[JBoss JIRA] (WFLY-8759) add a configuration attribute to @WebContext to handle EJB3 loadOnStartup > -1 situations
by Jan Blizňák (JIRA)
Jan Blizňák created WFLY-8759:
---------------------------------
Summary: add a configuration attribute to @WebContext to handle EJB3 loadOnStartup > -1 situations
Key: WFLY-8759
URL: https://issues.jboss.org/browse/WFLY-8759
Project: WildFly
Issue Type: Feature Request
Components: EJB
Affects Versions: 9.0.0.Alpha1
Reporter: Jan Blizňák
An app with a servlet that is loadOnStartup = 1 that references an EJB3 webservice not defined by a WSDL fails because the EJB3 servlet does not have the same loadOnStartup designator. There is an existing wildFly integration test that demonstrates this. (see org.jboss.as.test.integration.ws.serviceref.ServiceRefWithoutExplicitWsdlServletTestCase)
Also see the original bug filed against this behavior and the comments on the
cause, https://issues.jboss.org/browse/WFLY-3262.
A suggested solution is to add a configuration attribute to @WebContext.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2691) Elytron modifiable realms should show existing identities in subsystem
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2691?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-2691:
-------------------------------------
Fix Version/s: 3.0.0.Beta22
> Elytron modifiable realms should show existing identities in subsystem
> ----------------------------------------------------------------------
>
> Key: WFCORE-2691
> URL: https://issues.jboss.org/browse/WFCORE-2691
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta15
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Blocker
> Labels: filesystem-realm, security-realm
> Fix For: 3.0.0.Beta22
>
>
> Elytron {{filesystem-realm}} should load existing identities from file system. The steps to reproduce results in:
> {noformat}
> [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:read-identity
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0216: Management resource '[
> (\"subsystem\" => \"elytron\"),
> (\"filesystem-realm\" => \"realm\"),
> (\"identity\" => \"user\")
> ]' not found",
> "rolled-back" => true
> }
> [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:add
> {
> "outcome" => "failed",
> "failure-description" => "WFLYELY01000: Identity with name [user] already exists.",
> "rolled-back" => true
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2730) empty target-name in constant-permission-mapper is not allowed
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2730?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-2730:
-------------------------------------
Fix Version/s: 3.0.0.Beta22
> empty target-name in constant-permission-mapper is not allowed
> --------------------------------------------------------------
>
> Key: WFCORE-2730
> URL: https://issues.jboss.org/browse/WFCORE-2730
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Eva Jarkovská
> Assignee: Jan Kalina
> Fix For: 3.0.0.Beta22
>
>
> For some purposes there is need to construct permission with blank string as param (name/action) - for example *WebResourcePermission*.
> Such permission cannot be currently assigned using *constant-permission-mapper* because it requires at least one character to be not-null:
> If I try to assing permission with blank name ({{target-name=""}}) (example in steps to reproduce), parse error is thrown:
> {code}
> | > ParseError at [row,col]:[367,5]
> | > Message: "WFLYCTL0113: '' is an invalid value for parameter
> | > target-name. Values must have a minimum length of 1 characters"
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFLY-8758) Elytron, JMX client fails to work when the JVM is running in FIPS mode
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/WFLY-8758?page=com.atlassian.jira.plugin.... ]
Martin Choma moved JBEAP-10875 to WFLY-8758:
--------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-8758 (was: JBEAP-10875)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Security
(was: Security)
Target Release: (was: 7.1.0.GA)
Affects Version/s: (was: 7.1.0.DR18)
> Elytron, JMX client fails to work when the JVM is running in FIPS mode
> ----------------------------------------------------------------------
>
> Key: WFLY-8758
> URL: https://issues.jboss.org/browse/WFLY-8758
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Priority: Blocker
>
> The JMX client fails to work when the JVM is running in FIPS mode.
> There should be possible to configure client ssl context with Elytron. However doing so, still javax.net.ssl.SSLContext.getDefault() is called which fails with the following stacktrace:
> {code:title=server.log}
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Completed open of endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 1 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote)
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote': Remoting remote connection provider 42a0d0b7 for endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 2 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+tls)
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+tls': Remoting remote connection provider 7dc22d9b for endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 3 of endpoint "endpoint" <67ce59be> (opened Connection provider for remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remoting': Remoting remote connection provider 194d9579 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 4 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+http)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+http': Remoting remote connection provider 21f0cb0a for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 5 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+https)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+https': Remoting remote connection provider 27b862 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 6 of endpoint "endpoint" <67ce59be> (opened Connection provider for http-remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'http-remoting': Remoting remote connection provider 422cda30 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 7 of endpoint "endpoint" <67ce59be> (opened Connection provider for https-remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'https-remoting': Remoting remote connection provider 55cb3d77 for endpoint "endpoint" <67ce59be>
> 10:55:00,764 WARN [org.jboss.remotingjmx.Util] (default task-1) The protocol 'remoting-jmx' is deprecated, instead you should use 'remote'.
> 10:55:00,764 TRACE [org.wildfly.security] (default task-1) getAuthenticationConfiguration uri=remote://localhost:9999, protocolDefaultPort=-1, abstractType=null, abstractTypeAuthority=null, purpose=null, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-port=9999]
> 10:55:00,764 WARN [org.jboss.remotingjmx.Util] (default task-1) The protocol 'remoting-jmx' is deprecated, instead you should use 'remote'.
> 10:55:00,765 TRACE [org.wildfly.security] (default task-1) getAuthenticationConfiguration uri=remote://localhost:9999, protocolDefaultPort=-1, abstractType=null, abstractTypeAuthority=null, purpose=connect, MatchRule=[], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-port=9999]
> 10:55:00,772 INFO [stdout] (default task-1) *** Error:JBREM000212: Failed to configure SSL context
> 10:55:00,773 ERROR [stderr] (default task-1) java.io.IOException: JBREM000212: Failed to configure SSL context
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:497)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:487)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.internalRemotingConnect(RemotingConnector.java:241)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.internalConnect(RemotingConnector.java:158)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.connect(RemotingConnector.java:105)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
> 10:55:00,773 ERROR [stderr] (default task-1) at com.redhat.eap.qe.fips.standalone.elytron.client.jmx.JmxClientServlet.doGet(JmxClientServlet.java:33)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> 10:55:00,773 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> 10:55:00,774 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.lang.Thread.run(Thread.java:745)
> 10:55:00,776 ERROR [stderr] (default task-1) Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.security.Provider$Service.newInstance(Provider.java:1617)
> 10:55:00,776 ERROR [stderr] (default task-1) at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
> 10:55:00,776 ERROR [stderr] (default task-1) at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
> 10:55:00,777 ERROR [stderr] (default task-1) at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:183)
> 10:55:00,777 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:495)
> 10:55:00,777 ERROR [stderr] (default task-1) ... 46 more
> 10:55:00,777 ERROR [stderr] (default task-1) Caused by: java.security.KeyStoreException: FIPS mode: KeyStore must be from provider SunPKCS11-testPkcs
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:67)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:874)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:732)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> 10:55:00,778 ERROR [stderr] (default task-1) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> 10:55:00,778 ERROR [stderr] (default task-1) at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> 10:55:00,778 ERROR [stderr] (default task-1) at java.security.Provider$Service.newInstance(Provider.java:1595)
> 10:55:00,778 ERROR [stderr] (default task-1) ... 52 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2730) empty target-name in constant-permission-mapper is not allowed
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2730?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-2730:
-------------------------------------
Component/s: Security
> empty target-name in constant-permission-mapper is not allowed
> --------------------------------------------------------------
>
> Key: WFCORE-2730
> URL: https://issues.jboss.org/browse/WFCORE-2730
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Eva Jarkovská
> Assignee: Jan Kalina
>
> For some purposes there is need to construct permission with blank string as param (name/action) - for example *WebResourcePermission*.
> Such permission cannot be currently assigned using *constant-permission-mapper* because it requires at least one character to be not-null:
> If I try to assing permission with blank name ({{target-name=""}}) (example in steps to reproduce), parse error is thrown:
> {code}
> | > ParseError at [row,col]:[367,5]
> | > Message: "WFLYCTL0113: '' is an invalid value for parameter
> | > target-name. Values must have a minimum length of 1 characters"
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (ELY-1151) Empty authorization name for Digest mechanism causes authentication fail
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1151?page=com.atlassian.jira.plugin.s... ]
Jan Kalina reassigned ELY-1151:
-------------------------------
Assignee: Jan Kalina (was: Darran Lofthouse)
> Empty authorization name for Digest mechanism causes authentication fail
> ------------------------------------------------------------------------
>
> Key: ELY-1151
> URL: https://issues.jboss.org/browse/ELY-1151
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta38
> Reporter: Ondrej Lukas
> Assignee: Jan Kalina
> Priority: Blocker
>
> SASL specification says about Authorization Identity String [1]:
> {quote}
> If the authorization identity string is absent, the client is requesting to act as the identity the server associates with the client's credentials. *An empty string is equivalent to an absent authorization identity.*
> {quote}
> In case when authentication configuration includes empty name for authorization name then authentication fail. In correct behavior authentication name should be used if authorization name is empty string.
> It is caused by passing empty {{defaultName}} to {{NameCallback}} constructor which results to {{IllegalArgumentException}}. Condition in [2] checks only non-null value of {{authorizationId}} but it seems it should also check empty name.
> It can be reproduced with correctly set wildfly-config.xml (i.e. configuration where authentication succeed) - in case {{set-authorization-name}} element with empty string is added to this configuration file then authentication starts to fail.
> The same issue can occurs for every supported SASL mechanism. In needs to be revisited.
> We request blocker flag since current behavior violates SASL specification.
> [1] https://tools.ietf.org/html/rfc4422#section-3.4.1
> [2] https://github.com/wildfly-security/wildfly-elytron/blob/596f25e853c8fbae...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2799) empty target-name in constant-permission-mapper is not allowed
by Darran Lofthouse (JIRA)
Darran Lofthouse created WFCORE-2799:
----------------------------------------
Summary: empty target-name in constant-permission-mapper is not allowed
Key: WFCORE-2799
URL: https://issues.jboss.org/browse/WFCORE-2799
Project: WildFly Core
Issue Type: Bug
Reporter: Darran Lofthouse
Assignee: Jan Kalina
For some purposes there is need to construct permission with blank string as param (name/action) - for example *WebResourcePermission*.
Such permission cannot be currently assigned using *constant-permission-mapper* because it requires at least one character to be not-null:
If I try to assing permission with blank name ({{target-name=""}}) (example in steps to reproduce), parse error is thrown:
{code}
| > ParseError at [row,col]:[367,5]
| > Message: "WFLYCTL0113: '' is an invalid value for parameter
| > target-name. Values must have a minimum length of 1 characters"
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2798) CLI, cd --no-validation leads to invalid node path
by Jean-Francois Denise (JIRA)
Jean-Francois Denise created WFCORE-2798:
--------------------------------------------
Summary: CLI, cd --no-validation leads to invalid node path
Key: WFCORE-2798
URL: https://issues.jboss.org/browse/WFCORE-2798
Project: WildFly Core
Issue Type: Bug
Components: CLI
Reporter: Jean-Francois Denise
Assignee: Jean-Francois Denise
cd /c=y --no-validation changes the current path to be /c=y--no-validation
The option is considered to be part of the node path.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2560) User names in Elytron FileSystemRealm are not case sensitive on Windows
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2560?page=com.atlassian.jira.plugi... ]
Jan Kalina reopened WFCORE-2560:
--------------------------------
Assignee: Jan Kalina (was: ehsavoie Hugonnet)
> User names in Elytron FileSystemRealm are not case sensitive on Windows
> -----------------------------------------------------------------------
>
> Key: WFCORE-2560
> URL: https://issues.jboss.org/browse/WFCORE-2560
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta9
> Reporter: ehsavoie Hugonnet
> Assignee: Jan Kalina
> Priority: Blocker
> Labels: filesystem-realm, security-realm, windows
> Fix For: 3.0.0.Beta11
>
>
> User names are case sensitive on Linux but not on Windows when using the Elytron {{FileSystemSecurityRealm}}
> This is IMO a security issue. And it also affects platform certifications.
> If this is by any chance an expected behavior, then it has to be emphasized in documentation and in the domain model too (description of file-system-realm)
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months
[JBoss JIRA] (WFCORE-2797) http-remoting-connector attributes wrongly declared as "restart-required" => "no-services"
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2797?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8756 to WFCORE-2797:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2797 (was: WFLY-8756)
Component/s: Remoting
(was: Remoting)
> http-remoting-connector attributes wrongly declared as "restart-required" => "no-services"
> ------------------------------------------------------------------------------------------
>
> Key: WFCORE-2797
> URL: https://issues.jboss.org/browse/WFCORE-2797
> Project: WildFly Core
> Issue Type: Bug
> Components: Remoting
> Reporter: Martin Choma
> Assignee: David Lloyd
>
> Changing http-remoting-connector leads to reload required state. But all attributes are marked as {{"restart-required" => "no-services"}} in model. Based on documentation [1] I think they should be rather {{"restart-required" => "resource-services"}}
> {code}
> [standalone@localhost:9990 /] /subsystem=remoting/http-connector=http-remoting-connector:read-resource-description
> {
> "outcome" => "success",
> "result" => {
> "description" => "The configuration of a HTTP Upgrade based Remoting connector.",
> "capabilities" => [{
> "name" => "org.wildfly.remoting.http-connector",
> "dynamic" => true
> }],
> "attributes" => {
> "authentication-provider" => {
> "type" => STRING,
> "description" => "The \"authentication-provider\" element contains the name of the authentication provider to use for incoming connections.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-constraints" => {"sensitive" => {"remoting-security" => {"type" => "remoting"}}},
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "connector-ref" => {
> "type" => STRING,
> "description" => "The name (or names) of a connector in the Undertow subsystem to connect to.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "sasl-authentication-factory" => {
> "type" => STRING,
> "description" => "Reference to the SASL authentication factory to use for this connector.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "nil-significant" => true,
> "capability-reference" => "org.wildfly.security.sasl-authentication-factory",
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-constraints" => {"sensitive" => {"authentication-factory-ref" => {"type" => "core"}}},
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "sasl-protocol" => {
> "type" => STRING,
> "description" => "The protocol to pass into the SASL mechanisms used for authentication.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "default" => "remote",
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-constraints" => {"sensitive" => {"remoting-security" => {"type" => "remoting"}}},
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "security-realm" => {
> "type" => STRING,
> "description" => "The associated security realm to use for authentication for this connector.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-constraints" => {"sensitive" => {
> "security-realm-ref" => {"type" => "core"},
> "remoting-security" => {"type" => "remoting"}
> }},
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "server-name" => {
> "type" => STRING,
> "description" => "The server name to send in the initial message exchange and for SASL based authentication.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-constraints" => {"sensitive" => {"remoting-security" => {"type" => "remoting"}}},
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> }
> },
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {
> "security" => {
> "description" => "Configuration of security for this connector.",
> "model-description" => undefined
> },
> "property" => {
> "description" => "Properties to further configure the connector.",
> "model-description" => undefined
> }
> }
> },
> "response-headers" => {"process-state" => "reload-required"}
> }
> {code}
> [1] https://docs.jboss.org/author/display/WFLY10/Description+of+the+Managemen...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 2 months