February 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-303) Verify compatibility with RFC7617 "The 'Basic' HTTP Authentication Scheme"

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-303?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-303: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Verify compatibility with RFC7617 "The 'Basic' HTTP Authentication Scheme" > -------------------------------------------------------------------------- > > Key: ELY-303 > URL: https://issues.jboss.org/browse/ELY-303 > Project: WildFly Elytron > Issue Type: Task > Components: HTTP > Reporter: Darran Lofthouse > > This RFC has now reached the stage of being a proposed standard. > https://www.rfc-editor.org/info/rfc7617 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-252) Take into account username after failed authentication for available mechs

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-252?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-252: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Take into account username after failed authentication for available mechs > -------------------------------------------------------------------------- > > Key: ELY-252 > URL: https://issues.jboss.org/browse/ELY-252 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > > This is something we would need to be cautious about as it does risk revealing information to an attacker but after a files attempt we may have more information and be able to offer mechanisms based on this. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-432) Support setEnableSessionCreation on ServerSSLContextBuilder

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-432?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-432: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Support setEnableSessionCreation on ServerSSLContextBuilder > ----------------------------------------------------------- > > Key: ELY-432 > URL: https://issues.jboss.org/browse/ELY-432 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > > It is already possible to configure this one for XNIO and Undertow so we should add this config option to our own builder. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-121) Background initialization/pooling of SecureRandom

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-121?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-121: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Background initialization/pooling of SecureRandom > ------------------------------------------------- > > Key: ELY-121 > URL: https://issues.jboss.org/browse/ELY-121 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: David Lloyd > Priority: Minor > > Provide a facility to initialize and pool SecureRandom instances in a background thread so that when things like SSLContexts are initialized, there are ready SecureRandoms. A background daemon thread which simply feeds instances into a modestly-sized BlockingQueue is probably more than adequate. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-61) Ensure the requirements and options for each mechanism are described within the mechanism.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-61?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse updated ELY-61: -------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Ensure the requirements and options for each mechanism are described within the mechanism. > ------------------------------------------------------------------------------------------ > > Key: ELY-61 > URL: https://issues.jboss.org/browse/ELY-61 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Mechanisms > Reporter: Darran Lofthouse > > Everything from callback requirements, supported config options to System properties. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-947) Add our own syslog implementation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-947?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-947: --------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Add our own syslog implementation > --------------------------------- > > Key: ELY-947 > URL: https://issues.jboss.org/browse/ELY-947 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Audit > Reporter: Darran Lofthouse > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1444) Jdbc-realm with simple digest mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1444?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1444: ---------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Jdbc-realm with simple digest mapper > ------------------------------------ > > Key: ELY-1444 > URL: https://issues.jboss.org/browse/ELY-1444 > Project: WildFly Elytron > Issue Type: Bug > Components: Passwords > Affects Versions: 1.2.0.Beta9 > Reporter: Martin Choma > > This is inspired by ELY-1435, but in this case trying simple digest hash. > In db is stored this sha-256 password hash: 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 > I get these values by http://passwordsgenerator.net/sha256-hash-generator/ > {noformat} > 17:30:50,211 DEBUG [org.wildfly.security] (default task-3) Using UsernamePasswordAuthenticationMechanism for username authentication. Realm: [Some Realm], Username: [correctUser]. > 17:30:50,211 TRACE [org.wildfly.security] (default task-3) Handling RealmCallback: selected = [Some Realm] > 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser > 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser] > 17:30:50,215 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser > 17:30:50,301 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser > 17:30:50,306 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser > 17:30:50,324 DEBUG [org.wildfly.security] (default task-3) User correctUser authentication failed. > 17:30:50,324 TRACE [org.wildfly.security] (default task-3) Handling AuthenticationCompleteCallback: fail > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1417) Add unseen nonce count tracking support

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1417?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1417: ------------------------------------- Fix Version/s: (was: 1.3.0.CR1) Assignee: (was: Darran Lofthouse) > Add unseen nonce count tracking support > --------------------------------------- > > Key: ELY-1417 > URL: https://issues.jboss.org/browse/ELY-1417 > Project: WildFly Elytron > Issue Type: Sub-task > Reporter: Darran Lofthouse > > i.e. the ranges of missing nonce counts we have not yet seen. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1464) Programatic authentication should be caching the SecurityIdentity not the name of the identity

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1464?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1464: ------------------------------------- Fix Version/s: (was: 1.3.0.CR1) Assignee: (was: Darran Lofthouse) > Programatic authentication should be caching the SecurityIdentity not the name of the identity > ---------------------------------------------------------------------------------------------- > > Key: ELY-1464 > URL: https://issues.jboss.org/browse/ELY-1464 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Reporter: Darran Lofthouse > > By only caching the name of the identity the server authentication context -> security domain -> security realm chain is called for each subsequent request when we should have been able to re-use an existing identity. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1425) Add support for JASPIC / JSR-196

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1425?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1425: ------------------------------------- Fix Version/s: (was: 1.3.0.CR1) Assignee: (was: Darran Lofthouse) > Add support for JASPIC / JSR-196 > -------------------------------- > > Key: ELY-1425 > URL: https://issues.jboss.org/browse/ELY-1425 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > > This is an overall tracking task for changes required to WildFly Elytron to support JASPIC. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2018