February 2018 - jboss-jira - Jboss List Archives

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-97?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse updated ELY-97: -------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Realm Readniess > --------------- > > Key: ELY-97 > URL: https://issues.jboss.org/browse/ELY-97 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI > Reporter: Darran Lofthouse > > Needs some discussion first but this is along the lines of the following: - > 1 - Within WildFly where we currently have realms we have an ability to query them to check they are ready to handle requests - this is mainly used for out of the box where we can display an error page describing to the user additional steps they need to perform. > 2 - Realms are essentially the interface to back end stores of user information, most likely being remote with no guarantee that they are always available, from an Elytron perspective this adds an additional two options: - > i. Alter offered realms also taking into account availability, information disclosure risk but worth considering. > ii. Security status panels within admin console, view at a glance what is available and what is not allowing administrator to take action. We also have notification support - a candidate for a notification. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-88) Command line utilities

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-88?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse updated ELY-88: -------------------------------- Fix Version/s: (was: 1.3.0.CR1) > Command line utilities > ---------------------- > > Key: ELY-88 > URL: https://issues.jboss.org/browse/ELY-88 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: David Lloyd > > We should provide easy-to-use command line tools from the Elytron JAR as a main class that provide useful functions to users like: > * Creating password hashes > * Creating certificates and certificate requests > * Creating key pairs of various types > * Managing key stores (everything keytool does) > * Get the library version -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-170) Transition the still useful parts of JBoss Negotiation into Elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-170?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-170: --------------------------------- Fix Version/s: (was: 1.2.0.Beta12) > Transition the still useful parts of JBoss Negotiation into Elytron > ------------------------------------------------------------------- > > Key: ELY-170 > URL: https://issues.jboss.org/browse/ELY-170 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > > Generally JBoss Negotiation should be obsolete, however some portions may be useful to be included in Elytron e.g. the SPNEGO parsing so that we can display some meaningful diagnostics. > By the time we reach the end of WildFly 10 nothing should require a direct dependency on JBoss Negotiation and really it should be removed from the application server distribution. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1436) Log jdbc-realm key-mapper processing

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1436?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1436: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Log jdbc-realm key-mapper processing > ------------------------------------ > > Key: ELY-1436 > URL: https://issues.jboss.org/browse/ELY-1436 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Martin Choma > Assignee: Ilia Vassilev > Fix For: 1.2.0.Beta14 > > > User reported problem with getting work jdbc_realm with bcrypt mapper. He had configured org.wildfly.security to log TRACE messages, but log does not provide any useful information regarding mapping password from DB. > In this case seems problem was in mixing base64 vs. modular crypt format. > Looking into PasswordKeyMapper there is a lot of logic and lot of steps which can get wrong. So logging some TRACE messages can hint user what is going on and what went wrong. > Also I have noticed there is unhandled exception. Please at least log some TRACE message. > {code:java|title=PasswordKeyMapper.java} > } catch (InvalidKeySpecException e) { > // fall out (unlikely but possible) > } > {code} > [1] https://developer.jboss.org/message/977727 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1425) Add support for JASPIC / JSR-196

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1425?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1425: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Add support for JASPIC / JSR-196 > -------------------------------- > > Key: ELY-1425 > URL: https://issues.jboss.org/browse/ELY-1425 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > This is an overall tracking task for changes required to WildFly Elytron to support JASPIC. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1409) Update HTTP authentication mechanism API to support re-use of response handlers

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1409?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1409: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Update HTTP authentication mechanism API to support re-use of response handlers > ------------------------------------------------------------------------------- > > Key: ELY-1409 > URL: https://issues.jboss.org/browse/ELY-1409 > Project: WildFly Elytron > Issue Type: Task > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > At the moment the response handler can only access the response, it can not access anything from the request unless created with access to the request. > Making the scopes available should allow for state to be transferred on the request scope. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1405) The password attribute of resource owner credentials should support a credential store reference

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1405?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1405: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > The password attribute of resource owner credentials should support a credential store reference > ------------------------------------------------------------------------------------------------ > > Key: ELY-1405 > URL: https://issues.jboss.org/browse/ELY-1405 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Martin Mazanek > Fix For: 1.2.0.Beta14 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1475) Empty username for FormAuthenticationMechanism causes IllegalArgumentException

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1475?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1475: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Empty username for FormAuthenticationMechanism causes IllegalArgumentException > ------------------------------------------------------------------------------ > > Key: ELY-1475 > URL: https://issues.jboss.org/browse/ELY-1475 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.2.0.Beta11 > Reporter: Ondrej Lukas > Assignee: Ilia Vassilev > Fix For: 1.2.0.Beta14 > > > In case when empty username is passed to FormAuthenticationMechanism.attemptAuthentication then IllegalArgumentException is thrown from constructor of NameCallback. This happens in cases when form is sent with empty value for j_username. > See exception: > {code} > ERROR [io.undertow.request] (default task-18) UT005023: Exception handling request to /depForm/j_security_check: java.lang.IllegalArgumentException > at javax.security.auth.callback.NameCallback.<init>(NameCallback.java:90) > at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authenticate(UsernamePasswordAuthenticationMechanism.java:60) > at org.wildfly.security.http.impl.FormAuthenticationMechanism.attemptAuthentication(FormAuthenticationMechanism.java:172) > at org.wildfly.security.http.impl.FormAuthenticationMechanism.evaluateRequest(FormAuthenticationMechanism.java:106) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > {code} > It seems that [1] should also check {{username.length() == 0}}. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/32ff7c17965b3eca... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1464) Programatic authentication should be caching the SecurityIdentity not the name of the identity

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1464?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1464: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Programatic authentication should be caching the SecurityIdentity not the name of the identity > ---------------------------------------------------------------------------------------------- > > Key: ELY-1464 > URL: https://issues.jboss.org/browse/ELY-1464 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > By only caching the name of the identity the server authentication context -> security domain -> security realm chain is called for each subsequent request when we should have been able to re-use an existing identity. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1467) Support for RFC8053 Optional-WWW-Authenticate

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1467?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1467: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Support for RFC8053 Optional-WWW-Authenticate > --------------------------------------------- > > Key: ELY-1467 > URL: https://issues.jboss.org/browse/ELY-1467 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > https://tools.ietf.org/html/rfc8053 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2018