February 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-22) Expand LDAP realm to support authPassword attribute (RFC3112)

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-22?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse updated ELY-22: -------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Expand LDAP realm to support authPassword attribute (RFC3112) > ------------------------------------------------------------- > > Key: ELY-22 > URL: https://issues.jboss.org/browse/ELY-22 > Project: WildFly Elytron > Issue Type: Sub-task > Reporter: Darran Lofthouse > > RFC3112 adds a new attribute 'authPassword' and can be used to store passwords in various formats. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-949) Add a mechanism to assign priorities to audit events

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-949?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-949: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Add a mechanism to assign priorities to audit events > ---------------------------------------------------- > > Key: ELY-949 > URL: https://issues.jboss.org/browse/ELY-949 > Project: WildFly Elytron > Issue Type: Task > Components: Audit > Reporter: Darran Lofthouse > > We probably want something like MatchRule but also need to think about how it will be configured. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-430) Add HostnameVerifier implementation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-430?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-430: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Add HostnameVerifier implementation > ----------------------------------- > > Key: ELY-430 > URL: https://issues.jboss.org/browse/ELY-430 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > > We should at the very least have a sensible default implementation checking the certificate against the host name. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-889) Add a filtering RoleMapper implementation.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-889?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-889: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Add a filtering RoleMapper implementation. > ------------------------------------------ > > Key: ELY-889 > URL: https://issues.jboss.org/browse/ELY-889 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > > The RoleMapper APIs are built around querying one role at a time, however at times it may be desirable to obtain a set of roles an identity is a member of. > To avoid iterating every role which depending on the configuration could be thousands backed by a remote store we should have a FilteringRoleMapper implementation that will allow any checks and iteration of the roles to be restricted to a finite set of acceptable roles. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-969) Add a KeyStore implementation that can use the key store password for retrieving entries.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-969?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-969: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Add a KeyStore implementation that can use the key store password for retrieving entries. > ----------------------------------------------------------------------------------------- > > Key: ELY-969 > URL: https://issues.jboss.org/browse/ELY-969 > Project: WildFly Elytron > Issue Type: Feature Request > Components: KeyStores > Reporter: Darran Lofthouse > > A KeyManager which uses a KeyStore is defined independently of the KeyStore - it is the KeyManager that has the password for the entry in the KeyStore whilst the KeyStore has the password for the overall store. > In many cases the password used for the overall store is the same password as used for the entries. > We should provide a KeyStore implementation that can substitute the password received. > We may even be able to go one step further and add a password resolver which could mean a CredentialStore is used to obtain the password for different entries, -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-613) Some nested classes should be considered to be static nested in Elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-613?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-613: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Some nested classes should be considered to be static nested in Elytron > ----------------------------------------------------------------------- > > Key: ELY-613 > URL: https://issues.jboss.org/browse/ELY-613 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Labels: static_analysis > > There are some inner classes in Elytron which should be considered to be static nested to avoid dependency on their outer class. Following nested classes should be considered: > * LoadedIdentity and Identity from org.wildfly.security.auth.realm.FileSystemSecurityRealm > * DecoderState from org.wildfly.security.asn1.DERDecoder > * AccountEntry from org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealm > * JaasAuthorizationIdentity and DefaultCallbackHandler from org.wildfly.security.auth.realm.JaasSecurityRealm > * LoadKey from org.wildfly.security.keystore.AtomicLoadKeyStore -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1360) Review FileSystemRealm XML Types

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1360?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1360: ---------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Review FileSystemRealm XML Types > -------------------------------- > > Key: ELY-1360 > URL: https://issues.jboss.org/browse/ELY-1360 > Project: WildFly Elytron > Issue Type: Task > Components: Realms > Reporter: Darran Lofthouse > > Ideally if we can achieve a type system that allows older clients to still make use of the entry for an identity even if some aspects of the later config it does not understand. > The filesystem realm is complicated further in that the older version may wish to make updates so we would also need to consider some form of generically persisting the XML not understood but at the same time we don't know if the portion not understood relates to the current update. The later version may also need to compensate for this in some way. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1437) Elytron kerberos with ipv6 does not work

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1437?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1437: ---------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Elytron kerberos with ipv6 does not work > ---------------------------------------- > > Key: ELY-1437 > URL: https://issues.jboss.org/browse/ELY-1437 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Reporter: Martin Choma > > If I bind server to IPv6 address, I can't make work Elytron and Kerberos. > {noformat} > 11:09:55,965 TRACE [org.wildfly.security] (default task-9) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@12b328e7] for mechanism [SPNEGO] > 11:09:55,965 TRACE [org.wildfly.security] (default task-9) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='[fe80::eab1:fcff:fe3b:f25e]' protocol='http' > 11:09:55,965 TRACE [org.wildfly.security] (default task-9) Using HttpScope 'SESSION' with ID 'zGaDviaIZTl6mq2Mkbs5Mx3SHhdl8y21TqQv1Xpb' > 11:09:55,966 TRACE [org.wildfly.security] (default task-9) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = null > 11:09:55,966 TRACE [org.wildfly.security] (default task-9) Evaluating SPNEGO request: cached GSSContext = sun.security.jgss.GSSContextImpl@5a8c982c > 11:09:55,967 TRACE [org.wildfly.security] (default task-9) Sent HTTP authorizations: [[Negotiate oRcwFaADCgEBog4EDEFob2osIHN2ZXRlIQ==]] > 11:09:55,967 TRACE [org.wildfly.security] (default task-9) Processing incoming response to a challenge... > 11:09:55,967 TRACE [org.wildfly.security] (default task-9) Caching GSSContext sun.security.jgss.GSSContextImpl@5a8c982c > 11:09:55,967 TRACE [org.wildfly.security] (default task-9) Caching KerberosTicket null > 11:09:55,967 TRACE [org.wildfly.security] (default task-9) Call to acceptSecContext failed.: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag) > at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:306) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) > at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:630) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.lambda$evaluateRequest$2(SpnegoAuthenticationMechanism.java:215) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:215) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1467) Support for RFC8053 Optional-WWW-Authenticate

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1467?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1467: ------------------------------------- Fix Version/s: (was: 1.3.0.CR1) Assignee: (was: Darran Lofthouse) > Support for RFC8053 Optional-WWW-Authenticate > --------------------------------------------- > > Key: ELY-1467 > URL: https://issues.jboss.org/browse/ELY-1467 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > > https://tools.ietf.org/html/rfc8053 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-489) Add JavaDoc for the 'org.wildfly.security.mechanism' package and sub packages.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-489?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-489: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Add JavaDoc for the 'org.wildfly.security.mechanism' package and sub packages. > ------------------------------------------------------------------------------ > > Key: ELY-489 > URL: https://issues.jboss.org/browse/ELY-489 > Project: WildFly Elytron > Issue Type: Enhancement > Reporter: Darran Lofthouse > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2018