April 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1031) Make the CredentialStore class final

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1031?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1031: ---------------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Make the CredentialStore class final > ------------------------------------ > > Key: ELY-1031 > URL: https://issues.jboss.org/browse/ELY-1031 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Credential Store > Reporter: Darran Lofthouse > Assignee: Peter Skopek > Priority: Critical > Fix For: 1.1.0.Beta37 > > > Unless there is a reason this has not already be done the class should probably be made final to be sure extension is not possible. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1029) Support clients that provide an optional CallbackHandler

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1029?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1029: ---------------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Support clients that provide an optional CallbackHandler > -------------------------------------------------------- > > Key: ELY-1029 > URL: https://issues.jboss.org/browse/ELY-1029 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta37 > > > Clients such as the WildFly CLI provide a CallbackHandler implementation in case it is needed and not as a sign that it must be used, i.e. the desired outcome is that if the information required can be obtained from the configuration then authentication proceeds without interaction with the end user. > Neither the CLI or the end user should be required to be fully aware of the underlying security configuration. > This is similar to web browser HTTP authentication where there is only an interaction with the user if actually required. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1030) Move TokenSecurityRealm to org.wildfly.security.auth.realm package

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1030?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1030: ---------------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Move TokenSecurityRealm to org.wildfly.security.auth.realm package > ------------------------------------------------------------------ > > Key: ELY-1030 > URL: https://issues.jboss.org/browse/ELY-1030 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Realms > Reporter: Darran Lofthouse > Assignee: Pedro Igor > Priority: Critical > Fix For: 1.1.0.Beta37 > > > The LDAP and JDBC realms have their own package as they have quite a few utility and configuration classes, the token realm only has one so I don't think we really need this one to be in it'own realm. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-802) Elytron ExternalSaslServer/Client should throw IllegalStateException for wrap/unwrap methods

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-802?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-802: --------------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Elytron ExternalSaslServer/Client should throw IllegalStateException for wrap/unwrap methods > -------------------------------------------------------------------------------------------- > > Key: ELY-802 > URL: https://issues.jboss.org/browse/ELY-802 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta37 > > > Calling {{wrap/unwrap}} methods on {{ExternalSaslServer/Client}} should throw {{IllegalStateException}} as defines [the contract|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/Sas...]. Currently it throws a {{SaslException}}. > --We could be inspired by OpenJDK implementation of CRAM-MD5 and do the following in both methods:- -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1075) Provide a utility to track and query the principal from a SASL client authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1075?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1075: ---------------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Provide a utility to track and query the principal from a SASL client authentication > ------------------------------------------------------------------------------------ > > Key: ELY-1075 > URL: https://issues.jboss.org/browse/ELY-1075 > Project: WildFly Elytron > Issue Type: Enhancement > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta37 > > > The client needs to be able to discover what its authentication principal is. The server does not always share that information. So, we need a way to derive the authentication principal from the authorization ID, callbacks, mechanism, and/or external identity. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1067) Add support to use default GSSCredential CredentalSource with AuthenticationConfiguration from XML

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1067?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1067: ---------------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Add support to use default GSSCredential CredentalSource with AuthenticationConfiguration from XML > -------------------------------------------------------------------------------------------------- > > Key: ELY-1067 > URL: https://issues.jboss.org/browse/ELY-1067 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta37 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1074) Add option to wrap the GSSCredential in GSSCredentialSecurityFactory

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1074?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1074: ---------------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Add option to wrap the GSSCredential in GSSCredentialSecurityFactory > -------------------------------------------------------------------- > > Key: ELY-1074 > URL: https://issues.jboss.org/browse/ELY-1074 > Project: WildFly Elytron > Issue Type: Task > Affects Versions: 1.1.0.Beta32 > Reporter: Stefan Guilhen > Assignee: Stefan Guilhen > Fix For: 1.1.0.Beta37 > > > The legacy KerberosLoginModule has an option called wrapGssCredential that tells the code building the GSSCredential that it should wrap the constructed credential to prevent improper credential disposal by some DB drivers. It essentially delegates every method to the wrapped GSSCredential but makes dispose() a no-op. > The GSSCredentialSecurityFactory in Elytron doesn't offer an option to wrap the constructed credential. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1076) Release WildFly Elytron 1.1.0.Beta36

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1076?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1076. ----------------------------------- Resolution: Done > Release WildFly Elytron 1.1.0.Beta36 > ------------------------------------ > > Key: ELY-1076 > URL: https://issues.jboss.org/browse/ELY-1076 > Project: WildFly Elytron > Issue Type: Release > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta36 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8562) Add a test utility to ensure that tests use the ClientLoginModule approach for PicketBox deployments and the Elytron approach for Elytron deployments and update all affected tests

by Farah Juma (JIRA)

[ https://issues.jboss.org/browse/WFLY-8562?page=com.atlassian.jira.plugin.... ] Farah Juma updated WFLY-8562: ----------------------------- Description: {{ClientLoginModule}} won't work when used to invoke EJBs backed by Elytron. Add a test utility to ensure that tests use the ClientLoginModule approach for PicketBox deployments and the Elytron approach for Elytron deployments when attempting to switch the user's identity. All tests that currently make use of the ClientLoginModule approach will need to be updated to make use of the new utility. This will ensure that the tests will be able to run properly with and without the Elytron profile enabled. (was: {{ClientLoginModule}} does not establish client caller identity and credentials when used to invoke EJBs backed by Elytron {{application-security-domain}}. This issue affects easy migration to Elytron as no instructions to replace this have been provided as well as AS TS testing with Elytron profile since nearly every test case in {{org.jboss.as.test.integration.ejb.remote.security}} uses CLM to establish identity/credentials.) > Add a test utility to ensure that tests use the ClientLoginModule approach for PicketBox deployments and the Elytron approach for Elytron deployments and update all affected tests > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Key: WFLY-8562 > URL: https://issues.jboss.org/browse/WFLY-8562 > Project: WildFly > Issue Type: Bug > Components: EJB, Security, Test Suite > Reporter: Farah Juma > Assignee: Farah Juma > Priority: Blocker > Labels: eap7.1-rfe-blocker, eap71_beta > > {{ClientLoginModule}} won't work when used to invoke EJBs backed by Elytron. Add a test utility to ensure that tests use the ClientLoginModule approach for PicketBox deployments and the Elytron approach for Elytron deployments when attempting to switch the user's identity. All tests that currently make use of the ClientLoginModule approach will need to be updated to make use of the new utility. This will ensure that the tests will be able to run properly with and without the Elytron profile enabled. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8562) Add a test utility to ensure that tests use the ClientLoginModule approach for PicketBox deployments and the Elytron approach for Elytron deployments and update all affected tests

by Farah Juma (JIRA)

[ https://issues.jboss.org/browse/WFLY-8562?page=com.atlassian.jira.plugin.... ] Farah Juma moved JBEAP-10299 to WFLY-8562: ------------------------------------------ Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8562 (was: JBEAP-10299) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: EJB Security Test Suite (was: EJB) (was: Security) Affects Version/s: (was: 7.1.0.DR10) (was: 7.1.0.DR11) (was: 7.1.0.DR12) (was: 7.1.0.DR13) (was: 7.1.0.DR14) > Add a test utility to ensure that tests use the ClientLoginModule approach for PicketBox deployments and the Elytron approach for Elytron deployments and update all affected tests > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Key: WFLY-8562 > URL: https://issues.jboss.org/browse/WFLY-8562 > Project: WildFly > Issue Type: Bug > Components: EJB, Security, Test Suite > Reporter: Farah Juma > Assignee: Farah Juma > Priority: Blocker > Labels: eap7.1-rfe-blocker, eap71_beta > > {{ClientLoginModule}} does not establish client caller identity and credentials when used to invoke EJBs backed by Elytron {{application-security-domain}}. > This issue affects easy migration to Elytron as no instructions to replace this have been provided as well as AS TS testing with Elytron profile since nearly every test case in {{org.jboss.as.test.integration.ejb.remote.security}} uses CLM to establish identity/credentials. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2017