[JBoss JIRA] (WFCORE-2665) ControllerClient should be able to be used with security manager
by ehsavoie Hugonnet (JIRA)
ehsavoie Hugonnet created WFCORE-2665:
-----------------------------------------
Summary: ControllerClient should be able to be used with security manager
Key: WFCORE-2665
URL: https://issues.jboss.org/browse/WFCORE-2665
Project: WildFly Core
Issue Type: Bug
Components: Domain Management
Affects Versions: 3.0.0.Beta14
Reporter: ehsavoie Hugonnet
Assignee: ehsavoie Hugonnet
Currently the RemoteControllerClient creates a Endpoint and connect to it which requires permissions. We should call those operations in privileged blocks and protect those blocks with a specific permission
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-923) Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-923?page=com.atlassian.jira.plugin.sy... ]
Jan Kalina edited comment on ELY-923 at 4/11/17 1:27 PM:
---------------------------------------------------------
Third PR: listening for changes in cached realm made optional - as listening for changes prevents correct issue verification (unable to detect if caching works when cache invalidated automatically on LDAP change)
was (Author: honza889):
Third PR: listening for changes in cached realm made optional
> Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
> ------------------------------------------------------------------------------------
>
> Key: ELY-923
> URL: https://issues.jboss.org/browse/ELY-923
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Realms
> Affects Versions: 1.1.0.Beta21
> Reporter: Ondrej Kotek
> Assignee: Jan Kalina
> Priority: Blocker
> Fix For: 1.1.0.Beta28
>
>
> Elytron {{caching-realm}} backed by {{ldap-realm}} provides caching for identity objects but not for related credentials and attributes. This is currently due to design of {{ldap-realm}} (like in case of {{filesystem-realm}}, see ELY-915).
> Credentials and attributes should not be loaded from LDAP for a cache hit.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-923) Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-923?page=com.atlassian.jira.plugin.sy... ]
Jan Kalina commented on ELY-923:
--------------------------------
Third PR: listening for changes in cached realm made optional
> Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
> ------------------------------------------------------------------------------------
>
> Key: ELY-923
> URL: https://issues.jboss.org/browse/ELY-923
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Realms
> Affects Versions: 1.1.0.Beta21
> Reporter: Ondrej Kotek
> Assignee: Jan Kalina
> Priority: Blocker
> Fix For: 1.1.0.Beta28
>
>
> Elytron {{caching-realm}} backed by {{ldap-realm}} provides caching for identity objects but not for related credentials and attributes. This is currently due to design of {{ldap-realm}} (like in case of {{filesystem-realm}}, see ELY-915).
> Credentials and attributes should not be loaded from LDAP for a cache hit.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2664) Eliminate MSC optional dependency usage in RemotingServices
by Richard Opalka (JIRA)
Richard Opalka created WFCORE-2664:
--------------------------------------
Summary: Eliminate MSC optional dependency usage in RemotingServices
Key: WFCORE-2664
URL: https://issues.jboss.org/browse/WFCORE-2664
Project: WildFly Core
Issue Type: Enhancement
Affects Versions: 3.0.0.Beta14
Reporter: Richard Opalka
Assignee: Brian Stansberry
Fix For: 3.0.0.Beta15
RemotingServices.installConnectorServices() uses MSC optional dependency.
Any change this MSC optional dependency usage might be eliminated there?
Maybe OperationContext.hasOptionalCapability() could be used
in ManagementRemotingServices.installDomainConnectorServices() method?
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2663) CLI, Help match open/close characters
by Jean-Francois Denise (JIRA)
Jean-Francois Denise created WFCORE-2663:
--------------------------------------------
Summary: CLI, Help match open/close characters
Key: WFCORE-2663
URL: https://issues.jboss.org/browse/WFCORE-2663
Project: WildFly Core
Issue Type: Feature Request
Components: CLI
Reporter: Jean-Francois Denise
Assignee: Jean-Francois Denise
In a context where we have a nesting of complex objects as operation parameters, it is difficult to match the '{' and '[' with their closing counterparts.
We could imagine something similar to IDE editor where such characters are automatically matched and colorised.
When moving the cursor onto a closing character, the opening character should be highlighted. If no match is found, then the current closing character should be also highlighted (e.g.: in red to make it clear that it is an error).
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-1077) Allow AuthenticationConfiguration identity forwarding to populate authorization-id instead of authentication name
by David Lloyd (JIRA)
David Lloyd created ELY-1077:
--------------------------------
Summary: Allow AuthenticationConfiguration identity forwarding to populate authorization-id instead of authentication name
Key: ELY-1077
URL: https://issues.jboss.org/browse/ELY-1077
Project: WildFly Elytron
Issue Type: Enhancement
Components: Authentication Client
Reporter: David Lloyd
Sometimes it is useful to run-as the local identity on a peer which does not have access to the local identity credentials. In this case, a trusted identity can be set up on the peer which is authorized to run-as a set of identities from the local system.
In order to support this in AuthenticationConfiguration, a fixed authentication principal and credential set must be used, but the authorization ID would be outflowed from the local security domain instead.
To support this, we need a new method on AuthenticationConfiguration to use a forwarded authorization ID independently from the authentication ID/credentials.
The implementation could retain the single securityDomain field and introduce a bit set that determines whether the forwarded identity is used for authentication, authorization, or both. To avoid comparison issues, the forwarded security domain should be cleared when the bit set is cleared, or otherwise disregarded for the purposes of hashing or comparison in this case.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (HAWKULARQE-81) Baseline #3
by viet nguyen (JIRA)
[ https://issues.jboss.org/browse/HAWKULARQE-81?page=com.atlassian.jira.plu... ]
viet nguyen updated HAWKULARQE-81:
----------------------------------
Attachment: 100pods.png
50pods.png
> Baseline #3
> -----------
>
> Key: HAWKULARQE-81
> URL: https://issues.jboss.org/browse/HAWKULARQE-81
> Project: Hawkular QE
> Issue Type: Sub-task
> Reporter: viet nguyen
> Assignee: viet nguyen
> Attachments: 100pods.png, 50pods.png, March28_0200_raw.zip, promgen-analytic-12hr.png
>
>
> * Run pyme on master to eliminate vpn slowness
> * Fix query start-end window
> * Update pyme endpoint to increase metrics to 30 (currently 2)
> * insert metrics tallies into a separate Hawkular Metrics instance and use Grafana as a visual tool
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2662) Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2662?page=com.atlassian.jira.plugi... ]
Jan Kalina updated WFCORE-2662:
-------------------------------
Labels: caching ldap ldap-realm security-realm (was: caching eap7.1-rfe-failure eap71_beta_candidate ldap ldap-realm security-realm)
> Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
> ------------------------------------------------------------------------------------
>
> Key: WFCORE-2662
> URL: https://issues.jboss.org/browse/WFCORE-2662
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta14
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Blocker
> Labels: caching, ldap, ldap-realm, security-realm
>
> Elytron {{caching-realm}} backed by {{ldap-realm}} provides caching for identity objects but not for related credentials and attributes. This is currently due to design of {{ldap-realm}} (like in case of {{filesystem-realm}}, see JBEAP-8628).
> Credentials and attributes should not be loaded from LDAP for a cache hit.
> Blocks EAP7-542 Elytron Caching Support. Note: caching of credentials is not a requirement, but may be reconsidered and become an enhancement to overall performance, see analysis document of the RFE. However, {{jdbc-realm}} is designed to enable caching of credentials. To be consistent, the {{ldap-realm}} should also enable caching of credentials.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2493) Confusing attribute named http-server-factories in Elytron aggregate-http-server-mechanism-factory
by Yeray Borges (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2493?page=com.atlassian.jira.plugi... ]
Yeray Borges reassigned WFCORE-2493:
------------------------------------
Assignee: Yeray Borges (was: Darran Lofthouse)
> Confusing attribute named http-server-factories in Elytron aggregate-http-server-mechanism-factory
> --------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2493
> URL: https://issues.jboss.org/browse/WFCORE-2493
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta7
> Reporter: Ondrej Lukas
> Assignee: Yeray Borges
> Labels: user_experience
> Fix For: 4.0.0.Alpha1
>
>
> Elytron {{aggregate-http-server-mechanism-factory}} includes attribute named {{http-server-factories}} which refers {{org.wildfly.security.http-server-mechanism-factory}} capability. Name of this attribute should be changed from {{http-server-factories}} to {{http-server-mechanism-factories}} because:
> * it should be consistent with other Elytron resources which uses name {{http-server-mechanism-factory}}
> * it can be confused since {{http-server-factories}} seems as it may also refer some {{org.wildfly.security.http-authentication-factory}}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2620) Add ability to read computed runtime values of IO subsystem buffer-pool attributes
by Romain Pelisse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2620?page=com.atlassian.jira.plugi... ]
Romain Pelisse commented on WFCORE-2620:
----------------------------------------
[~ctomc] I'm working on a fix for this issue, but I would like to double check I'm not misunderstanding something here: Am I right to assume that the 'defaultBufferPerRegion' value is actually the same thing as 'buffers-per-slice' ? If so, I would propose (and fill the PR separetly) that we rename the field in the class buffersPerSlice just for clarity purpose...
> Add ability to read computed runtime values of IO subsystem buffer-pool attributes
> ----------------------------------------------------------------------------------
>
> Key: WFCORE-2620
> URL: https://issues.jboss.org/browse/WFCORE-2620
> Project: WildFly Core
> Issue Type: Enhancement
> Affects Versions: 3.0.0.Beta13
> Reporter: Romain Pelisse
> Assignee: Romain Pelisse
> Original Estimate: 2 days
> Remaining Estimate: 2 days
>
> In IO subsystem there are some attributes which are calculated based on available system resources if not explicitly specified. These attributes are:
> * worker
> ** io-threads
> ** task-max-threads
> * buffer-pool
> ** buffer-size
> ** buffers-per-slice
> ** direct-buffers
> Currently these computed values are not visible for user in the subsystem configuration even with include-runtime=true.
> To show these runtime values would definitely improve UX.
> Worker attributes are covered by EAP7-616 .
> This issue is about buffer-pool attributes.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months