January 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-261) Rework (and move) UsernamePasswordHashUtil

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-261?page=com.atlassian.jira.plugin.sy... ] Jan Kalina edited comment on ELY-261 at 1/25/18 5:15 PM: --------------------------------------------------------- Currently is the class already part of the public API so cannot be removed - will be deprecated. Cannot be adjusted to use PasswordFactory, as it allows to use custom Digest object. was (Author: honza889): Currently is the class already part of the public API so cannot be removed - will be deprecated. > Rework (and move) UsernamePasswordHashUtil > ------------------------------------------ > > Key: ELY-261 > URL: https://issues.jboss.org/browse/ELY-261 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI, Passwords > Reporter: Darran Lofthouse > Assignee: Jan Kalina > Fix For: 1.2.0.Beta14 > > > Firstly this class is not really SASL specific so should be in a general util package. > Secondly we now have password specs and a PasswordFactory - if this class still has a future then maybe it should be using those instead of it's own custom implementation. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1502) Coverity, Missing call to superclass in AbstractGssapiMechanism

by Ilia Vassilev (JIRA)

Ilia Vassilev created ELY-1502: ---------------------------------- Summary: Coverity, Missing call to superclass in AbstractGssapiMechanism Key: ELY-1502 URL: https://issues.jboss.org/browse/ELY-1502 Project: WildFly Elytron Issue Type: Bug Components: Authentication Mechanisms Affects Versions: 1.2.0.Beta11 Reporter: Ilia Vassilev Assignee: Ilia Vassilev super.getNegotiatedProperty() is not called in AbstractGssapiMechanism#getNegotiatedProperty, although it is called in similar cases in Gs2SaslServer, DigestSaslServer, AnonymousSaslClient. {code:java|title=AbstractGssapiMechanism.java} @Override public Object getNegotiatedProperty(String propName) { assertComplete(); switch (propName) { case Sasl.QOP: return selectedQop.getName(); case Sasl.MAX_BUFFER: return Integer.toString(actualMaxReceiveBuffer != 0 ? actualMaxReceiveBuffer : configuredMaxReceiveBuffer); case Sasl.RAW_SEND_SIZE: return Integer.toString(maxBuffer); } return null; } {code} This coverity report is not caused by recent change in AbstractGssapiMechanism but rather Gs2SaslServer and DigestSaslServer [1] https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-261) Rework (and move) UsernamePasswordHashUtil

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-261?page=com.atlassian.jira.plugin.sy... ] Jan Kalina reassigned ELY-261: ------------------------------ Assignee: Jan Kalina > Rework (and move) UsernamePasswordHashUtil > ------------------------------------------ > > Key: ELY-261 > URL: https://issues.jboss.org/browse/ELY-261 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI, Passwords > Reporter: Darran Lofthouse > Assignee: Jan Kalina > Fix For: 1.2.0.Beta14 > > > Firstly this class is not really SASL specific so should be in a general util package. > Secondly we now have password specs and a PasswordFactory - if this class still has a future then maybe it should be using those instead of it's own custom implementation. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-261) Rework (and move) UsernamePasswordHashUtil

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-261?page=com.atlassian.jira.plugin.sy... ] Jan Kalina commented on ELY-261: -------------------------------- Currently is the class already part of the public API so cannot be removed - will be deprecated. > Rework (and move) UsernamePasswordHashUtil > ------------------------------------------ > > Key: ELY-261 > URL: https://issues.jboss.org/browse/ELY-261 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI, Passwords > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > Firstly this class is not really SASL specific so should be in a general util package. > Secondly we now have password specs and a PasswordFactory - if this class still has a future then maybe it should be using those instead of it's own custom implementation. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-170) Transition the still useful parts of JBoss Negotiation into Elytron

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-170?page=com.atlassian.jira.plugin.sy... ] Jan Kalina commented on ELY-170: -------------------------------- SPNEGO in elytron is already complete - will close as out-of-date. > Transition the still useful parts of JBoss Negotiation into Elytron > ------------------------------------------------------------------- > > Key: ELY-170 > URL: https://issues.jboss.org/browse/ELY-170 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta12 > > > Generally JBoss Negotiation should be obsolete, however some portions may be useful to be included in Elytron e.g. the SPNEGO parsing so that we can display some meaningful diagnostics. > By the time we reach the end of WildFly 10 nothing should require a direct dependency on JBoss Negotiation and really it should be removed from the application server distribution. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-170) Transition the still useful parts of JBoss Negotiation into Elytron

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-170?page=com.atlassian.jira.plugin.sy... ] Jan Kalina closed ELY-170. -------------------------- Fix Version/s: 1.2.0.Beta12 (was: 1.2.0.Beta14) Resolution: Out of Date > Transition the still useful parts of JBoss Negotiation into Elytron > ------------------------------------------------------------------- > > Key: ELY-170 > URL: https://issues.jboss.org/browse/ELY-170 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta12 > > > Generally JBoss Negotiation should be obsolete, however some portions may be useful to be included in Elytron e.g. the SPNEGO parsing so that we can display some meaningful diagnostics. > By the time we reach the end of WildFly 10 nothing should require a direct dependency on JBoss Negotiation and really it should be removed from the application server distribution. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3550) Inefficient algorithm for converting JMX attribute names to native resource attribute names

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3550?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-3550: ------------------------------------------ Note: looking more closely revealed that the DMR description was additionally used later. But the way the necessary description is obtained can be more efficient, which the PR for this does. WFCORE-3551 is about finding a way to further reduce or maybe eliminate the need for DMR descriptions. > Inefficient algorithm for converting JMX attribute names to native resource attribute names > ------------------------------------------------------------------------------------------- > > Key: WFCORE-3550 > URL: https://issues.jboss.org/browse/WFCORE-3550 > Project: WildFly Core > Issue Type: Bug > Components: JMX > Reporter: Brian Stansberry > Assignee: Brian Stansberry > > ModelControllerMBeanHelper is taking an MRR, using it to create a DMR ModelNode description of the resource type, and then iterating over the attribute names in that description tree to try and match up with the requested JMX attribute name. That middle step of creating the DMR description is very expensive; it produces a very large node tree. It's not necessary; the MRR already can tell you the legal attribute names. > I believe this is legacy cruft from the early AS 7 days when the MRR wasn't always reliable for all attribute names. But it's been reliable for a long time now. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-54) Support for stronger hashes as alternatives to MD5

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-54?page=com.atlassian.jira.plugin.sys... ] Jan Kalina resolved ELY-54. --------------------------- Fix Version/s: 1.2.0.Beta11 (was: 1.2.0.Beta14) Resolution: Done > Support for stronger hashes as alternatives to MD5 > -------------------------------------------------- > > Key: ELY-54 > URL: https://issues.jboss.org/browse/ELY-54 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta11 > > > Presently Digest authentication is based on MD5 - however we should either update the mechanism or add new mechanisms to support the use of stronger hashes. > As this library is used both client and server side installations that require the stronger hashes can just ensure the client and server have the latest version of this library - installations that still require interaction with MD5 will need to ensure that it is still available as a mechanism. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-54) Support for stronger hashes as alternatives to MD5

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-54?page=com.atlassian.jira.plugin.sys... ] Jan Kalina commented on ELY-54: ------------------------------- This was completed for HTTP too already - as part of ELY-1369. > Support for stronger hashes as alternatives to MD5 > -------------------------------------------------- > > Key: ELY-54 > URL: https://issues.jboss.org/browse/ELY-54 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > Presently Digest authentication is based on MD5 - however we should either update the mechanism or add new mechanisms to support the use of stronger hashes. > As this library is used both client and server side installations that require the stronger hashes can just ensure the client and server have the latest version of this library - installations that still require interaction with MD5 will need to ensure that it is still available as a mechanism. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3551) Reduce and try to eliminate need to read the attribute DMR description in ModelControllerMBeanHelper

by Brian Stansberry (JIRA)

Brian Stansberry created WFCORE-3551: ---------------------------------------- Summary: Reduce and try to eliminate need to read the attribute DMR description in ModelControllerMBeanHelper Key: WFCORE-3551 URL: https://issues.jboss.org/browse/WFCORE-3551 Project: WildFly Core Issue Type: Enhancement Components: JMX Reporter: Brian Stansberry Assignee: Kabir Khan The TypeConverter stuff used by ModelControllerMBeanHelper relies on the full DMR description for an attribute in order to do the conversion. But getting that description is expensive relative to the amount of data that is extracted from it. Task is to figure out a lower overhead way, at least for non-OBJECT/LIST/PROPERTY attributes where all that's needed is AttributeDefinition.getType(). It's more complex for non-simple attributes, but those are less common. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2018