March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2476) Inconsistencies in using fileType/path+relative-to in Elytron XSD/DMR

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2476?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7578 to WFCORE-2476: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2476 (was: WFLY-7578) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Inconsistencies in using fileType/path+relative-to in Elytron XSD/DMR > --------------------------------------------------------------------- > > Key: WFCORE-2476 > URL: https://issues.jboss.org/browse/WFCORE-2476 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > *Issue description:* > In _wildfly-elytron_1_0.xsd_, a file type is represented inconsistently. There are {{basicFileType}} and {{fileType}} complex types used, but there are also {{path}} and {{relative-to}} attributes used ({{providerLoadersType}}, {{kerberosSecurityFactory}}). > In DMR, file is represented as object (e.g. {{properties-realm}}) or as attributes (e.g. {{filesystem-realm}}, {{key-store}}). > *Suggestions for improvement:* > The file representation should be consistent in XSD/DMR. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2474) keyStoreType in wildfly-elytron_1_0.xsd contains "password" attribute.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2474?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7423 to WFCORE-2474: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2474 (was: WFLY-7423) Component/s: Security (was: Security) > keyStoreType in wildfly-elytron_1_0.xsd contains "password" attribute. > ---------------------------------------------------------------------- > > Key: WFCORE-2474 > URL: https://issues.jboss.org/browse/WFCORE-2474 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Priority: Minor > > KeyStoreType in wildfly-elytron_1_0.xsd contains "password" attribute. > There is "credential-reference" element that is replacement for "password" attribute. > Please remove "password" attribute from keyStoreType. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2472) Review security-property resource in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2472?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7181 to WFCORE-2472: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2472 (was: WFLY-7181) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Review security-property resource in Elytron subsystem > ------------------------------------------------------ > > Key: WFCORE-2472 > URL: https://issues.jboss.org/browse/WFCORE-2472 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Minor > Fix For: 4.0.0.Alpha1 > > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2471) Elytron kerberos-security-factory debug attribute type

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2471?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8012 to WFCORE-2471: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2471 (was: WFLY-8012) Component/s: Security (was: Security) > Elytron kerberos-security-factory debug attribute type > ------------------------------------------------------ > > Key: WFCORE-2471 > URL: https://issues.jboss.org/browse/WFCORE-2471 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: user_experience > > Currently kerberos-security-factory debug attribute is in management model defined as STRING type, but could be BOOLEAN. > {code} > "kerberos-security-factory" => { > "description" => "A security factory for obtaining a GSSCredential for use during authentication.", > "model-description" => {"*" => { > "description" => "A security factory for obtaining a GSSCredential for use during authentication.", > "capabilities" => [{ > "name" => "org.wildfly.security.security-factory.credential", > "dynamic" => true > }], > "attributes" => { > "debug" => { > "type" => STRING, > "description" => "Should the JAAS step of obtaining the credential have debug logging enabled.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "default" => false, > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {code} > In XSD it is properly configured as boolean > {code:xml} > <xs:attribute name="debug" type="xs:boolean" default="false"> > <xs:annotation> > <xs:documentation> > Should the JAAS step of obtaining the credential have debug logging enabled. > </xs:documentation> > </xs:annotation> > </xs:attribute> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2470) There is missing option to set absolute path for credential store.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2470?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7972 to WFCORE-2470: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2470 (was: WFLY-7972) Component/s: Security (was: Security) > There is missing option to set absolute path for credential store. > ------------------------------------------------------------------- > > Key: WFCORE-2470 > URL: https://issues.jboss.org/browse/WFCORE-2470 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > There is missing option to set absolute path for credential store. > I expect absolute path defined in URI attribute. Some like this: > {code} > /subsystem=elytron/credential-store=CredStore108:add(uri="cr-store://test/tmp/cs108.jceks?create.storage=true", credential-reference={clear-text=pass123}) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2468) Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2468?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7522 to WFCORE-2468: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2468 (was: WFLY-7522) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception. > ------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2468 > URL: https://issues.jboss.org/browse/WFCORE-2468 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception. > *Steps to reproduce* > * firefly.keystore which is attached copy to eap_home/standalone/data/cs. > * /subsystem=elytron/key-store=ff001:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {clear-text=Elytron}) > */subsystem=elytron/key-managers=keymanager001:add(algorithm=SunX509, key-store=ff001) > And you get this output: > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-managers.km002" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-managers.km002: Failed to start service > Caused by: java.lang.NullPointerException"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-managers.km002"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > There must be some kind of information about missing credential-reference or at least missing (wrong) password to key-store. > When I add there credential-reference with pass to Key-store then operation passes > /subsystem=elytron/key-managers=keymanager001:add(algorithm=SunX509, key-store=ff001, credential-reference={clear-text=Elytron}) > *Suggestions to improvement* > failure-description must not contain Exception or snippet stacktrace. > Please replace WFLYCTL0080 part to better message. > e.g. "credential-reference is required", "Missing password to key-store access" -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2469) Complex type mechanism-provider-filtering-sasl-server-factory in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2469?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7170 to WFCORE-2469: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2469 (was: WFLY-7170) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complex type mechanism-provider-filtering-sasl-server-factory in Elytron subsystem > ---------------------------------------------------------------------------------- > > Key: WFCORE-2469 > URL: https://issues.jboss.org/browse/WFCORE-2469 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Elytron subsystem uses complex type in mechanism-provider-filtering-sasl-server-factory resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2465) Elytron key-manager for server-ssl-context is not required

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2465?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7652 to WFCORE-2465: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2465 (was: WFLY-7652) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Elytron key-manager for server-ssl-context is not required > ---------------------------------------------------------- > > Key: WFCORE-2465 > URL: https://issues.jboss.org/browse/WFCORE-2465 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > > It is possible to create server ssl context without key manager. > {code} > /subsystem=elytron/server-ssl-context=a:add() > {code} > Key manager in elytron holds reference to key store. > I can't think of use case where it would be usefull to configure server ssl context without specifying key store. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2463) Configuring more password types should be allowed for Elytron filesystem-realm identity in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2463?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7584 to WFCORE-2463: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2463 (was: WFLY-7584) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Configuring more password types should be allowed for Elytron filesystem-realm identity in management model > ----------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2463 > URL: https://issues.jboss.org/browse/WFCORE-2463 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > > In case when two password type are part of {{set-password}} operation for identity of Elytron filesystem-realm then only first of them is used and others are discarded. Configuring multiple credentials for one identity should be supported [1]. > [1] https://issues.jboss.org/browse/WFLY-7584?focusedCommentId=13322919&page=... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2464) CS tool, Add possibility to produce masked password

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2464?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8192 to WFCORE-2464: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2464 (was: WFLY-8192) Component/s: Security (was: Security) > CS tool, Add possibility to produce masked password > --------------------------------------------------- > > Key: WFCORE-2464 > URL: https://issues.jboss.org/browse/WFCORE-2464 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: credential-store, user_experience > > This JIRA is requesting for specialized feature (option) of getting masked string. > Now you can get value of masked password, but as a side effect of adding alias into credential store and parameter --summary have to be used. > {code} > java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary > Alias "myalias" has been successfully stored > Credential store command summary: > -------------------------------------- > /subsystem=elytron/credential-store=test:add(uri="cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230"}) > {code} > And in output there is masked string {{MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230}} hidden. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017