March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2405) Credential store file isn't created when we add there new entry in embed-server mode.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2405?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7983 to WFCORE-2405: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2405 (was: WFLY-7983) Component/s: Security (was: Security) > Credential store file isn't created when we add there new entry in embed-server mode. > ------------------------------------------------------------------------------------- > > Key: WFCORE-2405 > URL: https://issues.jboss.org/browse/WFCORE-2405 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > Credential store file isn't created when we add there new entry in embed-server mode. > * ./bin/jboss-cli.sh > * embed-server > * /subsystem=elytron/credential-store=store001:add(uri="cr-store://test/store001.jceks?create=true", credential-reference={clear-text=pass123}) > * /subsystem=elytron/credential-store=store001/alias=alias001:add(secret-value=secretValue) > store001.jceks file should be created in JBOSS_HOME directory, but it doesn't. > When I stop embedded server and start standalone server everything work fine. > * stop-embedded-server > * ./bin/standalone.sh > * connect > * /subsystem=elytron/credential-store=store001/alias=alias001:add(secret-value=secretValue) > store001.jceks file is correctly created in JBOSS_HOME directory. > *NOTE:* > When I copy there store001.jceks file to JBOSS_HOME directory with same password to access as expected then entry is added correctly. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2406) Credential store alias with upper-case letters can't be added when Java assertions are enabled

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2406?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8137 to WFCORE-2406: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2406 (was: WFLY-8137) Component/s: Security (was: Security) > Credential store alias with upper-case letters can't be added when Java assertions are enabled > ---------------------------------------------------------------------------------------------- > > Key: WFCORE-2406 > URL: https://issues.jboss.org/browse/WFCORE-2406 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Brian Stansberry > Priority: Critical > > When Java assertions are enable then adding credential store entry (alias) with upper case letters fails with assertion error. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2401) Permission added using list-add should be validated before adding to Elytron constant-permission-mapper or simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2401?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7678 to WFCORE-2401: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2401 (was: WFLY-7678) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Permission added using list-add should be validated before adding to Elytron constant-permission-mapper or simple-permission-mapper > ----------------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2401 > URL: https://issues.jboss.org/browse/WFCORE-2401 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > > Permission object added using {{list-add}} operation should be validated before being added to {{constant-permission-mapper}} or {{simple-permission-mapper}}. > The reproducer should behave like > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/constant-permission-mapper=cpm:add(permissions=[{class-name=java.io.FilePermission}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.cpm" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.cpm: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [java.io.FilePermission]. > Caused by: java.lang.IllegalArgumentException: invalid actions mask"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.cpm"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2400) Review provider-loader resource in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2400?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7177 to WFCORE-2400: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2400 (was: WFLY-7177) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Review provider-loader resource in Elytron subsystem > ---------------------------------------------------- > > Key: WFCORE-2400 > URL: https://issues.jboss.org/browse/WFCORE-2400 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 4.0.0.Alpha1 > > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2399) Removing and re-adding alias to credential store leads to Duplicate resource failure

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2399?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8144 to WFCORE-2399: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2399 (was: WFLY-8144) Component/s: Security (was: Security) > Removing and re-adding alias to credential store leads to Duplicate resource failure > ------------------------------------------------------------------------------------ > > Key: WFCORE-2399 > URL: https://issues.jboss.org/browse/WFCORE-2399 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Critical > Labels: credential-store > > When an alias is removed from a credential store and added once more, the {{add}} operation fails with Duplicate resource message. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2402) Required attributes of elytron key-store creation add operation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2402?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7125 to WFCORE-2402: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2402 (was: WFLY-7125) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Required attributes of elytron key-store creation add operation > --------------------------------------------------------------- > > Key: WFCORE-2402 > URL: https://issues.jboss.org/browse/WFCORE-2402 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Minimal CLI command to create key store is > {code} > /subsystem=elytron/key-store=server:add(type="JKS") > {code} > But it has these problems: > * Password attribute has to be required. I can't think of case when that could be ommited. > * Attribute {{type}} could be optional. If not set default value can be Keystore.getDefaultType(). As model cant't express this, it can be documented in description. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2395) There is NoSuchProviderException when we want to create our custom credential store.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2395?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7881 to WFCORE-2395: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2395 (was: WFLY-7881) Component/s: Security (was: Security) > There is NoSuchProviderException when we want to create our custom credential store. > ------------------------------------------------------------------------------------ > > Key: WFCORE-2395 > URL: https://issues.jboss.org/browse/WFCORE-2395 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > > There is NoSuchProviderException when we want to create our custom credential store. > *How to reproduce* > # Create module > Set your own path to customcredstoreprovider.jar downloaded from attachment > {code} > module add --name=org.jboss.customcredstore --resources=/tmp/customcredstoreprovider.jar --dependencies=org.wildfly.security.elytron,org.wildfly.extension.elytron --slot=main > {code} > # Create provider loader > {code} > /subsystem=elytron/provider-loader=cust001:add(providers=[{class-names=[org.jboss.as.test.integration.security.credential.store.CustomElytronProvider],module=org.jboss.customcredstore,load-services=true}],register=true) > {code} > # Create credential store > {code} > /subsystem=elytron/credential-store=cs0123456:add(uri="cr-store://test/customcredCS123.jceks?create.storage=true", provider=org.jboss.as.test.integration.security.credential.store.CustomElytronProvider, provider-loader=cust001, credential-reference={clear-text=pass123}) > {code} > *And the result is:* > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.cs0123456" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.cs0123456: WFLYELY00004: Unable to start the service. > Caused by: java.security.NoSuchProviderException: org.jboss.as.test.integration.security.credential.store.CustomElytronProvider"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store.cs0123456"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2394) Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron)

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2394?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8093 to WFCORE-2394: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2394 (was: WFLY-8093) Component/s: Security (was: Security) > Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron) > ----------------------------------------------------------------------------------------- > > Key: WFCORE-2394 > URL: https://issues.jboss.org/browse/WFCORE-2394 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > Coverity static-analysis scan found possible call on null object in KeyStoreCredentialStore class: > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=95642... > In if branch where flow will get only if location is null, location is dereferenced: > {code:java|title=KeyStoreCredentialStore.java} > if (location != null && Files.exists(location)) > try (InputStream fileStream = Files.newInputStream(location)) { > keyStore.load(fileStream, getStorePassword(protectionParameter)); > enumeration = keyStore.aliases(); > } catch (GeneralSecurityException | IOException e) { > throw log.cannotInitializeCredentialStore(e); > } else if (create) { > try { > keyStore.load(null, null); > enumeration = Collections.emptyEnumeration(); > } catch (CertificateException | IOException | NoSuchAlgorithmException e) { > throw log.cannotInitializeCredentialStore(e); > } > } else { > throw log.automaticStorageCreationDisabled(location.toString()); > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2397) Elytron simple-regex-realm-mapper "pattern" attribute has wrong description.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2397?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7551 to WFCORE-2397: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2397 (was: WFLY-7551) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Elytron simple-regex-realm-mapper "pattern" attribute has wrong description. > ---------------------------------------------------------------------------- > > Key: WFCORE-2397 > URL: https://issues.jboss.org/browse/WFCORE-2397 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Elytron simple-regex-realm-mapper "pattern" attribute has wrong description [1]. > *Actual description* > {code} > The regular expression to use for this NameRewriter. > {code} > *Expected description* > Some like that (from DMR): > {code} > The regular expression which must contain at least one capture group to extract the realm from the name. > {code} > [1] https://github.com/wildfly-security/elytron-subsystem/blob/580569d17cb6c3... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2398) Legacy Kerberos in management, EAP search for HTTPS/localhost ticket

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2398?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7994 to WFCORE-2398: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2398 (was: WFLY-7994) Component/s: Security (was: Security) > Legacy Kerberos in management, EAP search for HTTPS/localhost ticket > -------------------------------------------------------------------- > > Key: WFCORE-2398 > URL: https://issues.jboss.org/browse/WFCORE-2398 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: regression > > Accessing management interface secured by Kerberos + TLS causes EAP requests from KDC ticket HTTPS/localhost. Which was not necessary in EAP 7.0 and it worked fine with HTTP/localhost service name > {code:title=server.log} > 14:20:19,321 TRACE [org.jboss.as.domain.management.security] (management task-7) No mapping for name 'https/localhost.localdomain' to KeytabService, attempting to use host only match. > 14:20:19,322 TRACE [org.jboss.as.domain.management.security] (management task-7) Selected KeytabService with principal 'HTTP/localhost.localdomain(a)JBOSS.ORG' for host 'localhost.localdomain' > 14:20:19,322 INFO [stdout] (management task-7) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > 14:20:19,323 INFO [stdout] (management task-7) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > 14:20:19,323 INFO [stdout] (management task-7) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > 14:20:19,323 INFO [stdout] (management task-7) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > 14:20:19,524 WARN [org.apache.directory.server.protocol.shared.kerberos.StoreUtils] (NioDatagramAcceptor-3) No server entry found for kerberos principal name HTTPS/localhost.localdomain(a)JBOSS.ORG > 14:20:19,524 WARN [org.apache.directory.server.KERBEROS_LOG] (NioDatagramAcceptor-3) No server entry found for kerberos principal name HTTPS/localhost.localdomain(a)JBOSS.ORG > 14:20:19,524 WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] (NioDatagramAcceptor-3) Server not found in Kerberos database (7) > 14:20:19,525 WARN [org.apache.directory.server.KERBEROS_LOG] (NioDatagramAcceptor-3) Server not found in Kerberos database (7) > 14:20:19,528 WARN [org.apache.http.impl.auth.HttpAuthenticator] (main) NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)) > 14:20:19,532 TRACE [org.jboss.as.domain.management.security] (management task-9) No mapping for name 'https/localhost.localdomain' to KeytabService, attempting to use host only match. > 14:20:19,532 TRACE [org.jboss.as.domain.management.security] (management task-9) Selected KeytabService with principal 'HTTP/localhost.localdomain(a)JBOSS.ORG' for host 'localhost.localdomain' > 14:20:19,533 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > 14:20:19,533 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > 14:20:19,533 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > 14:20:19,533 INFO [stdout] (management task-9) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.2269988831769483313.keytab for HTTP/localhost.localdomain(a)JBOSS.ORG > [Krb5LoginModule]: Entering logout > [Krb5LoginModule]: logged out Subject > {code} > Also see network dump krb_https_management.pcap in attachement, where TGS-REQ for HTTPS/localhost is captured. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017