December 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2506) Roles are not assigned if access=identity uses Elytron security domain based on legacy security domain

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-2506?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2506. -------------------------------------- Assignee: Darran Lofthouse Resolution: Rejected Rejected as this is pushing the limits of what is achievable with the PicketBox wrapping. > Roles are not assigned if access=identity uses Elytron security domain based on legacy security domain > ------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2506 > URL: https://issues.jboss.org/browse/WFCORE-2506 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Major > > In case when Elytron security domain, which uses legacy security domain (provided through elytron-integration in legacy security subsystem), is used for identity inflow in access=identity, and authentication is provided by security domain which uses some Elytron security realm, then no roles/groups from legacy security domain are assigned to the secured identity. See reproducer for more details. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8568) Elytron outflow-security-domains doesn't work for Servlet-to-EJB calls

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-8568?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-8568: -------------------------------------- Assignee: (was: Darran Lofthouse) > Elytron outflow-security-domains doesn't work for Servlet-to-EJB calls > ---------------------------------------------------------------------- > > Key: WFLY-8568 > URL: https://issues.jboss.org/browse/WFLY-8568 > Project: WildFly > Issue Type: Bug > Components: EJB, Security, Web (Undertow) > Reporter: Josef Cacek > Priority: Major > > Security context propagation with using Elytron {{outflow-security-domains}} attribute in security domain doesn't work for Servlet-to-EJB calls. > This could also be a test configuration issue, but as there is not yet documentation covering this area, I can't guess what could be wrong in the scenario. > 1. I have 2 similar web applications with servlets and EJBs: > * the `secured-webapp` is mapped to `web-tests` security domain > * the `second` application is mapped to `second-domain` security domain > 2. Undertow and EJB subsystems maps the application domains `web-tests` and `second-domain` to Elytron domains with the same name. > 3. trust between the domains is defined in following way: > {code} > /subsystem=elytron/security-domain=second-domain:write-attribute(name=outflow-security-domains,value=[web-tests]) > /subsystem=elytron/security-domain=second-domain:write-attribute(name=trusted-security-domains, value=[web-tests]) > /subsystem=elytron/security-domain=web-tests:write-attribute(name=trusted-security-domains, value=[second-domain]) > {code} > 4. the test itself calls servlet from the `second` web application and it calls protected EJB from the `secured-webapp`. > The EJB call fails with EJBAccessException > {noformat} > 14:30:04,631 ERROR [org.jboss.as.ejb3.invocation] (default task-3) WFLYEJB0034: EJB Invocation failed on component HelloBean for method public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello() of bean: HelloBean is not allowed > {noformat} -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-357) Enhance add-user utility to allow user to select from known groups when assigning groups to a user

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-357?page=com.atlassian.jira.plugin... ] Darran Lofthouse resolved WFCORE-357. ------------------------------------- Assignee: Darran Lofthouse Resolution: Out of Date Marking as out of date, we will possibly revisit this utility and start again in the context of WildFly Elytron. > Enhance add-user utility to allow user to select from known groups when assigning groups to a user > -------------------------------------------------------------------------------------------------- > > Key: WFCORE-357 > URL: https://issues.jboss.org/browse/WFCORE-357 > Project: WildFly Core > Issue Type: Feature Request > Components: Scripts, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Major > > Also ensure add-user utility is talking about groups and not roles. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-3313) Websocket Auth - Container is not aware of the Principal

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-3313?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-3313. ------------------------------------ Resolution: Out of Date Marking as out of date as no further info since WildFly 11 - please fee free to reopen if additional info is available. > Websocket Auth - Container is not aware of the Principal > -------------------------------------------------------- > > Key: WFLY-3313 > URL: https://issues.jboss.org/browse/WFLY-3313 > Project: WildFly > Issue Type: Bug > Components: EJB, Security, Web (Undertow), Web Sockets > Affects Versions: 8.1.0.CR1, 10.0.0.Final > Reporter: Markus D > Assignee: Stuart Douglas > Priority: Major > Attachments: websocket-different-principals-ejb-vs-socket.png > > > The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal. > When an EJB is called the callerPrincipal is always anonymous. > @Resource > private SessionContext ctx; > Principal callerPrincipal = ctx.getCallerPrincipal(); > Running thread here: > https://community.jboss.org/thread/240617 > Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered? -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2496) Functionality in WildFly to encrypt database passwords

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-2496?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2496: ------------------------------------- Fix Version/s: 8.0.0.Beta2 > Functionality in WildFly to encrypt database passwords > ------------------------------------------------------ > > Key: WFCORE-2496 > URL: https://issues.jboss.org/browse/WFCORE-2496 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Carlton Zachary > Assignee: Darran Lofthouse > Priority: Major > Fix For: 8.0.0.Beta2 > > > Is it possible to add functionality to WildFly to encrypt a data source password when the data source is being created? Currently WildFly/EAP stores the password as plain text in the domain.xml/standalone.xml. > Thanks -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2496) Functionality in WildFly to encrypt database passwords

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-2496?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-2496: ---------------------------------------- Assignee: Darran Lofthouse > Functionality in WildFly to encrypt database passwords > ------------------------------------------------------ > > Key: WFCORE-2496 > URL: https://issues.jboss.org/browse/WFCORE-2496 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Carlton Zachary > Assignee: Darran Lofthouse > Priority: Major > Fix For: 8.0.0.Beta2 > > > Is it possible to add functionality to WildFly to encrypt a data source password when the data source is being created? Currently WildFly/EAP stores the password as plain text in the domain.xml/standalone.xml. > Thanks -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2100) Vault.sh logging improvements

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-2100?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-2100. ------------------------------------ Resolution: Rejected Rejecting as the vault is a part of PicketBox which is now deprecated. > Vault.sh logging improvements > ----------------------------- > > Key: WFLY-2100 > URL: https://issues.jboss.org/browse/WFLY-2100 > Project: WildFly > Issue Type: Feature Request > Components: Security > Affects Versions: 8.0.0.Alpha4 > Reporter: Chris Dolphy > Assignee: Peter Skopek > Priority: Major > > Several errors with vault.sh (ineractive Vault Tool) do not display enough information to debug. > For example, "Exception occurred:PBOX000128: Unable to encrypt data". It would be nice if there was some way to see the cause of this exception either with additional logging options, a verbose option or by default. This one is caused by VaultInteraction.java only displaying the localized error message of the exception. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3114) Wildfly 10.1.0 add-user command

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-3114?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-3114. -------------------------------------- Assignee: Darran Lofthouse Resolution: Rejected This tool will be revisited at some point when we move the server to use the filesystem realm by default. > Wildfly 10.1.0 add-user command > -------------------------------- > > Key: WFCORE-3114 > URL: https://issues.jboss.org/browse/WFCORE-3114 > Project: WildFly Core > Issue Type: Bug > Components: Scripts, Security > Affects Versions: 2.2.1.Final > Environment: Windows 10 64 bit > Wildfly 10.1.0 > Reporter: Bobby Bassman > Assignee: Darran Lofthouse > Priority: Major > > If Wildfly 10 does not initially have the 'admin' user. It must be created using the 'add-user' command line. When the command ('add-user') is used, without any warning, it may update the property files belonging to a different Jboss installation, rendering that installation broken. > This is because 'add-user' relies on environment variable 'JBOSS_HOME' - which may be set to a JBoss installation other than the Wildfly installation to which the 'add-user' command applies. > It appears that 'add-user.bat' has some code to detect this scenario, but it didn't work. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3589) WildFly Elytron Tool is regressed vs 3.x

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-3589?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-3589. -------------------------------------- Resolution: Rejected We keep this up to date at the time we tag WildFly Elytron .Final > WildFly Elytron Tool is regressed vs 3.x > ---------------------------------------- > > Key: WFCORE-3589 > URL: https://issues.jboss.org/browse/WFCORE-3589 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Priority: Major > > The WildFly Elytron Tool version in the pom is 1.0.0.Final vs 1.0.5.Final in 3.x. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2365) Review custom-modifiable-realm resource in Elytron subsystem

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-2365?page=com.atlassian.jira.plugi... ] Darran Lofthouse commented on WFCORE-2365: ------------------------------------------ [~dvilkola] Not adding a fix version for this yet but we should likely cross reference anything you found about the modifiable resources with this issue. > Review custom-modifiable-realm resource in Elytron subsystem > ------------------------------------------------------------ > > Key: WFCORE-2365 > URL: https://issues.jboss.org/browse/WFCORE-2365 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Ondrej Lukas > Assignee: Diana Vilkolakova > Priority: Major > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira December 2018