April 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2589) Eliminate MSC OPTIONAL dependencies usage

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2589?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2589: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Eliminate MSC OPTIONAL dependencies usage > ----------------------------------------- > > Key: WFCORE-2589 > URL: https://issues.jboss.org/browse/WFCORE-2589 > Project: WildFly Core > Issue Type: Task > Affects Versions: 3.0.0.Beta11 > Reporter: Richard Opalka > Assignee: Richard Opalka > Fix For: 3.0.0.Beta18 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2528) Clean up testsuite Elytron registration -- VaultPasswordsInCLITestCase

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2528?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2528: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Clean up testsuite Elytron registration -- VaultPasswordsInCLITestCase > ---------------------------------------------------------------------- > > Key: WFCORE-2528 > URL: https://issues.jboss.org/browse/WFCORE-2528 > Project: WildFly Core > Issue Type: Task > Components: Test Suite > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta18 > > > Leftover cleanup from WFCORE-1958 since VaultPasswordsInCLITestCase is not enabled. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2521) TLS between domain and host controllers does not work

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2521?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2521: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > TLS between domain and host controllers does not work > ----------------------------------------------------- > > Key: WFCORE-2521 > URL: https://issues.jboss.org/browse/WFCORE-2521 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Labels: domain-management, domain-mode, eap71_alpha, regression, ssl > Fix For: 3.0.0.Beta18 > > > This is regression against EAP 7.0 . Customers relying on this feature won't be able to migrate to EAP 7.1. > Working configuration of TLS between domain and host controller from EAP 7.0 (legacy) does not work on EAP 7.1 anymore. > In server log there is this error: > {code:title=server.log} > [Host Controller] Caused by: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL > [Host Controller] at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:527) > [Host Controller] at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:477) > [Host Controller] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > [Host Controller] at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > [Host Controller] at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > [Host Controller] at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) > [Host Controller] at ...asynchronous invocation...(Unknown Source) > [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:466) > [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:437) > [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:430) > [Host Controller] at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:163) > [Host Controller] at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:119) > [Host Controller] ... 9 more > {code} > See attached server.log for context log. > Tests in wildfly-core covering this scenario are currently ignored: > * SSLMasterSlaveOneWayTestCase is ignored by WFCORE-1978 > * SSLMasterSlaveTwoWayTestCase is ignored by WFCORE-2068 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2397) Elytron simple-regex-realm-mapper "pattern" attribute has wrong description.

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2397?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2397: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Elytron simple-regex-realm-mapper "pattern" attribute has wrong description. > ---------------------------------------------------------------------------- > > Key: WFCORE-2397 > URL: https://issues.jboss.org/browse/WFCORE-2397 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Chao Wang > Fix For: 3.0.0.Beta18 > > > Elytron simple-regex-realm-mapper "pattern" attribute has wrong description [1]. > *Actual description* > {code} > The regular expression to use for this NameRewriter. > {code} > *Expected description* > Some like that (from DMR): > {code} > The regular expression which must contain at least one capture group to extract the realm from the name. > {code} > [1] https://github.com/wildfly-security/elytron-subsystem/blob/580569d17cb6c3... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2661) Upgrade Elytron Web to 1.0.0.Beta15

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2661?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2661: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Upgrade Elytron Web to 1.0.0.Beta15 > ----------------------------------- > > Key: WFCORE-2661 > URL: https://issues.jboss.org/browse/WFCORE-2661 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta18 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2646) Elytron, management interface, legacy authentication is "checked" even if Elytron authentication is configured

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2646?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2646: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Elytron, management interface, legacy authentication is "checked" even if Elytron authentication is configured > --------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2646 > URL: https://issues.jboss.org/browse/WFCORE-2646 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta18 > > > Regression against DR15. > Authentication by legacy security realm is taken in account even if just Elytron authentication should be used. I don't say legacy authentication is used in priority before Elytron (that works as expected). Just that legacy authentication is somehow "initialized". In this case check "There are no user in mngmt-user.properties file" is performed > Reproducer: > * Configure Elytron authentication for management interface > {code} > /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir) > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add() > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password( clear={password="password123"}) > /subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles) > /subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm,role-decoder=from-roles-attribute}],default-realm=exampleFsRealm,permission-mapper=default-permission-mapper) > /subsystem=elytron/http-authentication-factory=example-fs-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}]) > /core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory, value=example-fs-http-auth) > {code} > * impossible to acces management interface > {code} > curl --user user1:password123 http://localhost.localdomain:9990/management?operation=attribute\&name=se... > { > "outcome" : "failed", > "failure-description" : "WFLYDMHTTP0006: The security realm is not ready to process requests, see http://localhost.localdomain:9990/error", > "rolled-back" : "true" > } > {code} > Access is granted once > * security realm is undefined from management interface > {code} > /core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm) > {code} > * Or user is added into ManagementRealm > {code} > ./add-user.sh -u admin -p admin -r ManagementRealm > {code} > {code} > curl --user user1:password123 http://localhost.localdomain:9990/management?operation=attribute\&name=se... > "running" > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2633) Allow specification of "non-sensitive" values on an AttributeDefinition

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2633?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2633: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Allow specification of "non-sensitive" values on an AttributeDefinition > ------------------------------------------------------------------------ > > Key: WFCORE-2633 > URL: https://issues.jboss.org/browse/WFCORE-2633 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Fix For: 3.0.0.Beta18 > > > The RBAC system requires the user to be in a role with permissions to perform "security sensitive" actions in order to manipulate "defined" attributes with a sensitivity constraint applied. And "defined" in this case includes attributes that are not explicitly configured by the user but which have default values. But for attributes without default values that are left undefined, the non-sensitive roles are allowed to perform that action. > The requirement here is to open this up such that certain "defined" values (explicitly configured or default) also are treated as non-sensitive. > See WFCORE-8521 for an explicit example of this. If the datasource subsystem "elytron-enabled" attribute has a value of "false", and other related attributes are left undefined, that basically means there is no configuration set up for how the DS should authenticate to the DB. Such a setup is likely useless (since the DB most likely requires authentication) but in and of itself doesn't involve anything security sensitive on the WildFly side, so configuring false shouldn't be sensitive. It's analogous to leaving other related attributes like "username" and "password" undefined which in previous releases was considered to be non-sensitive. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2609) CLIRolloutPlanTestCase hang

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2609?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2609: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > CLIRolloutPlanTestCase hang > --------------------------- > > Key: WFCORE-2609 > URL: https://issues.jboss.org/browse/WFCORE-2609 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Test Suite > Reporter: Brian Stansberry > Priority: Critical > Fix For: 3.0.0.Beta18 > > > Hang: > https://ci.wildfly.org/viewLog.html?buildId=53176&buildTypeId=WF_MasterWi... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2694) Upgrade WildFly Common to 1.2.0.Beta10

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2694?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2694: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Upgrade WildFly Common to 1.2.0.Beta10 > -------------------------------------- > > Key: WFCORE-2694 > URL: https://issues.jboss.org/browse/WFCORE-2694 > Project: WildFly Core > Issue Type: Component Upgrade > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 3.0.0.Beta18 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2718) Management HTTP API using security-realm for CLIENT_CERT authentication results in prompt for password instead of directly authenticating

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2718?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2718: ------------------------------------- Fix Version/s: 3.0.0.Beta18 (was: 3.0.0.Beta17) > Management HTTP API using security-realm for CLIENT_CERT authentication results in prompt for password instead of directly authenticating > ----------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2718 > URL: https://issues.jboss.org/browse/WFCORE-2718 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Affects Versions: 3.0.0.Beta16 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Labels: management-security, regression, security-realm, ssl > Fix For: 3.0.0.Beta18 > > > Having defined CLIENT_CERT auth on HTTP management API with legacy security-realm causes that after requesting client cert, there is also required password. > This is regression in comparison to EAP 7.0 and EAP 7.1.0.DR7, as such marking as blocker. > For details how to reproduce see steps to reproduce -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2017