February 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1466) Add configuration option to BASIC mechanism to switch off challenging

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1466?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1466: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Add configuration option to BASIC mechanism to switch off challenging > --------------------------------------------------------------------- > > Key: ELY-1466 > URL: https://issues.jboss.org/browse/ELY-1466 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > This may be desirable where paired with FORM auth so users can use FORM auth and other clients use BASIC. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1455) DB query seen for each request using programatic authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1455: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > DB query seen for each request using programatic authentication > ---------------------------------------------------------------- > > Key: ELY-1455 > URL: https://issues.jboss.org/browse/ELY-1455 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Mechanisms > Affects Versions: 1.2.0.Beta10 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.2.0.Beta14 > > Attachments: elytron-bug.zip, server.log, standalone-full-ha.xml > > > User is complaining, that DB is accessed on each request. > Jdbc-realm + FORM authentication > {noformat} > <jdbc-realm name="myappRealm"> > <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds"> > <attribute-mapping> > <attribute to="Roles" index="1"/> > </attribute-mapping> > <simple-digest-mapper password-index="2"/> > </principal-query> > </jdbc-realm> > {noformat} > {noformat} > 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com] > 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto(a)myapp.com. > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator] > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed > 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com] > 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com > 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto(a)myapp.com. > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator] > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed > 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator] > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1444) Jdbc-realm with simple digest mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1444?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1444: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > Jdbc-realm with simple digest mapper > ------------------------------------ > > Key: ELY-1444 > URL: https://issues.jboss.org/browse/ELY-1444 > Project: WildFly Elytron > Issue Type: Bug > Components: Passwords > Affects Versions: 1.2.0.Beta9 > Reporter: Martin Choma > Fix For: 1.2.0.Beta14 > > > This is inspired by ELY-1435, but in this case trying simple digest hash. > In db is stored this sha-256 password hash: 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 > I get these values by http://passwordsgenerator.net/sha256-hash-generator/ > {noformat} > 17:30:50,211 DEBUG [org.wildfly.security] (default task-3) Using UsernamePasswordAuthenticationMechanism for username authentication. Realm: [Some Realm], Username: [correctUser]. > 17:30:50,211 TRACE [org.wildfly.security] (default task-3) Handling RealmCallback: selected = [Some Realm] > 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser > 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser] > 17:30:50,215 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser > 17:30:50,301 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser > 17:30:50,306 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser > 17:30:50,324 DEBUG [org.wildfly.security] (default task-3) User correctUser authentication failed. > 17:30:50,324 TRACE [org.wildfly.security] (default task-3) Handling AuthenticationCompleteCallback: fail > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1440) FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1440?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1440: ---------------------------------- Fix Version/s: 1.2.0.Beta14 (was: 1.2.0.Beta13) > FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself. > ---------------------------------------------------------------------------------------------- > > Key: ELY-1440 > URL: https://issues.jboss.org/browse/ELY-1440 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > This API was introduced to cover the case where authentication happens late in a request, generally that is quite a rare event. > Even though the API may be popular it would likely happen once for a session and all future requests for that session the identity would be known in advance. > At the moment by not running as the existing identity we are loosing all automatic identity outflow opportunities as calls pass from the servlet container to the EJB container. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1512) Set the previous serialVersionUID on org.wildfly.security.password.interfaces.DigestPassword

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1512?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1512. ----------------------------------- Resolution: Rejected False compatibility issue, as an interface it doesn't need the serialVersionUID > Set the previous serialVersionUID on org.wildfly.security.password.interfaces.DigestPassword > -------------------------------------------------------------------------------------------- > > Key: ELY-1512 > URL: https://issues.jboss.org/browse/ELY-1512 > Project: WildFly Elytron > Issue Type: Task > Components: Passwords > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > The only change to this interface is an additional constant. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1514) Release WildFly Elytron 1.2.0.Final

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1514?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1514. ----------------------------------- Resolution: Done > Release WildFly Elytron 1.2.0.Final > ----------------------------------- > > Key: ELY-1514 > URL: https://issues.jboss.org/browse/ELY-1514 > Project: WildFly Elytron > Issue Type: Release > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1489) FormAuthenticationMechanism should only create a session if an identity is being stored

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1489?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1489. ----------------------------------- Resolution: Done > FormAuthenticationMechanism should only create a session if an identity is being stored > --------------------------------------------------------------------------------------- > > Key: ELY-1489 > URL: https://issues.jboss.org/browse/ELY-1489 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > We don't need this internal method to contain the boolean argument: - > {code} > private IdentityCache createIdentityCache(HttpServerRequest request, boolean createSession) { > {code} > A subsequent call to put is sufficient for us to know a session is needed, an all other cases don't create the session. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-405) Add a KeyStore implementation backed by LDAP

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-405?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-405: --------------------------------- Fix Version/s: 1.1.0.Beta8 (was: 2.0.0.Alpha1) > Add a KeyStore implementation backed by LDAP > -------------------------------------------- > > Key: ELY-405 > URL: https://issues.jboss.org/browse/ELY-405 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > Assignee: Jan Kalina > Fix For: 1.1.0.Beta8 > > > It is possible for private keys, public keys and certificates to all be stored in LDAP - this task is to create a Java KeyStore implementation that can work with this. > LDAP most likely will take a reasonable amount of configuration so it may not be possible to be purely provider based and instead this type of KeyStore may need to be manually configured and instantiated. > Properties could be passed in using the InputStream to initialise the KeyStore but that doesn't help where we may want to pass in factories for connecting to a remote LDAP server. > In addition to the usual keys and certificates the entry types as used for CredentialStore should also be considered. > The implementation should also support manipulation of the entries - in this case this may mean immediate updates to the directory. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1398) Verify public API signatures during build.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1398?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1398: ---------------------------------- Fix Version/s: 1.2.0.Beta13 (was: 2.0.0.Alpha1) > Verify public API signatures during build. > ------------------------------------------ > > Key: ELY-1398 > URL: https://issues.jboss.org/browse/ELY-1398 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Build > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta13 > > > This task will involve adding the ability to generate a signature for a specific version and verify them during the build - we only want this to apply to packages identified as public API. > Animal Sniffer seems a good candidate http://www.mojohaus.org/animal-sniffer/ > Generation of a signature we can likely make on-demand as we only really need that at the point we tag a release. > We would definitely want checking to run for CI PR processing but can decide if all builds should be checking with an option to disable or all disabled with an option to enable. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-1398) Verify public API signatures during build.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1398?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1398: ------------------------------------- Assignee: Martin Choma > Verify public API signatures during build. > ------------------------------------------ > > Key: ELY-1398 > URL: https://issues.jboss.org/browse/ELY-1398 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Build > Reporter: Darran Lofthouse > Assignee: Martin Choma > Fix For: 1.2.0.Beta13 > > > This task will involve adding the ability to generate a signature for a specific version and verify them during the build - we only want this to apply to packages identified as public API. > Animal Sniffer seems a good candidate http://www.mojohaus.org/animal-sniffer/ > Generation of a signature we can likely make on-demand as we only really need that at the point we tag a release. > We would definitely want checking to run for CI PR processing but can decide if all builds should be checking with an option to disable or all disabled with an option to enable. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2018