos-security-factory debug attribute type

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2471?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8012 to WFCORE-2471: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2471 (was: WFLY-8012) Component/s: Security (was: Security) > Elytron kerberos-security-factory debug attribute type > ------------------------------------------------------ > > Key: WFCORE-2471 > URL: https://issues.jboss.org/browse/WFCORE-2471 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: user_experience > > Currently kerberos-security-factory debug attribute is in management model defined as STRING type, but could be BOOLEAN. > {code} > "kerberos-security-factory" => { > "description" => "A security factory for obtaining a GSSCredential for use during authentication.", > "model-description" => {"*" => { > "description" => "A security factory for obtaining a GSSCredential for use during authentication.", > "capabilities" => [{ > "name" => "org.wildfly.security.security-factory.credential", > "dynamic" => true > }], > "attributes" => { > "debug" => { > "type" => STRING, > "description" => "Should the JAAS step of obtaining the credential have debug logging enabled.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "default" => false, > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {code} > In XSD it is properly configured as boolean > {code:xml} > <xs:attribute name="debug" type="xs:boolean" default="false"> > <xs:annotation> > <xs:documentation> > Should the JAAS step of obtaining the credential have debug logging enabled. > </xs:documentation> > </xs:annotation> > </xs:attribute> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2470) There is missing option to set absolute path for credential store.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2470?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7972 to WFCORE-2470: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2470 (was: WFLY-7972) Component/s: Security (was: Security) > There is missing option to set absolute path for credential store. > ------------------------------------------------------------------- > > Key: WFCORE-2470 > URL: https://issues.jboss.org/browse/WFCORE-2470 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > There is missing option to set absolute path for credential store. > I expect absolute path defined in URI attribute. Some like this: > {code} > /subsystem=elytron/credential-store=CredStore108:add(uri="cr-store://test/tmp/cs108.jceks?create.storage=true", credential-reference={clear-text=pass123}) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2468) Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2468?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7522 to WFCORE-2468: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2468 (was: WFLY-7522) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception. > ------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2468 > URL: https://issues.jboss.org/browse/WFCORE-2468 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception. > *Steps to reproduce* > * firefly.keystore which is attached copy to eap_home/standalone/data/cs. > * /subsystem=elytron/key-store=ff001:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {clear-text=Elytron}) > */subsystem=elytron/key-managers=keymanager001:add(algorithm=SunX509, key-store=ff001) > And you get this output: > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-managers.km002" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-managers.km002: Failed to start service > Caused by: java.lang.NullPointerException"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-managers.km002"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > There must be some kind of information about missing credential-reference or at least missing (wrong) password to key-store. > When I add there credential-reference with pass to Key-store then operation passes > /subsystem=elytron/key-managers=keymanager001:add(algorithm=SunX509, key-store=ff001, credential-reference={clear-text=Elytron}) > *Suggestions to improvement* > failure-description must not contain Exception or snippet stacktrace. > Please replace WFLYCTL0080 part to better message. > e.g. "credential-reference is required", "Missing password to key-store access" -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2469) Complex type mechanism-provider-filtering-sasl-server-factory in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2469?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7170 to WFCORE-2469: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2469 (was: WFLY-7170) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complex type mechanism-provider-filtering-sasl-server-factory in Elytron subsystem > ---------------------------------------------------------------------------------- > > Key: WFCORE-2469 > URL: https://issues.jboss.org/browse/WFCORE-2469 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Elytron subsystem uses complex type in mechanism-provider-filtering-sasl-server-factory resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2465) Elytron key-manager for server-ssl-context is not required

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2465?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7652 to WFCORE-2465: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2465 (was: WFLY-7652) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Elytron key-manager for server-ssl-context is not required > ---------------------------------------------------------- > > Key: WFCORE-2465 > URL: https://issues.jboss.org/browse/WFCORE-2465 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > > It is possible to create server ssl context without key manager. > {code} > /subsystem=elytron/server-ssl-context=a:add() > {code} > Key manager in elytron holds reference to key store. > I can't think of use case where it would be usefull to configure server ssl context without specifying key store. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017