July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (DROOLS-1645) Wildcard in packages does not work in Spring Boot jar

by Jacek Hola (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1645?page=com.atlassian.jira.plugi... ] Jacek Hola commented on DROOLS-1645: ------------------------------------ Sure, I'll add one tomorrow. > Wildcard in packages does not work in Spring Boot jar > ----------------------------------------------------- > > Key: DROOLS-1645 > URL: https://issues.jboss.org/browse/DROOLS-1645 > Project: Drools > Issue Type: Bug > Components: core engine > Affects Versions: 7.0.0.Final > Reporter: Jacek Hola > Assignee: Mario Fusco > > In applications built with Spring Boot the resources under {{src/main/resources/}} are packed into jar in {{BOOT-INF/classes/}}. That's why when in {{kmodule.xml}} someone specifies > {code:xml} > <kbase name="base" default="true" packages="com.company.*"> > ... > </kbase> > {code} > then for example resource {{src/main/resources/com/company/rule.drl}} will not be picked up, because the path in jar(zip) is {{BOOT-INF/classes/com/company/rule.drl}}. > From my investigation it seems the logic in org.drools.compiler.kie.builder.impl.KieBuilderImpl#isFileInKieBase does not recognize these files as it compares the packages for equality or if one starts with the other. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1645) Wildcard in packages does not work in Spring Boot jar

by Mario Fusco (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1645?page=com.atlassian.jira.plugi... ] Mario Fusco commented on DROOLS-1645: ------------------------------------- I don't know Spring Boot very well, so it would be very helpful if you could provide a small reproducer for this issue. > Wildcard in packages does not work in Spring Boot jar > ----------------------------------------------------- > > Key: DROOLS-1645 > URL: https://issues.jboss.org/browse/DROOLS-1645 > Project: Drools > Issue Type: Bug > Components: core engine > Affects Versions: 7.0.0.Final > Reporter: Jacek Hola > Assignee: Mario Fusco > > In applications built with Spring Boot the resources under {{src/main/resources/}} are packed into jar in {{BOOT-INF/classes/}}. That's why when in {{kmodule.xml}} someone specifies > {code:xml} > <kbase name="base" default="true" packages="com.company.*"> > ... > </kbase> > {code} > then for example resource {{src/main/resources/com/company/rule.drl}} will not be picked up, because the path in jar(zip) is {{BOOT-INF/classes/com/company/rule.drl}}. > From my investigation it seems the logic in org.drools.compiler.kie.builder.impl.KieBuilderImpl#isFileInKieBase does not recognize these files as it compares the packages for equality or if one starts with the other. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1272) Missing null checks in auth client lead to NPEs later on

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1272?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1272. ----------------------------------- Fix Version/s: 1.1.0.CR2 (was: 1.1.0.CR3) Resolution: Done > Missing null checks in auth client lead to NPEs later on > -------------------------------------------------------- > > Key: ELY-1272 > URL: https://issues.jboss.org/browse/ELY-1272 > Project: WildFly Elytron > Issue Type: Bug > Components: API / SPI, Authentication Client > Reporter: David Lloyd > Assignee: Stuart Douglas > Fix For: 1.1.0.CR2 > > > There are missing null checks in at least the following places: > * The constructor of org.wildfly.security.auth.principal.NamePrincipal which should require "name" to be non-null > * The name argument to org.wildfly.security.auth.client.AuthenticationConfiguration#useName > In addition, the following places handle null wrongly: > * org.wildfly.security.auth.client.AuthenticationConfiguration#useAuthorizationName should check name for null, and if it is null, pass null in to useAuthorizationPrincipal -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9039) EJB with Elytron propagate identity even when it should not

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-9039?page=com.atlassian.jira.plugin.... ] Jan Kalina updated WFLY-9039: ----------------------------- Description: In *RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*: {code} StatelessSingletonUseBean SimpleSingletonBean | check Admin in [Admin] (has required role) StatelessBBean {code} In non-Elytron case the check is unsuccessful as test require, because identity is not propagated: {code} StatelessSingletonUseBean SimpleSingletonBean | authorize EXCEPTION methodRoles = Admin securityContext.subjectInfo = anonymouse {code} *This is lack of WFLY-981 fix when Elytron used: Identity is propagated from @PostConstruct method.* was: In *testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*: {code} StatelessSingletonUseBean SimpleSingletonBean | check Admin in [Admin] (has required role) StatelessBBean {code} In non-Elytron case the check is unsuccessful as test require, because identity is not propagated: {code} StatelessSingletonUseBean SimpleSingletonBean | authorize EXCEPTION methodRoles = Admin securityContext.subjectInfo = anonymouse {code} *This is lack of WFLY-981 fix when Elytron used: Identity is propagated from @PostConstruct method.* > EJB with Elytron propagate identity even when it should not > ----------------------------------------------------------- > > Key: WFLY-9039 > URL: https://issues.jboss.org/browse/WFLY-9039 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > In *RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*: > {code} > StatelessSingletonUseBean > SimpleSingletonBean > | check Admin in [Admin] (has required role) > StatelessBBean > {code} > In non-Elytron case the check is unsuccessful as test require, because identity is not propagated: > {code} > StatelessSingletonUseBean > SimpleSingletonBean > | authorize > EXCEPTION > methodRoles = Admin > securityContext.subjectInfo = anonymouse > {code} > *This is lack of WFLY-981 fix when Elytron used: Identity is propagated from @PostConstruct method.* -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1275) x509-credential-mapper in ldap-realm does not work correctly with server-ssl-context

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1275?page=com.atlassian.jira.plugin.s... ] Jan Kalina reassigned ELY-1275: ------------------------------- Assignee: Jan Kalina (was: Darran Lofthouse) > x509-credential-mapper in ldap-realm does not work correctly with server-ssl-context > ------------------------------------------------------------------------------------ > > Key: ELY-1275 > URL: https://issues.jboss.org/browse/ELY-1275 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Critical > > When {{ldap-realm}} with {{x509-credential-mapper}} is used in {{security-domain}} which is referenced from {{server-ssl-context}} then authorization fails. It seems it is caused by using {{ServerAuthenticationContext.NameAssignedState}} in [1] which fails in [2] due to [3]. This issue causes that {{x509-credential-mapper}} cannot work in {{server-ssl-context}}. > Server log: > {code} > 2017-06-30 15:01:22,019 TRACE [org.wildfly.security] (default task-2) X500 principal [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ] decoded as name [clientSubjectDn] (attribute values: [clientSubjectDn]) > 2017-06-30 15:01:22,022 TRACE [org.wildfly.security] (default task-2) Principal assigning: [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ], pre-realm rewritten: [clientSubjectDn], realm name: [ldap-realm-subject-dn], post-realm rewritten: [clientSubjectDn], realm rewritten: [clientSubjectDn] > 2017-06-30 15:01:22,023 DEBUG [org.wildfly.security] (default task-2) Obtaining lock for identity [clientSubjectDn]... > 2017-06-30 15:01:22,028 DEBUG [org.wildfly.security] (default task-2) Obtained lock for identity [clientSubjectDn]. > 2017-06-30 15:01:22,044 DEBUG [org.wildfly.security] (default task-2) Creating [class javax.naming.directory.InitialDirContext] with environment: > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.credentials] with value [[s, e, c, r, e, t]] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.authentication] with value [simple] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.provider.url] with value [ldap://localhost:10389] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.read.timeout] with value [60000] > 2017-06-30 15:01:22,045 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.pool] with value [false] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.timeout] with value [5000] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.principal] with value [uid=admin,ou=system] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.referral] with value [ignore] > 2017-06-30 15:01:22,046 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.factory.initial] with value [com.sun.jndi.ldap.LdapCtxFactory] > 2017-06-30 15:01:22,081 DEBUG [org.wildfly.security] (default task-2) [javax.naming.ldap.InitialLdapContext@6ca3ef32] successfully created. Connection established to LDAP server. > 2017-06-30 15:01:22,084 DEBUG [org.wildfly.security] (default task-2) Trying to create identity for principal [clientSubjectDn]. > 2017-06-30 15:01:22,086 DEBUG [org.wildfly.security] (default task-2) Executing search [(uid={0})] in context [o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org] with arguments [clientSubjectDn]. Returning attributes are [null]. Binary attributes are [null]. > 2017-06-30 15:01:22,152 DEBUG [org.wildfly.security] (default task-2) Found entry [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,152 DEBUG [org.wildfly.security] (default task-2) Identity for principal [clientSubjectDn] found at [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Context [javax.naming.ldap.InitialLdapContext@6ca3ef32] was closed. Connection closed or just returned to the pool. > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Creating [class javax.naming.directory.InitialDirContext] with environment: > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.credentials] with value [[s, e, c, r, e, t]] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.authentication] with value [simple] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.provider.url] with value [ldap://localhost:10389] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.read.timeout] with value [60000] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.pool] with value [false] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.timeout] with value [5000] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.principal] with value [uid=admin,ou=system] > 2017-06-30 15:01:22,153 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.referral] with value [ignore] > 2017-06-30 15:01:22,154 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.factory.initial] with value [com.sun.jndi.ldap.LdapCtxFactory] > 2017-06-30 15:01:22,179 DEBUG [org.wildfly.security] (default task-2) [javax.naming.ldap.InitialLdapContext@75395ba6] successfully created. Connection established to LDAP server. > 2017-06-30 15:01:22,180 DEBUG [org.wildfly.security] (default task-2) Trying to create identity for principal [clientSubjectDn]. > 2017-06-30 15:01:22,180 DEBUG [org.wildfly.security] (default task-2) Executing search [(uid={0})] in context [o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org] with arguments [clientSubjectDn]. Returning attributes are [businessCategory]. Binary attributes are []. > 2017-06-30 15:01:22,195 DEBUG [org.wildfly.security] (default task-2) Found entry [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,197 DEBUG [org.wildfly.security] (default task-2) Identity for principal [clientSubjectDn] found at [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,198 DEBUG [org.wildfly.security] (default task-2) Context [javax.naming.ldap.InitialLdapContext@75395ba6] was closed. Connection closed or just returned to the pool. > 2017-06-30 15:01:22,200 TRACE [org.wildfly.security] (default task-2) X500 principal [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ] decoded as name [clientSubjectDn] (attribute values: [clientSubjectDn]) > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Creating [class javax.naming.directory.InitialDirContext] with environment: > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.credentials] with value [[s, e, c, r, e, t]] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.authentication] with value [simple] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.provider.url] with value [ldap://localhost:10389] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.read.timeout] with value [60000] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.pool] with value [false] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [com.sun.jndi.ldap.connect.timeout] with value [5000] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.security.principal] with value [uid=admin,ou=system] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.referral] with value [ignore] > 2017-06-30 15:01:22,205 DEBUG [org.wildfly.security] (default task-2) Property [java.naming.factory.initial] with value [com.sun.jndi.ldap.LdapCtxFactory] > 2017-06-30 15:01:22,212 DEBUG [org.wildfly.security] (default task-2) [javax.naming.ldap.InitialLdapContext@22d42495] successfully created. Connection established to LDAP server. > 2017-06-30 15:01:22,213 DEBUG [org.wildfly.security] (default task-2) Trying to create identity for principal [clientSubjectDn]. > 2017-06-30 15:01:22,214 DEBUG [org.wildfly.security] (default task-2) Executing search [(uid={0})] in context [o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org] with arguments [clientSubjectDn]. Returning attributes are [businessCategory]. Binary attributes are []. > 2017-06-30 15:01:22,227 DEBUG [org.wildfly.security] (default task-2) Found entry [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,227 DEBUG [org.wildfly.security] (default task-2) Identity for principal [clientSubjectDn] found at [uid=clientSubjectDn,ou=People,o=X509CredentialMapperTestCasec588011e,o=primary,dc=jboss,dc=org]. > 2017-06-30 15:01:22,227 TRACE [org.wildfly.security] (default task-2) X509 client certificate accepted by X509EvidenceVerifier > 2017-06-30 15:01:22,227 DEBUG [org.wildfly.security] (default task-2) Context [javax.naming.ldap.InitialLdapContext@22d42495] was closed. Connection closed or just returned to the pool. > 2017-06-30 15:01:22,228 TRACE [org.wildfly.security] (default task-2) Authentication succeed for principal [CN=clientSubjectDn, OU=EAP QE, O=Red Hat, L=Brno, ST=Czech Republic, C=CZ] > 2017-06-30 15:01:22,240 ERROR [org.xnio.nio] (default I/O-4) XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@46b65284 failed with an exception: java.lang.RuntimeException: ELY01112: Authentication cannot succeed; not authorized > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) > at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) > at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) > at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackSSLEngine.java:265) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > at io.undertow.server.protocol.http.ALPNLimitingSSLEngine.unwrap(ALPNLimitingSSLEngine.java:73) > at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:749) > at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:646) > at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63) > at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1046) > at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:592) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:472) > Caused by: java.lang.IllegalStateException: ELY01112: Authentication cannot succeed; not authorized > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.succeed(ServerAuthenticationContext.java:1947) > at org.wildfly.security.auth.server.ServerAuthenticationContext.succeed(ServerAuthenticationContext.java:492) > at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:123) > at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72) > at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869) > at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) > at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) > at java.security.AccessController.doPrivileged(Native Method) > at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) > at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > Since there is no documentation for this scenario it is possible that this is just a configuration issue - in that case please provide valid configuration for this scenario. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc... > [2] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc... > [3] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1282) Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1282?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-1282: ------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string > --------------------------------------------------------------------------------------- > > Key: WFCORE-1282 > URL: https://issues.jboss.org/browse/WFCORE-1282 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 1.0.2.Final > Environment: Oracle Java > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Beta29 > > Attachments: client_debug_eap6.log, client_debug_eap7.log, server-cert-key-ec.jks, server_debug_eap6.log, server_debug_eap7.log > > > User using these cipher suites / cipher name in EAP6 won't be able to use it in EAP7. > Setting as critical as these cipher suites, are considered for strong and widely used in my opinion. > In server log, error "no cipher suites in common" can be seen using -Djavax.net.debug=all. > Note, that analogous configuration in EAP6 works fine. > Issue can be seen on Oracle Java only, as on OpenJDK / IBM these suites are not provided by method getDefaultCipherSuites(). > Also is it possible to log "no cipher suites in common" and similar tls handshake errors without -Djavax.net.debug for better troubleshooting? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-887) "Deprecate" using an expression in model refs to interfaces

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-887?page=com.atlassian.jira.plugin... ] Kabir Khan updated WFCORE-887: ------------------------------ Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > "Deprecate" using an expression in model refs to interfaces > ----------------------------------------------------------- > > Key: WFCORE-887 > URL: https://issues.jboss.org/browse/WFCORE-887 > Project: WildFly Core > Issue Type: Task > Components: Domain Management > Reporter: Brian Stansberry > Fix For: 3.0.0.Beta29 > > > SocketBindingGroupResourceDefinition and OutboundSocketBindingResourceDefinition both have attributes that represent model refs to interface resources, but which also allow expressions. > Model references should not allow expressions. These were "grandfathered in" when the large scale expression support roll out happened for AS 7.2 / EAP 6.1. > There's no metadata facility to record that expression support is deprecated, but the add handler for these should log a WARN if they encounter an expression. Hopefully in EAP 8 we can then remove expression support. > We should look for other cases like this too, although those changes should be separate JIRAs. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2349) Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients.

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2349?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2349: ------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients. > --------------------------------------------------------------------------------- > > Key: WFCORE-2349 > URL: https://issues.jboss.org/browse/WFCORE-2349 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta29 > > > Other services such as EJB and transactions have a Remote*Permission to verify the remote client has the required permission to use that service - this should be repeated for the management related services to control what a remote client can and can not connect to. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2100) Upgrade to WildFly Elytron 1.1.0.Final

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2100?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2100: ------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > Upgrade to WildFly Elytron 1.1.0.Final > -------------------------------------- > > Key: WFCORE-2100 > URL: https://issues.jboss.org/browse/WFCORE-2100 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta29 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2016) Change sasl-authentication-factor for management auth works after reload, but not after server restart

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2016?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-2016: ------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 3.0.0.Beta28) > Change sasl-authentication-factor for management auth works after reload, but not after server restart > ------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2016 > URL: https://issues.jboss.org/browse/WFCORE-2016 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: Zach Rhoads > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta29 > > > I can successfully configure a new sasl-authentication-factory and assign it to the management interface: > {code} > /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir) > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add() > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"}) > /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add-attribute(name=Roles, value=["Admin","Guest"]) > /subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles) > /subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm,role-decoder=from-roles-attribute}],default-realm=exampleFsRealm,permission-mapper=login-permission-mapper) > /subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleSaslRealm}]}]) > /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth) > reload > {code} > after reload, i am forced to re-authenticate and it succeeds: > {code} > [standalone@localhost:9990 /] reload > Authenticating against security realm: exampleSaslRealm > Username: user1 > Password: > [standalone@localhost:9990 /] > {code} > Once i restart the server though and try to connect, i get a timeout: > {code} > $ ./jboss-cli.sh -c > Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out > {code} > It also fails if i force no local auth: > {code} > $ ./jboss-cli.sh -c --no-local-auth > Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out > {code}/ -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017