[JBoss JIRA] (WFCORE-3049) JBoss CLI - CJK Character Issue
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3049?page=com.atlassian.jira.plugi... ]
Darran Lofthouse commented on WFCORE-3049:
------------------------------------------
[~jdenise] Just moved this over to CLI - I don't think there is anything security specific here other than the reproducer.
> JBoss CLI - CJK Character Issue
> -------------------------------
>
> Key: WFCORE-3049
> URL: https://issues.jboss.org/browse/WFCORE-3049
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI
> Reporter: J Prasanna Venkatesan
> Assignee: Jean-Francois Denise
> Labels: cjk, login-module
> Attachments: cjk2.cli
>
>
> Dear All,
>
> Environment:
>
> CentOS Linux release 7.1.1503 (Core)
> /usr/java/jdk1.8.0_45/
> WildFly 8.2.0
> I am executing few LoginModule commands using file. My file name is command.cli
> Its content is
>
> {color:red}[root@cu490 temp]# cat command.cli
> /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true}
>
> [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli
> {
> "outcome" => "success",
> "response-headers" => {"process-state" => "reload-required"}
> }
> [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color}
>
> Content inside standalone-full.xml is
>
> {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
> <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/>
> <module-option name="java.naming.referral" value="follow"/>
> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
> <module-option name="java.naming.security.authentication" value="simple"/>
> <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/>
> <module-option name="bindCredential" value="xxxxxx"/>
> <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/>
> <module-option name="baseFilter" value="(sAMAccountName={0})"/>
> <module-option name="roleAttributeID" value="memberOf"/>
> <module-option name="roleAttributeIsDN" value="true"/>
> <module-option name="rolesCtxDN" value="DC=test,DC=net"/>
> <module-option name="roleFilter" value="(member={1})"/>
> <module-option name="roleRecursion" value="1"/>
> <module-option name="searchTimeLimit" value="5000"/>
> <module-option name="searchScope" value="SUBTREE_SCOPE"/>
> <module-option name="allowEmptyPasswords" value="false"/>
> <module-option name="throwValidateError" value="true"/>
> </login-module>{color}
>
> You can see instead of CJK characters we are seeing ??? in standalone-full.xml
>
> Please throw some light on this.
>
> Thanks & Regards,
> J Prasanna Venkatesan
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFCORE-3049) JBoss CLI - CJK Character Issue
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3049?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-3049:
-------------------------------------
Component/s: CLI
(was: Security)
> JBoss CLI - CJK Character Issue
> -------------------------------
>
> Key: WFCORE-3049
> URL: https://issues.jboss.org/browse/WFCORE-3049
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI
> Reporter: J Prasanna Venkatesan
> Assignee: Darran Lofthouse
> Labels: cjk, login-module
> Attachments: cjk2.cli
>
>
> Dear All,
>
> Environment:
>
> CentOS Linux release 7.1.1503 (Core)
> /usr/java/jdk1.8.0_45/
> WildFly 8.2.0
> I am executing few LoginModule commands using file. My file name is command.cli
> Its content is
>
> {color:red}[root@cu490 temp]# cat command.cli
> /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true}
>
> [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli
> {
> "outcome" => "success",
> "response-headers" => {"process-state" => "reload-required"}
> }
> [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color}
>
> Content inside standalone-full.xml is
>
> {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
> <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/>
> <module-option name="java.naming.referral" value="follow"/>
> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
> <module-option name="java.naming.security.authentication" value="simple"/>
> <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/>
> <module-option name="bindCredential" value="xxxxxx"/>
> <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/>
> <module-option name="baseFilter" value="(sAMAccountName={0})"/>
> <module-option name="roleAttributeID" value="memberOf"/>
> <module-option name="roleAttributeIsDN" value="true"/>
> <module-option name="rolesCtxDN" value="DC=test,DC=net"/>
> <module-option name="roleFilter" value="(member={1})"/>
> <module-option name="roleRecursion" value="1"/>
> <module-option name="searchTimeLimit" value="5000"/>
> <module-option name="searchScope" value="SUBTREE_SCOPE"/>
> <module-option name="allowEmptyPasswords" value="false"/>
> <module-option name="throwValidateError" value="true"/>
> </login-module>{color}
>
> You can see instead of CJK characters we are seeing ??? in standalone-full.xml
>
> Please throw some light on this.
>
> Thanks & Regards,
> J Prasanna Venkatesan
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFCORE-3049) JBoss CLI - CJK Character Issue
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3049?page=com.atlassian.jira.plugi... ]
Darran Lofthouse reassigned WFCORE-3049:
----------------------------------------
Assignee: Jean-Francois Denise (was: Darran Lofthouse)
> JBoss CLI - CJK Character Issue
> -------------------------------
>
> Key: WFCORE-3049
> URL: https://issues.jboss.org/browse/WFCORE-3049
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI
> Reporter: J Prasanna Venkatesan
> Assignee: Jean-Francois Denise
> Labels: cjk, login-module
> Attachments: cjk2.cli
>
>
> Dear All,
>
> Environment:
>
> CentOS Linux release 7.1.1503 (Core)
> /usr/java/jdk1.8.0_45/
> WildFly 8.2.0
> I am executing few LoginModule commands using file. My file name is command.cli
> Its content is
>
> {color:red}[root@cu490 temp]# cat command.cli
> /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true}
>
> [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli
> {
> "outcome" => "success",
> "response-headers" => {"process-state" => "reload-required"}
> }
> [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color}
>
> Content inside standalone-full.xml is
>
> {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
> <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/>
> <module-option name="java.naming.referral" value="follow"/>
> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
> <module-option name="java.naming.security.authentication" value="simple"/>
> <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/>
> <module-option name="bindCredential" value="xxxxxx"/>
> <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/>
> <module-option name="baseFilter" value="(sAMAccountName={0})"/>
> <module-option name="roleAttributeID" value="memberOf"/>
> <module-option name="roleAttributeIsDN" value="true"/>
> <module-option name="rolesCtxDN" value="DC=test,DC=net"/>
> <module-option name="roleFilter" value="(member={1})"/>
> <module-option name="roleRecursion" value="1"/>
> <module-option name="searchTimeLimit" value="5000"/>
> <module-option name="searchScope" value="SUBTREE_SCOPE"/>
> <module-option name="allowEmptyPasswords" value="false"/>
> <module-option name="throwValidateError" value="true"/>
> </login-module>{color}
>
> You can see instead of CJK characters we are seeing ??? in standalone-full.xml
>
> Please throw some light on this.
>
> Thanks & Regards,
> J Prasanna Venkatesan
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFCORE-3049) JBoss CLI - CJK Character Issue
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3049?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7058 to WFCORE-3049:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-3049 (was: WFLY-7058)
Component/s: Security
(was: Security)
Affects Version/s: (was: 8.2.0.Final)
> JBoss CLI - CJK Character Issue
> -------------------------------
>
> Key: WFCORE-3049
> URL: https://issues.jboss.org/browse/WFCORE-3049
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: J Prasanna Venkatesan
> Assignee: Darran Lofthouse
> Labels: cjk, login-module
> Attachments: cjk2.cli
>
>
> Dear All,
>
> Environment:
>
> CentOS Linux release 7.1.1503 (Core)
> /usr/java/jdk1.8.0_45/
> WildFly 8.2.0
> I am executing few LoginModule commands using file. My file name is command.cli
> Its content is
>
> {color:red}[root@cu490 temp]# cat command.cli
> /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true}
>
> [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli
> {
> "outcome" => "success",
> "response-headers" => {"process-state" => "reload-required"}
> }
> [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color}
>
> Content inside standalone-full.xml is
>
> {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
> <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/>
> <module-option name="java.naming.referral" value="follow"/>
> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
> <module-option name="java.naming.security.authentication" value="simple"/>
> <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/>
> <module-option name="bindCredential" value="xxxxxx"/>
> <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/>
> <module-option name="baseFilter" value="(sAMAccountName={0})"/>
> <module-option name="roleAttributeID" value="memberOf"/>
> <module-option name="roleAttributeIsDN" value="true"/>
> <module-option name="rolesCtxDN" value="DC=test,DC=net"/>
> <module-option name="roleFilter" value="(member={1})"/>
> <module-option name="roleRecursion" value="1"/>
> <module-option name="searchTimeLimit" value="5000"/>
> <module-option name="searchScope" value="SUBTREE_SCOPE"/>
> <module-option name="allowEmptyPasswords" value="false"/>
> <module-option name="throwValidateError" value="true"/>
> </login-module>{color}
>
> You can see instead of CJK characters we are seeing ??? in standalone-full.xml
>
> Please throw some light on this.
>
> Thanks & Regards,
> J Prasanna Venkatesan
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFLY-7161) EJB with defined specific security domain which is different than the one used for undertow fails when using with elytron
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-7161?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-7161.
------------------------------------
Resolution: Rejected
> EJB with defined specific security domain which is different than the one used for undertow fails when using with elytron
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7161
> URL: https://issues.jboss.org/browse/WFLY-7161
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Radim Hatlapatka
> Assignee: Darran Lofthouse
> Fix For: 11.0.0.Beta1
>
>
> When having deployment with EJB which is invoked from servlet and the EJB has defined specific security domain to use via {{@SecurityDomain}} annotation, the ejb method invocation fails when there is defined elytron security domain for undertow and old security domain for EJBs with \[1\].
> Note when having both security domains setup only using old security subsystems, the access is allowed as expected.
> Marking as critical as this should work. If it is not considered supported use case then there should be at least shown proper warning in logs explaining what is wrong.
> \[1\]
> {noformat}
> 09:30:03,749 ERROR [org.jboss.as.ejb3.invocation] (default task-25) WFLYEJB0034: EJB Invocation failed on component SecuredEjb for method public java.lang.String org.jboss.qa.management.web.resources.SecuredEjb.securedText(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public java.lang.String org.jboss.qa.management.web.resources.SecuredEjb.securedText() of bean: SecuredEjb is not allowed
> at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:134)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:375)
> at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
> at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:375)
> at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:359)
> at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
> at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:74)
> at org.jboss.qa.management.web.resources.SecuredEjb$$$view6.securedText(Unknown Source)
> at org.jboss.qa.management.web.resources.ServletWithSecuredEjb.doGet(ServletWithSecuredEjb.java:27)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$0(ElytronRunAsHandler.java:56)
> at org.wildfly.security.auth.client.PeerIdentity.runAsAll(PeerIdentity.java:395)
> at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:188)
> at org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:55)
> at io.undertow.server.handlers.BlockingHandler.handleRequest(BlockingHandler.java:56)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:810)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFLY-7096) Security domain casche dosn't respect infinispan settings
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-7096?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse reassigned WFLY-7096:
--------------------------------------
Assignee: (was: Darran Lofthouse)
> Security domain casche dosn't respect infinispan settings
> ---------------------------------------------------------
>
> Key: WFLY-7096
> URL: https://issues.jboss.org/browse/WFLY-7096
> Project: WildFly
> Issue Type: Feature Request
> Components: Security
> Affects Versions: 10.0.0.Final, 10.1.0.Final
> Environment: Tested on Windows 7
> Reporter: Marcin Fatyga
> Attachments: patch.txt, standalone.xml, test_webapp.zip
>
>
> In securitydomain we can set "casche-type" to infinispan. Auntentication request ara now stored in infinispan casch, but any settings of this casche (configured in infinispan subsystem) are not applied. Casche is always stored in memory and never expiries.
> This is serious security issue because after first authentication request credentials, will never be verified again.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months