March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2445) Wrong documentation of Elytron configurable-http-server-mechanism-factory properties element in XSD

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2445?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7450 to WFCORE-2445: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2445 (was: WFLY-7450) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Wrong documentation of Elytron configurable-http-server-mechanism-factory properties element in XSD > --------------------------------------------------------------------------------------------------- > > Key: WFCORE-2445 > URL: https://issues.jboss.org/browse/WFCORE-2445 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Documentation of element {{properties}} for {{configurable-http-server-mechanism-factory}} (httpServerMechanismFactoryType) in wildfly-elytron_1_0.xsd says: "Additional properties that should be passed to the factor for SASL mechanism detection and creation.". However it should be HTTP mechanism instead of SASL. There is also typo "factor", it should be "factory". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2446) Inconsistency between DMR and XSD representation of key-store attribute of Elytron key-managers and trust-managers

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2446?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7624 to WFCORE-2446: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2446 (was: WFLY-7624) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Inconsistency between DMR and XSD representation of key-store attribute of Elytron key-managers and trust-managers > ------------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2446 > URL: https://issues.jboss.org/browse/WFCORE-2446 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > There are inconsistencies between DMR and XSD representation of {{key-managers}} and {{trust-managers}}. According to XSD, {{key-store}} is optional, but according to DMR it is {{"nillable" => false}}. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2439) Complex type configurable-http-server-mechanism-factory in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2439?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7165 to WFCORE-2439: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2439 (was: WFLY-7165) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complex type configurable-http-server-mechanism-factory in Elytron subsystem > ---------------------------------------------------------------------------- > > Key: WFCORE-2439 > URL: https://issues.jboss.org/browse/WFCORE-2439 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Elytron subsystem uses complex type configurable-http-server-mechanism-factory which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2440) CS tool, 2 places to specify credential store location

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2440?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8177 to WFCORE-2440: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2440 (was: WFLY-8177) Component/s: Security (was: Security) > CS tool, 2 places to specify credential store location > ------------------------------------------------------ > > Key: WFCORE-2440 > URL: https://issues.jboss.org/browse/WFCORE-2440 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > Currently there are 2 places, where location can be specified: > - URI parameter > - location parameter > {code} > java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --summary --salt 12345678 --iteration 230 > {code} > Choose one. In case SPI dictates that, revise SPI. > Setting to high priotity, as possible it is problem of SPI. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2441) Inconsistency between DMR and XSD representation of Elytron simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2441?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7679 to WFCORE-2441: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2441 (was: WFLY-7679) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Inconsistency between DMR and XSD representation of Elytron simple-permission-mapper > ------------------------------------------------------------------------------------ > > Key: WFCORE-2441 > URL: https://issues.jboss.org/browse/WFCORE-2441 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > There are inconsistencies between DMR and XSD representation of {{constant-permission-mapper}}. > According to XSD {{permission}} must occur at least one times in {{constant-permission-mapper}}. According to DMR it is {{"nillable" => true}}. This should be unified. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2442) Incorrect realm for DIGEST-MD5 when Elytron SASL global factory is directly used

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2442?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8193 to WFCORE-2442: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2442 (was: WFLY-8193) Component/s: Security (was: Security) > Incorrect realm for DIGEST-MD5 when Elytron SASL global factory is directly used > -------------------------------------------------------------------------------- > > Key: WFCORE-2442 > URL: https://issues.jboss.org/browse/WFCORE-2442 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > > In case when some sasl-authentication-factory, which uses directly sasl-server-factory="global", is used for authentication and DIGEST-MD5 mechanism is used, then authentication fails. It is caused by incorrectly passed realm name used for authentication. See Steps to Reproduce for more details. > Following is used for creating DIGEST-MD5 for authentication response (realm "localhost" is not correct used realm): > {code} > charset=utf-8,username="user1",realm="localhost",nonce="N7K8/KwSm/p8dxOK2LgcCBDPrhva3ILhHLQ4qWXO",nc=00000001,cnonce="MVJ6zYGtLDjffNPgt+l7OKXq62o1vu/QkPooB1EyCBxK6JiG",digest-uri="remote/localhost",maxbuf=65536,response=3acb12f0e1f42edc48e13cac8e77ae2e,qop=auth > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2436) Complex type security-domain in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2436?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7171 to WFCORE-2436: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2436 (was: WFLY-7171) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Complex type security-domain in Elytron subsystem > ------------------------------------------------- > > Key: WFCORE-2436 > URL: https://issues.jboss.org/browse/WFCORE-2436 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Elytron subsystem uses complex type in security-domain resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2437) Elytron Http status code for missing LoginPermission

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2437?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7393 to WFCORE-2437: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2437 (was: WFLY-7393) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Elytron Http status code for missing LoginPermission > ---------------------------------------------------- > > Key: WFCORE-2437 > URL: https://issues.jboss.org/browse/WFCORE-2437 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Optional > > Lack of {{LoginPermission}} leads to 401 http code. Which could IMO indicate user can try to login again with different password. However it won't help in this case. I wonder, wouldn't 403 Forbidden be more suitable here? Indicating user authentication passed, but user is missing some permission. > Setting with low priority as in DR7 in default configuration LoginPermission is added by default. > David: "I think you may be right @MartinChoma - 401 is called "unauthorized" but really it should say "authentication required" 403 is the correct response for an authorization error" -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2438) Legacy Kerberos for management interface returns 500 instead of 401

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2438?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7989 to WFCORE-2438: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2438 (was: WFLY-7989) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Legacy Kerberos for management interface returns 500 instead of 401 > ------------------------------------------------------------------- > > Key: WFCORE-2438 > URL: https://issues.jboss.org/browse/WFCORE-2438 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 4.0.0.Alpha1 > > > On first access server should response with 401 http code. Subsequent response could be 500, as it express properly server is misconfigured. In EAP 7.0 it was 403, that is not ideal as 403 mean user is authenticated but has not proper roles, which is not true in this case. > Also some ERROR log message would be helpful for administrators to find cause of problem. Now there are just TRACE level messages > {code:title=server.log} > 07:40:04,134 TRACE [org.jboss.as.domain.management.security] (management task-6) No mapping for name 'http/localhost.localdomain' to KeytabService, attempting to use host only match. > 07:40:04,135 TRACE [org.jboss.as.domain.management.security] (management task-6) No mapping for host 'localhost.localdomain' to KeytabService, attempting to use default. > 07:40:04,135 TRACE [org.jboss.as.domain.management.security] (management task-6) No KeytabService available for host 'localhost.localdomain' unable to return SubjectIdentity. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2435) Elytron missing constant-role-decoder

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2435?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7596 to WFCORE-2435: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2435 (was: WFLY-7596) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Elytron missing constant-role-decoder > ------------------------------------- > > Key: WFCORE-2435 > URL: https://issues.jboss.org/browse/WFCORE-2435 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > > There is no {{constant-role-decoder}}, however all of other mappers have constant-* variant: > {code} > [standalone@localhost:9990 /] /subsystem=elytron/constant-<TAB> > constant-name-rewriter constant-permission-mapper constant-principal-decoder constant-realm-mapper constant-role-mapper > {code} > It can be useful for simple applications / demos / testing ... > Please add it for the sake of completeness. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017