April 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8667) Elytron - unable to use OTP SASL mechanism

by Josef Cacek (JIRA)

Josef Cacek created WFLY-8667: --------------------------------- Summary: Elytron - unable to use OTP SASL mechanism Key: WFLY-8667 URL: https://issues.jboss.org/browse/WFLY-8667 Project: WildFly Issue Type: Bug Components: Security Reporter: Josef Cacek Assignee: Darran Lofthouse Priority: Blocker I'm not able to use the new OTP SASL mechanism in WildFly (introduced as part of EAP7-530). It seems the only security-realm which has subsystem support for OTP is the {{ldap-realm}} now. Nevertheless the name filtering in {{AbstractMechanismAuthenticationFactory.getMechanismNames()}} doesn't return OTP as supported in ldap-realm. Neither the {{PasswordGuessEvidence}} nor {{PasswordCredential}} checked in the method seems to be supported. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1111) There is description of "case-sensitive" attribute inconsistency between model and XSD.

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-1111?page=com.atlassian.jira.plugin.s... ] Ilia Vassilev reassigned ELY-1111: ---------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > There is description of "case-sensitive" attribute inconsistency between model and XSD. > --------------------------------------------------------------------------------------- > > Key: ELY-1111 > URL: https://issues.jboss.org/browse/ELY-1111 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Ilia Vassilev > > There is description of "case-sensitive" attribute inconsistency between model and XSD. > In XSD is missing default value. > Please add to XSD default value and unify description. > I suggest use description from model as right one: "Case sensitivity of the credential store. If case insensitive only lower case names are allowed for aliases.". > *MODEL* > {code} > "case-sensitive" => { > "type" => BOOLEAN, > "description" => "Case sensitivity of the credential store. If case insensitive only lower case names are allowed for aliases.", > "attribute-group" => "implementation", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "default" => false, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {code} > *DMR* > {code} > <xs:attribute name="case-sensitive" type="xs:boolean" use="optional"> > <xs:annotation> > <xs:documentation> > Indicates that the credential store is case sensitive and should then allow for upper case in alias. > </xs:documentation> > </xs:annotation> > </xs:attribute> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8661) Transaction is marked disassociated from application thread when transaction manager reaper thread suspends transaction

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/WFLY-8661?page=com.atlassian.jira.plugin.... ] David Lloyd commented on WFLY-8661: ----------------------------------- Looks like we aren't notifying the association listeners in the case where the transaction is completed (either via commit or rollback). I'll file & link a JIRA. > Transaction is marked disassociated from application thread when transaction manager reaper thread suspends transaction > ----------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8661 > URL: https://issues.jboss.org/browse/WFLY-8661 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Affects Versions: 11.0.0.Alpha1 > Reporter: Scott Marlow > Assignee: Scott Marlow > > I created a pull request to enable the TxTimeoutTestCase ([JBEAP-10550] + [WFLY-5319]) which required a test change, however, the test is failing for me locally, due to org.wildfly.transaction.client.LocalTransaction.suspend() calling notifyAssociationListeners(false) in the TM reaper "tx timeout" thread, which is wrong, as the app client thread may still be associated with the same transaction. > [https://gist.github.com/scottmarlow/1ae4a4abe98851b3fe6b1e602ba273d7] shows another reaper thread association call being made, that shouldn't be. > I'm not sure of how the Narayana org.jboss.tm.listener.TransactionListenerRegistry SPI, internally ensured that the reaper thread didn't incorrectly perform association/disassociation but what we have now in WildFly (appears) to be different. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2737) Elytron *-key-store should offer operations instead of alias resource

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2737?page=com.atlassian.jira.plugi... ] Ondrej Kotek moved JBEAP-10627 to WFCORE-2737: ---------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2737 (was: JBEAP-10627) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta16 (was: 7.1.0.DR17) > Elytron *-key-store should offer operations instead of alias resource > --------------------------------------------------------------------- > > Key: WFCORE-2737 > URL: https://issues.jboss.org/browse/WFCORE-2737 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta16 > Reporter: Ondrej Kotek > Priority: Blocker > Labels: eap7.1-rfe-blocker > > Elytron {{*-key-store}} resources should offer operations instead of {{alias}} resource, at least {{ldap-key-store}} should. The reason is the same like for {{identity}} resource of Elytron modifiable realms, see [WFCORE-2691|https://issues.jboss.org/browse/WFCORE-2691?focusedCommentId=...] or related mailing thread on [wildfly-dev|http://lists.jboss.org/pipermail/wildfly-dev/2017-April/00589...]. > Setting priority to blocker, like for JBEAP-9547. The issue also brings some changes to EAP7-203 related tests. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2737) Elytron *-key-store should offer operations instead of alias resource

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2737?page=com.atlassian.jira.plugi... ] Ondrej Kotek updated WFCORE-2737: --------------------------------- Description: Elytron {{*-key-store}} resources should offer operations instead of {{alias}} resource, at least {{ldap-key-store}} should. The reason is the same like for {{identity}} resource of Elytron modifiable realms, see [WFCORE-2691|https://issues.jboss.org/browse/WFCORE-2691?focusedCommentId=...] or related mailing thread on [wildfly-dev|http://lists.jboss.org/pipermail/wildfly-dev/2017-April/00589...]. Setting priority to blocker, like for WFCORE-2691. was: Elytron {{*-key-store}} resources should offer operations instead of {{alias}} resource, at least {{ldap-key-store}} should. The reason is the same like for {{identity}} resource of Elytron modifiable realms, see [WFCORE-2691|https://issues.jboss.org/browse/WFCORE-2691?focusedCommentId=...] or related mailing thread on [wildfly-dev|http://lists.jboss.org/pipermail/wildfly-dev/2017-April/00589...]. Setting priority to blocker, like for JBEAP-9547. The issue also brings some changes to EAP7-203 related tests. > Elytron *-key-store should offer operations instead of alias resource > --------------------------------------------------------------------- > > Key: WFCORE-2737 > URL: https://issues.jboss.org/browse/WFCORE-2737 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta16 > Reporter: Ondrej Kotek > Priority: Blocker > Labels: eap7.1-rfe-blocker > > Elytron {{*-key-store}} resources should offer operations instead of {{alias}} resource, at least {{ldap-key-store}} should. The reason is the same like for {{identity}} resource of Elytron modifiable realms, see [WFCORE-2691|https://issues.jboss.org/browse/WFCORE-2691?focusedCommentId=...] or related mailing thread on [wildfly-dev|http://lists.jboss.org/pipermail/wildfly-dev/2017-April/00589...]. > Setting priority to blocker, like for WFCORE-2691. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8661) Transaction is marked disassociated from application thread when transaction manager reaper thread suspends transaction

by Scott Marlow (JIRA)

[ https://issues.jboss.org/browse/WFLY-8661?page=com.atlassian.jira.plugin.... ] Scott Marlow commented on WFLY-8661: ------------------------------------ [~dmlloyd] I tried the "counter" change last night but noticed that the notifyAssociationListeners() call only is happening from the TM reaper (timeout) thread but not the application thread. For the TM Reaper thread, we seem to reach the path of handling "whileSuspended/whileResumed" in org.wildfly.transaction.client.AbstractTransaction.performConsumer(ExceptionObjIntConsumer<T, E> consumer, T param1, int param2) but don't seem to reach that method at all in the application thread once the TM Reaper thread reaches AbstractTransaction.performConsumer. I expect that the application thread will disassociate itself from the transaction, at which time I will decrement the jpa container counter but the association listener is not getting called back it seems after the TM reaper thread cancels the transaction. Also, when the JPA container calls transaction.registerAssociationListener(), should I start the counter at one, or should I expect the association listener to be called immediately, to reflect the current active transaction that is already associated with the application thread? For now, I am starting the counter at one but we should agree on what should happen, so that the jpa counter starts at the correct value. > Transaction is marked disassociated from application thread when transaction manager reaper thread suspends transaction > ----------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8661 > URL: https://issues.jboss.org/browse/WFLY-8661 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Affects Versions: 11.0.0.Alpha1 > Reporter: Scott Marlow > Assignee: Scott Marlow > > I created a pull request to enable the TxTimeoutTestCase ([JBEAP-10550] + [WFLY-5319]) which required a test change, however, the test is failing for me locally, due to org.wildfly.transaction.client.LocalTransaction.suspend() calling notifyAssociationListeners(false) in the TM reaper "tx timeout" thread, which is wrong, as the app client thread may still be associated with the same transaction. > [https://gist.github.com/scottmarlow/1ae4a4abe98851b3fe6b1e602ba273d7] shows another reaper thread association call being made, that shouldn't be. > I'm not sure of how the Narayana org.jboss.tm.listener.TransactionListenerRegistry SPI, internally ensured that the reaper thread didn't incorrectly perform association/disassociation but what we have now in WildFly (appears) to be different. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2730) empty target-name in constant-permission-mapper is not allowed

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2730?page=com.atlassian.jira.plugi... ] Jan Kalina updated WFCORE-2730: ------------------------------- Description: I need to have an empty target-name because of the WebResourcePermission. But with unspecified target-name the primary underlying error message was: {code} | > ParseError at [row,col]:[367,5] | > Message: "WFLYCTL0113: '' is an invalid value for parameter | > target-name. Values must have a minimum length of 1 characters" {code} was: I need to have an empty target-name because of the WebResourcePermission. But with unspecified target-name the primary underlying error message was: | > ParseError at [row,col]:[367,5] | > Message: "WFLYCTL0113: '' is an invalid value for parameter | > target-name. Values must have a minimum length of 1 characters" > empty target-name in constant-permission-mapper is not allowed > -------------------------------------------------------------- > > Key: WFCORE-2730 > URL: https://issues.jboss.org/browse/WFCORE-2730 > Project: WildFly Core > Issue Type: Bug > Reporter: Eva Jarkovská > Assignee: Jan Kalina > > I need to have an empty target-name because of the WebResourcePermission. But with unspecified target-name the primary underlying error message was: > {code} > | > ParseError at [row,col]:[367,5] > | > Message: "WFLYCTL0113: '' is an invalid value for parameter > | > target-name. Values must have a minimum length of 1 characters" > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2730) empty target-name in constant-permission-mapper is not allowed

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2730?page=com.atlassian.jira.plugi... ] Jan Kalina updated WFCORE-2730: ------------------------------- Steps to Reproduce: {{<permission class-name="javax.security.jacc.WebResourcePermission" target-name="" action="GET"/>}} was: {{<permission class-name="javax.security.jacc.WebResourcePermission" target-name="" action="GET"/> }} > empty target-name in constant-permission-mapper is not allowed > -------------------------------------------------------------- > > Key: WFCORE-2730 > URL: https://issues.jboss.org/browse/WFCORE-2730 > Project: WildFly Core > Issue Type: Bug > Reporter: Eva Jarkovská > Assignee: Jan Kalina > > I need to have an empty target-name because of the WebResourcePermission. But with unspecified target-name the primary underlying error message was: > {code} > | > ParseError at [row,col]:[367,5] > | > Message: "WFLYCTL0113: '' is an invalid value for parameter > | > target-name. Values must have a minimum length of 1 characters" > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-53) GSSAPI Make Delegated Credential Available

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-53?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse updated ELY-53: -------------------------------- Fix Version/s: 1.1.0.Beta41 (was: 1.1.0.Beta39) > GSSAPI Make Delegated Credential Available > ------------------------------------------ > > Key: ELY-53 > URL: https://issues.jboss.org/browse/ELY-53 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SASL > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta41 > > > The server side of the mechanism can receive a delegated credential but there is no way to obtain it, we should provide a way for it to be obtained or provided. > _Note: This may be an Elytron integration point rather than something supported in the pure SASL mechanism._ -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-262) The equivalent of wrap and unwrap for HTTP authentication mechanisms

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-262?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-262: --------------------------------- Fix Version/s: 1.1.0.Beta41 (was: 1.1.0.Beta39) > The equivalent of wrap and unwrap for HTTP authentication mechanisms > -------------------------------------------------------------------- > > Key: ELY-262 > URL: https://issues.jboss.org/browse/ELY-262 > Project: WildFly Elytron > Issue Type: Sub-task > Components: HTTP > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta41 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2017