[JBoss JIRA] (ELY-820) CredentialStore is not able to create CS file which was deleted after server startup.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-820?page=com.atlassian.jira.plugin.sy... ]
Hynek Švábek resolved ELY-820.
------------------------------
Resolution: Done
It was already fixed.
> CredentialStore is not able to create CS file which was deleted after server startup.
> -------------------------------------------------------------------------------------
>
> Key: ELY-820
> URL: https://issues.jboss.org/browse/ELY-820
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> CredentialStore is not able to create CS file which was deleted after server startup.
> CS file is recreated only if create.storage is set to true. But this feature would work with create.storage too.
> What do you think about it?
> *How to reproduce:*
> these steps are for creating CS file
> /subsystem=elytron/credential-store=recreate001:add(uri="cr-store://test/recreate001.jceks?store.password=pass123;create.storage=true")
> /subsystem=elytron/credential-store=recreate001/alias=alias001:add(secret-value=Elytron)
> *Own reproducer:*
> * /subsystem=elytron/credential-store=recreateCS:add(uri="cr-store://test/recreate001.jceks?store.password=pass123;create.storage=false")
> * /subsystem=elytron/credential-store=recreateCS/alias=alias2:add(secret-value=Elytron123)
> * *NOW* delete recreate001.jceks from filesystem
> * /subsystem=elytron/credential-store=recreateCS/alias=alias3:add(secret-value=Elytron123)
> * FAIL
> {code}
> {
> "outcome" => "failed",
> "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09504: Cannot write storage file '/home/hsvabek/securityworkspace/VERIFICATION/CredentialStore_2016_09_14/jboss-eap-7.1.0.DR9/standalone/data/recreate001.jceks' for the store 'recreateCS''",
> "rolled-back" => true
> }
> {code}
> * https://github.com/wildfly-security/wildfly-elytron/blob/5f0ed115ea265240...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (ELY-836) CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-836?page=com.atlassian.jira.plugin.sy... ]
Hynek Švábek resolved ELY-836.
------------------------------
Resolution: Done
It was fixed yet.
> CredentialStore resource name and CS alias in memory are case sensitive but CredentialStore aliases are persisted in lowercase.
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-836
> URL: https://issues.jboss.org/browse/ELY-836
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credential Store
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
>
> CredentialStore resource name is case sensitive but CredentialStore alias is convert to lowercase.
> *How to reproduce*
> {code}
> /subsystem=elytron/credential-store=csfile001:add(uri="cr-store://test/csfile001.jceks?store.password=pass123;create.storage=true")
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csname001:add(secret-value=secValue123456)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csNAME001:add(secret-value=secValue987654)
> {code}
> In csfile001.jceks you can see only "csname001" entry.
> *There is biggest problem that in memory are right case sensitive aliases and you can load them. But in backed CS file is only last one in lowercase.*
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csFF:add(secret-value=Elytron)
> {code}
> {code}
> /subsystem=elytron/credential-store=csfile001/alias=csff:add(secret-value=ElytronWrong)
> {code}
> And now you can use both (csFF and csff) as CredStoreRef alias
> e.g.
> {code}
> /subsystem=elytron/key-store=fireflyKS001:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=csfile001,alias=csFF})
> {code}
> Another big problem for me is that you have a lot of CS Alias RESOURCES which reference to ONE entry and update value in CS.
> *NOTE*
> https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
> {code}
> Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case.
> {code}
> *Suggestions for solution*
> * We must unite case (in)sensitive between CS keystore file and CS in memory
> * implement case sensitive (Our implementation looks ok, IMO there is another problem with it...)
> * something else
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFCORE-2485) CS tool, add prompt when --password is missing
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2485?page=com.atlassian.jira.plugi... ]
Hynek Švábek resolved WFCORE-2485.
----------------------------------
Resolution: Done
It was fixed yet.
> CS tool, add prompt when --password is missing
> ----------------------------------------------
>
> Key: WFCORE-2485
> URL: https://issues.jboss.org/browse/WFCORE-2485
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: credential-store
>
> Use case:
> - User have automation script using cs tool and user don't want to have password stored in file.
> - User don't want credential store password to be stored in shell history after execution.
> - User don't want credential store password to be listed in {{ps -aux}} output.
> There have to be possibility to omit --password attribute. When omitting --password attribute user interaction prompt should follow with possibility to input password.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (JBJCA-1346) IronJacamar isn't compatible with picketbox version used in WildFly
by Martin Simka (JIRA)
[ https://issues.jboss.org/browse/JBJCA-1346?page=com.atlassian.jira.plugin... ]
Martin Simka moved JBEAP-10153 to JBJCA-1346:
---------------------------------------------
Project: IronJacamar (was: JBoss Enterprise Application Platform)
Key: JBJCA-1346 (was: JBEAP-10153)
Workflow: classic default workflow (was: CDW with loose statuses v1)
Component/s: Build
(was: JCA)
Affects Version/s: WildFly/IronJacamar 1.4.2.Final
(was: 7.1.0.DR15)
> IronJacamar isn't compatible with picketbox version used in WildFly
> -------------------------------------------------------------------
>
> Key: JBJCA-1346
> URL: https://issues.jboss.org/browse/JBJCA-1346
> Project: IronJacamar
> Issue Type: Bug
> Components: Build
> Affects Versions: WildFly/IronJacamar 1.4.2.Final
> Reporter: Martin Simka
> Assignee: Stefano Maestri
>
> Ironjacamar is compiled with Picketbox 4.0.19.Final and WildFly comes with 5.0.1.Final. These versions are not binary compatible, I'm getting
> {noformat}
> Caused by: java.lang.NoSuchMethodError: org.jboss.security.identity.RoleGroup.getRoles()Ljava/util/List;
> at org.jboss.jca.core.security.picketbox.PicketBoxSecurityContext.getRoles(PicketBoxSecurityContext.java:76)
> at org.jboss.as.test.integration.jca.security.WildFlyActivationRaWithSecurityDomainWorkManagerSecurityDomainTestCase$MyWork.run(WildFlyActivationRaWithSecurityDomainWorkManagerSecurityDomainTestCase.java:304)
> at org.jboss.jca.core.workmanager.WorkWrapper.run(WorkWrapper.java:223)
> ... 6 more
> {noformat}
> signature changed in this case from {{List<Role> getRoles()}} to {{Collection<Role> getRoles()}}
> I tried to compile IJ with 5.0.1 and my test then works.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFCORE-2628) DeploymentPlan doesn't have an operation to explode content
by ehsavoie Hugonnet (JIRA)
ehsavoie Hugonnet created WFCORE-2628:
-----------------------------------------
Summary: DeploymentPlan doesn't have an operation to explode content
Key: WFCORE-2628
URL: https://issues.jboss.org/browse/WFCORE-2628
Project: WildFly Core
Issue Type: Enhancement
Components: Domain Management
Affects Versions: 3.0.0.Beta13
Reporter: ehsavoie Hugonnet
Assignee: ehsavoie Hugonnet
Currently only deployments can be exploded while archive inside an exploded deployment should be explodeable.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (ELY-1046) Elytron properties-realm doesn't handle unicode sequences
by Bartosz Baranowski (JIRA)
[ https://issues.jboss.org/browse/ELY-1046?page=com.atlassian.jira.plugin.s... ]
Bartosz Baranowski reassigned ELY-1046:
---------------------------------------
Assignee: Bartosz Baranowski (was: Darran Lofthouse)
> Elytron properties-realm doesn't handle unicode sequences
> ---------------------------------------------------------
>
> Key: ELY-1046
> URL: https://issues.jboss.org/browse/ELY-1046
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Bartosz Baranowski
> Priority: Blocker
> Labels: eap71_beta_candidate
>
> Users who use property-file based authentication with plain passwords can't authenticate with Elytron if the property file contains Unicode escape sequences (e.g. file generated by using a classical {{java.util.Properties}}). The same authentication works with legacy solution (_/core-service=management/security-realm=ApplicationRealm/authentication=properties(plain-text=true, ...)_).
> The {{LegacyPropertiesSecurityRealm}} implementation has to be able to support properties files which were supported by legacy security realms.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (JBWEB-138) java.lang.UnsatisfiedLinkError: Can't find SAPI class using PHP module
by Jean-Frederic Clere (JIRA)
[ https://issues.jboss.org/browse/JBWEB-138?page=com.atlassian.jira.plugin.... ]
Jean-Frederic Clere resolved JBWEB-138.
---------------------------------------
Resolution: Out of Date
> java.lang.UnsatisfiedLinkError: Can't find SAPI class using PHP module
> ----------------------------------------------------------------------
>
> Key: JBWEB-138
> URL: https://issues.jboss.org/browse/JBWEB-138
> Project: JBoss Web
> Issue Type: Bug
> Components: Tomcat
> Affects Versions: JBossWeb-2.1.2.GA
> Environment: Windows XP, JDK 1.6.0
> Reporter: Derek Cornelius
> Assignee: Mladen Turk
>
> The php5sevlet.dll is loaded and uses JNI to load the org.jboss.web.php.SAPI class which fails returning NULL.
> The SAPI class should be in class path since the DLL is loaded by the Library.java
> .
> Apr 21, 2009 5:11:45 PM org.apache.catalina.core.StandardContext loadOnStartup
> SEVERE: Servlet /php-examples.war threw load() exception
> java.lang.UnsatisfiedLinkError: Can't find SAPI class, no libphp5servlet in java.library.path(C:\jdk1.6.0_07\bin;.;C:\WINXP\Sun\Java\bin;C:\WINXP\system32;C:\WINXP;C:\RetAdv\Trunk/DevRoot/rai-jboss/src/jboss-web-2.1.2.GA\PHP\bin;C:\RetAdv\Trunk/DevRoot/rai-jboss/src/jboss-web-2.1.2.GA/bin;C:\RetAdv\Trunk/DevRoot/rai-jboss/src/jboss-web-2.1.2.GA/bin;...)
> at org.jboss.web.php.Library.<init>(Library.java:65)
> at org.jboss.web.php.Library.initialize(Library.java:104)
> at org.jboss.web.php.Handler.init(Handler.java:104)
> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1048)
> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:950)
> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4122)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4421)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:800)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:780)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
> at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631)
> at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:557)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1211)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:315)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1064)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1056)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at org.apache.catalina.core.StandardService.start(StandardService.java:523)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:736)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:575)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFCORE-2627) CLI, slow tests
by Jean-Francois Denise (JIRA)
Jean-Francois Denise created WFCORE-2627:
--------------------------------------------
Summary: CLI, slow tests
Key: WFCORE-2627
URL: https://issues.jboss.org/browse/WFCORE-2627
Project: WildFly Core
Issue Type: Bug
Components: CLI, Test Suite
Reporter: Jean-Francois Denise
Assignee: Tomaz Cerar
org.jboss.as.test.integration.management.cli.CliAliasTestCase consumes an extra 20sec
org.jboss.as.test.integration.management.cli.CliConfigTestCase consumes an extra 40sec
By fixing these 2 tests, 1 minute gain should be expected.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months