[JBoss JIRA] (ELY-677) Credential-reference(store=...) should be resolved in time of request.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-677?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse reassigned ELY-677:
------------------------------------
Assignee: (was: Peter Skopek)
> Credential-reference(store=...) should be resolved in time of request.
> ----------------------------------------------------------------------
>
> Key: ELY-677
> URL: https://issues.jboss.org/browse/ELY-677
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credential Store
> Affects Versions: 1.1.0.Beta10
> Reporter: Hynek Švábek
> Attachments: firefly.keystore
>
>
> Credential-reference should be resolved in time of request.
> When you added KeyStore to Elytron subsystem which have credential-reference to non-exists credential store then you can see this error message
> {code}
> ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 8) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("key-store" => "firefly")
> ]) - failure description: {
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store-client.NonexistingCredentialStore"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.key-store.firefly is missing [org.wildfly.security.credential-store-client.NonexistingCredentialStore]"]
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (ELY-1240) Attribute security-domain from Elytron authentication-configuration does not propagate credentials with OAUTHBEARER mechanism
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1240?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse reassigned ELY-1240:
-------------------------------------
Assignee: (was: Darran Lofthouse)
> Attribute security-domain from Elytron authentication-configuration does not propagate credentials with OAUTHBEARER mechanism
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1240
> URL: https://issues.jboss.org/browse/ELY-1240
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta47
> Reporter: Ondrej Lukas
> Priority: Blocker
> Labels: eap7.1-rfe-blocker
>
> When client-server schema as 'Client -> Server A -> Server B' is used and intermediate server (server A) uses authentication-configuration.security-domain and OAUTHBEARER mechanism is used then application (i.e. EJB) from intermediate server cannot authenticate to server B. It seems that OAUTHBEARER mechanism cannot be chosen by SASL mechanism selector when bearer token is not explicitly provided.
> Intermediate server should be able to obtain credentials for OAuth from given security domain and use them for authentication [1].
> See reproducer for more details.
> We request blocker flag since this issue breaks feature in RFE EAP7-284 Client / Server Security Context Propagation for Remoting and Running As a given user and RFE EAP7-568 Server side configuration for Elytron Client.
> Exception from intermediate server:
> {code}
> ERROR [org.jboss.as.ejb3.invocation] (default task-5) WFLYEJB0034: EJB Invocation failed on component Intermediate for method public abstract java.lang.String example.ejb.WhoAmIBeanRemote.whoAmI(): javax.ejb.EJBException: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/server-side/WhoAmIBean", view is interface example.ejb.WhoAmIBeanRemote, affinity is None"
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:188)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:277)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:332)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:240)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
> at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
> at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:89)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:73)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.security.RolesAllowedInterceptor.processInvocation(RolesAllowedInterceptor.java:63)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256)
> at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
> at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
> at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> at org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:380)
> at org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:460)
> at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:455)
> at org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:165)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalStateException: EJBCLIENT000024: Not able to find EJB matching "StatelessEJBLocator for "/server-side/WhoAmIBean", view is interface example.ejb.WhoAmIBeanRemote, affinity is None"
> at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:719)
> at org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:701)
> at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:162)
> at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:112)
> at com.sun.proxy.$Proxy47.whoAmI(Unknown Source)
> at example.ejb.Intermediate.whoAmI(Intermediate.java:21)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:327)
> at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:90)
> at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:101)
> at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
> at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
> at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275)
> ... 46 more
> Suppressed: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (OAUTHBEARER) are supported
> at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:438)
> at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:246)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
> at ...asynchronous invocation...(Unknown Source)
> at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:545)
> at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:513)
> at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:84)
> at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:57)
> at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:464)
> at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:410)
> at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:126)
> at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:139)
> at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:216)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:103)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:103)
> at org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58)
> at org.wildfly.discovery.Discovery.discover(Discovery.java:94)
> at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:442)
> at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:714)
> ... 76 more
> {code}
> [1] https://issues.jboss.org/browse/JBEAP-11377?focusedCommentId=13416866&pag...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (ELY-1113) wildfly-config.xml, pretty-printing XML validation errors
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1113?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse reassigned ELY-1113:
-------------------------------------
Assignee: (was: Darran Lofthouse)
> wildfly-config.xml, pretty-printing XML validation errors
> ----------------------------------------------------------
>
> Key: ELY-1113
> URL: https://issues.jboss.org/browse/ELY-1113
> Project: WildFly Elytron
> Issue Type: Feature Request
> Reporter: Martin Choma
>
> I think to mitigate problems as JBEAP-10591 (XSD out of sync), it would be nice to really use XSD for validation as wildfly do with own xml configuration [1] .
> Same arguments from that analysis doc [2] applies here:
> * Give users clear feedback that can be used to correct the configuration error without the user having to context-switch to documentation, and, in most cases, enable the user to quickly identify and understand the issue before looking away from the validation output, by:
> Showing (instead of telling) where in the XML the error occurred
> Providing richer feedback than the native validation error provides (detect potential misspellings, provide alternate locations, etc)
> Showing documentation for the element/attribute where possible (pulled from the XSD)
> * Use what we already produce (XSDs), without having to create additional context-specific schema. Ideally, a project would be able to integrate this tool with very little effort.
> As an example, having uncomplete key-store configuration. (Missing required subelements e.g. file/key-store-clear-password)
> {code}
> <key-store name="trustsore" type="PKCS11"></key-store>
> {code}
> Leads to general exception. User can have hard time to find out what is wrong
> {code}
> 14:05:23,259 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /wildfly-config-app/authenticationContext: java.lang.IllegalStateException
> at org.wildfly.security.auth.client.ElytronXmlParser.parseKeyStoreType(ElytronXmlParser.java:1261)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseKeyStoresType(ElytronXmlParser.java:1113)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:279)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:180)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:141)
> at com.redhat.eap.qe.deployment.servlet.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:116)
> at com.redhat.eap.qe.deployment.servlet.WildflyConfigXmlServlet.doGet(WildflyConfigXmlServlet.java:91)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> [1] https://issues.jboss.org/browse/WFCORE-1728 - Pretty-printing XML validation errors
> [2] https://developer.jboss.org/docs/DOC-55722?uniqueTitle=false
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (ELY-708) Elytron key-store with WrongPassword is replace with zero size file when I process "store" operation over CLI.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-708?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse reassigned ELY-708:
------------------------------------
Assignee: (was: Darran Lofthouse)
> Elytron key-store with WrongPassword is replace with zero size file when I process "store" operation over CLI.
> --------------------------------------------------------------------------------------------------------------
>
> Key: ELY-708
> URL: https://issues.jboss.org/browse/ELY-708
> Project: WildFly Elytron
> Issue Type: Bug
> Components: KeyStores
> Affects Versions: 1.1.0.Beta11
> Reporter: Hynek Švábek
>
> When I create elytron key-store with wrong password and execute *store* operation
> /subsystem=elytron/key-store=firefly:store()
> then the key-store file is replace with zero size.file.
> I can see this error message
> {code}
> {
> "outcome" => "failed",
> "result" => undefined,
> "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException: password can't be null",
> "rolled-back" => true
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (ELY-544) Field clientCertUrl from EntitySaslClient is always null
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-544?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse reassigned ELY-544:
------------------------------------
Assignee: (was: Darran Lofthouse)
> Field clientCertUrl from EntitySaslClient is always null
> --------------------------------------------------------
>
> Key: ELY-544
> URL: https://issues.jboss.org/browse/ELY-544
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta5
> Reporter: Ondrej Lukas
> Priority: Minor
> Labels: static_analysis
>
> Field {{clientCertUrl}} from org.wildfly.security.sasl.entity.EntitySaslClient is always null which causes that method getClientCertificate() includes deadcode - condition {{clientCertUrl != null}} is always false. Is it intended? Feel free to close this issue as not a bug if this is currently intended behavior.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (ELY-1309) Channel binding callback cannot support tls-unique
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1309?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse reassigned ELY-1309:
-------------------------------------
Assignee: (was: David Lloyd)
> Channel binding callback cannot support tls-unique
> --------------------------------------------------
>
> Key: ELY-1309
> URL: https://issues.jboss.org/browse/ELY-1309
> Project: WildFly Elytron
> Issue Type: Bug
> Components: API / SPI, Authentication Client, Authentication Server, Callbacks, SASL
> Reporter: David Lloyd
> Priority: Blocker
> Fix For: 1.2.0.Beta1
>
>
> The revised API for the channel binding callback uses SSL sessions, but the standard TLS channel binding types [according to the RFC|https://tools.ietf.org/html/rfc5929] are associated with the connection, not the session. It is likely that the proposed channel bindings JDK API will exist on SSLSocket/SSLEngine. Introduce an API that allows the callback handlers to acquire the connection information using a forward-compatible API.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (ELY-476) Arrays clone() does not work in static method of interface for IBM JDK
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-476?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse reassigned ELY-476:
------------------------------------
Assignee: (was: Darran Lofthouse)
> Arrays clone() does not work in static method of interface for IBM JDK
> ----------------------------------------------------------------------
>
> Key: ELY-476
> URL: https://issues.jboss.org/browse/ELY-476
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta4
> Reporter: Ondrej Lukas
> Priority: Critical
>
> It seems IBM JDK has an issue with using clone() method for arrays in static method of interface. Using arrays clone() method causes following exception for IBM JDK:
> {code}
> java.lang.IllegalAccessError: Class org/wildfly/security/password/interfaces/SaltedSimpleDigestPassword illegally accessing "protected" member of class [B
> at org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword.createRaw(SaltedSimpleDigestPassword.java:112)
> ...
> {code}
> Issue affects only direct usage of arrays clone() method from static method of interface.
> Example, calling methodWillFail() will fail with IBM JDK:
> {code}
> public interface SimpleInterface {
> static int[] methodWillFail() {
> int[] array = {1, 2};
> return array.clone();
> }
> }
> {code}
> Workaround is simple. Calling static method of another class using arrays clone() works for IBM JDK 8.
> Example, calling methodWillNotFail() will pass with IBM JDK:
> {code}
> public interface SimpleInterface {
> static int[] methodWillNotFail() {
> return SimpleClass.methodOk();
> }
> }
> public class SimpleClass {
> static int[] methodOk() {
> int[] array = {1, 2};
> return array.clone();
> }
> }
> {code}
> Affected interfaces:
> org.wildfly.security.auth.server.NameRewriter.java
> org.wildfly.security.authz.RoleMapper.java
> org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword.java
> org.wildfly.security.password.interfaces.OneTimePassword.java
> org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword.java
> org.wildfly.security.password.interfaces.BCryptPassword.java
> org.wildfly.security.password.interfaces.SimpleDigestPassword.java
> org.wildfly.security.password.interfaces.DigestPassword.java
> org.wildfly.security.password.interfaces.ScramDigestPassword.java
> org.wildfly.security.ssl.SNIServerSSLContextSelector.java
> This issue causes errors in following test cases running with IBM JDK:
> org.wildfly.security.auth.KeyStoreBackedSecurityRealmTest
> org.wildfly.security.auth.realm.jdbc.PasswordSupportTest
> org.wildfly.security.password.impl.BCryptPasswordTest
> org.wildfly.security.auth.realm.ldap.UserPasswordPasswordUtilTest
> org.wildfly.security.ldap.PasswordSupportSuiteChild
> org.wildfly.security.password.impl.BSDUnixDESCryptTest
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months