March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2456) Obtain password from external source (CMD, EXT) doesn't work on Windows.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2456?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8268 to WFCORE-2456: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2456 (was: WFLY-8268) Component/s: Security (was: Security) > Obtain password from external source (CMD, EXT) doesn't work on Windows. > ------------------------------------------------------------------------ > > Key: WFCORE-2456 > URL: https://issues.jboss.org/browse/WFCORE-2456 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > Obtain password from external source (CMD, EXT) doesn't work on Windows. > Try to create new CS which obtains password from external source: > {code} > /subsystem=elytron/credential-store=myCredStore:add(uri="cr-store://test/myCredStore.jceks?create=true", credential-reference={clear-text="{CMD}C:\path\to\scrit\pass.bat,VerySecretPassword", type=COMMAND}, relative-to=jboss.server.config.dir) > {code} > pass.bat file contains only this > {code} > echo %1 > {code} > Because of https://issues.jboss.org/browse/JBEAP-9211 you must do this extra step: > Add new alias to CS -> JCEKS file is created > Please try it open directly with pass "VerySecretPassword" -> *it doesn't work* on Windows. > In my opinion there is problem with back slashes in script path. > https://github.com/wildfly/wildfly-core/blob/3.0.0.Alpha22/controller/src... > Because when I add there back slashed to path then it works. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2455) Empty secret-value is not allowed in credential stores

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2455?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8143 to WFCORE-2455: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2455 (was: WFLY-8143) Component/s: Security (was: Security) > Empty secret-value is not allowed in credential stores > ------------------------------------------------------- > > Key: WFCORE-2455 > URL: https://issues.jboss.org/browse/WFCORE-2455 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Critical > Labels: credential-store > > It's not possible to add an entry with empty secret-value into a credential store. > Masking the fact the password is empty is a valid scenario. > {code} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add() > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0155: 'secret-value' may not be null", > "rolled-back" => true > } > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add(secret-value="") > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0113: '' is an invalid value for parameter secret-value. Values must have a minimum length of 1 characters", > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2454) Complex type ldap-realm in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2454?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7173 to WFCORE-2454: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2454 (was: WFLY-7173) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complex type ldap-realm in Elytron subsystem > -------------------------------------------- > > Key: WFCORE-2454 > URL: https://issues.jboss.org/browse/WFCORE-2454 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 4.0.0.Alpha1 > > > Elytron subsystem uses complex type in ldap-realm resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2451) CS tool, invalid content of --type parameter leads to NPE

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2451?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8200 to WFCORE-2451: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2451 (was: WFLY-8200) Component/s: Security (was: Security) > CS tool, invalid content of --type parameter leads to NPE > --------------------------------------------------------- > > Key: WFCORE-2451 > URL: https://issues.jboss.org/browse/WFCORE-2451 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > If I fill --type option with some invalid value (other then KeyStoreCredentialStore) I get NPE. For example with -t DoesNotExists I get > {code} > [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="/tmp/test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary -t DoesNotExists > Exception in thread "main" java.lang.NullPointerException > at java.util.regex.Matcher.getTextLength(Matcher.java:1283) > at java.util.regex.Matcher.reset(Matcher.java:309) > at java.util.regex.Matcher.<init>(Matcher.java:229) > at java.util.regex.Pattern.matcher(Pattern.java:1093) > at java.util.Formatter.parse(Formatter.java:2547) > at java.util.Formatter.format(Formatter.java:2501) > at java.io.PrintStream.format(PrintStream.java:970) > at java.io.PrintStream.printf(PrintStream.java:871) > at org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:58) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2450) Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2450?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7479 to WFCORE-2450: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2450 (was: WFLY-7479) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description. > ------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2450 > URL: https://issues.jboss.org/browse/WFCORE-2450 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description. > *How to reproduce* > Prepare credential store file (the easiest way is create credential store from scratch) > /subsystem=elytron/credential-store=cs_pass123:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123;create.storage=true") > /subsystem=elytron/credential-store=cs_pass123/alias=dbPass:add(secret-value=passwordToDB) > Then I try to create Credential store with wrong key password to existing store file. > /subsystem=elytron/credential-store=cs_wrong_key_pass:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123;key.password=pass456") > *I can see this result:* > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store-client.cs_wrong_key_pass" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store-client.cs_wrong_key_pass: WFLYELY00004: Unable to start the service. > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09506: Cannot read credential storage file '/home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/ks-pass123.jceks' for the store named 'cs_wrong_key_pass' > Caused by: java.security.UnrecoverableKeyException: Given final block not properly padded"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store-client.cs_wrong_key_pass"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > *Suggestion for solution* > failure-description must not contain Exception or snippet stacktrace. > Description like that "Password for credential store key is incorrect." -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2452) Elytron key-store requires set credential-reference which is wrongly marked as optional.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2452?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7629 to WFCORE-2452: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2452 (was: WFLY-7629) Component/s: Security (was: Security) > Elytron key-store requires set credential-reference which is wrongly marked as optional. > ---------------------------------------------------------------------------------------- > > Key: WFCORE-2452 > URL: https://issues.jboss.org/browse/WFCORE-2452 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > > In EAP7.1.0.DR7 Elytron key-store uses credential-reference with clear-text attribute for password instead of password attribute. > But there is problem with credential-reference element which is wrongly marked as optional. > Please set this element on mandatory with respect to this issue https://issues.jboss.org/browse/WFLY-7125 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2453) Complicated failure-descriptions in Elytron simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2453?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7475 to WFCORE-2453: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2453 (was: WFLY-7475) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complicated failure-descriptions in Elytron simple-permission-mapper > -------------------------------------------------------------------- > > Key: WFCORE-2453 > URL: https://issues.jboss.org/browse/WFCORE-2453 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > There are complicated failure-descriptions in Elytron simple-permission-mapper. They include some details from exceptions which are not needed and can be confused for non-java administrators. Please handle these exceptions and provide some user friendly failure-description. > Examples of complicated failure-description in simple-permission-mapper: > * Wrong name of permission class: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.WrongLoginPermission,target-name=someName}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [org.wildfly.security.auth.permission.WrongLoginPermission]. > Caused by: org.wildfly.security.permission.InvalidPermissionClassException: ELY03015: Could not load permission class \"org.wildfly.security.auth.permission.WrongLoginPermission\" > Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.permission.WrongLoginPermission from [Module \"org.wildfly.extension.elytron:main\" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/olukas/workspace/uxcli/jboss-eap-7.1/modules,/home/olukas/workspace/uxcli/jboss-eap-7.1/modules/system/layers/base))]"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > * Adding permission, but non existing module is used: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.LoginPermission,target-name=someName,module=some.nonexist.module}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main > Caused by: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > Suggestion for improvement: > * use only description of failure, e.g. something like "module a.b.c. does not exist" > * do not use any unneeded information - e.g. "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2447) Wrong description of Elytron configurable-http-server-mechanism-factory in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2447?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7449 to WFCORE-2447: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2447 (was: WFLY-7449) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Wrong description of Elytron configurable-http-server-mechanism-factory in management model > ------------------------------------------------------------------------------------------- > > Key: WFCORE-2447 > URL: https://issues.jboss.org/browse/WFCORE-2447 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Description of {{configurable-http-server-mechanism-factory}} resource is incorrectly copied from {{aggregate-sasl-server-factory}}. It said "description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2448) Setting elytron ssl-context on undertow without reload

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2448?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7329 to WFCORE-2448: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2448 (was: WFLY-7329) Component/s: Security Security (was: Security) (was: Web (Undertow)) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Setting elytron ssl-context on undertow without reload > ------------------------------------------------------ > > Key: WFCORE-2448 > URL: https://issues.jboss.org/browse/WFCORE-2448 > Project: WildFly Core > Issue Type: Bug > Components: Security, Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: Tomaz Cerar > Labels: user_experience > > Please, allow setting of elytron ssl-context on undertow without reload. > {code} > [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=server) > { > "outcome" => "success", > "response-headers" => { > "operation-requires-reload" => true, > "process-state" => "reload-required" > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2449) Default Elytron realm names are confusing - use same values as Legacy security realms

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2449?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8000 to WFCORE-2449: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2449 (was: WFLY-8000) Component/s: Security (was: Security) > Default Elytron realm names are confusing - use same values as Legacy security realms > ------------------------------------------------------------------------------------- > > Key: WFCORE-2449 > URL: https://issues.jboss.org/browse/WFCORE-2449 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Blocker > Labels: user_experience > > The default application server profiles now contain Elytron subsystem configured (more in EAP7-543). The subsystem contains 2 properties realms, which copy behavior of security realms in legacy security. They use the same name as the original ones *ApplicationRealm* and *ManagementRealm*: > {code:xml} > <properties-realm name="ApplicationRealm"> > <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> > <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> > </properties-realm> > <properties-realm name="ManagementRealm"> > <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/> > <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> > </properties-realm> > {code} > The new Elytron realms must use different names than legacy ones. Otherwise customers/administrators may think about the Elytron realms as just references to the legacy security. > *Suggested solution* > Rename the default Elytron realms to something like *ElytronManagementRealm* or *ManagementElytronRealm*. So the configuration looks like: > {code:xml} > <properties-realm name="ApplicationElytronRealm"> > <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> > <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> > </properties-realm> > <properties-realm name="ManagementElytronRealm"> > <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/> > <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> > </properties-realm> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017