April 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1022) Elytron Audit Logging does not support sending messages over TLS

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/ELY-1022?page=com.atlassian.jira.plugin.s... ] Kabir Khan updated ELY-1022: ---------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Elytron Audit Logging does not support sending messages over TLS > ---------------------------------------------------------------- > > Key: ELY-1022 > URL: https://issues.jboss.org/browse/ELY-1022 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Jan Tymel > Assignee: Jan Kalina > Priority: Blocker > Fix For: 1.1.0.Beta37 > > > Currently, Elytron Audit Logging supports only UDP and TCP transport protocols for sending messages to Syslog server. There should be a possibility to send messages over TLS as well. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1083) Elytron Client Configuration File does not allow to use truststore

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-1083?page=com.atlassian.jira.plugin.s... ] Ondrej Lukas updated ELY-1083: ------------------------------ Affects Version/s: 1.1.0.Beta34 > Elytron Client Configuration File does not allow to use truststore > ------------------------------------------------------------------ > > Key: ELY-1083 > URL: https://issues.jboss.org/browse/ELY-1083 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta34 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > > Elytron Client Configuration File ({{wildfly-config.xml}}) does not allow to use or configure truststore. It seems there are not related truststore attributes and also {{org.wildfly.security.auth.client.ElytronXmlParser}} does not use {{setTrustManager()}} method. > It means that following cannot be configured in Elytron Client Configuration File: > * 1-way SSL where Elytron clients need to trust the certificate from server > * 2-way SSL cannot be set between application server and Elytron Client > We request blocker since this issue blocks RFE EAP7-567. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1083) Elytron Client Configuration File does not allow to use truststore

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-1083?page=com.atlassian.jira.plugin.s... ] Ondrej Lukas updated ELY-1083: ------------------------------ Component/s: Authentication Client > Elytron Client Configuration File does not allow to use truststore > ------------------------------------------------------------------ > > Key: ELY-1083 > URL: https://issues.jboss.org/browse/ELY-1083 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Affects Versions: 1.1.0.Beta34 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > > Elytron Client Configuration File ({{wildfly-config.xml}}) does not allow to use or configure truststore. It seems there are not related truststore attributes and also {{org.wildfly.security.auth.client.ElytronXmlParser}} does not use {{setTrustManager()}} method. > It means that following cannot be configured in Elytron Client Configuration File: > * 1-way SSL where Elytron clients need to trust the certificate from server > * 2-way SSL cannot be set between application server and Elytron Client > We request blocker since this issue blocks RFE EAP7-567. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1083) Elytron Client Configuration File does not allow to use truststore

by Ondrej Lukas (JIRA)

Ondrej Lukas created ELY-1083: --------------------------------- Summary: Elytron Client Configuration File does not allow to use truststore Key: ELY-1083 URL: https://issues.jboss.org/browse/ELY-1083 Project: WildFly Elytron Issue Type: Bug Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Blocker Elytron Client Configuration File ({{wildfly-config.xml}}) does not allow to use or configure truststore. It seems there are not related truststore attributes and also {{org.wildfly.security.auth.client.ElytronXmlParser}} does not use {{setTrustManager()}} method. It means that following cannot be configured in Elytron Client Configuration File: * 1-way SSL where Elytron clients need to trust the certificate from server * 2-way SSL cannot be set between application server and Elytron Client We request blocker since this issue blocks RFE EAP7-567. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-802) Elytron ExternalSaslServer/Client should throw IllegalStateException for wrap/unwrap methods

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/ELY-802?page=com.atlassian.jira.plugin.sy... ] Kabir Khan updated ELY-802: --------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Elytron ExternalSaslServer/Client should throw IllegalStateException for wrap/unwrap methods > -------------------------------------------------------------------------------------------- > > Key: ELY-802 > URL: https://issues.jboss.org/browse/ELY-802 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta37 > > > Calling {{wrap/unwrap}} methods on {{ExternalSaslServer/Client}} should throw {{IllegalStateException}} as defines [the contract|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/Sas...]. Currently it throws a {{SaslException}}. > --We could be inspired by OpenJDK implementation of CRAM-MD5 and do the following in both methods:- -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1061) Specify detailed HttpServerAuthenticationMechanismFactory interface contract

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/ELY-1061?page=com.atlassian.jira.plugin.s... ] Kabir Khan updated ELY-1061: ---------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Specify detailed HttpServerAuthenticationMechanismFactory interface contract > ---------------------------------------------------------------------------- > > Key: ELY-1061 > URL: https://issues.jboss.org/browse/ELY-1061 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta37 > > > Please specify detailed contract of HttpServerAuthenticationMechanismFactory. > Describe which params are allowed to be null and what happens in that case. Also describe if null return values are allowed from interface methods and when does that could happen. > You can consider {{javax.security.sasl.SaslServerFactory}} as example of detailed contract. > For example: > * Is {{properties}} parameter of {{getMechanismNames()}} allowed to be null? > * is {{getMechanismNames()}} allowed to return null ? > * Are any of {{createAuthenticationMechanism()}} parameters allowed to be null? > ** For {{ServerMechanismFactoryImpl}} implementation {{properties}} could not be null - is it general rule? > {code} > java.lang.IllegalArgumentException: Parameter 'properties' may not be null > at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69) > at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47) > at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:79) > {code} > ** For {{ServerMechanismFactoryImpl}} implementation {{callbackHandler}} could not be null - is it general rule? > {code} > java.lang.IllegalArgumentException: Parameter 'callbackHandler' may not be null > at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69) > at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47) > at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:80) > {code} > ** For {{ServerMechanismFactoryImpl}} implementation {{mechanismName}} could not be null - is it general rule? > {code} > java.lang.IllegalArgumentException: Parameter 'mechanismName' may not be null > at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69) > at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47) > at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:78) > {code} > I would suggest to wrap {{java.lang.IllegalArgumentException}} to HttpAuthenticationException. Otherwise possibility of {{IllegalArgumentException}} should be documented in contract. > Filing as Critical, as this interface is expected to be implemented by custom factories. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1006) Elytron Audit Logging does not support log file rotation

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/ELY-1006?page=com.atlassian.jira.plugin.s... ] Kabir Khan updated ELY-1006: ---------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Elytron Audit Logging does not support log file rotation > -------------------------------------------------------- > > Key: ELY-1006 > URL: https://issues.jboss.org/browse/ELY-1006 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Jan Tymel > Assignee: Jan Kalina > Priority: Blocker > Fix For: 1.1.0.Beta37 > > Attachments: deployment.war > > > It is not possible to rotate (= rename current log file and start logging into a new one) Elytron Audit log files. It cannot be set to use the log rotation neither based on the file size (e.g. once the file size outreaches 100 MB) nor based on a time period (e.g. rotate create a new file every Sunday at midnight). > Inability to set the log rotation could lead to huge log files. Then it would be really difficult to read such files. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1055) Missing privileged section in Elytron FileSystemRealm

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/ELY-1055?page=com.atlassian.jira.plugin.s... ] Kabir Khan updated ELY-1055: ---------------------------- Fix Version/s: 1.1.0.Beta37 (was: 1.1.0.Beta36) > Missing privileged section in Elytron FileSystemRealm > ----------------------------------------------------- > > Key: ELY-1055 > URL: https://issues.jboss.org/browse/ELY-1055 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Jan Kalina > Priority: Blocker > Fix For: 1.1.0.Beta37 > > > Calling Elytron {{SecurityDomain.authenticate()}} method results in {{AccessControlException}} (missing {{FilePermission}}) when Elytron {{FileSystemSecurityRealm}} is used for the domain and server runs with security manager enabled. > This file permission check must not be propagated to the calling user. The only permissions required for him/her should be the {{ElytronPermission}} ones. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1061) Specify detailed HttpServerAuthenticationMechanismFactory interface contract

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/ELY-1061?page=com.atlassian.jira.plugin.s... ] Kabir Khan updated ELY-1061: ---------------------------- Fix Version/s: 1.1.0.Beta36 (was: 1.1.0.Beta37) > Specify detailed HttpServerAuthenticationMechanismFactory interface contract > ---------------------------------------------------------------------------- > > Key: ELY-1061 > URL: https://issues.jboss.org/browse/ELY-1061 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta36 > > > Please specify detailed contract of HttpServerAuthenticationMechanismFactory. > Describe which params are allowed to be null and what happens in that case. Also describe if null return values are allowed from interface methods and when does that could happen. > You can consider {{javax.security.sasl.SaslServerFactory}} as example of detailed contract. > For example: > * Is {{properties}} parameter of {{getMechanismNames()}} allowed to be null? > * is {{getMechanismNames()}} allowed to return null ? > * Are any of {{createAuthenticationMechanism()}} parameters allowed to be null? > ** For {{ServerMechanismFactoryImpl}} implementation {{properties}} could not be null - is it general rule? > {code} > java.lang.IllegalArgumentException: Parameter 'properties' may not be null > at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69) > at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47) > at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:79) > {code} > ** For {{ServerMechanismFactoryImpl}} implementation {{callbackHandler}} could not be null - is it general rule? > {code} > java.lang.IllegalArgumentException: Parameter 'callbackHandler' may not be null > at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69) > at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47) > at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:80) > {code} > ** For {{ServerMechanismFactoryImpl}} implementation {{mechanismName}} could not be null - is it general rule? > {code} > java.lang.IllegalArgumentException: Parameter 'mechanismName' may not be null > at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69) > at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47) > at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:78) > {code} > I would suggest to wrap {{java.lang.IllegalArgumentException}} to HttpAuthenticationException. Otherwise possibility of {{IllegalArgumentException}} should be documented in contract. > Filing as Critical, as this interface is expected to be implemented by custom factories. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-802) Elytron ExternalSaslServer/Client should throw IllegalStateException for wrap/unwrap methods

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/ELY-802?page=com.atlassian.jira.plugin.sy... ] Kabir Khan updated ELY-802: --------------------------- Fix Version/s: 1.1.0.Beta36 (was: 1.1.0.Beta37) > Elytron ExternalSaslServer/Client should throw IllegalStateException for wrap/unwrap methods > -------------------------------------------------------------------------------------------- > > Key: ELY-802 > URL: https://issues.jboss.org/browse/ELY-802 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta36 > > > Calling {{wrap/unwrap}} methods on {{ExternalSaslServer/Client}} should throw {{IllegalStateException}} as defines [the contract|http://docs.oracle.com/javase/8/docs/api/javax/security/sasl/Sas...]. Currently it throws a {{SaslException}}. > --We could be inspired by OpenJDK implementation of CRAM-MD5 and do the following in both methods:- -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2017