May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2767) Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2767?page=com.atlassian.jira.plugi... ] Yeray Borges updated WFCORE-2767: --------------------------------- Steps to Reproduce: {code} /subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks) {code} {code} /subsystem=elytron/credential-store=cs001:add-alias(alias=ff,secret-value=Elytron) {code} Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data {code} /subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff}) {code} You can list all aliases in keystore {code} /subsystem=elytron/key-store=firefly:read-aliases { "outcome" => "success", "result" => [ "ca", "firefly" ] } {code} We create another credential store with same alias entry but different value {code} /subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks) {code} {code} /subsystem=elytron/credential-store=cs002:add-alias(alias=ff, secret-value=ElytronWrong) {code} *Now we change credential-reference for keystore to second credential store with invalid password to keystore access.* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002) { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} Reload is required for credential-reference but in model we see "restart-required" => "no-services" {code:collapse} "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => true, "nillable" => false, "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "capability-reference" => "org.wildfly.security.credential-store", "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } {code} *Set allow-resource-service-restart header property to true doesn't help* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true} { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} was: {code} /subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks) {code} {code} /subsystem=elytron/credential-store=cs001:add-alias(alias=ff,secret-value=Elytron) {code} Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data {code} /subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff}) {code} You can list all aliases in keystore {code} /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias) { "outcome" => "success", "result" => [ "ca", "firefly" ] } {code} We create another credential store with same alias entry but different value {code} /subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks) {code} {code} /subsystem=elytron/credential-store=cs002/alias=ff:add(secret-value=ElytronWrong) {code} *Now we change credential-reference for keystore to second credential store with invalid password to keystore access.* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002) { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} Reload is required for credential-reference but in model we see "restart-required" => "no-services" {code:collapse} "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => true, "nillable" => false, "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "capability-reference" => "org.wildfly.security.credential-store", "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } {code} *Set allow-resource-service-restart header property to true doesn't help* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true} { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} > Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services" > ----------------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2767 > URL: https://issues.jboss.org/browse/WFCORE-2767 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Yeray Borges > Priority: Critical > > Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services" > There should be rather restart-required set to "resource-services" and ability to use allow-resource-service-restart=true header property -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2767) Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2767?page=com.atlassian.jira.plugi... ] Yeray Borges updated WFCORE-2767: --------------------------------- Steps to Reproduce: {code} /subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks) {code} {code} /subsystem=elytron/credential-store=cs001:add-alias(alias=ff,secret-value=Elytron) {code} Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data {code} /subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff}) {code} You can list all aliases in keystore {code} /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias) { "outcome" => "success", "result" => [ "ca", "firefly" ] } {code} We create another credential store with same alias entry but different value {code} /subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks) {code} {code} /subsystem=elytron/credential-store=cs002/alias=ff:add(secret-value=ElytronWrong) {code} *Now we change credential-reference for keystore to second credential store with invalid password to keystore access.* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002) { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} Reload is required for credential-reference but in model we see "restart-required" => "no-services" {code:collapse} "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => true, "nillable" => false, "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "capability-reference" => "org.wildfly.security.credential-store", "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } {code} *Set allow-resource-service-restart header property to true doesn't help* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true} { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} was: {code} /subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks) {code} {code} /subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=Elytron) {code} Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data {code} /subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff}) {code} You can list all aliases in keystore {code} /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias) { "outcome" => "success", "result" => [ "ca", "firefly" ] } {code} We create another credential store with same alias entry but different value {code} /subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks) {code} {code} /subsystem=elytron/credential-store=cs002/alias=ff:add(secret-value=ElytronWrong) {code} *Now we change credential-reference for keystore to second credential store with invalid password to keystore access.* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002) { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} Reload is required for credential-reference but in model we see "restart-required" => "no-services" {code:collapse} "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => true, "nillable" => false, "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "capability-reference" => "org.wildfly.security.credential-store", "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } {code} *Set allow-resource-service-restart header property to true doesn't help* {code} /subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true} { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } {code} > Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services" > ----------------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2767 > URL: https://issues.jboss.org/browse/WFCORE-2767 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Yeray Borges > Priority: Critical > > Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services" > There should be rather restart-required set to "resource-services" and ability to use allow-resource-service-restart=true header property -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-84) Adjust Timelines to new widgetastic

by Hayk Hovsepyan (JIRA)

[ https://issues.jboss.org/browse/HAWKULARQE-84?page=com.atlassian.jira.plu... ] Hayk Hovsepyan commented on HAWKULARQE-84: ------------------------------------------ PR sent https://github.com/ManageIQ/integration_tests/pull/4758 > Adjust Timelines to new widgetastic > ------------------------------------ > > Key: HAWKULARQE-84 > URL: https://issues.jboss.org/browse/HAWKULARQE-84 > Project: Hawkular QE > Issue Type: Task > Reporter: Hayk Hovsepyan > Assignee: Hayk Hovsepyan > > Currently Timelines are disabled because of UI changes. > But now CFME QE team did some adjustments, and we need to reuse them in our test_provider_timelines.py -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8720) Fix and unignore tests for switching identities in Elytron

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8720?page=com.atlassian.jira.plugin.... ] Josef Cacek updated WFLY-8720: ------------------------------ Git Pull Request: https://github.com/wildfly/wildfly/pull/10025, https://github.com/wildfly/wildfly/pull/10119 (was: https://github.com/wildfly/wildfly/pull/10025) > Fix and unignore tests for switching identities in Elytron > ---------------------------------------------------------- > > Key: WFLY-8720 > URL: https://issues.jboss.org/browse/WFLY-8720 > Project: WildFly > Issue Type: Bug > Components: Security, Test Suite > Reporter: Josef Cacek > Assignee: Josef Cacek > Priority: Critical > Fix For: 11.0.0.Beta1 > > > Regression tests for WFCORE-2392 has to be unignored and updated (fixed) - {{org/wildfly/test/integration/elytron/ejb/AuthenticationTestCase.java}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8720) Fix and unignore tests for switching identities in Elytron

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8720?page=com.atlassian.jira.plugin.... ] Josef Cacek reopened WFLY-8720: ------------------------------- Reopening. Incorrect server bind address is used in some cases. > Fix and unignore tests for switching identities in Elytron > ---------------------------------------------------------- > > Key: WFLY-8720 > URL: https://issues.jboss.org/browse/WFLY-8720 > Project: WildFly > Issue Type: Bug > Components: Security, Test Suite > Reporter: Josef Cacek > Assignee: Josef Cacek > Priority: Critical > Fix For: 11.0.0.Beta1 > > > Regression tests for WFCORE-2392 has to be unignored and updated (fixed) - {{org/wildfly/test/integration/elytron/ejb/AuthenticationTestCase.java}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1207) Incorrectly named attribute match-user in authentication-context in Elytron subsystem

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1207?page=com.atlassian.jira.plugin.s... ] Jan Kalina moved WFCORE-2875 to ELY-1207: ----------------------------------------- Project: WildFly Elytron (was: WildFly Core) Key: ELY-1207 (was: WFCORE-2875) Component/s: XML (was: Security) > Incorrectly named attribute match-user in authentication-context in Elytron subsystem > ------------------------------------------------------------------------------------- > > Key: ELY-1207 > URL: https://issues.jboss.org/browse/ELY-1207 > Project: WildFly Elytron > Issue Type: Bug > Components: XML > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Labels: user_experience > > Rule matcher {{match-user}} in authentication-context in Elytron subsystem internally uses {{org.wildfly.security.auth.client.MatchUserRule}}. This matcher works based on passed userinfo. However naming of {{match-user}} in Elytron subsystem indicates that just user part of userinfo should be used in matching. > Also description in CLI is not correct, it says: _The user to match against._ > It means one of following should be changed: > * name of {{match-user}} > * functionality of {{MatchUserRule}} > Since Elytron client configuration file includes for the same matcher with name {{match-userinfo}} then I suggest to rename attribute {{match-user}} in {{authentication-context}} in Elytron subsystem to {{match-userinfo}} and improve description in CLI and XSD. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1207) Incorrectly named attribute match-user in authentication-context in Elytron subsystem

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1207?page=com.atlassian.jira.plugin.s... ] Jan Kalina reassigned ELY-1207: ------------------------------- Assignee: Jan Kalina (was: Darran Lofthouse) > Incorrectly named attribute match-user in authentication-context in Elytron subsystem > ------------------------------------------------------------------------------------- > > Key: ELY-1207 > URL: https://issues.jboss.org/browse/ELY-1207 > Project: WildFly Elytron > Issue Type: Bug > Components: XML > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > Labels: user_experience > > Rule matcher {{match-user}} in authentication-context in Elytron subsystem internally uses {{org.wildfly.security.auth.client.MatchUserRule}}. This matcher works based on passed userinfo. However naming of {{match-user}} in Elytron subsystem indicates that just user part of userinfo should be used in matching. > Also description in CLI is not correct, it says: _The user to match against._ > It means one of following should be changed: > * name of {{match-user}} > * functionality of {{MatchUserRule}} > Since Elytron client configuration file includes for the same matcher with name {{match-userinfo}} then I suggest to rename attribute {{match-user}} in {{authentication-context}} in Elytron subsystem to {{match-userinfo}} and improve description in CLI and XSD. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2881) Add SASL tests for native management interface

by Josef Cacek (JIRA)

Josef Cacek created WFCORE-2881: ----------------------------------- Summary: Add SASL tests for native management interface Key: WFCORE-2881 URL: https://issues.jboss.org/browse/WFCORE-2881 Project: WildFly Core Issue Type: Bug Components: Test Suite Reporter: Josef Cacek Assignee: Tomaz Cerar Add SASL tests for native management interface. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2881) Add SASL tests for native management interface

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2881?page=com.atlassian.jira.plugi... ] Josef Cacek reassigned WFCORE-2881: ----------------------------------- Assignee: Josef Cacek (was: Tomaz Cerar) > Add SASL tests for native management interface > ---------------------------------------------- > > Key: WFCORE-2881 > URL: https://issues.jboss.org/browse/WFCORE-2881 > Project: WildFly Core > Issue Type: Bug > Components: Test Suite > Reporter: Josef Cacek > Assignee: Josef Cacek > > Add SASL tests for native management interface. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2880) remove-alias should fail when remove non-existent alias from credential store.

by Hynek Švábek (JIRA)

Hynek Švábek created WFCORE-2880: ------------------------------------ Summary: remove-alias should fail when remove non-existent alias from credential store. Key: WFCORE-2880 URL: https://issues.jboss.org/browse/WFCORE-2880 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Hynek Švábek Assignee: Darran Lofthouse Priority: Critical remove-alias should fail when remove non-existent alias from credential store. There is expected fail when we try to remove non-existent alias from credential store. *How to reproduce* *create credential store* {code} /subsystem=elytron/credential-store=cs001:add(create=true, credential-reference={clear-text=pass123},location=cs001.jceks) {code} *Try to remove alias from empty credential store* {code} /subsystem=elytron/credential-store=cs001:remove-alias(alias=alias001) { "outcome" => "success", "result" => undefined } {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017