July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-447) Connection Reauthentication and Security Propagation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-447?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned WFLY-447: ------------------------------------- Assignee: (was: Darran Lofthouse) > Connection Reauthentication and Security Propagation > ---------------------------------------------------- > > Key: WFLY-447 > URL: https://issues.jboss.org/browse/WFLY-447 > Project: WildFly > Issue Type: Task > Components: EJB, Remoting, Security > Reporter: Darran Lofthouse > Labels: authentication_service > Fix For: 11.0.0.Beta1 > > > This task is a top level task to coordinate the addition of support for switching to different security identities on an existing connection over Remoting. > This is to predominantly cover two major scenarios: - > - Clients using a single connection but require different calls to be executed as different users, in this case the client has the information required to start a new authentication as a different user. > - Server to server communication where the first server has already authenticated a remote user - for this scenario the first server needs a way to tell the second server what identity to run the call as. > The following document is building up the requirements and design considerations and decisions: - > https://community.jboss.org/wiki/ConnectionRe-AuthenticationAndSecurityPr... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-1191) Vault usage in a master-slave setup in AS7/EAP6

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-1191?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-1191: -------------------------------------- Assignee: (was: Darran Lofthouse) > Vault usage in a master-slave setup in AS7/EAP6 > ----------------------------------------------- > > Key: WFLY-1191 > URL: https://issues.jboss.org/browse/WFLY-1191 > Project: WildFly > Issue Type: Feature Request > Components: Security > Reporter: Hisanobu Okuda > > In domain mode, you need to copy over the vault files(keystore, Shared.dat, ENC.dat) to each machine within the domain. This is a very bad solution when your security policy requires password updates frequently. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1654) Don'ing a Map-Based Fact Loses the Fact

by KimJohn Quinn (JIRA)

KimJohn Quinn created DROOLS-1654: ------------------------------------- Summary: Don'ing a Map-Based Fact Loses the Fact Key: DROOLS-1654 URL: https://issues.jboss.org/browse/DROOLS-1654 Project: Drools Issue Type: Bug Components: core engine Affects Versions: 7.0.0.Final Environment: * Alpine Linux (in a Docker container) * Oracle JDK 8 * Drools 7.0.0.Final * Spring Boot v1.5.4.RELEASE (though testing without any Spring) Reporter: KimJohn Quinn Assignee: Mario Fusco Attachments: TraitDonningTest.java, traits.drl It appears that after don'ing the trait the map-based fact it is proxying disappears (or gets retracted). There does not seem to be any issue using the trait properties to access the model properties. We are trying to use the model, mostly for constraints and updates, then within the rules apply and use traits to give us a stronger-typed fact and easier rule constraining. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-1110) Deployment of secure or signed war file and verifying the integrity of signed war file by digital certificate during the deployment by jboss application server.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-1110?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-1110: -------------------------------------- Assignee: (was: Anil Saldanha) > Deployment of secure or signed war file and verifying the integrity of signed war file by digital certificate during the deployment by jboss application server. > ---------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-1110 > URL: https://issues.jboss.org/browse/WFLY-1110 > Project: WildFly > Issue Type: Feature Request > Components: Security > Reporter: Shashidhar Puttashamaiah > Labels: new_and_noteworthy > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-955) javax.security.auth.login.Configuration#contextClassLoader grabs a random class loader and holds onto it forever

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-955?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-955. ----------------------------------- Resolution: Out of Date > javax.security.auth.login.Configuration#contextClassLoader grabs a random class loader and holds onto it forever > ---------------------------------------------------------------------------------------------------------------- > > Key: WFLY-955 > URL: https://issues.jboss.org/browse/WFLY-955 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Stuart Douglas > Assignee: Stefan Guilhen > > This class uses the TCCL that is present at class initialization. This could be any class loader, and is often a deployments class loader, which causes a permgen leak. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-1598) Out of the box SSL - or shortly after.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-1598?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-1598: -------------------------------------- Assignee: (was: Darran Lofthouse) > Out of the box SSL - or shortly after. > -------------------------------------- > > Key: WFLY-1598 > URL: https://issues.jboss.org/browse/WFLY-1598 > Project: WildFly > Issue Type: Sub-task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Priority: Critical > Labels: management_security,, management_sso > Fix For: 11.0.0.Beta1 > > > There are various reasons that we do not support SSL/TLS out of the box e.g. > - If we ship a default keystore then everyone has access to the private key. > - Generating one on first boot we do not have sufficient information to generate it correctly, also the performance overhead. > This issue is to explorer other options to encourage their use and make it easier to configure. > As an example could the admin console detect a non encrypted connection and have an box that encourages the config along with a wizard like workflow to get it set up? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-1371) AuthorizationModule.destroy is never called

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-1371?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-1371: -------------------------------------- Assignee: (was: Darran Lofthouse) > AuthorizationModule.destroy is never called > ------------------------------------------- > > Key: WFLY-1371 > URL: https://issues.jboss.org/browse/WFLY-1371 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 8.0.0.Alpha1 > Reporter: Vlad Arkhipov > > If you define a custom authorization module in configuration XML, it's org.jboss.security.authorization.AuthorizationModule.destroy() is never called. So if you have some stuff in it's sharedState field, it leads to a memory leak. I'm not quite sure which project is responsible for the calling of this method PicketBox of WildFly. > As a workaround I currently clear sharedState field in abort() and commit() methods. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-1317) LdapExtLoginModule cannot cope with roles containing a slash in name

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-1317?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-1317. ------------------------------------ Fix Version/s: 11.0.0.Beta1 Resolution: Done > LdapExtLoginModule cannot cope with roles containing a slash in name > -------------------------------------------------------------------- > > Key: WFLY-1317 > URL: https://issues.jboss.org/browse/WFLY-1317 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Peter Skopek > Priority: Critical > Fix For: 11.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2683) Problem with security subsystem model descriptions

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-2683?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-2683. ------------------------------------ Resolution: Out of Date > Problem with security subsystem model descriptions > -------------------------------------------------- > > Key: WFLY-2683 > URL: https://issues.jboss.org/browse/WFLY-2683 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 8.0.0.CR1 > Reporter: Stuart Douglas > Assignee: Darran Lofthouse > > /subsystem=security/security-domain=*/acl=*:read-resource-description > results in: > "children" => { > "acl-module" => { > "description" => "ACL module", > "model-description" => undefined > }, > "login-module" => { > "description" => "Login module", > "model-description" => undefined > } > } > These model descriptions should not be undefined. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2097) The vault wants write access to the keystore even when not needed

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-2097?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-2097. ------------------------------------ Resolution: Out of Date > The vault wants write access to the keystore even when not needed > ----------------------------------------------------------------- > > Key: WFLY-2097 > URL: https://issues.jboss.org/browse/WFLY-2097 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 8.0.0.Alpha4 > Reporter: Tom Fonteyne > Assignee: Anil Saldanha > > security/src/main/java/org/jboss/as/security/vault/VaultSession.java > want constant "write" access to the keystore. This is considered to be a security risk. > We understand this was a requirement to allow upgrades to be done automatically but don't see why the write-access has to be permanent -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017