May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1056) CS tool, Without --location parameter a credential store storage file isn't saved (or save as is expected).

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-1056?page=com.atlassian.jira.plugin.s... ] Ilia Vassilev commented on ELY-1056: ------------------------------------ With the new PR [1] I'm making the "location" option required. [1] https://github.com/wildfly-security/wildfly-elytron-tool/pull/53 > CS tool, Without --location parameter a credential store storage file isn't saved (or save as is expected). > ----------------------------------------------------------------------------------------------------------- > > Key: ELY-1056 > URL: https://issues.jboss.org/browse/ELY-1056 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Hynek Švábek > Assignee: Ilia Vassilev > > Without --location parameter a credential store storage file isn't saved (or save as is expected). > It pass but I am not able find credential store storage file on disk. > {code} > [hsvabek@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --uri "cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --summary > Alias "myalias" has been successfully stored > Credential store command summary: > -------------------------------------- > /subsystem=elytron/credential-store=test:add(uri="cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="mycspassword"}) > {code} > It pass with this URI value and I am able to find credential store storage file on disk. > {code} > uri="cr-store://credentialstorename/test.store?modifiable=true;create=true;keyStoreType=JCEKS" > {code} > I see problem here https://github.com/wildfly-security/wildfly-elytron-tool/blob/1.0.0.Alpha... > (test.store is interpreded as hostname in URI in first case) > *NOTE* > Please keep in mind this issue https://issues.jboss.org/browse/JBEAP-8450. > Behaviour must be consistent! -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1056) CS tool, Without --location parameter a credential store storage file isn't saved (or save as is expected).

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-1056?page=com.atlassian.jira.plugin.s... ] Ilia Vassilev updated ELY-1056: ------------------------------- Git Pull Request: https://github.com/wildfly-security/wildfly-elytron-tool/pull/28, https://github.com/wildfly-security/wildfly-elytron-tool/pull/53 (was: https://github.com/wildfly-security/wildfly-elytron-tool/pull/28) > CS tool, Without --location parameter a credential store storage file isn't saved (or save as is expected). > ----------------------------------------------------------------------------------------------------------- > > Key: ELY-1056 > URL: https://issues.jboss.org/browse/ELY-1056 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Hynek Švábek > Assignee: Ilia Vassilev > > Without --location parameter a credential store storage file isn't saved (or save as is expected). > It pass but I am not able find credential store storage file on disk. > {code} > [hsvabek@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --uri "cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --summary > Alias "myalias" has been successfully stored > Credential store command summary: > -------------------------------------- > /subsystem=elytron/credential-store=test:add(uri="cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="mycspassword"}) > {code} > It pass with this URI value and I am able to find credential store storage file on disk. > {code} > uri="cr-store://credentialstorename/test.store?modifiable=true;create=true;keyStoreType=JCEKS" > {code} > I see problem here https://github.com/wildfly-security/wildfly-elytron-tool/blob/1.0.0.Alpha... > (test.store is interpreded as hostname in URI in first case) > *NOTE* > Please keep in mind this issue https://issues.jboss.org/browse/JBEAP-8450. > Behaviour must be consistent! -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2060) Remove jgroups.logging.log_factory_class or have LogFactory.setCustomLogFactory take precedence to avoid issues with multiple jgroups in the same JVM

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/JGRP-2060?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on JGRP-2060: ----------------------------------------------- Radovan Netuka <rnetuka(a)redhat.com> changed the Status of [bug 1330729|https://bugzilla.redhat.com/show_bug.cgi?id=1330729] from MODIFIED to ASSIGNED > Remove jgroups.logging.log_factory_class or have LogFactory.setCustomLogFactory take precedence to avoid issues with multiple jgroups in the same JVM > ----------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: JGRP-2060 > URL: https://issues.jboss.org/browse/JGRP-2060 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.9 > Reporter: Brad Maxwell > Assignee: Bela Ban > Fix For: 3.6.10, 4.0 > > > Remove jgroups.logging.log_factory_class or have LogFactory.setCustomLogFactory take precedence to avoid issues with multiple jgroups in the same JVM -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2691) Elytron modifiable realms should show existing identities in subsystem

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2691?page=com.atlassian.jira.plugi... ] Jan Kalina commented on WFCORE-2691: ------------------------------------ Rewriting of key-stores in WFCORE-2737 > Elytron modifiable realms should show existing identities in subsystem > ---------------------------------------------------------------------- > > Key: WFCORE-2691 > URL: https://issues.jboss.org/browse/WFCORE-2691 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta15 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > Labels: filesystem-realm, security-realm > > Elytron {{filesystem-realm}} should load existing identities from file system. The steps to reproduce results in: > {noformat} > [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:read-identity > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"subsystem\" => \"elytron\"), > (\"filesystem-realm\" => \"realm\"), > (\"identity\" => \"user\") > ]' not found", > "rolled-back" => true > } > [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:add > { > "outcome" => "failed", > "failure-description" => "WFLYELY01000: Identity with name [user] already exists.", > "rolled-back" => true > } > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-923) Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/ELY-923?page=com.atlassian.jira.plugin.sy... ] Ondrej Kotek commented on ELY-923: ---------------------------------- [~honza889], could you move this to resolved please? > Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit > ------------------------------------------------------------------------------------ > > Key: ELY-923 > URL: https://issues.jboss.org/browse/ELY-923 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta21 > Reporter: Ondrej Kotek > Assignee: Jan Kalina > Priority: Blocker > Fix For: 1.1.0.Beta28 > > > Elytron {{caching-realm}} backed by {{ldap-realm}} provides caching for identity objects but not for related credentials and attributes. This is currently due to design of {{ldap-realm}} (like in case of {{filesystem-realm}}, see ELY-915). > Credentials and attributes should not be loaded from LDAP for a cache hit. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2333) Native management interface does not work with SSL/TLS based on Elytron SSL Context

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2333?page=com.atlassian.jira.plugi... ] Ondrej Kotek commented on WFCORE-2333: -------------------------------------- [~dlofthouse], could you move this to resolved please? > Native management interface does not work with SSL/TLS based on Elytron SSL Context > ----------------------------------------------------------------------------------- > > Key: WFCORE-2333 > URL: https://issues.jboss.org/browse/WFCORE-2333 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta2 > Reporter: Ondrej Kotek > Priority: Blocker > > Following [1,2] to set management {{native-interface}} backed by SSL Context from Elytron, {{jboss-cli}} connection results in: > {{Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9999}} > Are there any configuration steps that needs to be performed for this configuration to work? > [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildF... > [2] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildF... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2650) Elytron Audit Logging does not support sending messages over TLS

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2650?page=com.atlassian.jira.plugi... ] Jan Kalina reopened WFCORE-2650: -------------------------------- > Elytron Audit Logging does not support sending messages over TLS > ---------------------------------------------------------------- > > Key: WFCORE-2650 > URL: https://issues.jboss.org/browse/WFCORE-2650 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > Labels: audit-logging, management-model > Fix For: 3.0.0.Beta16 > > > Currently, Elytron Audit Logging supports only UDP and TCP transport protocols for sending messages to Syslog server. There should be a possibility to send messages over TLS as well. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1022) Elytron Audit Logging does not support sending messages over TLS

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1022?page=com.atlassian.jira.plugin.s... ] Jan Kalina reopened ELY-1022: ----------------------------- > Elytron Audit Logging does not support sending messages over TLS > ---------------------------------------------------------------- > > Key: ELY-1022 > URL: https://issues.jboss.org/browse/ELY-1022 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Jan Tymel > Assignee: Jan Kalina > Priority: Blocker > Fix For: 1.1.0.Beta37 > > > Currently, Elytron Audit Logging supports only UDP and TCP transport protocols for sending messages to Syslog server. There should be a possibility to send messages over TLS as well. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-13) End users can call non-published management API operations

by Tomaz Cerar (JIRA)

[ https://issues.jboss.org/browse/WFCORE-13?page=com.atlassian.jira.plugin.... ] Tomaz Cerar commented on WFCORE-13: ----------------------------------- Just line of note, SubsystemDescriptionDump is not really needed anymore at least not in a capacity to be registered as operation. I am preparing PR that will move it to test code as it only place to that uses it. > End users can call non-published management API operations > ---------------------------------------------------------- > > Key: WFCORE-13 > URL: https://issues.jboss.org/browse/WFCORE-13 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Reporter: Ladislav Thon > Labels: EAP > > It's not possible to call "non-published" operations (those that are not visible in the resource tree, e.g. {{describe}}) via JMX, while it's entirely possible to call them via CLI (e.g. {{/subsystem=security:describe}}) and other management interfaces. > The problem lies in the fact that {{ModelControllerMBeanHelper.invoke}} method checks {{if (!accessControl.isExecutableOperation(operationName))}} and the {{isExecutableOperation}} method assumes that the operation will be visible in the resource tree. In fact, there is a comment stating _should not happen_, but now we know that it indeed _can_ happen. > What's more, it gives a misleading error message. The {{isExecutableOperation}} returns {{false}} for unknown operations, which results in {{Not authorized to invoke operation}} message. Which is wrong in two different ways simultaneously: 1. the problem isn't authorization, but the fact that the operation can't be found; 2. the user (e.g. in the {{SuperUser}} role) _is_ authorized. > I'm considering this low priority, because 1. JMX is likely to be very rarely used to access the management interface, 2. hiding information isn't nearly as important as leaking them, 3. non-published operations aren't nearly as important as the published ones. It's worth a JIRA nevertheless. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1131) WildFly Elytron Tool, For vault command bulk-convert is missing validation for parsed values from description file.

by Hynek Švábek (JIRA)

Hynek Švábek created ELY-1131: --------------------------------- Summary: WildFly Elytron Tool, For vault command bulk-convert is missing validation for parsed values from description file. Key: ELY-1131 URL: https://issues.jboss.org/browse/ELY-1131 Project: WildFly Elytron Issue Type: Bug Reporter: Hynek Švábek Assignee: Darran Lofthouse For vault command bulk-convert is missing validation for parsed values from description file. There is expected to have some kind of validation for parsed value. There must be defined which values are required and which not. There are these problems with required arguments: # omitting "alias" leads to NullPointerException # omitting "location" leads to incorrect tool output where is "null" value as credential store, converted file isn't created but it seems that operation was successful. {code} java -jar wildfly-elytron-tool.jar vault --bulk-convert bulk-vault-conversion-desc Vault (enc-dir="./test";keystore="server.store") converted to credential store "null" {code} # omitting "enc-dir" leads to incorrect tool output where is "null" value for "enc-dir" and there is created empty converted.jceks file in current directory. {code} java -jar wildfly-elytron-tool.jar vault --bulk-convert bulk-vault-conversion-desc Vault (enc-dir="null";keystore="server.store") converted to credential store "converted.jceks" {code} * there are more choices how to solve it: ## error message, because each VAULT in description file should have different value. ## set it to current directory ## other solution # omitting "keystore-password" leads to NullPointerException * There is expected better error message. # There must be defined at least one "keystore", because it is separator between *How to reproduce* Download all attachments to same location as wildfly-elytron-tool.jar update *bulk-vault-conversion-desc* file and run this command java -jar wildfly-elytron-tool.jar vault --bulk-convert bulk-vault-conversion-desc Here is example of correctly defined one vault store for convert in description file {code} # Bulk conversion descriptor keystore:server.store keystore-password:MASK-2hKo56F1a3jYGnJwhPmiF5 enc-dir:./test salt:12345678 iteration:34 location:converted.jceks alias:jboss {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 8 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017