April 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8597) Vault WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered

by Ingo Weiss (JIRA)

[ https://issues.jboss.org/browse/WFLY-8597?page=com.atlassian.jira.plugin.... ] Ingo Weiss moved JBEAP-10422 to WFLY-8597: ------------------------------------------ Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8597 (was: JBEAP-10422) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 11.0.0.Alpha1 (was: 7.1.0.DR15) > Vault WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered > --------------------------------------------------------------------------- > > Key: WFLY-8597 > URL: https://issues.jboss.org/browse/WFLY-8597 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ingo Weiss > Assignee: Ingo Weiss > > If vault does not like keystore, it fails with this message, but no exception is logged and it does not provide any indication of the issue. > {code} > WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered: > {code} > {code} > keytool -genkey -alias jbosseap -keyalg RSA -keysize 1024 -keystore jbosseap.keystore -validity 3650 -keypass jbosseap -storepass jbosseap > ... > {code} > {code} > ./bin/vault.sh > Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit > 0 > Starting an interactive session > Enter directory to store encrypted files: . > Enter Keystore URL: jbosseap.keystore > Enter Keystore password: > Enter Keystore password again: > Values match > Enter 8 character salt: 12345678 > Enter iteration count as a number (e.g.: 44): 44 > Enter Keystore Alias: jbosseap > WFLYSEC0056: Initializing Vault > WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered: > Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1091) CS tool, Summary output must reflect chosen option, now there is always CLI command for add new credential store.

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/ELY-1091?page=com.atlassian.jira.plugin.s... ] Yeray Borges reassigned ELY-1091: --------------------------------- Assignee: Yeray Borges (was: Darran Lofthouse) > CS tool, Summary output must reflect chosen option, now there is always CLI command for add new credential store. > ----------------------------------------------------------------------------------------------------------------- > > Key: ELY-1091 > URL: https://issues.jboss.org/browse/ELY-1091 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Yeray Borges > Priority: Critical > > Summary output must reflect chosen option. When I run wildfly-elytron-tool with --remove and --summary I always get "add command for CLI" > There is expected command for remove entry from credential store. > Same problem is there for --aliases, --exists > {code} > java -jar wildfly-elytron-tool.jar credential-store --remove secret_alias --password pass123 --uri "cr-store://test1.jceks?modifiable=true;create=true;keyStoreType=JCEKS" -l test1.jceks --summary > Alias "secret_alias" has been successfully removed > Credential store command summary: > -------------------------------------- > /subsystem=elytron/credential-store=test:add(uri="cr-store://test1.jceks?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="pass123"}) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2500) Elytron, changing http-server-mechanism-factory of http-authentication-factory ends in reload-required state

by Tomas Hofman (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2500?page=com.atlassian.jira.plugi... ] Tomas Hofman reopened WFCORE-2500: ---------------------------------- > Elytron, changing http-server-mechanism-factory of http-authentication-factory ends in reload-required state > ------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2500 > URL: https://issues.jboss.org/browse/WFCORE-2500 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Tomas Hofman > Fix For: 3.0.0.Beta11 > > > Changing attribute changing http-server-mechanism-factory of http-authentication-factory ends in reload-required state even though header allow-resource-service-restart=true is used > {code} > [standalone@localhost:9990 /] /subsystem=elytron/http-authentication-factory=application-http-authentication:write-attribute(name=http-server-mechanism-factory, value=global){allow-resource-service-restart=true} > { > "outcome" => "success", > "response-headers" => { > "operation-requires-reload" => true, > "process-state" => "reload-required" > } > } > {code} > Header should work as attribute is declared as {{"restart-required" => "resource-services"}} > {code} > "http-server-mechanism-factory" => { > "type" => STRING, > "description" => "The HttpServerAuthenticationMechanismFactory to associate with this resource", > "expressions-allowed" => false, > "required" => true, > "nillable" => false, > "capability-reference" => "org.wildfly.security.http-server-mechanism-factory", > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > } > {code} > And according to documentation [1]: > resource-services – The operation can only immediately update the persistent configuration; applying the operation to the runtime will require a subsequent restart of some services associated with the resource. If the operation includes the request header "allow-resource-service-restart" => true, the handler for the operation will go ahead and restart the runtime service. Otherwise executing the operation will put the server into a "reload-required" state. (See the discussion of "all-services" above for more on the "reload-required" state.) > [1] https://docs.jboss.org/author/display/WFLY10/Description+of+the+Managemen... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8596) IronJacamar to 1.4.4 from 1.4.3

by Stefano Maestri (JIRA)

[ https://issues.jboss.org/browse/WFLY-8596?page=com.atlassian.jira.plugin.... ] Stefano Maestri moved JBEAP-10419 to WFLY-8596: ----------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8596 (was: JBEAP-10419) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: JCA (was: JCA) Target Release: (was: 7.1.0.GA) Fix Version/s: (was: 7.1.0.DR16) > IronJacamar to 1.4.4 from 1.4.3 > ------------------------------- > > Key: WFLY-8596 > URL: https://issues.jboss.org/browse/WFLY-8596 > Project: WildFly > Issue Type: Component Upgrade > Components: JCA > Reporter: Stefano Maestri > Assignee: Stefano Maestri > > This is needed to adjust the SPI needed for the Elytron integration for the three JCA subsystems -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2684) IO extension doesn't initialise outbound bind addresses

by Jean-Francois Denise (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2684?page=com.atlassian.jira.plugi... ] Jean-Francois Denise commented on WFCORE-2684: ---------------------------------------------- [~brian.stansberry], that partly fixes JBEAP-10283. XNIO-289 is required to have it fixed. > IO extension doesn't initialise outbound bind addresses > ------------------------------------------------------- > > Key: WFCORE-2684 > URL: https://issues.jboss.org/browse/WFCORE-2684 > Project: WildFly Core > Issue Type: Bug > Components: IO > Reporter: Jean-Francois Denise > Assignee: Jean-Francois Denise > Fix For: 3.0.0.Beta16 > > > WorkerService.start and OutboundBindAddressAddHandler execute in //. The add handler is executed first, so the table is still null. > The Builder table must be returned by the Service. > Furthermore the OutboundBindAddressRemoveHandler uses the operation ModelNode instead of the model, so there is no way to remove an OutboundBind address. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1091) CS tool, Summary output must reflect chosen option, now there is always CLI command for add new credential store.

by Hynek Švábek (JIRA)

Hynek Švábek created ELY-1091: --------------------------------- Summary: CS tool, Summary output must reflect chosen option, now there is always CLI command for add new credential store. Key: ELY-1091 URL: https://issues.jboss.org/browse/ELY-1091 Project: WildFly Elytron Issue Type: Bug Reporter: Hynek Švábek Assignee: Darran Lofthouse Priority: Critical Summary output must reflect chosen option. When I run wildfly-elytron-tool with --remove and --summary I always get "add command for CLI" There is expected command for remove entry from credential store. Same problem is there for --aliases, --exists {code} java -jar wildfly-elytron-tool.jar credential-store --remove secret_alias --password pass123 --uri "cr-store://test1.jceks?modifiable=true;create=true;keyStoreType=JCEKS" -l test1.jceks --summary Alias "secret_alias" has been successfully removed Credential store command summary: -------------------------------------- /subsystem=elytron/credential-store=test:add(uri="cr-store://test1.jceks?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="pass123"}) {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1091) CS tool, Summary output must reflect chosen option, now there is always CLI command for add new credential store.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/ELY-1091?page=com.atlassian.jira.plugin.s... ] Hynek Švábek updated ELY-1091: ------------------------------ Component/s: Credential Store > CS tool, Summary output must reflect chosen option, now there is always CLI command for add new credential store. > ----------------------------------------------------------------------------------------------------------------- > > Key: ELY-1091 > URL: https://issues.jboss.org/browse/ELY-1091 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Critical > > Summary output must reflect chosen option. When I run wildfly-elytron-tool with --remove and --summary I always get "add command for CLI" > There is expected command for remove entry from credential store. > Same problem is there for --aliases, --exists > {code} > java -jar wildfly-elytron-tool.jar credential-store --remove secret_alias --password pass123 --uri "cr-store://test1.jceks?modifiable=true;create=true;keyStoreType=JCEKS" -l test1.jceks --summary > Alias "secret_alias" has been successfully removed > Credential store command summary: > -------------------------------------- > /subsystem=elytron/credential-store=test:add(uri="cr-store://test1.jceks?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="pass123"}) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1088) CS tool, Redirection (<, <<) do not work in wildfly-elytron-tool

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-1088?page=com.atlassian.jira.plugin.s... ] Ilia Vassilev reassigned ELY-1088: ---------------------------------- Assignee: Ilia Vassilev > CS tool, Redirection (<, <<) do not work in wildfly-elytron-tool > ---------------------------------------------------------------- > > Key: ELY-1088 > URL: https://issues.jboss.org/browse/ELY-1088 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Ilia Vassilev > Priority: Blocker > > Redirection (<, <<) do not work in wildfly-elytron-tool. > It must work as is expected. > Customers use redirection of input in CLI, here are some old customer cases > * Customer cases (EAP 6x): > ** https://access.redhat.com/support/cases/#/case/00904577 > ** https://access.redhat.com/support/cases/#/case/00889193 > ** https://access.redhat.com/support/cases/#/case/00910827 > ** https://access.redhat.com/support/cases/#/case/00910848 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1090) SASL mechanism selection strings with ordering and filtering

by David Lloyd (JIRA)

David Lloyd created ELY-1090: -------------------------------- Summary: SASL mechanism selection strings with ordering and filtering Key: ELY-1090 URL: https://issues.jboss.org/browse/ELY-1090 Project: WildFly Elytron Issue Type: Enhancement Components: Authentication Client, Authentication Mechanisms, Authentication Server Reporter: David Lloyd Assignee: David Lloyd Fix For: 1.1.0.Beta38 ELY-129 went much of the way to exploring how authentication client configuration and server auth context should be able to configure mechanism selection automatically. However, there is still a need to do things like: specify mech preference/order, filter mechanisms, or provide a whitelist of allowed mechanisms. Introduce a selector which allows more detailed criteria to be given for SASL mechanism selection. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2688) RestartParentWriteAttributeHandler.isResourceServiceRestartAllowed should check the AttributeDefinition

by Brian Stansberry (JIRA)

Brian Stansberry created WFCORE-2688: ---------------------------------------- Summary: RestartParentWriteAttributeHandler.isResourceServiceRestartAllowed should check the AttributeDefinition Key: WFCORE-2688 URL: https://issues.jboss.org/browse/WFCORE-2688 Project: WildFly Core Issue Type: Enhancement Components: Domain Management Reporter: Brian Stansberry Assignee: Brian Stansberry Besides checking with the context as to whether the allow-resource-service-restart header is set, if there is an AD available, it should be checked. At one stroke this will turn off this ability for everything that doesn't specifically allow it. Needs checks though to fix attributes that are meant to allow this but don't say so. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2017