August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-9212) Cannot control what principal JAASIdentityManagerImpl for SecurityContextUtil#createSubjectInfo(Principal, Object, Subject)

by Scott Stark (JIRA)

[ https://issues.jboss.org/browse/WFLY-9212?page=com.atlassian.jira.plugin.... ] Scott Stark commented on WFLY-9212: ----------------------------------- For completeness, the complete workaround also requires reestablishing the roles from the authenticated subject, so that code snippets are: {code:java} // Workaround authenticated JWTPrincipal not being installed as user principal // https://issues.jboss.org/browse/WFLY-9212 org.jboss.security.SecurityContext jbSC = SecurityContextAssociation.getSecurityContext(); Subject subject = jbSC.getUtil().getSubject(); jbSC.getUtil().createSubjectInfo(jwtPrincipal, bearerToken, subject); RoleGroup roles = extract(subject); jbSC.getUtil().setRoles(roles); /** * Extract the Roles group and return it as a RoleGroup * @param subject authenticated subject * @return RoleGroup from "Roles" */ protected RoleGroup extract(Subject subject) { Optional<Principal> match = subject.getPrincipals() .stream() .filter(g -> g.getName().equals(SecurityConstants.ROLES_IDENTIFIER)) .findFirst(); Group rolesGroup = (Group) match.get(); RoleGroup roles = new SimpleRoleGroup( rolesGroup ); return roles; } {code} > Cannot control what principal JAASIdentityManagerImpl for SecurityContextUtil#createSubjectInfo(Principal, Object,Subject) > -------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-9212 > URL: https://issues.jboss.org/browse/WFLY-9212 > Project: WildFly > Issue Type: Feature Request > Components: Security > Affects Versions: 10.1.0.Final > Reporter: Scott Stark > Assignee: Darran Lofthouse > > I have a custom JWT based auth method and JAAS login module that I'm testing with swarm which is using WFLY 10.1.0.Final. I am not able to install a custom Principal instance for retrieval via the JAX-RS javax.ws.rs.core.SecurityContext#getUserPrincipal() because of how the JAASIdentityManagerImpl#verifyCredential(final AccountImpl account, final Object credential) method populates the SecurityContext.SecurityContextUtil SubjectInfo. > The following line: > https://github.com/wildfly/wildfly/blob/c3332cec0c9bc5dc57899c2ae7ba26dd0... > sc.getUtil().createSubjectInfo(incomingPrincipal, credential, subject); > Is using the incomingPrincipal, which is derived from the simple AccountImpl wrapping of the incoming String id. In my call path, this is the user id before any authentication has happened as there is no originalPrincipal value on the AccountImpl, so it is not the best representation of the authenticated caller, and the wrapping Principal instance does not exist amongst the authenticated Subject#getPrincipals(). > I see this is due to a CallerPrincipal issue: > https://issues.jboss.org/browse/WFLY-3626 > but one needs to be able to control what form of the authenticated userPrincipal that is returned by the user face container getUserPrincipal() call > See the getPrincipalClass() unit test in this repo for an example of what is being tested: > https://github.com/MicroProfileJWT/microprofile-jwt-auth-wfswarm/blob/f39... > I can work around this by overriding the SubjectInfo by immediately after the auth mechanism has called the SecurityContext#authenticationComplete(...) using: > // Workaround authenticated JWTPrincipal not being installed as user principal > org.jboss.security.SecurityContext jbSC = SecurityContextAssociation.getSecurityContext(); > Subject subject = jbSC.getUtil().getSubject(); > jbSC.getUtil().createSubjectInfo(jwtPrincipal, bearerToken, subject); > I have tried wrapping the Account passed into SecurityContext#authenticationComplete(...) and that has not worked so far, but I'll look again to see if there is something else I can override to achieve the desired behavior. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3176) Upgrade jboss-logging-tools to version 2.1.0.Final

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3176?page=com.atlassian.jira.plugi... ] James Perkins updated WFCORE-3176: ---------------------------------- Summary: Upgrade jboss-logging-tools to version 2.1.0.Final (was: Upgrade jboss-logging-tools to version 2.1.0.Fina.) > Upgrade jboss-logging-tools to version 2.1.0.Final > -------------------------------------------------- > > Key: WFCORE-3176 > URL: https://issues.jboss.org/browse/WFCORE-3176 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Logging > Reporter: James Perkins > Assignee: James Perkins > > Upgrade the logging annotations and processor to 2.1.0.Final -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3176) Upgrade jboss-logging-tools to version 2.1.0.Fina.

by James Perkins (JIRA)

James Perkins created WFCORE-3176: ------------------------------------- Summary: Upgrade jboss-logging-tools to version 2.1.0.Fina. Key: WFCORE-3176 URL: https://issues.jboss.org/browse/WFCORE-3176 Project: WildFly Core Issue Type: Component Upgrade Components: Logging Reporter: James Perkins Assignee: James Perkins Upgrade the logging annotations and processor to 2.1.0.Final -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2207) Use of AUTH does not result in a SecurityException if another client does not use AUTH

by Mirko Streckenbach (JIRA)

[ https://issues.jboss.org/browse/JGRP-2207?page=com.atlassian.jira.plugin.... ] Mirko Streckenbach commented on JGRP-2207: ------------------------------------------ I tested out the version from master and it works as expected. Thank you very, very much. > Use of AUTH does not result in a SecurityException if another client does not use AUTH > -------------------------------------------------------------------------------------- > > Key: JGRP-2207 > URL: https://issues.jboss.org/browse/JGRP-2207 > Project: JGroups > Issue Type: Bug > Affects Versions: 4.0.4 > Reporter: Mirko Streckenbach > Assignee: Bela Ban > Fix For: 4.0.5 > > Attachments: JGroupsAuthExample.java, JGroupsAuthExample.java > > > If there are two members in a cluster, one with AUTH configured and started first, so it can become the coordinator and a second without AUTH, the documentation implies that the second should receive a SecurityException. Instead, it creates it's own cluster. This works as expected if the second member uses AUTH, but has a different SecurityToken. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3175) The BootLoggingPatchingStateTestCase fails if the message assertion is flipped

by James Perkins (JIRA)

James Perkins created WFCORE-3175: ------------------------------------- Summary: The BootLoggingPatchingStateTestCase fails if the message assertion is flipped Key: WFCORE-3175 URL: https://issues.jboss.org/browse/WFCORE-3175 Project: WildFly Core Issue Type: Bug Components: Patching , Test Suite Reporter: James Perkins Assignee: Alexey Loubyansky The {{BootLoggingPatchingStateTestCase}} tests two patches which use a different version and product id for the patch. The tests currently pass because of the order of the [{{Collection.containsAll()}}|https://github.com/wildfly/wildfly-core/blob/0b51f7c1cce7286bf4f4e3f5c9250bf351bbdf1b/testsuite/patching/src/test/java/org/jboss/as/test/patching/BootLoggingPatchingStateTestCase.java#L151]. However if this is flipped the tests fail. It appears that the messages logged always contain the "WildFly" product id. Also the UUID for the failing examples seems to not be logged either. Example of logged messages for the "lp1" patch in the test: {code} WildFly cumulative patch ID is: 936c95a3-f08e-4fc0-9917-f7feead4ef25, one-off patches include: 00699c2c-84a5-4bdb-b469-8c2fd66afe2a, c6df609e-1620-4369-af48-8041d4be093f WildFly cumulative patch ID is: 936c95a3-f08e-4fc0-9917-f7feead4ef25, one-off patches include: 00699c2c-84a5-4bdb-b469-8c2fd66afe2a, c6df609e-1620-4369-af48-8041d4be093f {code} It looks like the same message is logged twice. However the following is what's expected: {code} lp1 cumulative patch ID is: base, one-off patches include: 50a820e4-3659-437d-86f2-fa1d64728adb WildFly cumulative patch ID is: 936c95a3-f08e-4fc0-9917-f7feead4ef25, one-off patches include: 00699c2c-84a5-4bdb-b469-8c2fd66afe2a, c6df609e-1620-4369-af48-8041d4be093f {code} I'm not sure if this is just an issue with the test or if there is a bug in patching. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3174) Ensure tests work with internationalized messages.

by James Perkins (JIRA)

James Perkins created WFCORE-3174: ------------------------------------- Summary: Ensure tests work with internationalized messages. Key: WFCORE-3174 URL: https://issues.jboss.org/browse/WFCORE-3174 Project: WildFly Core Issue Type: Bug Components: Test Suite Reporter: James Perkins Assignee: James Perkins When the internationalized messages are added to WildFly Core some of the tests fail as they make assumptions based on English messages. Anyone running the test suite with a language that has translations would see test failures once these message bundles are added. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9193) UndertowLogger has a number of methods that return exceptions that are never used

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-9193?page=com.atlassian.jira.plugin.... ] Radoslav Husar updated WFLY-9193: --------------------------------- Priority: Minor (was: Major) > UndertowLogger has a number of methods that return exceptions that are never used > --------------------------------------------------------------------------------- > > Key: WFLY-9193 > URL: https://issues.jboss.org/browse/WFLY-9193 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Affects Versions: 11.0.0.Beta1 > Reporter: Brian Stansberry > Assignee: Radoslav Husar > Priority: Minor > > Most likely the callers of these methods are neglecting to throw these exceptions. > [~pferraro] At a glance the problem is in SingleSignOnSessionFactoryBuilder -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9193) UndertowLogger has a number of methods that return exceptions that are never used

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-9193?page=com.atlassian.jira.plugin.... ] Radoslav Husar updated WFLY-9193: --------------------------------- Affects Version/s: 11.0.0.Beta1 > UndertowLogger has a number of methods that return exceptions that are never used > --------------------------------------------------------------------------------- > > Key: WFLY-9193 > URL: https://issues.jboss.org/browse/WFLY-9193 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Affects Versions: 11.0.0.Beta1 > Reporter: Brian Stansberry > Assignee: Radoslav Husar > Priority: Minor > > Most likely the callers of these methods are neglecting to throw these exceptions. > [~pferraro] At a glance the problem is in SingleSignOnSessionFactoryBuilder -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9193) UndertowLogger has a number of methods that return exceptions that are never used

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-9193?page=com.atlassian.jira.plugin.... ] Radoslav Husar reassigned WFLY-9193: ------------------------------------ Assignee: Radoslav Husar (was: Paul Ferraro) > UndertowLogger has a number of methods that return exceptions that are never used > --------------------------------------------------------------------------------- > > Key: WFLY-9193 > URL: https://issues.jboss.org/browse/WFLY-9193 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Reporter: Brian Stansberry > Assignee: Radoslav Husar > > Most likely the callers of these methods are neglecting to throw these exceptions. > [~pferraro] At a glance the problem is in SingleSignOnSessionFactoryBuilder -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9215) Upgrade to Hibernate Search 5.5.7.Final : micro bugfix upgrade

by Sanne Grinovero (JIRA)

Sanne Grinovero created WFLY-9215: ------------------------------------- Summary: Upgrade to Hibernate Search 5.5.7.Final : micro bugfix upgrade Key: WFLY-9215 URL: https://issues.jboss.org/browse/WFLY-9215 Project: WildFly Issue Type: Component Upgrade Components: JPA / Hibernate Reporter: Sanne Grinovero Assignee: Sanne Grinovero Fix For: 11.0.0.CR1 upgrading from version {{5.5.5}} to {{5.5.7}}. Changelog for 5.5.6: - https://hibernate.atlassian.net/projects/HSEARCH/versions/25505/tab/relea... Changelog for 5.5.7: - https://hibernate.atlassian.net/projects/HSEARCH/versions/26600/tab/relea... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017