July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1225) Elytron - Write SASL mechanism implementing class into trace log

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1225?page=com.atlassian.jira.plugin.s... ] Jan Kalina edited comment on ELY-1225 at 7/3/17 5:00 AM: --------------------------------------------------------- PR 1: trace into mechs factories PR 2: toString of delegating objects was (Author: honza889): Second PR: toString of delegating objects > Elytron - Write SASL mechanism implementing class into trace log > ---------------------------------------------------------------- > > Key: ELY-1225 > URL: https://issues.jboss.org/browse/ELY-1225 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Affects Versions: 1.1.0.Beta50 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.1.0.Beta51 > > > It's very hard to debug issues when a wrong SASL mechanism implementation is used (e.g. JDK provided one instead Elytron one). The class name implementing the mechanism should be logged by Elytron. > One place to cover this could be {{org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient()}} method, but there are probably more places to look into. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1225) Elytron - Write SASL mechanism implementing class into trace log

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1225?page=com.atlassian.jira.plugin.s... ] Jan Kalina commented on ELY-1225: --------------------------------- Second PR: toString of delegating objects > Elytron - Write SASL mechanism implementing class into trace log > ---------------------------------------------------------------- > > Key: ELY-1225 > URL: https://issues.jboss.org/browse/ELY-1225 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Affects Versions: 1.1.0.Beta50 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.1.0.Beta51 > > > It's very hard to debug issues when a wrong SASL mechanism implementation is used (e.g. JDK provided one instead Elytron one). The class name implementing the mechanism should be logged by Elytron. > One place to cover this could be {{org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient()}} method, but there are probably more places to look into. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3035) x509-credential-mapper in ldap-realm tries to verify Subject DN even if it is not configured

by Lin Gao (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3035?page=com.atlassian.jira.plugi... ] Lin Gao reassigned WFCORE-3035: ------------------------------- Assignee: Lin Gao (was: Darran Lofthouse) > x509-credential-mapper in ldap-realm tries to verify Subject DN even if it is not configured > -------------------------------------------------------------------------------------------- > > Key: WFCORE-3035 > URL: https://issues.jboss.org/browse/WFCORE-3035 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta26 > Reporter: Ondrej Lukas > Assignee: Lin Gao > Priority: Critical > > {{ldap-realm}} tries to verify Subject DN even if it is not configured (in optional {{subject-dn-from}} attribute). Attempt to verify Subject DN should not happen in that case. > It seems it is caused by missing check in [1]. > [1] https://github.com/wildfly/wildfly-core/blob/4e3c18e143d9093401c65745e321... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8749) RBAC, There are missing access-constraint for attributes which referencing elytron capabilities.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8749?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8749: ------------------------------- Security: (was: Security Issue) > RBAC, There are missing access-constraint for attributes which referencing elytron capabilities. > ------------------------------------------------------------------------------------------------ > > Key: WFLY-8749 > URL: https://issues.jboss.org/browse/WFLY-8749 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Priority: Blocker > > This is potentially security vulnerability therefore it is BLOCKER. > According to RFE EAP7-548 there must be set access-constraint where are referenced elytron capabilities. > I found 6 places where is access-constraint missing. > {code} > /subsystem=undertow:read-resource-description(recursive=true) > {code} > There is *http-invoker*, attr *http-authentication-factory* with *org.wildfly.security.http-authentication-factory* capability. > {code} > /subsystem=datasources:read-resource-description(recursive=true) > {code} > There is *xa-data-source*, attr *recovery-authentication-context* with *org.wildfly.security.authentication-context* capability. > {code} > /subsystem=ejb3:read-resource-description(recursive=true) > {code} > There is *identity*, attr *outflow-security-domains* with *org.wildfly.security.security-domain* capability. > {code} > /core-service=management/management-interface=http-interface:read-resource-description(recursive=true) > {code} > There is *sasl-authentication-factory* with *org.wildfly.security.sasl-authentication-factory* capability. > {code} > /deployment=test:read-resource-description(recursive=true) > {code} > There is *xa-data-source*, attr *recovery-authentication-context* with *org.wildfly.security.authentication-context* capability > and *there is same problem in subdeployment resource too*. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8750) RBAC, Security subsystem contains attributes with capabilities which don't set access-constraint.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8750?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8750: ------------------------------- Security: (was: Security Issue) > RBAC, Security subsystem contains attributes with capabilities which don't set access-constraint. > ------------------------------------------------------------------------------------------------- > > Key: WFLY-8750 > URL: https://issues.jboss.org/browse/WFLY-8750 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > This is potentially security vulnerability therefore it is BLOCKER. > Security subsystem contains attributes with capabilities which don't set access-constraint. > All of them have Elytron compatibility capability and I expect there some access constraint too. > *How to reproduce:* > {code} > /subsystem=security:read-resource-description(recursive=true) > {code} > There are some places where missing access constraints. > elytron-key-store with *org.wildfly.security.key-store* capability. > elytron-realm with *org.wildfly.security.security-realm* capability. > elytron-trust-manager with *org.wildfly.security.trust-managers* capability. > elytron-key-manager with *org.wildfly.security.key-managers* capability. > elytron-trust-store with *org.wildfly.security.key-store* capability. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9041) "Arguments must not be null" when sending a null JSON object with ResteasyWebTarget

by Chao Wang (JIRA)

[ https://issues.jboss.org/browse/WFLY-9041?page=com.atlassian.jira.plugin.... ] Chao Wang moved JBEAP-11920 to WFLY-9041: ----------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-9041 (was: JBEAP-11920) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: REST (was: REST) Affects Version/s: 11.0.0.Alpha1 (was: 7.0.6.GA) (was: 7.1.0.ER1) > "Arguments must not be null" when sending a null JSON object with ResteasyWebTarget > ----------------------------------------------------------------------------------- > > Key: WFLY-9041 > URL: https://issues.jboss.org/browse/WFLY-9041 > Project: WildFly > Issue Type: Bug > Components: REST > Affects Versions: 11.0.0.Alpha1 > Reporter: Chao Wang > Assignee: Alessio Soldano > > Having a very simple WS application with a REST endpoint that consumes a JSON object: > {code:java} > @Path("hello") > public class HelloWorld { > @POST > @Path("entity") > @Produces({MediaType.APPLICATION_JSON}) > @Consumes({MediaType.APPLICATION_JSON}) > public Greeting helloEntity(Greeter greeter) { > return new Greeting(greeter); > } > } > {code} > If the resteasy-client with the the _ResteasyWebTarget_ proxy is used: > {code:java} > System.out.println( > ((ResteasyWebTarget) > ClientBuilder.newClient() > .target("http://jboss.sample.com:8080") > .path("resteasy-test") > .path("ws") > .path("hello")) > .proxy(HelloWorldInterface.class) > .helloEntity(null)); > {code} > The following exception is thrown at client side (no data is sent): > {code} > java.lang.IllegalArgumentException: Arguments must not be null. > at javax.ws.rs.core.GenericEntity.<init>(GenericEntity.java:148) > at org.jboss.resteasy.client.jaxrs.internal.proxy.processors.invocation.MessageBodyParameterProcessor.process(MessageBodyParameterProcessor.java:35) > at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.createRequest(ClientInvoker.java:135) > at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:101) > at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64) > at com.sun.proxy.$Proxy39.helloEntity(Unknown Source) > at com.redhat.sample.test.Client.main(Client.java:63) > {code} > You can send a null using the standard jax-rs methods: > {code:java} > System.out.println(ClientBuilder.newClient() > .target("http://jboss.sample.com:8080") > .path("resteasy-test") > .path("ws") > .path("hello") > .path("entity") > .request(MediaType.APPLICATION_JSON) > .accept(MediaType.APPLICATION_JSON) > .post(Entity.entity(null, MediaType.APPLICATION_JSON)) > .readEntity(Greeting.class)); > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8641) rewrite handler produces invalid URLs when used with query part

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-8641?page=com.atlassian.jira.plugin.... ] Stuart Douglas resolved WFLY-8641. ---------------------------------- Fix Version/s: 11.0.0.Beta1 Resolution: Done > rewrite handler produces invalid URLs when used with query part > --------------------------------------------------------------- > > Key: WFLY-8641 > URL: https://issues.jboss.org/browse/WFLY-8641 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 10.1.0.Final > Environment: * Windows 10 > * Wildfly 10.1.0 Final > Reporter: Markus Stier > Assignee: Stuart Douglas > Fix For: 11.0.0.Beta1 > > > Context: > a request of the form "http://home:8180/" should be rewritten to "http://home:8180/somepath?param=1234" > Problem: > The rewrite handler produces URLs which contain duplicated query parts and question marks. See excerpt from access log below. > {code} > [26/Apr/2017:09:26:09 +0200] home:8180 "GET /somepath?param=1234??param=1234 HTTP/1.1" 404 > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1225) Elytron - Write SASL mechanism implementing class into trace log

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1225?page=com.atlassian.jira.plugin.s... ] Jan Kalina reopened ELY-1225: ----------------------------- > Elytron - Write SASL mechanism implementing class into trace log > ---------------------------------------------------------------- > > Key: ELY-1225 > URL: https://issues.jboss.org/browse/ELY-1225 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Affects Versions: 1.1.0.Beta50 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.1.0.Beta51 > > > It's very hard to debug issues when a wrong SASL mechanism implementation is used (e.g. JDK provided one instead Elytron one). The class name implementing the mechanism should be logged by Elytron. > One place to cover this could be {{org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient()}} method, but there are probably more places to look into. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1551) Implement FEEL/DMN value marshaller

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1551?page=com.atlassian.jira.plugi... ] Edson Tirelli commented on DROOLS-1551: --------------------------------------- Implemented 2 marshallers: FEELStringMarshaller: https://github.com/kiegroup/drools/pull/1345/files#diff-1912b09200f1836e5... FEELCodeMarshaller: https://github.com/kiegroup/drools/pull/1345/files#diff-9bcf716d408c6a61f... The main difference between them is that the String marshaller simply normalizes values and present them in a human readable format, while the Code marshaller produces a FEEL expression that can be executed to reconstruct the value. For instance, marshalling the duration value P5Y2M with the String marshaller will result in: P5Y2M While using the Code marshaller will result in duration( "P5Y2M" ) Both marshallers will normalize duration objects and set the negative sign, when appropriate, at the start of the expression as per the requirement. > Implement FEEL/DMN value marshaller > ----------------------------------- > > Key: DROOLS-1551 > URL: https://issues.jboss.org/browse/DROOLS-1551 > Project: Drools > Issue Type: Feature Request > Components: dmn engine > Affects Versions: 7.0.0.CR3 > Reporter: Edson Tirelli > Assignee: Edson Tirelli > Priority: Critical > > Some value types in FEEL/DMN require special formatting when marshalling/unmarshalling. For instance: > {quote} > So it seems that ISO 8601 does not define negative intervals. I.e., ISO 8601 only supports things like "PT1H". XPath extends that with a leading optional sign, like "+PT1H" and "-PT1H". Java extends that allowing the sign to be used in each of the units in the duration like, "PT+1H", "PT-1H", besides the leading sign "-PT1H". > The FEEL spec on page 113 seems to follow the XPath lexical definition, so the leading sign "-PT1H" seems to be the correct format. > {quote} > Implement an object marshaller for DMN/FEEL that is capable of marshalling/unmarshalling objects. Most object types are straightforward, but a few of them (like durations) need special handling. In particular: > * negative duration should use a leading - sign instead of having the sign in the unit numbers > * durations need to be normalized before marshalled: > {quote} > A days and time duration in the semantic domain is a sequence of numbers for the days, hours, minutes, and seconds of duration, normalized such that the sum of these numbers is minimized. > {quote} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-485) Add JavaDoc for the 'org.wildfly.security.auth.server' package and sub packages.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-485?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-485: --------------------------------- Fix Version/s: 1.1.0.CR3 (was: 1.1.0.CR2) > Add JavaDoc for the 'org.wildfly.security.auth.server' package and sub packages. > -------------------------------------------------------------------------------- > > Key: ELY-485 > URL: https://issues.jboss.org/browse/ELY-485 > Project: WildFly Elytron > Issue Type: Enhancement > Reporter: Darran Lofthouse > Fix For: 1.1.0.CR3 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

6 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017