[JBoss JIRA] (ELY-1374) The elytron-1_0.xsd has elements the parser does not accept
by Ilia Vassilev (JIRA)
Ilia Vassilev created ELY-1374:
----------------------------------
Summary: The elytron-1_0.xsd has elements the parser does not accept
Key: ELY-1374
URL: https://issues.jboss.org/browse/ELY-1374
Project: WildFly Elytron
Issue Type: Bug
Reporter: Ilia Vassilev
Assignee: Ilia Vassilev
There are elements in the {{elytron-1_0.xsd}} that the parser does not accept. While I didn't check them all here are at least a few that are in the XSD that the parser will reject:
* {{allow-sasl-mechanisms}}
* {{allow-all-sasl-mechanisms}}
* {{forbid-sasl-mechanisms}}
This may be all of them, but it should likely be validated that those are the only ones.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 7 months
[JBoss JIRA] (SECURITY-978) Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method
by Ilia Vassilev (JIRA)
[ https://issues.jboss.org/browse/SECURITY-978?page=com.atlassian.jira.plug... ]
Ilia Vassilev commented on SECURITY-978:
----------------------------------------
PR: https://github.com/picketbox/picketbox/pull/72
> Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method
> ----------------------------------------------------------------------------------------
>
> Key: SECURITY-978
> URL: https://issues.jboss.org/browse/SECURITY-978
> Project: PicketBox
> Issue Type: Bug
> Environment: Red Hat JBoss Enterprise Application Platform 7.0.x
> Reporter: Ilia Vassilev
> Assignee: Ilia Vassilev
>
> While explicitly checking the user roles in the ejb code using context.isCallerInRole(String roleName) and when it return false below exception message got printed at the DEBUG level in server.log file.
> {code:java}
> 2017-09-13 21:10:24,549 DEBUG [org.jboss.security] sessionhash="b34cb4c5c50e3eefbe4f924ee42fa658" requestid="33015X1505317224509" username="adm2.lg" src_ip="127.0.0.1" PBOX00326: isCallerInRole processing failed: org.jboss.security.authorization.AuthorizationException: PBOX00017: Acces denied: authorization failed
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:274)
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
> at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
> at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
> at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
> at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
> at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
> at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
> {code}
> The exception seems to be printed in DEBUG in the below line
> {code:java}
> https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbos...
> {code}
> This should not be logged as an exception message may be just a line in DEBUG logs should be enough.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 7 months