July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-9060) ServletUnitTestCase fails with security manager

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/WFLY-9060?page=com.atlassian.jira.plugin.... ] Ondrej Kotek moved JBEAP-11993 to WFLY-9060: -------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-9060 (was: JBEAP-11993) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Test Suite (was: Test Suite) Affects Version/s: 11.0.0.Beta1 (was: 7.1.0.ER1) > ServletUnitTestCase fails with security manager > ----------------------------------------------- > > Key: WFLY-9060 > URL: https://issues.jboss.org/browse/WFLY-9060 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Affects Versions: 11.0.0.Beta1 > Reporter: Ondrej Kotek > Labels: security-manager > > {{ServletUnitTestCase}} fails with security manager because of missing permission "("org.wildfly.security.permission.ElytronPermission" "getSecurityDomain")": > {noformat} > javax.servlet.ServletException: Failed to call EJBs/Session30 through remote and local interfaces > at org.jboss.as.test.integration.ejb.servlet.EJBServlet.processRequest(EJBServlet.java:73) > at org.jboss.as.test.integration.ejb.servlet.EJBServlet.doGet(EJBServlet.java:82) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > ... > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.wildfly.security.permission.ElytronPermission" "getSecurityDomain")" in code source "(vfs:/content/ejb3-servlet.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ejb3-servlet.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:155) > ... > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9059) Many org.jboss.as.test.integration.ejb.security.**.* tests fail with security manager

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/WFLY-9059?page=com.atlassian.jira.plugin.... ] Ondrej Kotek updated WFLY-9059: ------------------------------- Steps to Reproduce: {noformat} cd wildfly/testsuite/integration/basic mvn clean test -Dtest=org.jboss.as.test.integration.ejb.security.**.* -Dsecurity.manager {noformat} was: {{cd wildfly/testsuite/integration/basic}} {{mvn clean test -Dtest=org.jboss.as.test.integration.ejb.security.**.* -Dsecurity.manager}} > Many org.jboss.as.test.integration.ejb.security.**.* tests fail with security manager > ------------------------------------------------------------------------------------- > > Key: WFLY-9059 > URL: https://issues.jboss.org/browse/WFLY-9059 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Affects Versions: 11.0.0.Beta1 > Reporter: Ondrej Kotek > Labels: security-manager > > Many tests in {{org.jboss.as.test.integration.ejb.security}} package and subpackages fail or result in error with missing permission "("org.wildfly.security.permission.ElytronPermission" "getSecurityDomain")", e.g.: > {noformat} > java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.wildfly.security.permission.ElytronPermission" "getSecurityDomain")" in code source "(vfs:/content/ejb3-security-partial-dd-test.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ejb3-security-partial-dd-test.jar" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:155) > ... > {noformat} > Following test cases are affected: > * {{AnnotationAuthorizationTestCase}} > * {{EJBInWarDefaultSecurityDomainTestCase}} > * {{LifecycleTestCase}} > * {{MixedSecurityAnnotationAuthorizationTestCase}} > * {{RunAsPrincipalTestCase}} > * {{SecurityDDOverrideTestCase}} > * {{asynchronous.AsynchronousSecurityTestCase}} > * {{callerprincipal.GetCallerPrincipalTestCase}} > * {{missingmethodpermission.*}} > ** require also {{RuntimePermission("getClassLoader")}} and {{RuntimePermission("setContextClassLoader")}} permissions > * {{rolelink.SecurityRoleLinkTestCase}} > * {{runas.RunAsTestCase}} > * {{singleton.SingletonSecurityTestCase}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9059) Many org.jboss.as.test.integration.ejb.security.**.* tests fail with security manager

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/WFLY-9059?page=com.atlassian.jira.plugin.... ] Ondrej Kotek moved JBEAP-11991 to WFLY-9059: -------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-9059 (was: JBEAP-11991) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Test Suite (was: Test Suite) Affects Version/s: 11.0.0.Beta1 (was: 7.1.0.ER1) > Many org.jboss.as.test.integration.ejb.security.**.* tests fail with security manager > ------------------------------------------------------------------------------------- > > Key: WFLY-9059 > URL: https://issues.jboss.org/browse/WFLY-9059 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Affects Versions: 11.0.0.Beta1 > Reporter: Ondrej Kotek > Labels: security-manager > > Many tests in {{org.jboss.as.test.integration.ejb.security}} package and subpackages fail or result in error with missing permission "("org.wildfly.security.permission.ElytronPermission" "getSecurityDomain")", e.g.: > {noformat} > java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.wildfly.security.permission.ElytronPermission" "getSecurityDomain")" in code source "(vfs:/content/ejb3-security-partial-dd-test.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ejb3-security-partial-dd-test.jar" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.wildfly.security.auth.server.SecurityDomain.getCurrent(SecurityDomain.java:155) > ... > {noformat} > Following test cases are affected: > * {{AnnotationAuthorizationTestCase}} > * {{EJBInWarDefaultSecurityDomainTestCase}} > * {{LifecycleTestCase}} > * {{MixedSecurityAnnotationAuthorizationTestCase}} > * {{RunAsPrincipalTestCase}} > * {{SecurityDDOverrideTestCase}} > * {{asynchronous.AsynchronousSecurityTestCase}} > * {{callerprincipal.GetCallerPrincipalTestCase}} > * {{missingmethodpermission.*}} > ** require also {{RuntimePermission("getClassLoader")}} and {{RuntimePermission("setContextClassLoader")}} permissions > * {{rolelink.SecurityRoleLinkTestCase}} > * {{runas.RunAsTestCase}} > * {{singleton.SingletonSecurityTestCase}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2453) Complicated failure-descriptions in Elytron simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2453?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2453: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Complicated failure-descriptions in Elytron simple-permission-mapper > -------------------------------------------------------------------- > > Key: WFCORE-2453 > URL: https://issues.jboss.org/browse/WFCORE-2453 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Labels: user_experience > > There are complicated failure-descriptions in Elytron simple-permission-mapper. They include some details from exceptions which are not needed and can be confused for non-java administrators. Please handle these exceptions and provide some user friendly failure-description. > Examples of complicated failure-description in simple-permission-mapper: > * Wrong name of permission class: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.WrongLoginPermission,target-name=someName}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [org.wildfly.security.auth.permission.WrongLoginPermission]. > Caused by: org.wildfly.security.permission.InvalidPermissionClassException: ELY03015: Could not load permission class \"org.wildfly.security.auth.permission.WrongLoginPermission\" > Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.permission.WrongLoginPermission from [Module \"org.wildfly.extension.elytron:main\" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/olukas/workspace/uxcli/jboss-eap-7.1/modules,/home/olukas/workspace/uxcli/jboss-eap-7.1/modules/system/layers/base))]"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > * Adding permission, but non existing module is used: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.LoginPermission,target-name=someName,module=some.nonexist.module}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main > Caused by: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > Suggestion for improvement: > * use only description of failure, e.g. something like "module a.b.c. does not exist" > * do not use any unneeded information - e.g. "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2453) Complicated failure-descriptions in Elytron simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2453?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2453: ------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) > Complicated failure-descriptions in Elytron simple-permission-mapper > -------------------------------------------------------------------- > > Key: WFCORE-2453 > URL: https://issues.jboss.org/browse/WFCORE-2453 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Labels: user_experience > > There are complicated failure-descriptions in Elytron simple-permission-mapper. They include some details from exceptions which are not needed and can be confused for non-java administrators. Please handle these exceptions and provide some user friendly failure-description. > Examples of complicated failure-description in simple-permission-mapper: > * Wrong name of permission class: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.WrongLoginPermission,target-name=someName}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [org.wildfly.security.auth.permission.WrongLoginPermission]. > Caused by: org.wildfly.security.permission.InvalidPermissionClassException: ELY03015: Could not load permission class \"org.wildfly.security.auth.permission.WrongLoginPermission\" > Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.permission.WrongLoginPermission from [Module \"org.wildfly.extension.elytron:main\" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/olukas/workspace/uxcli/jboss-eap-7.1/modules,/home/olukas/workspace/uxcli/jboss-eap-7.1/modules/system/layers/base))]"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > * Adding permission, but non existing module is used: > {code} > /subsystem=elytron/simple-permission-mapper=mapper:add(permission-mappings=[{permissions=[{action=read,class-name=org.wildfly.security.auth.permission.LoginPermission,target-name=someName,module=some.nonexist.module}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.mapper: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main > Caused by: org.jboss.modules.ModuleNotFoundException: some.nonexist.module:main"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > Suggestion for improvement: > * use only description of failure, e.g. something like "module a.b.c. does not exist" > * do not use any unneeded information - e.g. "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2454) Complex type ldap-realm in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2454?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2454. -------------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 4.0.0.Alpha1) Resolution: Won't Fix > Complex type ldap-realm in Elytron subsystem > -------------------------------------------- > > Key: WFCORE-2454 > URL: https://issues.jboss.org/browse/WFCORE-2454 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Beta29 > > > Elytron subsystem uses complex type in ldap-realm resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2458) Inconsistent attribute desription of security domain

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2458?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2458: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Inconsistent attribute desription of security domain > ---------------------------------------------------- > > Key: WFCORE-2458 > URL: https://issues.jboss.org/browse/WFCORE-2458 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Juraj Duráni > Priority: Minor > > Some attributes have inconsistent description (obtained using 'read-resource-description' operation): > - Missing module attribute: > {code:plain|title=Missing module attribute} > [standalone@localhost:9990 /] /subsystem=security/security-domain=other/mapping=classic:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Mapping configuration. Configures a list of mapping modules to be used for principal, role, attribute and credential mapping.", > "deprecated" => { > "since" => "1.3.0", > "reason" => "The Security subsystem is deprecated and may be removed, significantly revised, or limited to managed domain legacy server use in future versions." > }, > "access-constraints" => { > "sensitive" => {"security-domain" => {"type" => "core"}}, > "application" => {"security-domain" => {"type" => "security"}} > }, > "attributes" => {"mapping-modules" => { > "type" => LIST, > "description" => "List of modules that map principal, role, and credential information", > "expressions-allowed" => false, > "nillable" => true, > "deprecated" => { > "since" => "1.2.0", > "reason" => "Use of this attribute is deprecated, use resource" > }, > "value-type" => { > "code" => { > "description" => "Class name of the module to be instantiated.", > "type" => STRING, > "nillable" => false, > "min-length" => 1 > }, > "type" => { > "description" => "Type of mapping this module performs. Allowed values are principal, role, attribute or credential..", > "type" => STRING, > "nillable" => false > }, > "module-options" => { > "description" => "List of module options containing a name/value pair.", > "type" => OBJECT, > "value-type" => STRING, > "nillable" => true > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "all-services" > }}, > "operations" => undefined, > "notifications" => undefined, > "children" => {"mapping-module" => { > "description" => "List of modules that map principal, role, and credential information", > "model-description" => undefined > }} > } > } > {code} > - Module description in policy-module refers to "login module" > {code:plain|title=Inaccurate description} > [standalone@localhost:9990 /] /subsystem=security/security-domain=other/authorization=classic/policy-module=a:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "List of authentication modules", > "access-constraints" => { > "sensitive" => {"security-domain" => {"type" => "core"}}, > "application" => {"security-domain" => {"type" => "security"}} > }, > "attributes" => { > "code" => { > "type" => STRING, > "description" => "Class name of the module to be instantiated.", > "expressions-allowed" => false, > "nillable" => false, > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "flag" => { > "type" => STRING, > "description" => "The flag controls how the module participates in the overall procedure. Allowed values are requisite, required, sufficient or optional.", > "expressions-allowed" => true, > "nillable" => false, > "allowed" => [ > "required", > "requisite", > "sufficient", > "optional" > ], > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "module" => { > "type" => STRING, > "description" => "Name of JBoss Module where the login module is located.", > "expressions-allowed" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "module-options" => { > "type" => OBJECT, > "description" => "List of module options containing a name/value pair.", > "expressions-allowed" => true, > "nillable" => true, > "value-type" => STRING, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9058) Inconsistent attribute desription of security domain

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-9058?page=com.atlassian.jira.plugin.... ] Darran Lofthouse moved WFCORE-2458 to WFLY-9058: ------------------------------------------------ Project: WildFly (was: WildFly Core) Key: WFLY-9058 (was: WFCORE-2458) Component/s: Security (was: Security) Affects Version/s: (was: 3.0.0.Beta7) > Inconsistent attribute desription of security domain > ---------------------------------------------------- > > Key: WFLY-9058 > URL: https://issues.jboss.org/browse/WFLY-9058 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Juraj Duráni > Priority: Minor > > Some attributes have inconsistent description (obtained using 'read-resource-description' operation): > - Missing module attribute: > {code:plain|title=Missing module attribute} > [standalone@localhost:9990 /] /subsystem=security/security-domain=other/mapping=classic:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Mapping configuration. Configures a list of mapping modules to be used for principal, role, attribute and credential mapping.", > "deprecated" => { > "since" => "1.3.0", > "reason" => "The Security subsystem is deprecated and may be removed, significantly revised, or limited to managed domain legacy server use in future versions." > }, > "access-constraints" => { > "sensitive" => {"security-domain" => {"type" => "core"}}, > "application" => {"security-domain" => {"type" => "security"}} > }, > "attributes" => {"mapping-modules" => { > "type" => LIST, > "description" => "List of modules that map principal, role, and credential information", > "expressions-allowed" => false, > "nillable" => true, > "deprecated" => { > "since" => "1.2.0", > "reason" => "Use of this attribute is deprecated, use resource" > }, > "value-type" => { > "code" => { > "description" => "Class name of the module to be instantiated.", > "type" => STRING, > "nillable" => false, > "min-length" => 1 > }, > "type" => { > "description" => "Type of mapping this module performs. Allowed values are principal, role, attribute or credential..", > "type" => STRING, > "nillable" => false > }, > "module-options" => { > "description" => "List of module options containing a name/value pair.", > "type" => OBJECT, > "value-type" => STRING, > "nillable" => true > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "all-services" > }}, > "operations" => undefined, > "notifications" => undefined, > "children" => {"mapping-module" => { > "description" => "List of modules that map principal, role, and credential information", > "model-description" => undefined > }} > } > } > {code} > - Module description in policy-module refers to "login module" > {code:plain|title=Inaccurate description} > [standalone@localhost:9990 /] /subsystem=security/security-domain=other/authorization=classic/policy-module=a:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "List of authentication modules", > "access-constraints" => { > "sensitive" => {"security-domain" => {"type" => "core"}}, > "application" => {"security-domain" => {"type" => "security"}} > }, > "attributes" => { > "code" => { > "type" => STRING, > "description" => "Class name of the module to be instantiated.", > "expressions-allowed" => false, > "nillable" => false, > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "flag" => { > "type" => STRING, > "description" => "The flag controls how the module participates in the overall procedure. Allowed values are requisite, required, sufficient or optional.", > "expressions-allowed" => true, > "nillable" => false, > "allowed" => [ > "required", > "requisite", > "sufficient", > "optional" > ], > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "module" => { > "type" => STRING, > "description" => "Name of JBoss Module where the login module is located.", > "expressions-allowed" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "module-options" => { > "type" => OBJECT, > "description" => "List of module options containing a name/value pair.", > "expressions-allowed" => true, > "nillable" => true, > "value-type" => STRING, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2464) CS tool, Add possibility to produce masked password

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2464?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2464. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Done > CS tool, Add possibility to produce masked password > --------------------------------------------------- > > Key: WFCORE-2464 > URL: https://issues.jboss.org/browse/WFCORE-2464 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: credential-store, user_experience > Fix For: 3.0.0.Beta29 > > > This JIRA is requesting for specialized feature (option) of getting masked string. > Now you can get value of masked password, but as a side effect of adding alias into credential store and parameter --summary have to be used. > {code} > java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary > Alias "myalias" has been successfully stored > Credential store command summary: > -------------------------------------- > /subsystem=elytron/credential-store=test:add(uri="cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230"}) > {code} > And in output there is masked string {{MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230}} hidden. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2468) Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2468?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2468: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception. > ------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2468 > URL: https://issues.jboss.org/browse/WFCORE-2468 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > > Definition Elytron key-manager with key-store (which needs password) without filled credential-reference causes ugly failure-description with senseless Exception. > *Steps to reproduce* > * firefly.keystore which is attached copy to eap_home/standalone/data/cs. > * /subsystem=elytron/key-store=ff001:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {clear-text=Elytron}) > */subsystem=elytron/key-managers=keymanager001:add(algorithm=SunX509, key-store=ff001) > And you get this output: > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-managers.km002" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-managers.km002: Failed to start service > Caused by: java.lang.NullPointerException"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-managers.km002"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > There must be some kind of information about missing credential-reference or at least missing (wrong) password to key-store. > When I add there credential-reference with pass to Key-store then operation passes > /subsystem=elytron/key-managers=keymanager001:add(algorithm=SunX509, key-store=ff001, credential-reference={clear-text=Elytron}) > *Suggestions to improvement* > failure-description must not contain Exception or snippet stacktrace. > Please replace WFLYCTL0080 part to better message. > e.g. "credential-reference is required", "Missing password to key-store access" -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017