June 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8877) Server-identity/secret integration with credential reference is not correct.

by Hynek Švábek (JIRA)

Hynek Švábek created WFLY-8877: ---------------------------------- Summary: Server-identity/secret integration with credential reference is not correct. Key: WFLY-8877 URL: https://issues.jboss.org/browse/WFLY-8877 Project: WildFly Issue Type: Bug Components: Security Reporter: Hynek Švábek Assignee: Darran Lofthouse Priority: Blocker Server-identity/secret integration with credential reference is not correct. When is set Server-identity/secret to use password obtained from credential-store then there is a problem with it. I observe that SecretIdentityService expects password as constructor argument [1][2] and afterwards is resolved password from credential-store. But it fails because of regular password isn't defined and it is used as method argument [3]. *Server log* {code:collapse} [Host Controller] [0m[31m12:27:48,205 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ManagementRealm.secret: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ManagementRealm.secret: Failed to start service[0m [Host Controller] [31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)[0m [Host Controller] [31m at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[0m [Host Controller] [31m at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[0m [Host Controller] [31m at java.lang.Thread.run(Thread.java:745)[0m [Host Controller] [31mCaused by: java.lang.IllegalArgumentException: Last unit does not have enough valid bits[0m [Host Controller] [31m at java.util.Base64$Decoder.decode0(Base64.java:734)[0m [Host Controller] [31m at java.util.Base64$Decoder.decode(Base64.java:526)[0m [Host Controller] [31m at java.util.Base64$Decoder.decode(Base64.java:549)[0m [Host Controller] [31m at org.jboss.as.domain.management.security.SecretIdentityService.start(SecretIdentityService.java:77)[0m [Host Controller] [31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)[0m [Host Controller] [31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)[0m [Host Controller] [31m ... 3 more[0m {code} [1] https://github.com/wildfly/wildfly-core/blob/3.0.0.Beta22/domain-manageme... [2] https://github.com/wildfly/wildfly-core/blob/3.0.0.Beta22/domain-manageme... [3] https://github.com/wildfly/wildfly-core/blob/3.0.0.Beta22/domain-manageme... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1593) Ruleflow Split (XOR) can't find valid outgoing connection

by Duncan Doyle (JIRA)

Duncan Doyle created DROOLS-1593: ------------------------------------ Summary: Ruleflow Split (XOR) can't find valid outgoing connection Key: DROOLS-1593 URL: https://issues.jboss.org/browse/DROOLS-1593 Project: Drools Issue Type: Bug Components: core engine Affects Versions: 7.0.0.CR3, 6.5.0.Final Environment: Drools 7.0.0-SNAPSHOT, Oracle Hotspot 1.8.0_112, KIE-Server, OpenShift DecisionServer Reporter: Duncan Doyle Assignee: Mario Fusco This seems like a regression, as this used to work in 6.4.0.Final, but broke somewhere before 6.5.0.Final. Still broken in 7.0.0-SNAPSHOT. (I actually found it in the OpenShift DecisionServer/KIE-Server image). See this reproducer: https://github.com/DuncanDoyle/ruleflow-split-problem I have a ruleflow-group that has a split-node (XOR Gateway) directly after the start-node. The outgoing sequence flows of that XOR have a Drools LHS that checks whether a fact is present in working memory (in this reproducer it's a String) - exists java.lang.String() - not java.lang.String() Only if that fact exists do I want to continue my ruleflow, if the fact is not there, I stop. I use a StatelessKieSession in which I; - insert a String - start the process - fire the rules This used to work fine in 6.4.0.Final and below, but since 6.5.0.Final I get an exception: {code} org.jbpm.workflow.instance.WorkflowRuntimeException: [test-process:1 - Has Strings?:4] -- XOR split could not find at least one valid outgoing connection for split Has Strings? at org.jbpm.workflow.instance.node.SplitInstance.internalTrigger(SplitInstance.java:66) at org.jbpm.workflow.instance.impl.NodeInstanceImpl.trigger(NodeInstanceImpl.java:174) at org.jbpm.workflow.instance.impl.NodeInstanceImpl.triggerNodeInstance(NodeInstanceImpl.java:367) at org.jbpm.workflow.instance.impl.NodeInstanceImpl.triggerCompleted(NodeInstanceImpl.java:326) at org.jbpm.workflow.instance.node.StartNodeInstance.triggerCompleted(StartNodeInstance.java:72) at org.jbpm.workflow.instance.node.StartNodeInstance.internalTrigger(StartNodeInstance.java:43) at org.jbpm.workflow.instance.impl.NodeInstanceImpl.trigger(NodeInstanceImpl.java:174) at org.jbpm.ruleflow.instance.RuleFlowProcessInstance.internalStart(RuleFlowProcessInstance.java:38) at org.jbpm.process.instance.impl.ProcessInstanceImpl.start(ProcessInstanceImpl.java:235) at org.jbpm.workflow.instance.impl.WorkflowProcessInstanceImpl.start(WorkflowProcessInstanceImpl.java:443) at org.jbpm.process.instance.ProcessRuntimeImpl.startProcessInstance(ProcessRuntimeImpl.java:208) at org.jbpm.process.instance.ProcessRuntimeImpl.startProcess(ProcessRuntimeImpl.java:192) at org.jbpm.process.instance.ProcessRuntimeImpl.startProcess(ProcessRuntimeImpl.java:184) at org.drools.core.impl.StatefulKnowledgeSessionImpl.startProcess(StatefulKnowledgeSessionImpl.java:1859) at org.drools.core.command.runtime.process.StartProcessCommand.execute(StartProcessCommand.java:121) at org.drools.core.command.runtime.process.StartProcessCommand.execute(StartProcessCommand.java:39) at org.drools.core.command.runtime.BatchExecutionCommandImpl.execute(BatchExecutionCommandImpl.java:156) at org.drools.core.command.runtime.BatchExecutionCommandImpl.execute(BatchExecutionCommandImpl.java:64) at org.drools.core.impl.StatelessKnowledgeSessionImpl.execute(StatelessKnowledgeSessionImpl.java:238) at org.jboss.ddoyle.ruleflow.test.RuleflowTest.testRuleflowWithSingleFire(RuleflowTest.java:28) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229) at org.junit.runners.ParentRunner.run(ParentRunner.java:309) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192) Caused by: java.lang.IllegalArgumentException: XOR split could not find at least one valid outgoing connection for split Has Strings? at org.jbpm.workflow.instance.node.SplitInstance.executeStrategy(SplitInstance.java:110) at org.jbpm.workflow.instance.node.SplitInstance.internalTrigger(SplitInstance.java:62) ... 42 more {code} What seems to be causing this is that the rules in the sequence flows are not yet fired when the process arrives at the XOR node, causing it to not be able to find an outgoing connection. What does work is if I add an extra "fireAllRules" command BEFORE the "startProcess" command. In that case the flow behaves as it used to. So I need 2 "fireAllRules" commands. What does NOT work is when I only add a "fireAllRules" command before the startProcess command. In that case the rules in the RFG nodes are not fired (but the XOR does not throw an exception in that case). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8876) Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8876?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8876: ------------------------------- Description: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* *User is not able to do some like that:* {code} /core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=credential-reference, value={clear-text=pass123}) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: credential-reference is invalid in combination with value", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/server-identity=secret:undefine-attribute(name=value { "outcome" => "failed", "failure-description" => "WFLYCTL0172: value is required", "rolled-back" => true } {code} *resource-description* {code:collapse} [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration of the secret/password-based identity of a server or host controller.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "value" => { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} } } {code} was: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* *resource-description* {code:collapse} [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration of the secret/password-based identity of a server or host controller.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "value" => { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} } } {code} > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8876 > URL: https://issues.jboss.org/browse/WFLY-8876 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. > "Value" and credential-reference are mutually exclusive and one of them must be set. > *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* > *User is not able to do some like that:* > {code} > /core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=credential-reference, value={clear-text=pass123}) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0105: credential-reference is invalid in combination with value", > "rolled-back" => true > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/server-identity=secret:undefine-attribute(name=value > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0172: value is required", > "rolled-back" => true > } > {code} > *resource-description* > {code:collapse} > [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration of the secret/password-based identity of a server or host controller.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "value" => { > "type" => STRING, > "description" => "The secret / password - Base64 Encoded.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8876) Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8876?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8876: ------------------------------- Summary: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. (was: Server-identity/secret resource has required "value" attribute, but there is now credential-reference too.) > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8876 > URL: https://issues.jboss.org/browse/WFLY-8876 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > Server-identity/secret has required "value" attribute, but there is now credential-reference too. > "Value" and credential-reference are mutually exclusive and one of them must be set. > Please keep on mind that there must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa. > *resource-description* > {code:collapse} > [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration of the secret/password-based identity of a server or host controller.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "value" => { > "type" => STRING, > "description" => "The secret / password - Base64 Encoded.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8876) Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8876?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8876: ------------------------------- Description: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* *resource-description* {code:collapse} [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration of the secret/password-based identity of a server or host controller.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "value" => { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} } } {code} was: Server-identity/secret has required "value" attribute, but there is now credential-reference too. "Value" and credential-reference are mutually exclusive and one of them must be set. Please keep on mind that there must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa. *resource-description* {code:collapse} [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration of the secret/password-based identity of a server or host controller.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "value" => { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} } } {code} > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8876 > URL: https://issues.jboss.org/browse/WFLY-8876 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. > "Value" and credential-reference are mutually exclusive and one of them must be set. > *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* > *resource-description* > {code:collapse} > [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration of the secret/password-based identity of a server or host controller.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "value" => { > "type" => STRING, > "description" => "The secret / password - Base64 Encoded.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2902) Replace ElytronExtension.asStringIfDefined() by asStringOrNull()

by Jan Kalina (JIRA)

Jan Kalina created WFCORE-2902: ---------------------------------- Summary: Replace ElytronExtension.asStringIfDefined() by asStringOrNull() Key: WFCORE-2902 URL: https://issues.jboss.org/browse/WFCORE-2902 Project: WildFly Core Issue Type: Enhancement Components: Security Affects Versions: 3.0.0.Beta23 Reporter: Jan Kalina Assignee: Jan Kalina Priority: Minor -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2502) Legacy ldap realm, entry for non existing user are cached

by Jiri Ondrusek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2502?page=com.atlassian.jira.plugi... ] Jiri Ondrusek reassigned WFCORE-2502: ------------------------------------- Assignee: Jiri Ondrusek (was: Darran Lofthouse) > Legacy ldap realm, entry for non existing user are cached > --------------------------------------------------------- > > Key: WFCORE-2502 > URL: https://issues.jboss.org/browse/WFCORE-2502 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jiri Ondrusek > > In case when cache is used for legacy LDAP security realm and any access to secured resource occures, then entry is added into cache even if user has not been authenticated correctly. This can cause that valid entries are evicted due to max-cache-size. This reduce benefit of LDAP cache and impacts performance. > Same behavior can be seen in 7.0.0.GA. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8876) Server-identity/secret resource has required "value" attribute, but there is now credential-reference too.

by Hynek Švábek (JIRA)

Hynek Švábek created WFLY-8876: ---------------------------------- Summary: Server-identity/secret resource has required "value" attribute, but there is now credential-reference too. Key: WFLY-8876 URL: https://issues.jboss.org/browse/WFLY-8876 Project: WildFly Issue Type: Bug Components: Security Reporter: Hynek Švábek Assignee: Darran Lofthouse Priority: Blocker Server-identity/secret has required "value" attribute, but there is now credential-reference too. "Value" and credential-reference are mutually exclusive and one of them must be set. Please keep on mind that there must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa. *resource-description* {code:collapse} [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration of the secret/password-based identity of a server or host controller.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "value" => { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} } } {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2901) Improve charset usage in CLI tests

by Marek Kopecký (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2901?page=com.atlassian.jira.plugi... ] Marek Kopecký moved JBEAP-11292 to WFCORE-2901: ----------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2901 (was: JBEAP-11292) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Test Suite (was: Test Suite) Affects Version/s: 3.0.0.Beta23 (was: 7.1.0.DR19) > Improve charset usage in CLI tests > ---------------------------------- > > Key: WFCORE-2901 > URL: https://issues.jboss.org/browse/WFCORE-2901 > Project: WildFly Core > Issue Type: Bug > Components: Test Suite > Affects Versions: 3.0.0.Beta23 > Reporter: Marek Kopecký > Assignee: Marek Kopecký > Priority: Minor > > Improve charset usage in CLI tests -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1218) Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-1218?page=com.atlassian.jira.plugin.s... ] Ondrej Lukas updated ELY-1218: ------------------------------ Affects Version/s: 1.1.0.Beta47 > Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context > ------------------------------------------------------------------------------ > > Key: ELY-1218 > URL: https://issues.jboss.org/browse/ELY-1218 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta47 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > Token #MUTUAL should work as follow: > _{{#MUTUAL}} - matches all mechanisms which authenticate the server in some way (this might just mean, making the server prove that the server knows the password); currently matches {{#FAMILY(SCRAM)}} and {{#FAMILY(GS2)}} but may be adjusted in the future as new mechanisms are available._ [1] > However it also incorrectly requires SSL context to be used, in {{SaslMechanismPredicate.MUTUAL}} [2] see: > {code} > boolean test(final String mechName, final SSLSession sslSession) { > return sslSession != null && SaslMechanismInformation.MUTUAL.test(mechName); > } > {code} > SSL context should not be required for {{#FAMILY(SCRAM)}} or {{#FAMILY(GS2)}}. > [1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=c... > [2] https://github.com/wildfly-security/wildfly-elytron/blob/03e583dd476dbbdf... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2017