July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-4990) JACCForEarModulesTestCase failures are intermittent on CI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-4990?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-4990: -------------------------------------- Assignee: (was: Darran Lofthouse) > JACCForEarModulesTestCase failures are intermittent on CI > --------------------------------------------------------- > > Key: WFLY-4990 > URL: https://issues.jboss.org/browse/WFLY-4990 > Project: WildFly > Issue Type: Bug > Components: Security, Test Suite > Reporter: James Perkins > Labels: testsuite_stability > > http://brontes.lab.eng.brq.redhat.com/project.html?projectId=WF_PullReque... > http://brontes.lab.eng.brq.redhat.com/project.html?projectId=WF_PullReque... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-4989) JACCAuthzPropagationTestCase failures are intermittent on CI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-4989?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-4989: -------------------------------------- Assignee: (was: Darran Lofthouse) > JACCAuthzPropagationTestCase failures are intermittent on CI > ------------------------------------------------------------ > > Key: WFLY-4989 > URL: https://issues.jboss.org/browse/WFLY-4989 > Project: WildFly > Issue Type: Bug > Components: Security, Test Suite > Reporter: James Perkins > Labels: testsuite_stability > > http://brontes.lab.eng.brq.redhat.com/project.html?projectId=WF_PullReque... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5396) Search scope OBJECT_SCOPE does not work correctly for AdvancedLdapLoginModule

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-5396?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-5396: -------------------------------------- Assignee: (was: Darran Lofthouse) > Search scope OBJECT_SCOPE does not work correctly for AdvancedLdapLoginModule > ----------------------------------------------------------------------------- > > Key: WFLY-5396 > URL: https://issues.jboss.org/browse/WFLY-5396 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR1 > Reporter: Ondrej Lukas > > Search scope OBJECT_SCOPE does not work correctly for AdvancedLdapLoginModule > LDAP authentication fails (HTTP 401 returned) when login module option searchScope=OBJECT_SCOPE is used. > This problem is caused by searching attributes for role DN which starts with comma - e.g. ",cn=JBossAdmin,ou=Roles,dc=jboss,dc=org". > You can reproduce it by following configuration: > Security domain: > {code:xml} > <security-domain name="ldap"> > <authentication> > <login-module code="AdvancedLdap" flag="required"> > <module-option name="bindDN" value="uid=admin,ou=system"/> > <module-option name="bindCredential" value="secret"/> > <module-option name="baseCtxDN" value="ou=People,dc=jboss,dc=org"/> > <module-option name="searchScope" value="OBJECT_SCOPE"/> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/> > <module-option name="throwValidateError" value="true"/> > <module-option name="baseFilter" value="(uid={0})"/> > <module-option name="roleFilter" value="(member={1})"/> > <module-option name="roleAttributeID" value="cn"/> > <module-option name="rolesCtxDN" value="cn=JBossAdmin,ou=Roles,dc=jboss,dc=org"/> > <module-option name="java.naming.security.authentication" value="simple"/> > </login-module> > </authentication> > </security-domain> > {code} > LDIF for role: > {code} > dn: ou=People,dc=jboss,dc=org > objectclass: top > objectclass: organizationalUnit > ou: People > dn: uid=jduke,ou=People,dc=jboss,dc=org > objectclass: top > objectclass: person > objectclass: inetOrgPerson > uid: jduke > cn: Java Duke > sn: Duke > userPassword: Password1 > dn: ou=Roles,dc=jboss,dc=org > objectClass: top > objectClass: organizationalUnit > ou: Roles > dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org > objectClass: top > objectClass: groupOfNames > cn: JBossAdmin > member: uid=jduke,ou=People,dc=jboss,dc=org > {code} > It seems the method AdvancedLdapLoginModule.canonicalize() causes this problem. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5395) Search scope OBJECT_SCOPE does not work correctly for LdapExtLoginModule

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-5395?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-5395: -------------------------------------- Assignee: (was: Darran Lofthouse) > Search scope OBJECT_SCOPE does not work correctly for LdapExtLoginModule > ------------------------------------------------------------------------ > > Key: WFLY-5395 > URL: https://issues.jboss.org/browse/WFLY-5395 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR1 > Reporter: Ondrej Lukas > > LDAP authentication fails (HTTP 401 returned) when login module option searchScope=OBJECT_SCOPE is used. > This problem is caused by searching attributes for role DN which starts with comma - e.g. ",cn=JBossAdmin,ou=Roles,dc=jboss,dc=org". > You can reproduce it by following configuration: > Security domain: > {code:xml} > <security-domain name="ldap"> > <authentication> > <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> > <module-option name="searchScope" value="OBJECT_SCOPE"/> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/> > <module-option name="roleAttributeIsDN" value="true"/> > <module-option name="roleFilter" value="(member={1})"/> > <module-option name="roleAttributeID" value="cn"/> > <module-option name="rolesCtxDN" value="cn=JBossAdmin,ou=Roles,dc=jboss,dc=org"/> > <module-option name="java.naming.security.authentication" value="simple"/> > <module-option name="bindDN" value="uid=admin,ou=system"/> > <module-option name="bindCredential" value="secret"/> > <module-option name="baseCtxDN" value="ou=People,dc=jboss,dc=org"/> > <module-option name="throwValidateError" value="true"/> > <module-option name="baseFilter" value="(uid={0})"/> > <module-option name="roleNameAttributeID" value="cn"/> > </login-module> > </authentication> > </security-domain> > {code} > LDIF for role: > {code} > dn: ou=People,dc=jboss,dc=org > objectclass: top > objectclass: organizationalUnit > ou: People > dn: uid=jduke,ou=People,dc=jboss,dc=org > objectclass: top > objectclass: person > objectclass: inetOrgPerson > uid: jduke > cn: Java Duke > sn: Duke > userPassword: Password1 > dn: ou=Roles,dc=jboss,dc=org > objectClass: top > objectClass: organizationalUnit > ou: Roles > dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org > objectClass: top > objectClass: groupOfNames > cn: JBossAdmin > member: uid=jduke,ou=People,dc=jboss,dc=org > {code} > It seems the method LdapExtLoginModule.canonicalize() causes this problem. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5485) Search scope OBJECT_SCOPE does not work correctly for LdapRolesMappingProvider

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-5485?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-5485: -------------------------------------- Assignee: (was: Darran Lofthouse) > Search scope OBJECT_SCOPE does not work correctly for LdapRolesMappingProvider > ------------------------------------------------------------------------------ > > Key: WFLY-5485 > URL: https://issues.jboss.org/browse/WFLY-5485 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR2 > Reporter: Ondrej Lukas > Priority: Minor > > No role is returned when searchScope=OBJECT_SCOPE is used for org.jboss.security.mapping.providers.role.LdapRolesMappingProvider. > This problem is caused by searching attributes for role DN which starts with comma - e.g. ",cn=JBossAdmin,ou=Roles,dc=jboss,dc=org". > It is the same issue as https://issues.jboss.org/browse/WFLY-5395 but in LdapRolesMappingProvider. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5787) AdvancedLdapLoginModule does not handle loops in referrals

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-5787?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-5787. ------------------------------------ Resolution: Rejected > AdvancedLdapLoginModule does not handle loops in referrals > ---------------------------------------------------------- > > Key: WFLY-5787 > URL: https://issues.jboss.org/browse/WFLY-5787 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR4 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Attachments: app.war, server1.ldif, server2.ldif > > > According to LDAP specification [1]: "Clients that follow referrals MUST ensure that they do not loop between servers. They MUST NOT repeatedly contact the same server for the same request with the same parameters.". > When Wildfly server is configured to use AdvancedLdapLoginModule which uses referrals and LDAP servers contain loop then it leads to infinite cycle. It can results to java.lang.OutOfMemoryError on Wildfly server. > [1] http://tools.ietf.org/html/rfc4511#section-4.1.10 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5786) LdapExtLoginModule does not handle loops in referrals

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-5786?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-5786. ------------------------------------ Resolution: Rejected > LdapExtLoginModule does not handle loops in referrals > ----------------------------------------------------- > > Key: WFLY-5786 > URL: https://issues.jboss.org/browse/WFLY-5786 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR4 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Attachments: app.war, server1.ldif, server2.ldif > > > According to LDAP specification [1]: "Clients that follow referrals MUST ensure that they do not loop between servers. They MUST NOT repeatedly contact the same server for the same request with the same parameters.". > When Wildfly server is configured to use LdapExtLoginModule which uses referrals and LDAP servers contain loop then it leads to infinite cycle. It can results to java.lang.OutOfMemoryError on Wildfly server. > [1] http://tools.ietf.org/html/rfc4511#section-4.1.10 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6237) JASPI: Principal does not get registered with the session when request is forwarded/dispatched

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-6237?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-6237: -------------------------------------- Assignee: (was: Darran Lofthouse) > JASPI: Principal does not get registered with the session when request is forwarded/dispatched > ---------------------------------------------------------------------------------------------- > > Key: WFLY-6237 > URL: https://issues.jboss.org/browse/WFLY-6237 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.Final > Environment: Java 8u74, OS X 10.11 > Reporter: Alexander Sparkowsky > > Up to WildFly 9 I had a working JASPI SAM that would register a successful authentication by using {{messageInfo.getMap().put("javax.servlet.http.registerSession", TRUE.toString());}} and then forward the request using {{request.getRequestDispatcher(target).forward(request, response);}}. > The Module stopped working in WildFly 10. The request is forwarded but the authenticated principal is not registered with the session or to be more precise a new session seems to be generated during the dispatch. As a matter of facts the dispatched request will be rejected as unauthorized. > I'm providing a sample project to reproduce the problem (see below) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (LOGMGR-133) Use StackWalker to get extended log record information

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/LOGMGR-133?page=com.atlassian.jira.plugin... ] James Perkins updated LOGMGR-133: --------------------------------- Fix Version/s: 2.1.0.Alpha3 (was: 2.1.0.Alpha2) > Use StackWalker to get extended log record information > ------------------------------------------------------ > > Key: LOGMGR-133 > URL: https://issues.jboss.org/browse/LOGMGR-133 > Project: JBoss Log Manager > Issue Type: Sub-task > Reporter: David Lloyd > Fix For: 2.1.0.Alpha3 > > > Under Java 9, you can use a StackWalker to efficiently traverse the stack and return information about callers. Using this mechanism should be substantially better-performing than snapshotting the stack to acquire the calling class information for the extended log record class. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (LOGMGR-132) Remove extended stack trace functionality

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/LOGMGR-132?page=com.atlassian.jira.plugin... ] James Perkins updated LOGMGR-132: --------------------------------- Fix Version/s: 2.1.0.Alpha3 (was: 2.1.0.Alpha2) > Remove extended stack trace functionality > ----------------------------------------- > > Key: LOGMGR-132 > URL: https://issues.jboss.org/browse/LOGMGR-132 > Project: JBoss Log Manager > Issue Type: Sub-task > Reporter: David Lloyd > Fix For: 2.1.0.Alpha3 > > > Java 9 stack traces include module name and version number. All our extended stack trace hacky code should be deleted and both format characters should yield a standard stack trace under Java 9. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017