[JBoss JIRA] (ELY-1240) Attribute security-domain from Elytron authentication-configuration does not propagate credentials with OAUTHBEARER mechanism
by Ondrej Lukas (JIRA)
[ https://issues.jboss.org/browse/ELY-1240?page=com.atlassian.jira.plugin.s... ]
Ondrej Lukas updated ELY-1240:
------------------------------
Affects Version/s: 1.1.0.Beta47
> Attribute security-domain from Elytron authentication-configuration does not propagate credentials with OAUTHBEARER mechanism
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1240
> URL: https://issues.jboss.org/browse/ELY-1240
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta47
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: eap7.1-rfe-blocker
>
> When client-server schema as 'Client -> Server A -> Server B' is used and intermediate server (server A) uses authentication-configuration.security-domain and OAUTHBEARER mechanism is used then application (i.e. EJB) from intermediate server cannot authenticate to server B. It seems that OAUTHBEARER mechanism cannot be chosen by SASL mechanism selector when bearer token is not explicitly provided.
> Intermediate server should be able to obtain credentials for OAuth from given security domain and use them for authentication [1].
> See reproducer for more details.
> We request blocker flag since this issue breaks feature in RFE EAP7-284 Client / Server Security Context Propagation for Remoting and Running As a given user and RFE EAP7-568 Server side configuration for Elytron Client.
> Exception from intermediate server:
> {code}
> ERROR [org.jboss.as.ejb3.invocation] (default task-5) WFLYEJB0034: EJB Invocation failed on component Intermediate for method public abstract java.lang.String example.ejb.WhoAmIBeanRemote.whoAmI(): javax.ejb.EJBException: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/server-side/WhoAmIBean", view is interface example.ejb.WhoAmIBeanRemote, affinity is None"
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:188)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:277)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:332)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:240)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
> at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
> at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:89)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:73)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.security.RolesAllowedInterceptor.processInvocation(RolesAllowedInterceptor.java:63)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256)
> at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
> at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
> at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> at org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:380)
> at org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:460)
> at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:455)
> at org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:165)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/server-side/WhoAmIBean", view is interface example.ejb.WhoAmIBeanRemote, affinity is None"
> at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:719)
> at org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:701)
> at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:162)
> at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:112)
> at com.sun.proxy.$Proxy47.whoAmI(Unknown Source)
> at example.ejb.Intermediate.whoAmI(Intermediate.java:21)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
> at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:90)
> at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:101)
> at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
> at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275)
> ... 46 more
> Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (OAUTHBEARER) are supported
> at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:438)
> at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:246)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
> at ...asynchronous invocation...(Unknown Source)
> at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:545)
> at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:513)
> at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:84)
> at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:57)
> at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:464)
> at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:410)
> at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:126)
> at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:139)
> at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:216)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:103)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:103)
> at org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58)
> at org.wildfly.discovery.Discovery.discover(Discovery.java:94)
> at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:442)
> at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:714)
> ... 76 more
> {code}
> [1] https://issues.jboss.org/browse/JBEAP-11377?focusedCommentId=13416866&pag...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-1238) Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-1238?page=com.atlassian.jira.plugin.s... ]
Hynek Švábek updated ELY-1238:
------------------------------
Component/s: Authentication Client
> Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1238
> URL: https://issues.jboss.org/browse/ELY-1238
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.
> There must work these two scenarious:
> * User uses only clear-text password <credential-store-reference clear-text="pass123"/>
> * User uses password obtained from another credential store <credential-store-reference store="CS_STORE_NAME" alias="pwd"/> and both "store" and "alias" must be defined.
> I see problem in ElytronXmlParser [1], where is always used "storeName" and then "alias" to create new CredentialStoreCredentialSource(credentialStore, alias);
> *How to reproduce*
> * Please use files which are attached
> * set right path to cs.jceks in wildfly-config.xml
> * run EAP server
> * run client
> {code}
> [hsvabek@dhcp-10-40-5-166 bin]$ ./jboss-cli.sh -c -Dwildfly.config.url=wildfly-config.xml
> java.lang.ExceptionInInitializerError: org.wildfly.client.config.ConfigXMLParseException: ELY09503: Credential store name "null" not defined
> at file:/home/hsvabek/securityworkspace/VERIFICATION/2017_06_08_wfly-config.xml/jboss-eap-7.1/bin/wildfly-config.xml:9:4: ELY09503: Credential store name "null" not defined
> at file:/home/hsvabek/securityworkspace/VERIFICATION/2017_06_08_wfly-config.xml/jboss-eap-7.1/bin/wildfly-config.xml:9:4
> {code}
> When you set correct store to credential-store-reference, then you get error about "alias is required..."
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-1238) Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-1238?page=com.atlassian.jira.plugin.s... ]
Hynek Švábek updated ELY-1238:
------------------------------
Component/s: Credential Store
> Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1238
> URL: https://issues.jboss.org/browse/ELY-1238
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client, Credential Store
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.
> There must work these two scenarious:
> * User uses only clear-text password <credential-store-reference clear-text="pass123"/>
> * User uses password obtained from another credential store <credential-store-reference store="CS_STORE_NAME" alias="pwd"/> and both "store" and "alias" must be defined.
> I see problem in ElytronXmlParser [1], where is always used "storeName" and then "alias" to create new CredentialStoreCredentialSource(credentialStore, alias);
> *How to reproduce*
> * Please use files which are attached
> * set right path to cs.jceks in wildfly-config.xml
> * run EAP server
> * run client
> {code}
> [hsvabek@dhcp-10-40-5-166 bin]$ ./jboss-cli.sh -c -Dwildfly.config.url=wildfly-config.xml
> java.lang.ExceptionInInitializerError: org.wildfly.client.config.ConfigXMLParseException: ELY09503: Credential store name "null" not defined
> at file:/home/hsvabek/securityworkspace/VERIFICATION/2017_06_08_wfly-config.xml/jboss-eap-7.1/bin/wildfly-config.xml:9:4: ELY09503: Credential store name "null" not defined
> at file:/home/hsvabek/securityworkspace/VERIFICATION/2017_06_08_wfly-config.xml/jboss-eap-7.1/bin/wildfly-config.xml:9:4
> {code}
> When you set correct store to credential-store-reference, then you get error about "alias is required..."
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-1239) Elytron client, elytron-1_0.xsd, protection-parameter-credentials is incorrectly defined as client-credentials-type.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-1239?page=com.atlassian.jira.plugin.s... ]
Hynek Švábek updated ELY-1239:
------------------------------
Component/s: Authentication Client
Credential Store
> Elytron client, elytron-1_0.xsd, protection-parameter-credentials is incorrectly defined as client-credentials-type.
> --------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1239
> URL: https://issues.jboss.org/browse/ELY-1239
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client, Credential Store
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> Elytron client, elytron-1_0.xsd, *protection-parameter-credentials* is incorrectly defined as client-credentials-type [1].
> For *protection-parameter-credentials* is valid only credential-store-reference element:
> {code}
> <xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
> {code}
> But now is *protection-parameter-credentials* defined as type *client-credentials-type* [1] which can have these values:
> {code}
> <xsd:complexType name="client-credentials-type">
> <xsd:choice minOccurs="0" maxOccurs="unbounded">
> <xsd:element name="key-store-reference" type="key-store-ref-type"/>
> <xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
> <xsd:element name="clear-password" type="clear-password-type"/>
> <xsd:element name="hashed-password" type="hashed-password-type"/>
> <xsd:element name="crypt-password" type="crypt-password-type"/>
> <xsd:element name="key-pair" type="key-pair-type"/>
> <xsd:element name="certificate" type="certificate-type"/>
> <xsd:element name="public-key-pem" type="xsd:string"/>
> <xsd:element name="bearer-token" type="bearer-token-type"/>
> <xsd:element name="oauth2-bearer-token" type="oauth2-bearer-token-type"/>
> </xsd:choice>
> </xsd:complexType>
> {code}
> Please keep on mind that changes must be done accordingly in ElytronXMLParser too.
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-1239) Elytron client, elytron-1_0.xsd, protection-parameter-credentials is incorrectly defined as client-credentials-type.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-1239?page=com.atlassian.jira.plugin.s... ]
Hynek Švábek updated ELY-1239:
------------------------------
Description:
Elytron client, elytron-1_0.xsd, *protection-parameter-credentials* is incorrectly defined as client-credentials-type [1].
For *protection-parameter-credentials* is valid only credential-store-reference element:
{code}
<xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
{code}
But now is *protection-parameter-credentials* defined as type *client-credentials-type* [1] which can have these values:
{code}
<xsd:complexType name="client-credentials-type">
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:element name="key-store-reference" type="key-store-ref-type"/>
<xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
<xsd:element name="clear-password" type="clear-password-type"/>
<xsd:element name="hashed-password" type="hashed-password-type"/>
<xsd:element name="crypt-password" type="crypt-password-type"/>
<xsd:element name="key-pair" type="key-pair-type"/>
<xsd:element name="certificate" type="certificate-type"/>
<xsd:element name="public-key-pem" type="xsd:string"/>
<xsd:element name="bearer-token" type="bearer-token-type"/>
<xsd:element name="oauth2-bearer-token" type="oauth2-bearer-token-type"/>
</xsd:choice>
</xsd:complexType>
{code}
Please keep on mind that changes must be done accordingly in ElytronXMLParser too.
[1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src...
was:
Elytron client, elytron-1_0.xsd, *protection-parameter-credentials* is incorrectly defined as client-credentials-type [1].
For *protection-parameter-credentials* is valid only credential-store-reference element:
{code}
<xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
{code}
But now is *protection-parameter-credentials* defined as type *client-credentials-type* [1] which can have these values:
{code}
<xsd:complexType name="client-credentials-type">
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:element name="key-store-reference" type="key-store-ref-type"/>
<xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
<xsd:element name="clear-password" type="clear-password-type"/>
<xsd:element name="hashed-password" type="hashed-password-type"/>
<xsd:element name="crypt-password" type="crypt-password-type"/>
<xsd:element name="key-pair" type="key-pair-type"/>
<xsd:element name="certificate" type="certificate-type"/>
<xsd:element name="public-key-pem" type="xsd:string"/>
<xsd:element name="bearer-token" type="bearer-token-type"/>
<xsd:element name="oauth2-bearer-token" type="oauth2-bearer-token-type"/>
</xsd:choice>
</xsd:complexType>
{code}
[1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src...
> Elytron client, elytron-1_0.xsd, protection-parameter-credentials is incorrectly defined as client-credentials-type.
> --------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1239
> URL: https://issues.jboss.org/browse/ELY-1239
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> Elytron client, elytron-1_0.xsd, *protection-parameter-credentials* is incorrectly defined as client-credentials-type [1].
> For *protection-parameter-credentials* is valid only credential-store-reference element:
> {code}
> <xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
> {code}
> But now is *protection-parameter-credentials* defined as type *client-credentials-type* [1] which can have these values:
> {code}
> <xsd:complexType name="client-credentials-type">
> <xsd:choice minOccurs="0" maxOccurs="unbounded">
> <xsd:element name="key-store-reference" type="key-store-ref-type"/>
> <xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
> <xsd:element name="clear-password" type="clear-password-type"/>
> <xsd:element name="hashed-password" type="hashed-password-type"/>
> <xsd:element name="crypt-password" type="crypt-password-type"/>
> <xsd:element name="key-pair" type="key-pair-type"/>
> <xsd:element name="certificate" type="certificate-type"/>
> <xsd:element name="public-key-pem" type="xsd:string"/>
> <xsd:element name="bearer-token" type="bearer-token-type"/>
> <xsd:element name="oauth2-bearer-token" type="oauth2-bearer-token-type"/>
> </xsd:choice>
> </xsd:complexType>
> {code}
> Please keep on mind that changes must be done accordingly in ElytronXMLParser too.
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-1239) Elytron client, elytron-1_0.xsd, protection-parameter-credentials is incorrectly defined as client-credentials-type.
by Hynek Švábek (JIRA)
Hynek Švábek created ELY-1239:
---------------------------------
Summary: Elytron client, elytron-1_0.xsd, protection-parameter-credentials is incorrectly defined as client-credentials-type.
Key: ELY-1239
URL: https://issues.jboss.org/browse/ELY-1239
Project: WildFly Elytron
Issue Type: Bug
Reporter: Hynek Švábek
Assignee: Darran Lofthouse
Priority: Blocker
Elytron client, elytron-1_0.xsd, *protection-parameter-credentials* is incorrectly defined as client-credentials-type [1].
For *protection-parameter-credentials* is valid only credential-store-reference element:
{code}
<xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
{code}
But now is *protection-parameter-credentials* defined as type *client-credentials-type* [1] which can have these values:
{code}
<xsd:complexType name="client-credentials-type">
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:element name="key-store-reference" type="key-store-ref-type"/>
<xsd:element name="credential-store-reference" type="credential-store-reference-type"/>
<xsd:element name="clear-password" type="clear-password-type"/>
<xsd:element name="hashed-password" type="hashed-password-type"/>
<xsd:element name="crypt-password" type="crypt-password-type"/>
<xsd:element name="key-pair" type="key-pair-type"/>
<xsd:element name="certificate" type="certificate-type"/>
<xsd:element name="public-key-pem" type="xsd:string"/>
<xsd:element name="bearer-token" type="bearer-token-type"/>
<xsd:element name="oauth2-bearer-token" type="oauth2-bearer-token-type"/>
</xsd:choice>
</xsd:complexType>
{code}
[1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFCORE-2941) Adding application-security-domain in EJB subsystem requires server reload
by Ondrej Lukas (JIRA)
Ondrej Lukas created WFCORE-2941:
------------------------------------
Summary: Adding application-security-domain in EJB subsystem requires server reload
Key: WFCORE-2941
URL: https://issues.jboss.org/browse/WFCORE-2941
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
When application-security-domain is added in EJB subsystem then it is not used until server is reloaded. However CLI command does not set server to {{reload-required}} state, see:
{code}
/subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
{"outcome" => "success"}
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-887) AuthenticationContext IPv6 Address Handling
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-887?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse resolved ELY-887.
----------------------------------
Fix Version/s: 1.1.0.Beta53
(was: 1.1.0.Beta54)
Resolution: Out of Date
We already have IPv6 support, bugs should be raised for specific issues.
> AuthenticationContext IPv6 Address Handling
> -------------------------------------------
>
> Key: ELY-887
> URL: https://issues.jboss.org/browse/ELY-887
> Project: WildFly Elytron
> Issue Type: Task
> Components: Authentication Client
> Reporter: Darran Lofthouse
> Priority: Blocker
> Fix For: 1.1.0.Beta53
>
>
> Within authentication client we need to ensure we are handling IPv6 addresses correctly.
> Especially considering an equivalent IPv6 address can have more than one String representation.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month