May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2887) Upgrade WildFly Elytron to 1.1.0.Beta48

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2887?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved JBEAP-11224 to WFCORE-2887: -------------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2887 (was: JBEAP-11224) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) > Upgrade WildFly Elytron to 1.1.0.Beta48 > --------------------------------------- > > Key: WFCORE-2887 > URL: https://issues.jboss.org/browse/WFCORE-2887 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta24 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1170) The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]>

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1170?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1170: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > The TrustManagerFactory should use a Provider from the defined Supplier<Provider[]> > ----------------------------------------------------------------------------------- > > Key: ELY-1170 > URL: https://issues.jboss.org/browse/ELY-1170 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta49 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1114) Check for realm availability when selecting a DIGEST mechanism realm

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1114?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1114: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > Check for realm availability when selecting a DIGEST mechanism realm > -------------------------------------------------------------------- > > Key: ELY-1114 > URL: https://issues.jboss.org/browse/ELY-1114 > Project: WildFly Elytron > Issue Type: Task > Components: HTTP > Affects Versions: 1.1.0.Beta39, 1.1.0.Beta44 > Reporter: Pedro Igor > Assignee: Pedro Igor > Fix For: 1.1.0.Beta41, 1.1.0.Beta49 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1078) Elytron MatchRule.toString() method throws StringIndexOutOfBoundsException

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1078?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1078: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > Elytron MatchRule.toString() method throws StringIndexOutOfBoundsException > -------------------------------------------------------------------------- > > Key: ELY-1078 > URL: https://issues.jboss.org/browse/ELY-1078 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta36 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta49 > > > In case when implementation of {{asString(StringBuilder b)}} for MatchRule does not change length of passed parameter (which is 0) then 'java.lang.StringIndexOutOfBoundsException: String index out of range: -1' is thrown for calling {{MatchRule.toString()}} due to calling {{StringBuilder.setLength(-1)}}. > e.g. MatchRule {{ALL}} in implementation {{asString(StringBuilder b)}} just returns passed parameter, which results to mentioned exception. > Thrown exception: > {code} > java.lang.StringIndexOutOfBoundsException: String index out of range: -1 > at java.lang.AbstractStringBuilder.setLength(AbstractStringBuilder.java:180) > at java.lang.StringBuilder.setLength(StringBuilder.java:76) > at org.wildfly.security.auth.client.MatchRule.toString(MatchRule.java:581) > ... > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1073) Add support for kerberos security factory in AuthenticationConfiguration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1073?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1073: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > Add support for kerberos security factory in AuthenticationConfiguration > ------------------------------------------------------------------------ > > Key: ELY-1073 > URL: https://issues.jboss.org/browse/ELY-1073 > Project: WildFly Elytron > Issue Type: Task > Reporter: Stefan Guilhen > Assignee: Stefan Guilhen > Fix For: 1.1.0.Beta49 > > > Authentication configuration should be able to use a kerberos security factory to obtain the GSSCredential and associated KerberosTicket for authentication. The CallbackHandler code should check for CredentialCallbacks of type GSSKerberosCredential and use the configured factory to retrieve the credential and associated ticket. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1067) Add support to use default GSSCredential CredentalSource with AuthenticationConfiguration from XML

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1067?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1067: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > Add support to use default GSSCredential CredentalSource with AuthenticationConfiguration from XML > -------------------------------------------------------------------------------------------------- > > Key: ELY-1067 > URL: https://issues.jboss.org/browse/ELY-1067 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta49 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1031) Make the CredentialStore class final

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1031?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1031: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > Make the CredentialStore class final > ------------------------------------ > > Key: ELY-1031 > URL: https://issues.jboss.org/browse/ELY-1031 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Credential Store > Reporter: Darran Lofthouse > Assignee: Peter Skopek > Priority: Critical > Fix For: 1.1.0.Beta49 > > > Unless there is a reason this has not already be done the class should probably be made final to be sure extension is not possible. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-715) SPNEGO: missing negstat field in the first reply

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-715?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-715: --------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > SPNEGO: missing negstat field in the first reply > ------------------------------------------------ > > Key: ELY-715 > URL: https://issues.jboss.org/browse/ELY-715 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Mechanisms > Reporter: Jan Kalina > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta49 > > > When the client sends an initial SPNEGO token with Kerberos as preferred mechanism and includes an invalid kerberos token, then client expects to see the {{WWW-Authenticate}} HTTP header with SPNEGO response {{negTokenResp[ negState = reject ]}}. > As stated in [SPNEGO specification|https://tools.ietf.org/html/rfc4178#section-4.2.2] negstat is required in first reply: > {code:borderStyle=dashed} > negState > ... > This field is REQUIRED in the first reply from the target, and is > OPTIONAL thereafter. When negState is absent, the actual state > should be inferred from the state of the negotiated mechanism > context. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1030) Move TokenSecurityRealm to org.wildfly.security.auth.realm package

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1030?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1030: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > Move TokenSecurityRealm to org.wildfly.security.auth.realm package > ------------------------------------------------------------------ > > Key: ELY-1030 > URL: https://issues.jboss.org/browse/ELY-1030 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Realms > Reporter: Darran Lofthouse > Assignee: Pedro Igor > Priority: Critical > Fix For: 1.1.0.Beta49 > > > The LDAP and JDBC realms have their own package as they have quite a few utility and configuration classes, the token realm only has one so I don't think we really need this one to be in it'own realm. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1029) Support clients that provide an optional CallbackHandler

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1029?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1029: ---------------------------------- Fix Version/s: 1.1.0.Beta49 (was: 1.1.0.Beta48) > Support clients that provide an optional CallbackHandler > -------------------------------------------------------- > > Key: ELY-1029 > URL: https://issues.jboss.org/browse/ELY-1029 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta49 > > > Clients such as the WildFly CLI provide a CallbackHandler implementation in case it is needed and not as a sign that it must be used, i.e. the desired outcome is that if the information required can be obtained from the configuration then authentication proceeds without interaction with the end user. > Neither the CLI or the end user should be required to be fully aware of the underlying security configuration. > This is similar to web browser HTTP authentication where there is only an interaction with the user if actually required. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017