July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2349) Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2349?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2349: ------------------------------------- Fix Version/s: (was: 3.0.0.Beta29) > Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients. > --------------------------------------------------------------------------------- > > Key: WFCORE-2349 > URL: https://issues.jboss.org/browse/WFCORE-2349 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Other services such as EJB and transactions have a Remote*Permission to verify the remote client has the required permission to use that service - this should be repeated for the management related services to control what a remote client can and can not connect to. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2365) Review custom-modifiable-realm resource in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2365?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2365: ------------------------------------- Priority: Major (was: Minor) > Review custom-modifiable-realm resource in Elytron subsystem > ------------------------------------------------------------ > > Key: WFCORE-2365 > URL: https://issues.jboss.org/browse/WFCORE-2365 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2365) Review custom-modifiable-realm resource in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2365?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2365: ------------------------------------- Fix Version/s: 4.0.0.Alpha1 > Review custom-modifiable-realm resource in Elytron subsystem > ------------------------------------------------------------ > > Key: WFCORE-2365 > URL: https://issues.jboss.org/browse/WFCORE-2365 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2367) Misleading description of identity-realm

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2367?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2367: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Misleading description of identity-realm > ---------------------------------------- > > Key: WFCORE-2367 > URL: https://issues.jboss.org/browse/WFCORE-2367 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Jan Tymel > > There is a misleading description of {{identity-realm}} in DMR [1]. It says _"A security realm definition where identities are represented in the management model."_ whereas an XSD documentation says _"Realm definition for a realm which contains a single pre-defined identity."_. > In general, the XSD description looks clearer to me. Moreover, the {{identities}} word may be misleading since {{identity-realm}}'s purpose is to _"to store one identity, with one attribute and no credential"_ [3]. Thus I would suggest to also change the description of {{attribute-values}} from > _"The values associated with the identities attribute."_ to something like _"The values associated with the identity attributes."_ > Suggestions for improvement: > * Change description {{identity-realm}} according to XSD > * Change description of {{attribute-values}} attr (in both DMR and XSD) > * to consider: unify descriptions in XSD and DMR > [1] /subsystem=elytron/identity-realm=somerealm:read-resource-description > [2] https://github.com/wildfly-security/elytron-subsystem/blob/master/src/mai... > [3] HipChats's WildFly Elytron chat room on Nov 21 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2366) Complex type jdbc-realm in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2366?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2366. -------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) Resolution: Rejected > Complex type jdbc-realm in Elytron subsystem > -------------------------------------------- > > Key: WFCORE-2366 > URL: https://issues.jboss.org/browse/WFCORE-2366 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > Elytron subsystem uses complex type in jdbc-realm resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2367) Misleading description of identity-realm

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2367?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2367: ------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) > Misleading description of identity-realm > ---------------------------------------- > > Key: WFCORE-2367 > URL: https://issues.jboss.org/browse/WFCORE-2367 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Jan Tymel > Assignee: Darran Lofthouse > > There is a misleading description of {{identity-realm}} in DMR [1]. It says _"A security realm definition where identities are represented in the management model."_ whereas an XSD documentation says _"Realm definition for a realm which contains a single pre-defined identity."_. > In general, the XSD description looks clearer to me. Moreover, the {{identities}} word may be misleading since {{identity-realm}}'s purpose is to _"to store one identity, with one attribute and no credential"_ [3]. Thus I would suggest to also change the description of {{attribute-values}} from > _"The values associated with the identities attribute."_ to something like _"The values associated with the identity attributes."_ > Suggestions for improvement: > * Change description {{identity-realm}} according to XSD > * Change description of {{attribute-values}} attr (in both DMR and XSD) > * to consider: unify descriptions in XSD and DMR > [1] /subsystem=elytron/identity-realm=somerealm:read-resource-description > [2] https://github.com/wildfly-security/elytron-subsystem/blob/master/src/mai... > [3] HipChats's WildFly Elytron chat room on Nov 21 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2374) Elytron deployment depends on org.jboss.security.negotiation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2374?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2374. -------------------------------------- Resolution: Rejected > Elytron deployment depends on org.jboss.security.negotiation > ------------------------------------------------------------ > > Key: WFCORE-2374 > URL: https://issues.jboss.org/browse/WFCORE-2374 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > > Based on wildfly documentation deployment which is secured by SPNEGO have to depend on {{org.jboss.security.negotiation}} module > Such configuration leads to WARN message beeing logged into server log > {code} > 08:35:05,388 WARN [org.jboss.as.dependency.private] (MSC service thread 1-8) WFLYSRV0018: Deployment "deployment.secured-webapp.war" is using a private module ("org.jboss.security.negotiation:main") which may be changed or removed in future versions without notice. > {code} > [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2375) Definition Credential Store with existing storage file but with wrong store password causes ugly failure-description.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2375?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2375. -------------------------------------- Fix Version/s: 3.0.0.Beta29 (was: 4.0.0.Alpha1) Resolution: Done > Definition Credential Store with existing storage file but with wrong store password causes ugly failure-description. > --------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2375 > URL: https://issues.jboss.org/browse/WFCORE-2375 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta29 > > > Definition Credential Store with existing storage file but with wrong store password causes ugly failure-description. > *How to reproduce* > Prepare credential store file (the easiest way is create credential store from scratch) > /subsystem=elytron/credential-store=cs_pass123:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123;create.storage=true") > /subsystem=elytron/credential-store=cs_pass123/alias=dbPass:add(secret-value=passwordToDB) > Then I try to create Credential store with wrong store password to existing store file. > /subsystem=elytron/credential-store=cs_wrong_store_pass:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123wrong;key.password=pass123=true") > *I can see this result:* > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store-client.cs_wrong_key_pass" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store-client.cs_wrong_key_pass: WFLYELY00004: Unable to start the service. > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09506: Cannot read credential storage file '/home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/ks-pass123.jceks' for the store named 'cs_wrong_key_pass' > Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store-client.cs_wrong_key_pass"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > *Suggestion for solution* > failure-description must not contain Exception or snippet stacktrace. > Description like that "Password to access credential store is incorrect." -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2381) CS tool, review usage documentation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2381?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2381. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Done > CS tool, review usage documentation > ----------------------------------- > > Key: WFCORE-2381 > URL: https://issues.jboss.org/browse/WFCORE-2381 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Labels: credential-store > Fix For: 3.0.0.Beta29 > > > Current usage output > {code} > usage: java -jar wildfly-elytron-tool.jar credential-store <sub-command> > <options> -a <arg> | -e <arg> | -h | -r <arg> | -v [-c] [-f] [-i > <arg>] [-l <arg>] [-p <arg>] [-s <arg>] [-t <arg>] [-u <arg>] [-x > <arg>] > -a,--add <arg> Add new alias to the credential store > -c,--create Create credential store [true/false] > -e,--exists <arg> Check if alias exists within the credential store > -f,--summary Print summary, especially command how to create > this credential store > -h,--help Get help with usage of this command > -i,--iteration <arg> Iteration count for for final masked password of > the credential store > -l,--location <arg> Location of credential store storage file > -p,--password <arg> Password for credential store > -r,--remove <arg> Remove alias from the credential store > -s,--salt <arg> Salt to apply for final masked password of the > credential store > -t,--type <arg> Credential store type > -u,--uri <arg> Configuration URI for credential store > -v,--aliases Display all aliases > -x,--secret <arg> Password credential value > {code} > IMO suffers with these issues: > - it introduce misleading <sub-command> placeholder. It is not used now. It is prepared for future needs. Remove it please. > - it is not obvious which options are required in conjuction with e.g. --add option > - use GNU usage syntax. e.g. [] instead of <> > - sometimes it will be more useful to replace <arg> with some meaningful name, e.g. --add alias > I suggest something like > {code} > java -jar wildfly-elytron-tool.jar credential-store required_option [options] > java -jar wildfly-elytron-tool.jar credential-store --add alias -u arg ... [-c] ... > java -jar wildfly-elytron-tool.jar credential-store --remove alias -u arg [-c] ... > ... > One of these is required > -a,--add alias Add new alias to the credential store > -e,--exists alias Check if alias exists within the credential store > -h,--help Get help with usage of this command > -r,--remove alias Remove alias from the credential store > -v,--aliases Display all aliases > Options > -c,--create Create credential store [true/false] > -f,--summary Print summary, especially command how to create this credential store > -i,--iteration count Iteration count for for final masked password of the credential store > -l,--location file Location of credential store storage file > -p,--password store_password Password for credential store > -s,--salt arg Salt to apply for final masked password of the credential store > -t,--type arg Credential store type > -u,--uri arg Configuration URI for credential store > -x,--secret value Password credential value > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2388) Elytron key-managers requires set credential-reference which is wrongly marked as optional.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2388?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2388. -------------------------------------- Fix Version/s: 3.0.0.Beta29 Resolution: Done > Elytron key-managers requires set credential-reference which is wrongly marked as optional. > ------------------------------------------------------------------------------------------- > > Key: WFCORE-2388 > URL: https://issues.jboss.org/browse/WFCORE-2388 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Fix For: 3.0.0.Beta29 > > > In EAP7.1.0.DR7 Elytron key-managers uses credential-reference with clear-text attribute for password instead of password attribute. > But there is problem with credential-reference element which is wrongly marked as optional. > Please set this element on mandatory with respect to this issue https://issues.jboss.org/browse/WFLY-7125 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017