[JBoss JIRA] (WFCORE-2482) Elytron key/trust-manager-factory default algorithm
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2482?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7472 to WFCORE-2482:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2482 (was: WFLY-7472)
Component/s: Security
(was: Security)
Affects Version/s: 3.0.0.Beta7
(was: 11.0.0.Alpha1)
Fix Version/s: 4.0.0.Alpha1
(was: 11.0.0.Alpha1)
> Elytron key/trust-manager-factory default algorithm
> ---------------------------------------------------
>
> Key: WFCORE-2482
> URL: https://issues.jboss.org/browse/WFCORE-2482
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta7
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Labels: user_experience
> Fix For: 4.0.0.Alpha1
>
>
> {{key-manager-factory}} and {{trust-manager-factory}} requires user to specify algorithm.
> Consider defaulting in elytron code to {{TrustManagerFactory.getDefaultAlgorithm()}} and {{KeyManagerFactory.getDefaultAlgorithm()}}.
> It is java portable as for oracle java it returns SunX509 and for Ibm java IbmX509.
> This JIRA is in scope of "user experience", minimizing necessary user input configuration.
> David: "The trust manager definitely should use the default algorithm when none is given; in this case the algorithm name isn't an "algorithm" per se, it's just an implementation name."
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2484) CS tool, log exception on error
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2484?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8199 to WFCORE-2484:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2484 (was: WFLY-8199)
Component/s: Security
(was: Security)
> CS tool, log exception on error
> -------------------------------
>
> Key: WFCORE-2484
> URL: https://issues.jboss.org/browse/WFCORE-2484
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: credential-store, wildfly-elytron-tool
>
> When I try to create CS with invalid options I get just {{ELY09526: Unable to initialize credential store}}. For example:
> * I tried JKS, but JKS is unable to store secret keys
> {code}
> [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JKS" --password mycspassword --salt 12345678 --iteration 230 --summary
> ELY09526: Unable to initialize credential store[mchoma@localhost bin]$
> {code}
> * I tried BKS, but have not BC among providers
> {code}
> java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="/tmp/test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=BKS" --password mycspassword --salt 12345678 --iteration 230 --summary
> ELY09526: Unable to initialize credential store
> {code}
> It would be useful if underlying exception is logged as well. For example subsystem throws this exception and it is obvious what is wrong.
> {code}
> Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09526: Unable to initialize credential store
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.getKeyStoreInstance(KeyStoreCredentialStore.java:834)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:758)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:163)
> at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:119)
> at org.wildfly.extension.elytron.CredentialStoreService.start(CredentialStoreService.java:117)
> ... 5 more
> Caused by: java.security.KeyStoreException: BKS not found
> at java.security.KeyStore.getInstance(KeyStore.java:851)
> at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.getKeyStoreInstance(KeyStoreCredentialStore.java:832)
> ... 9 more
> Caused by: java.security.NoSuchAlgorithmException: BKS KeyStore not available
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
> at java.security.Security.getImpl(Security.java:695)
> at java.security.KeyStore.getInstance(KeyStore.java:848)
> ... 10 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2485) CS tool, add prompt when --password is missing
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2485?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8188 to WFCORE-2485:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2485 (was: WFLY-8188)
Component/s: Security
(was: Security)
> CS tool, add prompt when --password is missing
> ----------------------------------------------
>
> Key: WFCORE-2485
> URL: https://issues.jboss.org/browse/WFCORE-2485
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: credential-store
>
> Use case:
> - User have automation script using cs tool and user don't want to have password stored in file.
> - User don't want credential store password to be stored in shell history after execution.
> - User don't want credential store password to be listed in {{ps -aux}} output.
> There have to be possibility to omit --password attribute. When omitting --password attribute user interaction prompt should follow with possibility to input password.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2483) There is missing CS integration with core management
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2483?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8299 to WFCORE-2483:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2483 (was: WFLY-8299)
Component/s: Security
(was: Security)
> There is missing CS integration with core management
> ----------------------------------------------------
>
> Key: WFCORE-2483
> URL: https://issues.jboss.org/browse/WFCORE-2483
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> Priority is BLOCKER because this issue blocks RFE verification https://issues.jboss.org/browse/EAP7-538
> There must be credential store integration with core management as is mentioned in requirements of RFE.
> *management/security-realm*
> *management/security-realm/authentication/truststore* keystore-password
> *management/security-realm/server-identity/ssl* key-password and keystore-password
> *management/security-realm/server-identity/secret*
> *management/security-realm/authentication/users*
> But *security-realm* is deprecated, these resources have this description:
> {code}
> The security-realm configuration is deprecated and may be removed or moved in future versions.
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2477) Legacy Kerberos in management, regression in choosing keytab strategy
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2477?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7991 to WFCORE-2477:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2477 (was: WFLY-7991)
Component/s: Security
(was: Security)
> Legacy Kerberos in management, regression in choosing keytab strategy
> ---------------------------------------------------------------------
>
> Key: WFCORE-2477
> URL: https://issues.jboss.org/browse/WFCORE-2477
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
>
> There is regresion in strategy of choosing keytab described by xsd
> {code:xml|title=wildfly-config_5_0.xsd}
> <xs:element name="keytab">
> <xs:complexType>
> <xs:annotation>
> <xs:documentation>
> Reference to an individual keytab.
> On handling the authentication for an incoming request two pieces of information are known, the protocol and the name of the host
> this server is acting as. For HTTP requests the protocol will always be HTTP, for requests over Remoting by default the protocol will
> be 'remote' although this can be overridden.
> At the time authentication is going to be handled the keytab will be selected as follows: -
> 1 - Iterate the list of keytabs and identity one where the for-hosts attribute contains an entry matching protocol/hostname.
> 2 - Iterate the list of keytabs and identify one where the name of the principal matches matches protocol/hostname.
> 3 - Iterate the list of keytabs and identity one where the for-hosts attribute contains an entry matching hostname.
> 4 - Iterate the list of keytabs and identify one where the hostname portion of the principal matches the hostname of the request.
> 5 - Use the keytab where for-hosts is set to '*'.
> If no match is found no keytab will be selected and Kerberos will not be available for communication as that host.
> </xs:documentation>
> </xs:annotation>
> {code}
> In this example
> {code:xml|title=standalone.xlm}
> <security-realm name="PriorityForHostsProtocolBeforePrincipal">
> <server-identities>
> <kerberos>
> <keytab principal="HTTP/localhost.localdomain(a)JBOSS.ORG" path="krb.keytab" for-hosts="wrongprotocol/localhost.localdomain"/>
> <keytab principal="HTTP/wronghost(a)JBOSS.ORG" path="krb.keytab" for-hosts="HTTP/localhost.localdomain"/>
> </kerberos>
> {code}
> Rule 1 should be applied, but {{<keytab principal="HTTP/localhost.localdomain(a)JBOSS.ORG" path="krb.keytab" for-hosts="wrongprotocol/localhost.localdomain"/>}} is chosen,
> {code:title=server.log}
> 10:28:40,743 TRACE [org.jboss.as.domain.management.security] (management task-8) No mapping for name 'http/localhost.localdomain' to KeytabService, attempting to use host only match.
> 10:28:40,744 TRACE [org.jboss.as.domain.management.security] (management task-8) Selected KeytabService with principal 'HTTP/localhost.localdomain(a)JBOSS.ORG' for host 'localhost.localdomain'
> 10:28:40,744 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> 10:28:40,745 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> 10:28:40,745 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> 10:28:40,745 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> 10:28:40,847 TRACE [org.jboss.as.domain.management.security] (management task-9) No mapping for name 'http/localhost.localdomain' to KeytabService, attempting to use host only match.
> 10:28:40,848 TRACE [org.jboss.as.domain.management.security] (management task-9) Selected KeytabService with principal 'HTTP/localhost.localdomain(a)JBOSS.ORG' for host 'localhost.localdomain'
> 10:28:40,848 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> 10:28:40,848 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> 10:28:40,849 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> 10:28:40,849 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG
> {code}
> In this example
> {code:xml|title=standalone.xlm}
> <security-realm name="PriorityProtocolPrincipalBeforeForHosts">
> <server-identities>
> <kerberos>
> <keytab principal="HTTP/localhost.localdomain(a)JBOSS.ORG" path="krb.keytab" for-hosts="wronghost"/>
> <keytab principal="HTTP/wronghost(a)JBOSS.ORG" path="krb.keytab" for-hosts="localhost.localdomain"/>
> </kerberos>
> {code}
> Rule 2 should be applied, but {{<keytab principal="HTTP/wronghost(a)JBOSS.ORG" path="krb.keytab" for-hosts="localhost.localdomain"/>}} is chosen
> {code:title=server.log}
> 10:29:21,889 TRACE [org.jboss.as.domain.management.security] (management task-8) No mapping for name 'http/localhost.localdomain' to KeytabService, attempting to use host only match.
> 10:29:21,890 TRACE [org.jboss.as.domain.management.security] (management task-8) Selected KeytabService with principal 'HTTP/wronghost(a)JBOSS.ORG' for host 'localhost.localdomain'
> 10:29:21,890 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,890 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,891 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,891 INFO [stdout] (management task-8) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,955 TRACE [org.jboss.as.domain.management.security] (management task-9) No mapping for name 'http/localhost.localdomain' to KeytabService, attempting to use host only match.
> 10:29:21,955 TRACE [org.jboss.as.domain.management.security] (management task-9) Selected KeytabService with principal 'HTTP/wronghost(a)JBOSS.ORG' for host 'localhost.localdomain'
> 10:29:21,957 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,957 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,958 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,958 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.4426394941284285487.keytab for HTTP/wronghost(a)JBOSS.ORG
> 10:29:21,959 INFO [stdout] (management task-9) Entered Krb5Context.acceptSecContext with state=STATE_NEW
> 10:29:21,960 INFO [stdout] (management task-9) Looking for keys for: HTTP/wronghost(a)JBOSS.ORG
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2481) Elytron, Can't access application secured with SPNEGO fallbacking to FORM
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2481?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8285 to WFCORE-2481:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2481 (was: WFLY-8285)
Component/s: Security
(was: Security)
> Elytron, Can't access application secured with SPNEGO fallbacking to FORM
> -------------------------------------------------------------------------
>
> Key: WFCORE-2481
> URL: https://issues.jboss.org/browse/WFCORE-2481
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> When accessing application configured with SPNEGO + FORM fallback, then user get 404 on first http GET.
> {code}
> [mchoma@localhost ~]$ curl -v http://localhost.localdomain:8080/be4459d3-1eb1-4aa9-a42a-e6a63c1d33c5/pr...
> * Hostname was NOT found in DNS cache
> * Trying 127.0.0.1...
> * Connected to localhost.localdomain (127.0.0.1) port 8080 (#0)
> > GET /be4459d3-1eb1-4aa9-a42a-e6a63c1d33c5/protected/SimpleSecuredServlet HTTP/1.1
> > User-Agent: curl/7.37.0
> > Host: localhost.localdomain:8080
> > Accept: */*
> >
> < HTTP/1.1 404 Not Found
> < Expires: 0
> < Cache-Control: no-cache, no-store, must-revalidate
> < X-Powered-By: Undertow/1
> < Set-Cookie: JSESSIONID=0O3kk4WJTVuH0XuWriO_d_M6HMCb83Ri7UZmtUU0.localhost; path=/be4459d3-1eb1-4aa9-a42a-e6a63c1d33c5
> * Server JBoss-EAP/7 is not blacklisted
> < Server: JBoss-EAP/7
> < Pragma: no-cache
> < Date: Fri, 03 Mar 2017 09:15:41 GMT
> < Connection: keep-alive
> < WWW-Authenticate: Negotiate
> < Content-Type: text/html;charset=UTF-8
> < Content-Length: 149
> <
> * Connection #0 to host localhost.localdomain left intact
> <html><head><title>Error</title></head><body>/be4459d3-1eb1-4aa9-a42a-e6a63c1d33c5/protected/http:/localhost.localdomain:8080/login.jsp</body></html>[mchoma@localhost ~]$
> {code}
> Changing in web.xml {{<auth-method>SPNEGO,FORM</auth-method>}} to {{<auth-method>SPNEGO</auth-method>}} makes SPNEGO work again.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2478) Credential store, during creation of CS backed keystore is not created on filesystem.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2478?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8266 to WFCORE-2478:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2478 (was: WFLY-8266)
Component/s: Security
(was: Security)
> Credential store, during creation of CS backed keystore is not created on filesystem.
> -------------------------------------------------------------------------------------
>
> Key: WFCORE-2478
> URL: https://issues.jboss.org/browse/WFCORE-2478
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
>
> Keystore is created after writing secret key into it. So instead of "write alias" operation it is more "write alias and create backed keystore if not exists yet" operation.
> How to reproduce:
> - create credential store from scratch
> {code}
> [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore:add(uri="cr-store://test/myCredStore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to=jboss.server.config.dir)
> {"outcome" => "success"}
> {code}
> - myCredStore.jceks does not exists on FS (I would expect it will be created)
> {code}
> [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore/alias=myAlias:add(secret-value=secret)
> {"outcome" => "success"}
> {code}
> - myCredStore.jceks exists on FS
> Setting high priority as lack of this behaviour can lead to more complex problems in multiprocess scenarios (e.g domain mode)
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2480) CS tool, provide way to create empty credential store
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2480?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8195 to WFCORE-2480:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2480 (was: WFLY-8195)
Component/s: Security
(was: Security)
> CS tool, provide way to create empty credential store
> -----------------------------------------------------
>
> Key: WFCORE-2480
> URL: https://issues.jboss.org/browse/WFCORE-2480
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Labels: credential-store, wildfly-elytron-tool
>
> There is no way to create empty credential store. Curently credential store can be created only with adding alias as well.
> {code}
> java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary
> {code}
> I would expect something like
> {code}
> java -jar wildfly-elytron-tool.jar credential-store --create --location="test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2475) Changing Elytron default-authentication-context ends in reload-required state
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2475?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8293 to WFCORE-2475:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2475 (was: WFLY-8293)
Component/s: Security
(was: Security)
> Changing Elytron default-authentication-context ends in reload-required state
> -----------------------------------------------------------------------------
>
> Key: WFCORE-2475
> URL: https://issues.jboss.org/browse/WFCORE-2475
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
>
> If I try to change Elytron default-authentication-context server ends in reload-required state.
> {code}
> /subsystem=elytron/authentication-context=auth-context:add()
> /subsystem=elytron:write-attribute(name=default-authentication-context,value=auth-context)
> {
> "outcome" => "success",
> "response-headers" => {
> "operation-requires-reload" => true,
> "process-state" => "reload-required"
> }
> }
> {code}
> However attribute {{default-authentication-context}} is marked as {{"restart-required" => "no-services"}} in model
> {code}
> /subsystem=elytron:read-resource-description(recursive=false)
> {
> ...
> "default-authentication-context" => {
> "type" => STRING,
> "description" => "The default authentication context to be associated with all deployments.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "capability-reference" => "org.wildfly.security.authentication-context",
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> ...
> }
> {code}
> According to documentation [1] if attribute is marked as {{"restart-required" => "no-services"}} no restart of service is necessary
> no-services – Applying the operation to the runtime does not require the restart of any services. This value is the default if the restart-required descriptor is not present.
> [1] https://docs.jboss.org/author/display/WFLY10/Description+of+the+Managemen...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2473) It is possible to create constant-name-rewriter without defined constant
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2473?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7670 to WFCORE-2473:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2473 (was: WFLY-7670)
Component/s: Security
(was: Security)
Fix Version/s: 4.0.0.Alpha1
(was: 11.0.0.Alpha1)
> It is possible to create constant-name-rewriter without defined constant
> ------------------------------------------------------------------------
>
> Key: WFCORE-2473
> URL: https://issues.jboss.org/browse/WFCORE-2473
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jan Tymel
> Assignee: Darran Lofthouse
> Labels: user_experience
> Fix For: 4.0.0.Alpha1
>
>
> If user adds a new {{constant-name-rewriter}} via following command {{/subsystem=elytron/constant-name-rewriter=name-rewriter:add(constant)}} then is a new rewriter created.
> It shouldn't be possible since {{constant}} attribute isn't filled correctly. However, there is added a new rewriter with {{true}} value [1] instead.
> [1] <constant-name-rewriter name="name-rewriter" constant="true"/>
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months