March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2443) Wrong description of Elytron configurable-sasl-server-factory in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2443?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7448 to WFCORE-2443: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2443 (was: WFLY-7448) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Wrong description of Elytron configurable-sasl-server-factory in management model > --------------------------------------------------------------------------------- > > Key: WFCORE-2443 > URL: https://issues.jboss.org/browse/WFCORE-2443 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Description of {{configurable-sasl-server-factory}} resource in CLI is incorrectly copied from {{aggregate-sasl-server-factory}}. It says "description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2444) There isn't possibility log in to management web console as user which was dynamically added after EAP was started.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2444?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7939 to WFCORE-2444: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2444 (was: WFLY-7939) Component/s: Security (was: Security) > There isn't possibility log in to management web console as user which was dynamically added after EAP was started. > ------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2444 > URL: https://issues.jboss.org/browse/WFCORE-2444 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > I am not able to log in to management web console as user which was dynamically added after EAP was started. > *Scenario:* > * EAP is running - *standalone.sh -c=standalone-elytron.xml* > * add user through script *add-user.sh -u john -p password1! -s* > * log in to management web console as user *john* > *Result:* > * It doesn't work until restart > When we use Picketbox then it works fine. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2445) Wrong documentation of Elytron configurable-http-server-mechanism-factory properties element in XSD

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2445?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7450 to WFCORE-2445: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2445 (was: WFLY-7450) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Wrong documentation of Elytron configurable-http-server-mechanism-factory properties element in XSD > --------------------------------------------------------------------------------------------------- > > Key: WFCORE-2445 > URL: https://issues.jboss.org/browse/WFCORE-2445 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Documentation of element {{properties}} for {{configurable-http-server-mechanism-factory}} (httpServerMechanismFactoryType) in wildfly-elytron_1_0.xsd says: "Additional properties that should be passed to the factor for SASL mechanism detection and creation.". However it should be HTTP mechanism instead of SASL. There is also typo "factor", it should be "factory". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2446) Inconsistency between DMR and XSD representation of key-store attribute of Elytron key-managers and trust-managers

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2446?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7624 to WFCORE-2446: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2446 (was: WFLY-7624) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Inconsistency between DMR and XSD representation of key-store attribute of Elytron key-managers and trust-managers > ------------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2446 > URL: https://issues.jboss.org/browse/WFCORE-2446 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > There are inconsistencies between DMR and XSD representation of {{key-managers}} and {{trust-managers}}. According to XSD, {{key-store}} is optional, but according to DMR it is {{"nillable" => false}}. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2439) Complex type configurable-http-server-mechanism-factory in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2439?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7165 to WFCORE-2439: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2439 (was: WFLY-7165) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complex type configurable-http-server-mechanism-factory in Elytron subsystem > ---------------------------------------------------------------------------- > > Key: WFCORE-2439 > URL: https://issues.jboss.org/browse/WFCORE-2439 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Elytron subsystem uses complex type configurable-http-server-mechanism-factory which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2440) CS tool, 2 places to specify credential store location

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2440?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8177 to WFCORE-2440: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2440 (was: WFLY-8177) Component/s: Security (was: Security) > CS tool, 2 places to specify credential store location > ------------------------------------------------------ > > Key: WFCORE-2440 > URL: https://issues.jboss.org/browse/WFCORE-2440 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > Currently there are 2 places, where location can be specified: > - URI parameter > - location parameter > {code} > java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --summary --salt 12345678 --iteration 230 > {code} > Choose one. In case SPI dictates that, revise SPI. > Setting to high priotity, as possible it is problem of SPI. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2441) Inconsistency between DMR and XSD representation of Elytron simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2441?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7679 to WFCORE-2441: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2441 (was: WFLY-7679) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Inconsistency between DMR and XSD representation of Elytron simple-permission-mapper > ------------------------------------------------------------------------------------ > > Key: WFCORE-2441 > URL: https://issues.jboss.org/browse/WFCORE-2441 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > There are inconsistencies between DMR and XSD representation of {{constant-permission-mapper}}. > According to XSD {{permission}} must occur at least one times in {{constant-permission-mapper}}. According to DMR it is {{"nillable" => true}}. This should be unified. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2442) Incorrect realm for DIGEST-MD5 when Elytron SASL global factory is directly used

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2442?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8193 to WFCORE-2442: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2442 (was: WFLY-8193) Component/s: Security (was: Security) > Incorrect realm for DIGEST-MD5 when Elytron SASL global factory is directly used > -------------------------------------------------------------------------------- > > Key: WFCORE-2442 > URL: https://issues.jboss.org/browse/WFCORE-2442 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > > In case when some sasl-authentication-factory, which uses directly sasl-server-factory="global", is used for authentication and DIGEST-MD5 mechanism is used, then authentication fails. It is caused by incorrectly passed realm name used for authentication. See Steps to Reproduce for more details. > Following is used for creating DIGEST-MD5 for authentication response (realm "localhost" is not correct used realm): > {code} > charset=utf-8,username="user1",realm="localhost",nonce="N7K8/KwSm/p8dxOK2LgcCBDPrhva3ILhHLQ4qWXO",nc=00000001,cnonce="MVJ6zYGtLDjffNPgt+l7OKXq62o1vu/QkPooB1EyCBxK6JiG",digest-uri="remote/localhost",maxbuf=65536,response=3acb12f0e1f42edc48e13cac8e77ae2e,qop=auth > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2436) Complex type security-domain in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2436?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7171 to WFCORE-2436: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2436 (was: WFLY-7171) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complex type security-domain in Elytron subsystem > ------------------------------------------------- > > Key: WFCORE-2436 > URL: https://issues.jboss.org/browse/WFCORE-2436 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Elytron subsystem uses complex type in security-domain resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2437) Elytron Http status code for missing LoginPermission

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2437?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7393 to WFCORE-2437: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2437 (was: WFLY-7393) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Elytron Http status code for missing LoginPermission > ---------------------------------------------------- > > Key: WFCORE-2437 > URL: https://issues.jboss.org/browse/WFCORE-2437 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Optional > > Lack of {{LoginPermission}} leads to 401 http code. Which could IMO indicate user can try to login again with different password. However it won't help in this case. I wonder, wouldn't 403 Forbidden be more suitable here? Indicating user authentication passed, but user is missing some permission. > Setting with low priority as in DR7 in default configuration LoginPermission is added by default. > David: "I think you may be right @MartinChoma - 401 is called "unauthorized" but really it should say "authentication required" 403 is the correct response for an authorization error" -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017