July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2491) Complicated failure-description in Elytron constant-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2491?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2491: ------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) > Complicated failure-description in Elytron constant-permission-mapper > --------------------------------------------------------------------- > > Key: WFCORE-2491 > URL: https://issues.jboss.org/browse/WFCORE-2491 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > > There is complicated failure-description in Elytron constant-permission-mapper. Failure description in CLI should not contain Exception or snippet of stacktrace. Please instead of "Caused by:" parts from example below use some non-java administrator friendly message. > Complicated failure-description: > {code} > /subsystem=elytron/constant-permission-mapper=permission-mapper:add(permissions=[{class-name=WrongClass}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.permission-mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.permission-mapper: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [WrongClass]. > Caused by: org.wildfly.security.permission.InvalidPermissionClassException: ELY03015: Could not load permission class \"WrongClass\" > Caused by: java.lang.ClassNotFoundException: WrongClass from [Module \"org.wildfly.extension.elytron:main\" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/olukas/workspace/temp/uxcli/jboss-eap-7.1/modules,/home/olukas/workspace/temp/uxcli/jboss-eap-7.1/modules/system/layers/base))]"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.permission-mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2491) Complicated failure-description in Elytron constant-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2491?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2491: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Complicated failure-description in Elytron constant-permission-mapper > --------------------------------------------------------------------- > > Key: WFCORE-2491 > URL: https://issues.jboss.org/browse/WFCORE-2491 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Labels: user_experience > > There is complicated failure-description in Elytron constant-permission-mapper. Failure description in CLI should not contain Exception or snippet of stacktrace. Please instead of "Caused by:" parts from example below use some non-java administrator friendly message. > Complicated failure-description: > {code} > /subsystem=elytron/constant-permission-mapper=permission-mapper:add(permissions=[{class-name=WrongClass}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.permission-mapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.permission-mapper: WFLYELY00021: Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [WrongClass]. > Caused by: org.wildfly.security.permission.InvalidPermissionClassException: ELY03015: Could not load permission class \"WrongClass\" > Caused by: java.lang.ClassNotFoundException: WrongClass from [Module \"org.wildfly.extension.elytron:main\" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/olukas/workspace/temp/uxcli/jboss-eap-7.1/modules,/home/olukas/workspace/temp/uxcli/jboss-eap-7.1/modules/system/layers/base))]"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.permission-mapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2495) Autocomplete doesn't work properly in credential-reference.alias attribute.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2495?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2495. -------------------------------------- Resolution: Deferred Marking as deferred as the core management infrastructure does not support arbitrary completion suggestions - that would be a large task in itself before individual resources can take advantage of it. > Autocomplete doesn't work properly in credential-reference.alias attribute. > --------------------------------------------------------------------------- > > Key: WFCORE-2495 > URL: https://issues.jboss.org/browse/WFCORE-2495 > Project: WildFly Core > Issue Type: Enhancement > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > > Autocomplete doesn't work properly in credential-reference.alias attribute. > I want to use autocomplete for credential-reference.alias when I the credential-reference.store attribute is filled but it doesn't work. > *How to reproduce* > {code} > /subsystem=elytron/credential-store=cs1:add(uri="cr-store://test/cs1.jceks", credential-reference={store=cs012, alias=<TAB> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2496) Functionality in WildFly to encrypt database passwords

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2496?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2496: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Functionality in WildFly to encrypt database passwords > ------------------------------------------------------ > > Key: WFCORE-2496 > URL: https://issues.jboss.org/browse/WFCORE-2496 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Carlton Zachary > Fix For: 4.0.0.Alpha1 > > > Is it possible to add functionality to WildFly to encrypt a data source password when the data source is being created? Currently WildFly/EAP stores the password as plain text in the domain.xml/standalone.xml. > Thanks -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2496) Functionality in WildFly to encrypt database passwords

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2496?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2496: ------------------------------------- Fix Version/s: 4.0.0.Alpha1 > Functionality in WildFly to encrypt database passwords > ------------------------------------------------------ > > Key: WFCORE-2496 > URL: https://issues.jboss.org/browse/WFCORE-2496 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Carlton Zachary > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Is it possible to add functionality to WildFly to encrypt a data source password when the data source is being created? Currently WildFly/EAP stores the password as plain text in the domain.xml/standalone.xml. > Thanks -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2501) When is thrown exception in custom-principal-decoder implementation I cannot see any exception in log.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2501?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2501. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Done > When is thrown exception in custom-principal-decoder implementation I cannot see any exception in log. > ------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2501 > URL: https://issues.jboss.org/browse/WFCORE-2501 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta29 > > > When is thrown exception in custom-principal-decoder implementation I cannot see any exception in log. Log level is set to TRACE. > You can see bellow how to reproduce this problem. I attached jar files with implementation where are located .java files too. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2497) Convert *-authentication-factory resources to be child resources of security-domain

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2497?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2497: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Convert *-authentication-factory resources to be child resources of security-domain > ----------------------------------------------------------------------------------- > > Key: WFCORE-2497 > URL: https://issues.jboss.org/browse/WFCORE-2497 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > This is a good example of where child resources work. > The authentication factory resources have a mandatory dependency on a single security domain. > The configuration within the factory is related to it's security domain. > There is only a single resource that can provide security domains. > The behaviour of the parent is unaffected by the existence or configuration of the child. > The parent and child manage their own services independently with the child's service depending on the parent's service. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2503) Legacy security domain used as Elytron security realm does not work in authorization part of aggregate-realm

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2503?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2503. -------------------------------------- Resolution: Rejected The legacy security domain needs to be used for both authentication and the authorization step. > Legacy security domain used as Elytron security realm does not work in authorization part of aggregate-realm > ------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2503 > URL: https://issues.jboss.org/browse/WFCORE-2503 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Attachments: print-roles.war > > > In case when legacy security domain is used as Elytron security realm and is added as authorization realm to aggregate-realm then no roles are assigned to authenticated user. > I tried to use following legacy security domain: > {code} > <security-domain name="legacyDomain" cache-type="default"> > <authentication> > <login-module code="UsersRoles" flag="required"> > <module-option name="usersProperties" value="/tmp/users.properties"/> > <module-option name="rolesProperties" value="/tmp/roles.properties"/> > </login-module> > </authentication> > <mapping> > <mapping-module code="SimpleRoles" type="role"> > <module-option name="admin" value="User"/> > </mapping-module> > </mapping> > </security-domain> > {code} > Roles should be assigned from mapping. Since it seems that there is no documentation related to this topic I am not sure whether roles should be assigned also from rolesProperties of UsersRoles login module - it needs to be clarified by developers. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2541) CS, MASK-password must support same MASKED string without SALT and ITERATION as old vaults system.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2541?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2541: ---------------------------------------- Assignee: (was: Darran Lofthouse) > CS, MASK-password must support same MASKED string without SALT and ITERATION as old vaults system. > -------------------------------------------------------------------------------------------------- > > Key: WFCORE-2541 > URL: https://issues.jboss.org/browse/WFCORE-2541 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > > MASK-password must support same MASKED string without SALT and ITERATION as old vaults system. > MASKED password in Elytron has this format > {code} > MASK-KAwLfD1BN8WFhZptWsa17G==;12345678;230 > {code} > But old vault system has SALT and ITERATION as global parameters for all MASK-strings same. > And you have this format of MASKED password > {code} > MASK-KAwLfD1BN8WFhZptWsa17G== > {code} > It would be better add there original approach too because of migration... > Please add there this default option: > * set SALT and ITERATION default values for using of credential stores. If will be defined MASK-string without SALT and ITERATION then will be used these values. > * if you use MASK-string;SALT;ITERATION form, then will be used SALT and ITERATION from this. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2575) Non file-based keystores used in ssl configuration don't allow to set key alias

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2575?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2575. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Won't Fix Marking as won't fix as this is within the legacy security realms. > Non file-based keystores used in ssl configuration don't allow to set key alias > ------------------------------------------------------------------------------- > > Key: WFCORE-2575 > URL: https://issues.jboss.org/browse/WFCORE-2575 > Project: WildFly Core > Issue Type: Feature Request > Components: Domain Management, Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Beta29 > > > Management model for SSL in security realms allows to configure alias to be used for the keystore. Neverhteless this configuration doesn't work for non-file-based keystores. > E.g. > {code:xml} > <ssl> > <keystore provider="custodia-cli" > alias="server-ssl" keystore-password="thepassword" /> > </ssl> > {code} > The problem is probably in {{ProviderKeyManagerService}} class which has no evidence about the alias. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017