May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2754) Propagate sasl-mechanism-selector to elytron subsystem

by Martin Švehla (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2754?page=com.atlassian.jira.plugi... ] Martin Švehla moved JBEAP-10699 to WFCORE-2754: ----------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2754 (was: JBEAP-10699) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta16 (was: 7.1.0.DR17) > Propagate sasl-mechanism-selector to elytron subsystem > ------------------------------------------------------ > > Key: WFCORE-2754 > URL: https://issues.jboss.org/browse/WFCORE-2754 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta16 > Reporter: Martin Švehla > Priority: Critical > > sasl-mechanism-selector was introduced to Elytron client configuration to allow whitelisting specific SASL mechanism in the client. See JBEAP-10090 for the discussion. > This element should be also propagated to Elytron subsystem so it's available server side. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2754) Propagate sasl-mechanism-selector to elytron subsystem

by Martin Švehla (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2754?page=com.atlassian.jira.plugi... ] Martin Švehla updated WFCORE-2754: ---------------------------------- Description: sasl-mechanism-selector was introduced to Elytron client configuration to allow whitelisting specific SASL mechanism in the client. See WFCORE-2615 for the discussion. This element should be also propagated to Elytron subsystem so it's available server side. was: sasl-mechanism-selector was introduced to Elytron client configuration to allow whitelisting specific SASL mechanism in the client. See JBEAP-10090 for the discussion. This element should be also propagated to Elytron subsystem so it's available server side. > Propagate sasl-mechanism-selector to elytron subsystem > ------------------------------------------------------ > > Key: WFCORE-2754 > URL: https://issues.jboss.org/browse/WFCORE-2754 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta16 > Reporter: Martin Švehla > Priority: Critical > > sasl-mechanism-selector was introduced to Elytron client configuration to allow whitelisting specific SASL mechanism in the client. See WFCORE-2615 for the discussion. > This element should be also propagated to Elytron subsystem so it's available server side. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1128) WildFly Elytron Tool, add prompt when --keystore-password is missing for Vault command.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/ELY-1128?page=com.atlassian.jira.plugin.s... ] Hynek Švábek moved JBEAP-10697 to ELY-1128: ------------------------------------------- Project: WildFly Elytron (was: JBoss Enterprise Application Platform) Key: ELY-1128 (was: JBEAP-10697) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Credential Store (was: Security) Affects Version/s: (was: 7.1.0.DR17) > WildFly Elytron Tool, add prompt when --keystore-password is missing for Vault command. > --------------------------------------------------------------------------------------- > > Key: ELY-1128 > URL: https://issues.jboss.org/browse/ELY-1128 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Priority: Blocker > > Add prompt when --keystore-password is missing for Vault command. > Use case: > * User have automation script using cs tool and user don't want to have password stored in file. > * User don't want credential store password to be stored in shell history after execution. > * User don't want credential store password to be listed in ps -aux output. > There have to be possibility to omit --keystore-password attribute. When omitting --keystore-password attribute user interaction prompt should follow with possibility to input password. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1127) WildFly Elytron Tool, Help output must contain information about default values of options.

by Hynek Švábek (JIRA)

Hynek Švábek created ELY-1127: --------------------------------- Summary: WildFly Elytron Tool, Help output must contain information about default values of options. Key: ELY-1127 URL: https://issues.jboss.org/browse/ELY-1127 Project: WildFly Elytron Issue Type: Bug Reporter: Hynek Švábek Assignee: Darran Lofthouse Help output must contain information about default values of options. There are some options which has default value: * alias * location * enc-dir * iteration * salt -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1127) WildFly Elytron Tool, Help output must contain information about default values of options.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/ELY-1127?page=com.atlassian.jira.plugin.s... ] Hynek Švábek updated ELY-1127: ------------------------------ Component/s: Credential Store > WildFly Elytron Tool, Help output must contain information about default values of options. > ------------------------------------------------------------------------------------------- > > Key: ELY-1127 > URL: https://issues.jboss.org/browse/ELY-1127 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > Help output must contain information about default values of options. > There are some options which has default value: > * alias > * location > * enc-dir > * iteration > * salt -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1126) WildFly Elytron Tool, Vault command summary contains MASKed password without --iteration and --salt when is used MASKed password for access to VAULT.

by Hynek Švábek (JIRA)

Hynek Švábek created ELY-1126: --------------------------------- Summary: WildFly Elytron Tool, Vault command summary contains MASKed password without --iteration and --salt when is used MASKed password for access to VAULT. Key: ELY-1126 URL: https://issues.jboss.org/browse/ELY-1126 Project: WildFly Elytron Issue Type: Bug Reporter: Hynek Švábek Assignee: Darran Lofthouse Vault command summary contains MASKed password without --iteration and --salt when is used MASKed password for access to VAULT. MASKed password must contain SALT and ITERATION as is expected: *credential-reference=\{clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5;12345678;34"\}* FYI: plain text password is "secretsecret". *How to reproduce* Download all attachments to same location as *wildfly-elytron-tool.jar* and run this command: {code} [hsvabek@dhcp-10-40-5-100 003]$ java -jar wildfly-elytron-tool.jar vault --enc-dir . --keystore server.store --keystore-password MASK-2hKo56F1a3jYGnJwhPmiF5 --salt 12345678 --iteration 34 --location converted001.store --alias jboss --summary Vault (enc-dir=".";keystore="server.store") converted to credential store "converted001.store" Vault Conversion summary: -------------------------------------- Vault Conversion Successful CLI command to add new credential store: /subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,location="converted001.store",implementation-properties={},credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5"}) {code} Credential reference contains MASKed password without salt and iteration (credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5"}) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1126) WildFly Elytron Tool, Vault command summary contains MASKed password without --iteration and --salt when is used MASKed password for access to VAULT.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/ELY-1126?page=com.atlassian.jira.plugin.s... ] Hynek Švábek updated ELY-1126: ------------------------------ Component/s: Credential Store > WildFly Elytron Tool, Vault command summary contains MASKed password without --iteration and --salt when is used MASKed password for access to VAULT. > ----------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: ELY-1126 > URL: https://issues.jboss.org/browse/ELY-1126 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > Vault command summary contains MASKed password without --iteration and --salt when is used MASKed password for access to VAULT. > MASKed password must contain SALT and ITERATION as is expected: > *credential-reference=\{clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5;12345678;34"\}* > FYI: plain text password is "secretsecret". > *How to reproduce* > Download all attachments to same location as *wildfly-elytron-tool.jar* and run this command: > {code} > [hsvabek@dhcp-10-40-5-100 003]$ java -jar wildfly-elytron-tool.jar vault --enc-dir . --keystore server.store --keystore-password MASK-2hKo56F1a3jYGnJwhPmiF5 --salt 12345678 --iteration 34 --location converted001.store --alias jboss --summary > Vault (enc-dir=".";keystore="server.store") converted to credential store "converted001.store" > Vault Conversion summary: > -------------------------------------- > Vault Conversion Successful > CLI command to add new credential store: > /subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,location="converted001.store",implementation-properties={},credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5"}) > {code} > Credential reference contains MASKed password without salt and iteration (credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5"}) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2753) Upgrade WildFly Client Config to 1.0.0.Beta4

by Darran Lofthouse (JIRA)

Darran Lofthouse created WFCORE-2753: ---------------------------------------- Summary: Upgrade WildFly Client Config to 1.0.0.Beta4 Key: WFCORE-2753 URL: https://issues.jboss.org/browse/WFCORE-2753 Project: WildFly Core Issue Type: Component Upgrade Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.Beta18 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1118) Non-existing alias for SSL in Elytron Client configuration file causes NPE

by Tomas Hofman (JIRA)

[ https://issues.jboss.org/browse/ELY-1118?page=com.atlassian.jira.plugin.s... ] Tomas Hofman reassigned ELY-1118: --------------------------------- Assignee: Tomas Hofman (was: Darran Lofthouse) > Non-existing alias for SSL in Elytron Client configuration file causes NPE > -------------------------------------------------------------------------- > > Key: ELY-1118 > URL: https://issues.jboss.org/browse/ELY-1118 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Affects Versions: 1.1.0.Beta39 > Reporter: Ondrej Lukas > Assignee: Tomas Hofman > Priority: Critical > > In case when Elytron Client configuration file for {{key-store-ssl-certificate}} element includes alias which does not exist in given keystore then NPE is thrown. > It is caused by missing null check for {{entry}} in [1]. > Thrown NPE: > {code} > ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /dep/ctx: java.lang.NullPointerException > at org.wildfly.security.auth.client.ElytronXmlParser$PrivateKeyKeyStoreEntryCredentialFactory.get(ElytronXmlParser.java:2404) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$5(ElytronXmlParser.java:459) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextRuleType$6(ElytronXmlParser.java:501) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$8(ElytronXmlParser.java:537) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:309) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:180) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:141) > at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:116) > at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.doGet(WildflyConfigXmlServlet.java:91) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > [1] https://github.com/wildfly-security/wildfly-elytron/blob/07dca201e47344ee... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1125) WildFly Elytron Tool, Omitting --location leads to wrong credential store storage file in tool output and in summary output.

by Hynek Švábek (JIRA)

Hynek Švábek created ELY-1125: --------------------------------- Summary: WildFly Elytron Tool, Omitting --location leads to wrong credential store storage file in tool output and in summary output. Key: ELY-1125 URL: https://issues.jboss.org/browse/ELY-1125 Project: WildFly Elytron Issue Type: Bug Reporter: Hynek Švábek Assignee: Darran Lofthouse Omitting --location leads to wrong credential store storage file in tool output and in summary output. In this case when is omitted --location * tool output contains credential store storage file name with "enc-dir" path prefix. * summary output contains in location double slash in case of enc-dir value ends by slash *Expected behaviour:* Tool output must show only storage file name. Summary output must not contain double slash in location *How to reproduce* Download all attachments to same location as wildfly-elytron-tool.jar option --location must be omitted, --enc-dir must end by slash. {code} [hsvabek@dhcp-10-40-5-100 003]$ java -jar wildfly-elytron-tool.jar vault --enc-dir ./ --keystore server.store --keystore-password secretsecret --alias jboss -f Vault (enc-dir="./";keystore="server.store") converted to credential store ".//converted-vault.cr-store" Vault Conversion summary: -------------------------------------- Vault Conversion Successful CLI command to add new credential store: /subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,location=".//converted-vault.cr-store",implementation-properties={},credential-reference={clear-text="MASK-13KrO2ZNhwNg3UxmIt.02D;12345678;23"}) {code} Now you can see *".//converted-vault.cr-store"* on tool output right value is *"converted-vault.cr-store"* and location=*".//converted-vault.cr-store"* in summary output for which is correct value *"./converted-vault.cr-store"*. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017