August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-793) Using @STRENGTH keyword in CipherSuiteSelector.fromString should cause descending sorting

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-793?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-793: ------------------------------------ Assignee: (was: Darran Lofthouse) > Using @STRENGTH keyword in CipherSuiteSelector.fromString should cause descending sorting > ----------------------------------------------------------------------------------------- > > Key: ELY-793 > URL: https://issues.jboss.org/browse/ELY-793 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.1.0.Beta14 > Reporter: Ondrej Kotek > > Using {{@STRENGTH}} keyword in {{CipherSuiteSelector.fromString}} should cause descending sorting of cipher suites, like OpenSSL does, e.g. {{openssl ciphers -v 'ALL:!ADH:@STRENGTH'}}. There is comparator in {{SortByAlgorithmKeyLengthCipherSuiteSelector}} [1]. > Or, am I wrong? Are cipher suites in {{javax.net.ssl.SSLParameters}} expected in ascending order? (Does it matter?) Will the OpenSSL provider expect ascending order? (Or will it parse cipher string itself?) > The JavaDoc [2] should mention whether the sorting is ascending or descending. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/7666231fa76b95c3... > [2] https://github.com/wildfly-security/wildfly-elytron/blob/7666231fa76b95c3... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1257) Remove credentials key-pair and public-key-pem from Elytron client configuration file

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1257?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1257: ------------------------------------- Assignee: (was: Darran Lofthouse) > Remove credentials key-pair and public-key-pem from Elytron client configuration file > ------------------------------------------------------------------------------------- > > Key: ELY-1257 > URL: https://issues.jboss.org/browse/ELY-1257 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Priority: Critical > > Based on following discussion with [~dmlloyd]: > {quote} > > - key-pair - what is the reason for this credential element? How it can be used? > This is for key-based authentication mechanisms, like SSH. We're also > developing a key-based SASL mechanism [1] that will hopefully make some > progress in the next quarter (and is open to contribution from all). > > - public-key-pem - I do not understand reason of this credentials on client side. I would be able to understand private-key-pem. Is this element correct or should be removed? > A public key could be used for the purposes of server verification. We > don't yet have a way to establish a means to authenticate servers > though, other than using a trust store; this is something that will > probably be developed in conjunction with [1]. > [1] https://github.com/dmlloyd/pk-rfc > {quote} > we suggest to remove {{key-pair}} and {{public-key-pem}} from {{configuration.authentication-client.authentication-configurations.configuration.credentials}} in Elytron client configuration file. We can introduce those credentials once it will be implemented. Provided credentials for mechanisms which are currently not supported in Elytron can be confusing and can result in incorrect client configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-590) Add support for loading custom credential types from providers

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-590?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-590: ------------------------------------ Assignee: (was: Peter Skopek) > Add support for loading custom credential types from providers > -------------------------------------------------------------- > > Key: ELY-590 > URL: https://issues.jboss.org/browse/ELY-590 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client, Credential Store > Affects Versions: 1.1.0.Beta5 > Reporter: Peter Skopek > Priority: Minor > > Specify way of encoding credential type to string and way to load custom credentials or Elytron PasswordCredential based on custom Password implementation. > Note: For now we can load Elytron provider defined passwords. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1098) WildFly Elytron Client Configuration File created based on elytron-1_0.xsd is not valid for clients

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1098?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1098: ------------------------------------- Assignee: (was: Darran Lofthouse) > WildFly Elytron Client Configuration File created based on elytron-1_0.xsd is not valid for clients > --------------------------------------------------------------------------------------------------- > > Key: ELY-1098 > URL: https://issues.jboss.org/browse/ELY-1098 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta34 > Reporter: Ondrej Lukas > Priority: Blocker > > There are some issues which causes that WildFly Elytron Client Configuration File created based on elytron-1_0.xsd is not valid for clients: > * root element {{configuration}} is not included in elytron-1_0.xsd, it means that configuration with {{configuration}} are handled as invalid and configuration which has {{authentication-client}} as root element as valid > * XSD elytron-1_0.xsd includes some elements on the highest level of XSD, which for example means that configuration file which includes only element {{<set-user-name name="someUser"/>}} is valid according to XSD. > We request blocker because validated configuration file will not work correctly in clients. Moreover XSD is source of information which can be used by users for creating wildfly-config.xml correctly or validate their configuration file before using it. Mentioned issues can cause that this validation using elytron-1_0.xsd becomes unusable for users. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1323) Performance issue in audit endpoints

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1323?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1323: ------------------------------------- Assignee: (was: Darran Lofthouse) > Performance issue in audit endpoints > ------------------------------------ > > Key: ELY-1323 > URL: https://issues.jboss.org/browse/ELY-1323 > Project: WildFly Elytron > Issue Type: Bug > Components: Audit > Affects Versions: 1.1.0.CR4 > Reporter: Josef Cacek > Priority: Blocker > Attachments: elytron-flightrecording.jfr > > > Synchronization in audit endpoint implementations leads to a great performance drop. > We see the issue in {{FileAuditEndpoint.accept(EventPriority, String)}}, but similar code is also in the {{SyslogAuditEndpoint}}. > Check the attached recording (FlightRecorder) in jmc (Java Mission Control). > It can be seen in these tabs > - Threads > Contention > - Threads > Thread Dumps > - Threads > Lock Instances -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-430) Add HostnameVerifier implementation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-430?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-430: ------------------------------------ Assignee: (was: Darran Lofthouse) > Add HostnameVerifier implementation > ----------------------------------- > > Key: ELY-430 > URL: https://issues.jboss.org/browse/ELY-430 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta1 > > > We should at the very least have a sensible default implementation checking the certificate against the host name. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-279) Support CORS

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-279?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-279: ------------------------------------ Assignee: (was: Darran Lofthouse) > Support CORS > ------------ > > Key: ELY-279 > URL: https://issues.jboss.org/browse/ELY-279 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Fix For: 2.0.0.Alpha1 > > > This is something that can possibly be tied in around the HTTP authentication framework meaning that the control of this can live in the HTTP authentication policy within Elytron rather than at the front end. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-446) Additional fields on SecurityIdentity

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-446?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-446: ------------------------------------ Assignee: (was: David Lloyd) > Additional fields on SecurityIdentity > ------------------------------------- > > Key: ELY-446 > URL: https://issues.jboss.org/browse/ELY-446 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: David Lloyd > > The following useful properties could be added to SecurityIdentity: > * Identity creation time (the time when the identity itself is created, whether by login or by run-as) > * Authentication information, including: > ** Login timestamp (the time of the original authentication) > ** Login mechanism & kind (SASL/HTTP/TLS etc.) > ** Login protocol (HTTP/Remoting/etc.) incl. enclosing TLS information if any > * Authentication identity information, including: > ** Original authentication name > ** Authentication forwarding credential(s) > * Connection circumstances: > ** Peer and local address > ** Current invocation protocol -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-839) SetCredentialsConfiguration not overriding getCredentialSource()

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-839?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-839: ------------------------------------ Assignee: (was: Darran Lofthouse) > SetCredentialsConfiguration not overriding getCredentialSource() > ---------------------------------------------------------------- > > Key: ELY-839 > URL: https://issues.jboss.org/browse/ELY-839 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Darran Lofthouse > > Various methods manipulating the CredentialSource attempt to obtain the current one to add to it but as it is never returned they would always use the default one. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-929) AuthenticationConfiguration uniqueness enhancements

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-929?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-929: ------------------------------------ Assignee: (was: David Lloyd) > AuthenticationConfiguration uniqueness enhancements > --------------------------------------------------- > > Key: ELY-929 > URL: https://issues.jboss.org/browse/ELY-929 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: David Lloyd > Fix For: 1.2.0.Beta1 > > > Apply some enhancements to AuthenticationConfiguration uniqueness. > * Add admonishing JavaDoc to {{useCallbackHandler}} to point out the importance of per-identity uniqueness of the callback handler > The following also may be possible and useful: > * Modify the {{AuthenticationConfiguration}} process to capture instances for {{Supplier}}-driven components at the time the configuration is used via the {{AuthenticationContextConfigurationClient}} > * Add a variation of {{useCallbackHandler}} which accepts a {{Supplier<CallbackHandler>}}, or a {{Function<T, CallbackHandler}} and a {{T}}, allowing constructor refs to be given -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017