July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8980) Upgrade JBoss EJB Client to 4.0.0.CR3

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFLY-8980?page=com.atlassian.jira.plugin.... ] Kabir Khan updated WFLY-8980: ----------------------------- Summary: Upgrade JBoss EJB Client to 4.0.0.CR3 (was: Upgrade JBoss EJB Client to 4.0.0.CR2) > Upgrade JBoss EJB Client to 4.0.0.CR3 > ------------------------------------- > > Key: WFLY-8980 > URL: https://issues.jboss.org/browse/WFLY-8980 > Project: WildFly > Issue Type: Component Upgrade > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 11.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9042) Missing spaces after EL expressions in JSP

by Martin Švorc (JIRA)

Martin Švorc created WFLY-9042: ---------------------------------- Summary: Missing spaces after EL expressions in JSP Key: WFLY-9042 URL: https://issues.jboss.org/browse/WFLY-9042 Project: WildFly Issue Type: Bug Environment: CentOS Linux 7.3.1611 Reporter: Martin Švorc Assignee: Jason Greene Attachments: example.zip Spaces are missing after EL expression in the output. For example the following {{${x} ${y} ${z}}} comes out as "xyz" (assuming the values bound to the variables are "x", "y", "z", respectively) or {{${x} text}} comes out as "xtext". The behaviour is the same on WF 10 and 11. Does not occur on Tomcat 7,8. The space is not present in the generated java class on WF and is present on Tomcat, so I assume the problem must be in the JSP parsing. My only lead so far is [this stackoverflow question|https://stackoverflow.com/questions/26988262/best-way-to-find-os...] back from '08. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1645) Wildcard in packages does not work in Spring Boot jar

by Jacek Hola (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1645?page=com.atlassian.jira.plugi... ] Jacek Hola commented on DROOLS-1645: ------------------------------------ Sure, I'll add one tomorrow. > Wildcard in packages does not work in Spring Boot jar > ----------------------------------------------------- > > Key: DROOLS-1645 > URL: https://issues.jboss.org/browse/DROOLS-1645 > Project: Drools > Issue Type: Bug > Components: core engine > Affects Versions: 7.0.0.Final > Reporter: Jacek Hola > Assignee: Mario Fusco > > In applications built with Spring Boot the resources under {{src/main/resources/}} are packed into jar in {{BOOT-INF/classes/}}. That's why when in {{kmodule.xml}} someone specifies > {code:xml} > <kbase name="base" default="true" packages="com.company.*"> > ... > </kbase> > {code} > then for example resource {{src/main/resources/com/company/rule.drl}} will not be picked up, because the path in jar(zip) is {{BOOT-INF/classes/com/company/rule.drl}}. > From my investigation it seems the logic in org.drools.compiler.kie.builder.impl.KieBuilderImpl#isFileInKieBase does not recognize these files as it compares the packages for equality or if one starts with the other. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1645) Wildcard in packages does not work in Spring Boot jar

by Mario Fusco (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1645?page=com.atlassian.jira.plugi... ] Mario Fusco commented on DROOLS-1645: ------------------------------------- I don't know Spring Boot very well, so it would be very helpful if you could provide a small reproducer for this issue. > Wildcard in packages does not work in Spring Boot jar > ----------------------------------------------------- > > Key: DROOLS-1645 > URL: https://issues.jboss.org/browse/DROOLS-1645 > Project: Drools > Issue Type: Bug > Components: core engine > Affects Versions: 7.0.0.Final > Reporter: Jacek Hola > Assignee: Mario Fusco > > In applications built with Spring Boot the resources under {{src/main/resources/}} are packed into jar in {{BOOT-INF/classes/}}. That's why when in {{kmodule.xml}} someone specifies > {code:xml} > <kbase name="base" default="true" packages="com.company.*"> > ... > </kbase> > {code} > then for example resource {{src/main/resources/com/company/rule.drl}} will not be picked up, because the path in jar(zip) is {{BOOT-INF/classes/com/company/rule.drl}}. > From my investigation it seems the logic in org.drools.compiler.kie.builder.impl.KieBuilderImpl#isFileInKieBase does not recognize these files as it compares the packages for equality or if one starts with the other. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-1272) Missing null checks in auth client lead to NPEs later on

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1272?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1272. ----------------------------------- Fix Version/s: 1.1.0.CR2 (was: 1.1.0.CR3) Resolution: Done > Missing null checks in auth client lead to NPEs later on > -------------------------------------------------------- > > Key: ELY-1272 > URL: https://issues.jboss.org/browse/ELY-1272 > Project: WildFly Elytron > Issue Type: Bug > Components: API / SPI, Authentication Client > Reporter: David Lloyd > Assignee: Stuart Douglas > Fix For: 1.1.0.CR2 > > > There are missing null checks in at least the following places: > * The constructor of org.wildfly.security.auth.principal.NamePrincipal which should require "name" to be non-null > * The name argument to org.wildfly.security.auth.client.AuthenticationConfiguration#useName > In addition, the following places handle null wrongly: > * org.wildfly.security.auth.client.AuthenticationConfiguration#useAuthorizationName should check name for null, and if it is null, pass null in to useAuthorizationPrincipal -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9039) EJB with Elytron propagate identity even when it should not

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-9039?page=com.atlassian.jira.plugin.... ] Jan Kalina updated WFLY-9039: ----------------------------- Description: In *RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*: {code} StatelessSingletonUseBean SimpleSingletonBean | check Admin in [Admin] (has required role) StatelessBBean {code} In non-Elytron case the check is unsuccessful as test require, because identity is not propagated: {code} StatelessSingletonUseBean SimpleSingletonBean | authorize EXCEPTION methodRoles = Admin securityContext.subjectInfo = anonymouse {code} *This is lack of WFLY-981 fix when Elytron used: Identity is propagated from @PostConstruct method.* was: In *testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*: {code} StatelessSingletonUseBean SimpleSingletonBean | check Admin in [Admin] (has required role) StatelessBBean {code} In non-Elytron case the check is unsuccessful as test require, because identity is not propagated: {code} StatelessSingletonUseBean SimpleSingletonBean | authorize EXCEPTION methodRoles = Admin securityContext.subjectInfo = anonymouse {code} *This is lack of WFLY-981 fix when Elytron used: Identity is propagated from @PostConstruct method.* > EJB with Elytron propagate identity even when it should not > ----------------------------------------------------------- > > Key: WFLY-9039 > URL: https://issues.jboss.org/browse/WFLY-9039 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > In *RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*: > {code} > StatelessSingletonUseBean > SimpleSingletonBean > | check Admin in [Admin] (has required role) > StatelessBBean > {code} > In non-Elytron case the check is unsuccessful as test require, because identity is not propagated: > {code} > StatelessSingletonUseBean > SimpleSingletonBean > | authorize > EXCEPTION > methodRoles = Admin > securityContext.subjectInfo = anonymouse > {code} > *This is lack of WFLY-981 fix when Elytron used: Identity is propagated from @PostConstruct method.* -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-1275) x509-credential-mapper in ldap-realm does not work correctly with server-ssl-context

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1275?page=com.atlassian.jira.plugin.s... ] Jan Kalina reassigned ELY-1275: ------------------------------- Assignee: Jan Kalina (was: Darran Lofthouse) > x509-credential-mapper in ldap-realm does not work correctly with server-ssl-context > ------------------------------------------------------------------------------------ > > Key: ELY-1275 > URL: https://issues.jboss.org/browse/ELY-1275 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > > When {{ldap-realm}} with {{x509-credential-mapper}} is used in {{security-domain}} which is referenced from {{server-ssl-context}} then authorization fails. It seems it is caused by using {{ServerAuthenticationContext.NameAssignedState}} in [1] which fails in [2] due to [3]. This issue causes that {{x509-credential-mapper}} cannot work in {{server-ssl-context}}. > Server log: > {code} > 2017-06-30 15:01:22,019 TRACE [org.wildfly.security] (default task-2) X500 principal [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ] decoded as name [clientSubjectDn] (attribute values: [clientSubjectDn]) > 2017-06-30 15:01:22,022 TRACE [org.wildfly.security] (default task-2) Principal assigning: [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ], pre-realm rewritten: [clientSubjectDn], realm name: [ldap-realm-subject-dn], post-realm rewritten: [clientSubjectDn], realm rewritten: [clientSubjectDn] > 2017-06-30 15:01:22,023 DEBUG [org.wildfly.security] (default task-2) Obtaining lock for identity [clientSubjectDn]... > 2017-06-30 15:01:22,028 DEBUG [org.wildfly.security] (default task-2) Obtained lock for identity [clientSubjectDn]. > 2017-06-30 15:01:22,044 DEBUG [org.wildfly.security] (default task-2) Creating [class javax.naming.directory.InitialDirContext] with environment: > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.credentials] with value [[s, e, c, r, e, t]] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.authentication] with value [simple] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.provider.url] with value [ldap://localhost:10389] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.read.timeout] with value [60000] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.pool] with value [false] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.timeout] with value [5000] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.principal] with value [uid=admin,ou=system] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.referral] with value [ignore] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.factory.initial] with value [com.sun.jndi.ldap.LdapCtxFactory] > 2017-06-30 15:01:22,081 DEBUG [org.wildfly.security] (default task-2) [javax.naming.ldap.InitialLdapContext@6ca3ef32] successfully created. Connection established to LDAP server. > 2017-06-30 15:01:22,084 DEBUG [org.wildfly.security] (default task-2) Trying to create identity for principal [clientSubjectDn]. > 2017-06-30 15:01:22,086 DEBUG [org.wildfly.security] (default task-2) Executing search [(uid={0})] in context [o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org] with arguments [clientSubjectDn]. Returning attributes are [null]. Binary attributes are [null]. > 2017-06-30 15:01:22,152 DEBUG [org.wildfly.security] (default task-2) Found entry [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,152 DEBUG [org.wildfly.security] (default task-2) Identity for principal [clientSubjectDn] found at [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Context [javax.naming.ldap.InitialLdapContext@6ca3ef32] was closed. Connection closed or just returned to the pool. > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Creating [class javax.naming.directory.InitialDirContext] with environment: > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.credentials] with value [[s, e, c, r, e, t]] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.authentication] with value [simple] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.provider.url] with value [ldap://localhost:10389] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.read.timeout] with value [60000] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.pool] with value [false] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.timeout] with value [5000] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.principal] with value [uid=admin,ou=system] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.referral] with value [ignore] > 2017-06-30 15:01:22,154 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.factory.initial] with value [com.sun.jndi.ldap.LdapCtxFactory] > 2017-06-30 15:01:22,179 DEBUG [org.wildfly.security] (default task-2) [javax.naming.ldap.InitialLdapContext@75395ba6] successfully created. Connection established to LDAP server. > 2017-06-30 15:01:22,180 DEBUG [org.wildfly.security] (default task-2) Trying to create identity for principal [clientSubjectDn]. > 2017-06-30 15:01:22,180 DEBUG [org.wildfly.security] (default task-2) Executing search [(uid={0})] in context [o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org] with arguments [clientSubjectDn]. Returning attributes are [businessCategory]. Binary attributes are []. > 2017-06-30 15:01:22,195 DEBUG [org.wildfly.security] (default task-2) Found entry [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,197 DEBUG [org.wildfly.security] (default task-2) Identity for principal [clientSubjectDn] found at [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,198 DEBUG [org.wildfly.security] (default task-2) Context [javax.naming.ldap.InitialLdapContext@75395ba6] was closed. Connection closed or just returned to the pool. > 2017-06-30 15:01:22,200 TRACE [org.wildfly.security] (default task-2) X500 principal [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ] decoded as name [clientSubjectDn] (attribute values: [clientSubjectDn]) > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Creating [class javax.naming.directory.InitialDirContext] with environment: > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.credentials] with value [[s, e, c, r, e, t]] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.authentication] with value [simple] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.provider.url] with value [ldap://localhost:10389] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.read.timeout] with value [60000] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.pool] with value [false] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.timeout] with value [5000] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.principal] with value [uid=admin,ou=system] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.referral] with value [ignore] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.factory.initial] with value [com.sun.jndi.ldap.LdapCtxFactory] > 2017-06-30 15:01:22,212 DEBUG [org.wildfly.security] (default task-2) [javax.naming.ldap.InitialLdapContext@22d42495] successfully created. Connection established to LDAP server. > 2017-06-30 15:01:22,213 DEBUG [org.wildfly.security] (default task-2) Trying to create identity for principal [clientSubjectDn]. > 2017-06-30 15:01:22,214 DEBUG [org.wildfly.security] (default task-2) Executing search [(uid={0})] in context [o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org] with arguments [clientSubjectDn]. Returning attributes are [businessCategory]. Binary attributes are []. > 2017-06-30 15:01:22,227 DEBUG [org.wildfly.security] (default task-2) Found entry [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,227 DEBUG [org.wildfly.security] (default task-2) Identity for principal [clientSubjectDn] found at [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,227 TRACE [org.wildfly.security] (default task-2) X509 client certificate accepted by X509EvidenceVerifier > 2017-06-30 15:01:22,227 DEBUG [org.wildfly.security] (default task-2) Context [javax.naming.ldap.InitialLdapContext@22d42495] was closed. Connection closed or just returned to the pool. > 2017-06-30 15:01:22,228 TRACE [org.wildfly.security] (default task-2) Authentication succeed for principal [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ] > 2017-06-30 15:01:22,240 ERROR [org.xnio.nio] (default I/O-4) XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@46b65284 failed with an exception: java.lang.RuntimeException: ELY01112: Authentication cannot succeed; not authorized > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) > at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) > at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) > at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackSSLEngine.java:265) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > at io.undertow.server.protocol.http.ALPNLimitingSSLEngine.unwrap(ALPNLimitingSSLEngine.java:73) > at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:749) > at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:646) > at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63) > at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1046) > at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:592) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:472) > Caused by: java.lang.IllegalStateException: ELY01112: Authentication cannot succeed; not authorized > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.succeed(ServerAuthenticationContext.java:1947) > at org.wildfly.security.auth.server.ServerAuthenticationContext.succeed(ServerAuthenticationContext.java:492) > at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:123) > at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72) > at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869) > at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) > at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) > at java.security.AccessController.doPrivileged(Native Method) > at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) > at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > Since there is no documentation for this scenario it is possible that this is just a configuration issue - in that case please provide valid configuration for this scenario. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc... > [2] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc... > [3] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1282) Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1282?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1282: ------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string > --------------------------------------------------------------------------------------- > > Key: WFCORE-1282 > URL: https://issues.jboss.org/browse/WFCORE-1282 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 1.0.2.Final > Environment: Oracle Java > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Beta29 > > Attachments: client_debug_eap6.log, client_debug_eap7.log, server-cert-key-ec.jks, server_debug_eap6.log, server_debug_eap7.log > > > User using these cipher suites / cipher name in EAP6 won't be able to use it in EAP7. > Setting as critical as these cipher suites, are considered for strong and widely used in my opinion. > In server log, error "no cipher suites in common" can be seen using -Djavax.net.debug=all. > Note, that analogous configuration in EAP6 works fine. > Issue can be seen on Oracle Java only, as on OpenJDK / IBM these suites are not provided by method getDefaultCipherSuites(). > Also is it possible to log "no cipher suites in common" and similar tls handshake errors without -Djavax.net.debug for better troubleshooting? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-887) "Deprecate" using an expression in model refs to interfaces

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-887?page=com.atlassian.jira.plugin... ] Kabir Khan updated WFCORE-887: ------------------------------ Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > "Deprecate" using an expression in model refs to interfaces > ----------------------------------------------------------- > > Key: WFCORE-887 > URL: https://issues.jboss.org/browse/WFCORE-887 > Project: WildFly Core > Issue Type: Task > Components: Domain Management > Reporter: Brian Stansberry > Fix For: 3.0.0.Beta29 > > > SocketBindingGroupResourceDefinition and OutboundSocketBindingResourceDefinition both have attributes that represent model refs to interface resources, but which also allow expressions. > Model references should not allow expressions. These were "grandfathered in" when the large scale expression support roll out happened for AS 7.2 / EAP 6.1. > There's no metadata facility to record that expression support is deprecated, but the add handler for these should log a WARN if they encounter an expression. Hopefully in EAP 8 we can then remove expression support. > We should look for other cases like this too, although those changes should be separate JIRAs. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2349) Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2349?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2349: ------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients. > --------------------------------------------------------------------------------- > > Key: WFCORE-2349 > URL: https://issues.jboss.org/browse/WFCORE-2349 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta29 > > > Other services such as EJB and transactions have a Remote*Permission to verify the remote client has the required permission to use that service - this should be repeated for the management related services to control what a remote client can and can not connect to. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017