July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2422) Credential Store alias name in camel case leads to AssertionError.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2422?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2422. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Done > Credential Store alias name in camel case leads to AssertionError. > ------------------------------------------------------------------ > > Key: WFCORE-2422 > URL: https://issues.jboss.org/browse/WFCORE-2422 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Fix For: 3.0.0.Beta29 > > > Credential Store alias name in camel case leads to AssertionError. > I am not able to reproduce it over jboss-cli but I can reproduce it in tests. > You can see to attachment. > *How to reproduce* > * unzip uppercasealias.zip to wildfly/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/credential/store > * cd wildfly/testsuite/integration/basic > * mvn test -Dtest=CredentialStoreTestCase > In log you can see this: > {code} > ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("credential-store" => "testCamelCase"), > ("alias" => "camelcasenotationalias") > ]): java.lang.AssertionError > at org.jboss.as.controller.access.permission.ManagementPermissionAuthorizer.authorize(ManagementPermissionAuthorizer.java:87) > at org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer.authorize(DelegatingConfigurableAuthorizer.java:99) > at org.jboss.as.controller.OperationContextImpl.getBasicAuthorizationResponse(OperationContextImpl.java:1841) > at org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1739) > at org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1698) > at org.jboss.as.controller.OperationContextImpl.getResourceRegistration(OperationContextImpl.java:575) > at org.jboss.as.controller.AbstractAddStepHandler.recordCapabilitiesAndRequirements(AbstractAddStepHandler.java:270) > at org.jboss.as.controller.AbstractAddStepHandler.execute(AbstractAddStepHandler.java:146) > at org.wildfly.extension.elytron.CredentialStoreAliasDefinition$AddHandler.execute(CredentialStoreAliasDefinition.java:209) > at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:921) > at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:664) > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:383) > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1390) > at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:419) > at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:240) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:193) > at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:240) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:217) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:137) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:161) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:212) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:185) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:157) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2424) Updating of elytron kerberos security factory requires reload

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2424?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2424: ------------------------------------- Issue Type: Feature Request (was: Bug) > Updating of elytron kerberos security factory requires reload > ------------------------------------------------------------- > > Key: WFCORE-2424 > URL: https://issues.jboss.org/browse/WFCORE-2424 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Labels: user_experience > > Is it necessary? I mean adding kerberos-security-factory does not require reload. > It relates to all of attributes debug, minimum-remaining-lifetime principal, request-lifetime, > mechanism-oids, path, relative-to, server. For example > {code} > [standalone@localhost:9990 /] /subsystem=elytron/kerberos-security-factory=krbSF:write-attribute(name=debug, value=true) > { > "outcome" => "success", > "response-headers" => { > "operation-requires-reload" => true, > "process-state" => "reload-required" > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2424) Updating of elytron kerberos security factory requires reload

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2424?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2424: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Updating of elytron kerberos security factory requires reload > ------------------------------------------------------------- > > Key: WFCORE-2424 > URL: https://issues.jboss.org/browse/WFCORE-2424 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Labels: user_experience > > Is it necessary? I mean adding kerberos-security-factory does not require reload. > It relates to all of attributes debug, minimum-remaining-lifetime principal, request-lifetime, > mechanism-oids, path, relative-to, server. For example > {code} > [standalone@localhost:9990 /] /subsystem=elytron/kerberos-security-factory=krbSF:write-attribute(name=debug, value=true) > { > "outcome" => "success", > "response-headers" => { > "operation-requires-reload" => true, > "process-state" => "reload-required" > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2429) CLI command for update CredentialReference should fail rather then pass.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2429?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2429. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Done > CLI command for update CredentialReference should fail rather then pass. > ------------------------------------------------------------------------ > > Key: WFCORE-2429 > URL: https://issues.jboss.org/browse/WFCORE-2429 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Fix For: 3.0.0.Beta29 > > > CLI command for update CredentialReference should fail rather then pass. > Because CLI command doesn't persist any data to configuration file but pass. > I expect that command would fail and shows some error message. > *How to reproduce* > {code} > /subsystem=elytron/credential-store=credS004:add(uri="cr-store://test/credS004.jceks?create.storage=true", credential-reference={clear-text=pass987}, relative-to=jboss.server.data.dir) > {code} > {code} > /subsystem=elytron/credential-store=credS004:write-attribute(name=credential-reference.store, value=credS002) > {code} > *AND* > {code} > /subsystem=elytron/credential-store=credS004:write-attribute(name=credential-reference.alias, value=credS002) > {code} > *Ends with success, but it has to be a failure* > These commands could lead to inconsistency. > Because there is valid state to have > credential-reference={clear-text=pass987} > and credential-reference={store=cs, alias=alias} > but not their combination. > *I can use this right form of command* > {code} > /subsystem=elytron/credential-store=credS004:write-attribute(name=credential-reference, value={store=credS002, alias=jimmy}) > {code} > Now is everything OK. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2430) Logging the elytron version once is sufficient

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2430?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2430. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Done > Logging the elytron version once is sufficient > ---------------------------------------------- > > Key: WFCORE-2430 > URL: https://issues.jboss.org/browse/WFCORE-2430 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Brian Stansberry > Assignee: Darran Lofthouse > Priority: Minor > Fix For: 3.0.0.Beta29 > > > Pick one or the other please: > {code} > 19:05:58,886 INFO [org.wildfly.security] (ServerService Thread Pool -- 7) ELY00001: WildFly Elytron version 1.1.0.Beta21 > 19:05:58,890 INFO [org.wildfly.extension.elytron] (ServerService Thread Pool -- 7) WFLYELY00001: Activating Elytron Subsystem Elytron Version=1.1.0.Beta21, Subsystem Version=1.0.0.Beta2 > {code} > I couldn't care less about the Subsystem Version. Besides the extension code MUST get integrated into WildFly (Core) proper. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2431) Complex type configurable-sasl-server-factory in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2431?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2431. -------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) Resolution: Rejected > Complex type configurable-sasl-server-factory in Elytron subsystem > ------------------------------------------------------------------ > > Key: WFCORE-2431 > URL: https://issues.jboss.org/browse/WFCORE-2431 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > Elytron subsystem uses complex type in configurable-sasl-server-factory resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2435) Elytron missing constant-role-decoder

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2435?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2435. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Assignee: Darran Lofthouse Resolution: Done > Elytron missing constant-role-decoder > ------------------------------------- > > Key: WFCORE-2435 > URL: https://issues.jboss.org/browse/WFCORE-2435 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta29 > > > There is no {{constant-role-decoder}}, however all of other mappers have constant-* variant: > {code} > [standalone@localhost:9990 /] /subsystem=elytron/constant-<TAB> > constant-name-rewriter constant-permission-mapper constant-principal-decoder constant-realm-mapper constant-role-mapper > {code} > It can be useful for simple applications / demos / testing ... > Please add it for the sake of completeness. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2437) Elytron Http status code for missing LoginPermission

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2437?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2437. -------------------------------------- Resolution: Out of Date Marking as out of date as there has been quite a bit of rework of the mechanism status handling - I think however if a mechanism fails authentication but another is able to challenge then 401 may still be a valid status code. > Elytron Http status code for missing LoginPermission > ---------------------------------------------------- > > Key: WFCORE-2437 > URL: https://issues.jboss.org/browse/WFCORE-2437 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Optional > > Lack of {{LoginPermission}} leads to 401 http code. Which could IMO indicate user can try to login again with different password. However it won't help in this case. I wonder, wouldn't 403 Forbidden be more suitable here? Indicating user authentication passed, but user is missing some permission. > Setting with low priority as in DR7 in default configuration LoginPermission is added by default. > David: "I think you may be right @MartinChoma - 401 is called "unauthorized" but really it should say "authentication required" 403 is the correct response for an authorization error" -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2436) Complex type security-domain in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2436?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2436. -------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) Resolution: Rejected > Complex type security-domain in Elytron subsystem > ------------------------------------------------- > > Key: WFCORE-2436 > URL: https://issues.jboss.org/browse/WFCORE-2436 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > Elytron subsystem uses complex type in security-domain resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2439) Complex type configurable-http-server-mechanism-factory in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2439?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2439. -------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) Resolution: Rejected > Complex type configurable-http-server-mechanism-factory in Elytron subsystem > ---------------------------------------------------------------------------- > > Key: WFCORE-2439 > URL: https://issues.jboss.org/browse/WFCORE-2439 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > Elytron subsystem uses complex type configurable-http-server-mechanism-factory which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017