January 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1471) Reduce Class Loading overhead of WildFly Elytron Provider

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1471?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1471: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Reduce Class Loading overhead of WildFly Elytron Provider > --------------------------------------------------------- > > Key: ELY-1471 > URL: https://issues.jboss.org/browse/ELY-1471 > Project: WildFly Elytron > Issue Type: Bug > Components: API / SPI > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > We currently load every single implementation class just to identify it's name. > Whilst this makes refactoring easier it causes a heavy hit to the ClassLoader just to install the provider even though only a small subset of it's services tend to be used at once. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1467) Support for RFC8053 Optional-WWW-Authenticate

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1467?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1467: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Support for RFC8053 Optional-WWW-Authenticate > --------------------------------------------- > > Key: ELY-1467 > URL: https://issues.jboss.org/browse/ELY-1467 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > https://tools.ietf.org/html/rfc8053 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1466) Add configuration option to BASIC mechanism to switch off challenging

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1466?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1466: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Add configuration option to BASIC mechanism to switch off challenging > --------------------------------------------------------------------- > > Key: ELY-1466 > URL: https://issues.jboss.org/browse/ELY-1466 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > This may be desirable where paired with FORM auth so users can use FORM auth and other clients use BASIC. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1464) Programatic authentication should be caching the SecurityIdentity not the name of the identity

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1464?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1464: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Programatic authentication should be caching the SecurityIdentity not the name of the identity > ---------------------------------------------------------------------------------------------- > > Key: ELY-1464 > URL: https://issues.jboss.org/browse/ELY-1464 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > By only caching the name of the identity the server authentication context -> security domain -> security realm chain is called for each subsequent request when we should have been able to re-use an existing identity. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1455) DB query seen for each request using programatic authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1455: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > DB query seen for each request using programatic authentication > ---------------------------------------------------------------- > > Key: ELY-1455 > URL: https://issues.jboss.org/browse/ELY-1455 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Mechanisms > Affects Versions: 1.2.0.Beta10 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.2.0.Beta13 > > Attachments: elytron-bug.zip, server.log, standalone-full-ha.xml > > > User is complaining, that DB is accessed on each request. > Jdbc-realm + FORM authentication > {noformat} > <jdbc-realm name="myappRealm"> > <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds"> > <attribute-mapping> > <attribute to="Roles" index="1"/> > </attribute-mapping> > <simple-digest-mapper password-index="2"/> > </principal-query> > </jdbc-realm> > {noformat} > {noformat} > 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com] > 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto(a)myapp.com. > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator] > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com] > 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto(a)myapp.com. > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator] > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1444) Jdbc-realm with simple digest mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1444?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1444: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Jdbc-realm with simple digest mapper > ------------------------------------ > > Key: ELY-1444 > URL: https://issues.jboss.org/browse/ELY-1444 > Project: WildFly Elytron > Issue Type: Bug > Components: Passwords > Affects Versions: 1.2.0.Beta9 > Reporter: Martin Choma > Fix For: 1.2.0.Beta13 > > > This is inspired by ELY-1435, but in this case trying simple digest hash. > In db is stored this sha-256 password hash: 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 > I get these values by http://passwordsgenerator.net/sha256-hash-generator/ > {noformat} > 17:30:50,211 DEBUG [org.wildfly.security] (default task-3) Using UsernamePasswordAuthenticationMechanism for username authentication. Realm: [Some Realm], Username: [correctUser]. > 17:30:50,211 TRACE [org.wildfly.security] (default task-3) Handling RealmCallback: selected = [Some Realm] > 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser > 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser] > 17:30:50,215 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser > 17:30:50,301 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser > 17:30:50,306 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser > 17:30:50,324 DEBUG [org.wildfly.security] (default task-3) User correctUser authentication failed. > 17:30:50,324 TRACE [org.wildfly.security] (default task-3) Handling AuthenticationCompleteCallback: fail > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1440) FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1440?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1440: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself. > ---------------------------------------------------------------------------------------------- > > Key: ELY-1440 > URL: https://issues.jboss.org/browse/ELY-1440 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > This API was introduced to cover the case where authentication happens late in a request, generally that is quite a rare event. > Even though the API may be popular it would likely happen once for a session and all future requests for that session the identity would be known in advance. > At the moment by not running as the existing identity we are loosing all automatic identity outflow opportunities as calls pass from the servlet container to the EJB container. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1436) Log jdbc-realm key-mapper processing

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1436?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1436: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Log jdbc-realm key-mapper processing > ------------------------------------ > > Key: ELY-1436 > URL: https://issues.jboss.org/browse/ELY-1436 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Martin Choma > Assignee: Ilia Vassilev > Fix For: 1.2.0.Beta13 > > > User reported problem with getting work jdbc_realm with bcrypt mapper. He had configured org.wildfly.security to log TRACE messages, but log does not provide any useful information regarding mapping password from DB. > In this case seems problem was in mixing base64 vs. modular crypt format. > Looking into PasswordKeyMapper there is a lot of logic and lot of steps which can get wrong. So logging some TRACE messages can hint user what is going on and what went wrong. > Also I have noticed there is unhandled exception. Please at least log some TRACE message. > {code:java|title=PasswordKeyMapper.java} > } catch (InvalidKeySpecException e) { > // fall out (unlikely but possible) > } > {code} > [1] https://developer.jboss.org/message/977727 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1425) Add support for JASPIC / JSR-196

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1425?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1425: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Add support for JASPIC / JSR-196 > -------------------------------- > > Key: ELY-1425 > URL: https://issues.jboss.org/browse/ELY-1425 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > This is an overall tracking task for changes required to WildFly Elytron to support JASPIC. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1409) Update HTTP authentication mechanism API to support re-use of response handlers

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1409?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1409: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 1.2.0.Beta12) > Update HTTP authentication mechanism API to support re-use of response handlers > ------------------------------------------------------------------------------- > > Key: ELY-1409 > URL: https://issues.jboss.org/browse/ELY-1409 > Project: WildFly Elytron > Issue Type: Task > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > At the moment the response handler can only access the response, it can not access anything from the request unless created with access to the request. > Making the scopes available should allow for state to be transferred on the request scope. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2018