September 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (DROOLS-1667) FEEL expression fails: 1 + if true then 1 else 2

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1667?page=com.atlassian.jira.plugi... ] Edson Tirelli updated DROOLS-1667: ---------------------------------- Sprint: 2017 Week 30-31, 2017 Week 32-33, 2017 Week 34-35, 2017 Week 36-37, 2017 Week 38-39 (was: 2017 Week 30-31, 2017 Week 32-33, 2017 Week 34-35, 2017 Week 36-37) > FEEL expression fails: 1 + if true then 1 else 2 > ------------------------------------------------ > > Key: DROOLS-1667 > URL: https://issues.jboss.org/browse/DROOLS-1667 > Project: Drools > Issue Type: Bug > Components: dmn engine > Affects Versions: 7.1.0.Final > Reporter: Edson Tirelli > Assignee: Edson Tirelli > Fix For: 7.4.0.Final > > > The following FEEL expression fails to parse: > 1 + if true then 1 else 2 > Similar expressions might present the same problem. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1553) Write documentation for the DMN and FEEL components

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1553?page=com.atlassian.jira.plugi... ] Edson Tirelli updated DROOLS-1553: ---------------------------------- Sprint: 2017 Week 22-23, 2017 Week 24-25, 2017 Week 26-27, 2017 Week 28-29, 2017 Week 30-31, 2017 Week 32-33, 2017 Week 34-35, 2017 Week 36-37, 2017 Week 38-39 (was: 2017 Week 22-23, 2017 Week 24-25, 2017 Week 26-27, 2017 Week 28-29, 2017 Week 30-31, 2017 Week 32-33, 2017 Week 34-35, 2017 Week 36-37) > Write documentation for the DMN and FEEL components > --------------------------------------------------- > > Key: DROOLS-1553 > URL: https://issues.jboss.org/browse/DROOLS-1553 > Project: Drools > Issue Type: Task > Components: dmn engine > Affects Versions: 7.0.0.CR3 > Reporter: Edson Tirelli > Assignee: Edson Tirelli > Fix For: 7.4.0.Final > > > Write the documentation for both FEEL and DMN engines. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1597) Implement profile for integration with Signavio's DMN modeler

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1597?page=com.atlassian.jira.plugi... ] Edson Tirelli updated DROOLS-1597: ---------------------------------- Sprint: 2017 Week 24-25, 2017 Week 26-27, 2017 Week 28-29, 2017 Week 30-31, 2017 Week 32-33, 2017 Week 34-35, 2017 Week 36-37, 2017 Week 38-39 (was: 2017 Week 24-25, 2017 Week 26-27, 2017 Week 28-29, 2017 Week 30-31, 2017 Week 32-33, 2017 Week 34-35, 2017 Week 36-37) > Implement profile for integration with Signavio's DMN modeler > ------------------------------------------------------------- > > Key: DROOLS-1597 > URL: https://issues.jboss.org/browse/DROOLS-1597 > Project: Drools > Issue Type: Enhancement > Components: dmn engine > Affects Versions: 7.1.0.Beta2 > Reporter: Edson Tirelli > Assignee: Edson Tirelli > Fix For: 7.4.0.Final > > > Signavio implements a number of extensions to the DMN standard. As they are a Red Hat partner, we will need to implement a profile in the runtime engine that enables and supports those extensions. > A short list of extensions is as follows. Details will be added to individual tickets: > * Support additional FEEL functions and alternate names for existing functions > * Support the Multi Instance Decision node > * Support character '?' for interpolation of values in a DT cell > * Support constraints on List inputs in DT cells > * Support model composition through BKMs -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9014) Second remote EJB client connection prevents server from shutting down (Elytron, Remoting)

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-9014?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-9014: ----------------------------------- Priority: Major (was: Blocker) > Second remote EJB client connection prevents server from shutting down (Elytron, Remoting) > ------------------------------------------------------------------------------------------- > > Key: WFLY-9014 > URL: https://issues.jboss.org/browse/WFLY-9014 > Project: WildFly > Issue Type: Bug > Components: EJB, Remoting, Security > Reporter: Josef Cacek > Assignee: David Lloyd > > Second call of EJB client causes server stuck in some cases. When this happens administrator is not able to shutdown or reload such a server. > *Scenario details:* > Elytron is configured as security provider on servers and Elytron client API is used for authentication. Protected stateless beans are used. > {noformat} > EJB Client -> Entry bean on Server1 -> WhoAmI bean on Server2 > {noformat} > * Client uses {{AuthenticationConfiguration}} with valid credentials for Server1; Client calls the Entry bean twice - the difference is in arguments provided. The arguments are subsequently used for authentication from Server1 to Server2 (using AuthenticationConfiguration): > ** first call uses null for both username and password > ** second call uses valid credentials for Server2 > * Entry bean on Server1 calls WhoAmI bean on Server2 with credentials which was provided as method arguments; > * WhoAmI bean on Server2 just returns caller principal > The Client is executed twice, the second call doesn't finish -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8872) Regression, kerberos + fallback ejb legacy security solution GSSAPI SASL mechanism not called

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8872?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-8872: ----------------------------------- Priority: Major (was: Blocker) > Regression, kerberos + fallback ejb legacy security solution GSSAPI SASL mechanism not called > --------------------------------------------------------------------------------------------- > > Key: WFLY-8872 > URL: https://issues.jboss.org/browse/WFLY-8872 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > > Given EJB secured with kerberos + fallback, using legacy security solution [1] > When I try to authenticate using correct Kerberos ticket and wrong username/password. > Then PLAIN SASL mechanism fails and GSSAPI is not performed. > Same scenario works correctly in > * 7.0 > * 7.1 Elytron way > I have attached server.log for: > * no username password provided > * wrong username password provided > [1] https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_ap... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8568) Elytron outflow-security-domains doesn't work for Servlet-to-EJB calls

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8568?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-8568: ----------------------------------- Priority: Major (was: Blocker) > Elytron outflow-security-domains doesn't work for Servlet-to-EJB calls > ---------------------------------------------------------------------- > > Key: WFLY-8568 > URL: https://issues.jboss.org/browse/WFLY-8568 > Project: WildFly > Issue Type: Bug > Components: EJB, Security, Web (Undertow) > Reporter: Josef Cacek > Assignee: David Lloyd > > Security context propagation with using Elytron {{outflow-security-domains}} attribute in security domain doesn't work for Servlet-to-EJB calls. > This could also be a test configuration issue, but as there is not yet documentation covering this area, I can't guess what could be wrong in the scenario. > 1. I have 2 similar web applications with servlets and EJBs: > * the `secured-webapp` is mapped to `web-tests` security domain > * the `second` application is mapped to `second-domain` security domain > 2. Undertow and EJB subsystems maps the application domains `web-tests` and `second-domain` to Elytron domains with the same name. > 3. trust between the domains is defined in following way: > {code} > /subsystem=elytron/security-domain=second-domain:write-attribute(name=outflow-security-domains,value=[web-tests]) > /subsystem=elytron/security-domain=second-domain:write-attribute(name=trusted-security-domains, value=[web-tests]) > /subsystem=elytron/security-domain=web-tests:write-attribute(name=trusted-security-domains, value=[second-domain]) > {code} > 4. the test itself calls servlet from the `second` web application and it calls protected EJB from the `secured-webapp`. > The EJB call fails with EJBAccessException > {noformat} > 14:30:04,631 ERROR [org.jboss.as.ejb3.invocation] (default task-3) WFLYEJB0034: EJB Invocation failed on component HelloBean for method public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello() of bean: HelloBean is not allowed > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8506) Elytron SPNEGO authentication in deployment over HTTPS, EAP requests for HTTPS/hostname ticket.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8506?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-8506: ----------------------------------- Priority: Major (was: Blocker) > Elytron SPNEGO authentication in deployment over HTTPS, EAP requests for HTTPS/hostname ticket. > ----------------------------------------------------------------------------------------------- > > Key: WFLY-8506 > URL: https://issues.jboss.org/browse/WFLY-8506 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Labels: eap71_beta_candidate, kerberos, spnego, tls > > Accessing deployment secured by Kerberos + TLS causes EAP requests from KDC ticket HTTPS/hostname. > See network dump krb_https_deployment.pcap in attachement, where TGS-REQ for HTTPS/localhost is captured. > If I configure HTTPS/hostname in KDC and kerberos credential factory to use principal HTTPS/hostname it works correctly. But I still believe it is bug: > * At least it is not consistent with legacy management interface behaviour (JBEAP-8572). > * found 2 sources describing protocol and service does not match 1:1 and for https protocol HTTP/hostname SPN should be used [1][2] > [1] https://sites.google.com/a/chromium.org/dev/developers/design-documents/h... > [2] https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-1598) Out of the box SSL - or shortly after.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-1598?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-1598: ---------------------------------------- [~fjuma] If you are looking at advanced SSL this may be one to consider, especially if you end up with options for CSRs and importing the results. > Out of the box SSL - or shortly after. > -------------------------------------- > > Key: WFLY-1598 > URL: https://issues.jboss.org/browse/WFLY-1598 > Project: WildFly > Issue Type: Sub-task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Priority: Critical > Labels: management_security,, management_sso > Fix For: 11.0.0.Final > > > There are various reasons that we do not support SSL/TLS out of the box e.g. > - If we ship a default keystore then everyone has access to the private key. > - Generating one on first boot we do not have sufficient information to generate it correctly, also the performance overhead. > This issue is to explorer other options to encourage their use and make it easier to configure. > As an example could the admin console detect a non encrypted connection and have an box that encourages the config along with a wizard like workflow to get it set up? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7041) Add testing for Web -> EJB Identity Propagation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7041?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7041: ---------------------------------------- [~honza889] Is there anything else needed on this? Can we resolve this one and create specific tasks as required? > Add testing for Web -> EJB Identity Propagation > ----------------------------------------------- > > Key: WFLY-7041 > URL: https://issues.jboss.org/browse/WFLY-7041 > Project: WildFly > Issue Type: Task > Components: EJB, Security, Test Suite > Reporter: Darran Lofthouse > Assignee: Jan Kalina > Priority: Critical > Labels: elytron_testing > Fix For: 11.0.0.Final > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8547) Elytron, SPNEGO in deployment exceptional states handling, 500 should be returned

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8547?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-8547: ----------------------------------- Priority: Major (was: Critical) > Elytron, SPNEGO in deployment exceptional states handling, 500 should be returned > --------------------------------------------------------------------------------- > > Key: WFLY-8547 > URL: https://issues.jboss.org/browse/WFLY-8547 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > > During SPNEGO in deployment authentication, there should be these rules applied > * If authentication is required and no authentication mechanisms are available for use report - 500 > * If a mechanism throws an exception evaluating the request and there are no other mechanisms available - 500 > Same as Elytron securing management interface discussed on https://issues.jboss.org/browse/JBEAP-9970?focusedCommentId=13386447&page... > I test these scenarios by: > * wrong protocol=DOES_NOT_EXIST in http-authentication-factory > ** I get 403 on first GET > ** {code} > 14:35:41,907 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 14:35:41,908 TRACE [org.wildfly.security] (default task-1) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost.localdomain', protocol='http'. > {code} > * wrong principal name in kerberos security factory > ** I get 401 on first GET > ** {code} > 14:38:37,280 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 14:38:37,280 TRACE [org.wildfly.security] (default task-1) Evaluating SPNEGO request: cached GSSContext = null > 14:38:37,280 TRACE [org.wildfly.security] (default task-1) Obtaining GSSCredential for the service from callback handler... > 14:38:37,281 TRACE [org.wildfly.security] (default task-1) No valid cached credential, obtaining new one... > 14:38:37,281 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > ] > 14:38:37,281 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > Principal: HTTP/wronghost(a)JBOSS.ORG > Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.6037194374738244164.keytab for HTTP/wronghost(a)JBOSS.ORG > ] succeed > 14:38:37,281 TRACE [org.wildfly.security] (default task-1) Creating GSSName for Principal 'HTTP/wronghost(a)JBOSS.ORG' > 14:38:37,282 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.6037194374738244164.keytab for HTTP/wronghost(a)JBOSS.ORG > 14:38:37,282 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.6037194374738244164.keytab for HTTP/wronghost(a)JBOSS.ORG > 14:38:37,282 TRACE [org.wildfly.security] (default task-1) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f] > 14:38:37,282 TRACE [org.wildfly.security] (default task-1) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 14:38:37,282 TRACE [org.wildfly.security] (default task-1) Using SpnegoAuthenticationMechanism to authenticate HTTP/wronghost(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@7e6a9da] > 14:38:37,282 TRACE [org.wildfly.security] (default task-1) Caching GSSContext sun.security.jgss.GSSContextImpl@2df4c570 > 14:38:37,282 TRACE [org.wildfly.security] (default task-1) Caching KerberosTicket null > 14:38:37,282 TRACE [org.wildfly.security] (default task-1) Sent HTTP authorizations: [null] > 14:38:37,282 TRACE [org.wildfly.security] (default task-1) Request lacks valid authentication credentials > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira September 2017