February 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-3305) Advanced Elytron key-store manipulation operations

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3305?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3305: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Advanced Elytron key-store manipulation operations > -------------------------------------------------- > > Key: WFCORE-3305 > URL: https://issues.jboss.org/browse/WFCORE-3305 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Farah Juma > Assignee: Farah Juma > Fix For: 4.0.0.Beta1 > > > Analysis Document: > https://developer.jboss.org/wiki/AnalysisDesign-AdvancedElytronKey-storeM... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3255) Complex type AttributeDefinition variants don't handle ParameterCorrector properly

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3255?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3255: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Complex type AttributeDefinition variants don't handle ParameterCorrector properly > ---------------------------------------------------------------------------------- > > Key: WFCORE-3255 > URL: https://issues.jboss.org/browse/WFCORE-3255 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Affects Versions: 3.0.1.Final > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Fix For: 4.0.0.Beta1 > > > If a field in a complex attribute (i.e. one that uses Object...AttributeDefinition) has a ParameterCorrector configured, that corrector never gets called. That's because only a corrector on the top level attribute gets called. > These classes should automatically use an internal corrector that first calls any corrector configured for fields, and then, if one is present, calls any top level corrector. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3181) Review CustomCredentialSecurityFactoryTestCase

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3181?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3181: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Review CustomCredentialSecurityFactoryTestCase > ---------------------------------------------- > > Key: WFCORE-3181 > URL: https://issues.jboss.org/browse/WFCORE-3181 > Project: WildFly Core > Issue Type: Bug > Components: Security, Test Suite > Reporter: Darran Lofthouse > Fix For: 4.0.0.Beta1 > > > The test case CustomCredentialSecurityFactoryTestCase appears to be testing that the 'code does what it does' rather than testing the 'code is doing what it should'. > The test is testing a custom credential security factory can be called but the test is using HTTP Basic authentication and relying on SPNEGO authentication being triggered as this is the only mechanism that currently uses this factory. > Should a minor change be required to the SPNEGO authentication mechanism which affects when this credential factory is called this test case could subsequently fail. > If possible it would be better to convert this test to be a SPNEGO test and then test the behaviour of the credential security factory affects the mechanism as expected. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3107) Allow slave hosts to ignore missing RBAC config resources

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3107?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3107: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Allow slave hosts to ignore missing RBAC config resources > --------------------------------------------------------- > > Key: WFCORE-3107 > URL: https://issues.jboss.org/browse/WFCORE-3107 > Project: WildFly Core > Issue Type: Sub-task > Components: Domain Management > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Fix For: 4.0.0.Beta1 > > > Part of parent issue whereby slaves can ignore missing RBAC constraint resources for write requests coming from the DC. > If the DC sent the request, then the address is ok overall. So if it's missing on the slave that means the slave doesn't have that constraint registered and doesn't need to handle the op. > This fix could possibly be backported to the 2.1.x and to EAP 6.4.x in lieu of adding transformers as part of the parent issue. In the case of 2.1.x it also allows slaves to ignore the related extension even if the code for it is present (which is only a minor benefit.) -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3519) Add JASPI Module

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3519?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3519: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Add JASPI Module > ---------------- > > Key: WFCORE-3519 > URL: https://issues.jboss.org/browse/WFCORE-3519 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 4.0.0.Beta1 > > > (Copy from WildFly) -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3479) Deploying an empty deployment and adding content later fails in a composite

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3479?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3479: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Deploying an empty deployment and adding content later fails in a composite > --------------------------------------------------------------------------- > > Key: WFCORE-3479 > URL: https://issues.jboss.org/browse/WFCORE-3479 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Affects Versions: 3.0.10.Final > Reporter: Kabir Khan > Assignee: ehsavoie Hugonnet > Fix For: 4.0.0.Beta1 > > > When adding mixed domain tests for EAP 7.1.0 I could not get the MixedDomainDeployment710TestCase.testExplodedDeployment() test to work. Comparing with the core domain ExplodedDeploymentTestCase.testInstallAndExplodeDeploymentOnDCFromScratch(), they both do the following: > {code} > 1) Create an empty deployment > 2) Add some content to the deployment using input streams > 3) Add the deployment to a server group > {code} > However, they differ in that ExplodedDeploymentTestCase does this as individual steps, while MixedDomainDeployment710TestCase does this in a composite. I have a branch at https://github.com/kabir/wildfly-core/tree/WFCORE-3479 which expands ExplodedDeploymentTestCase to demonstrate the problem. > Going back to MixedDomainDeploymentTestCase, the testExplodedDeployment() test pushes the following composite to the DC: > {code} > { > "operation" => "composite", > "address" => [], > "steps" => [ > { > "operation" => "add", > "address" => [("deployment" => "test.war")], > "content" => [{"empty" => true}] > }, > { > "operation" => "add-content", > "address" => [("deployment" => "test.war")], > "content" => [ > { > "target-path" => "index.html", > "input-stream-index" => 0 > }, > { > "target-path" => "index2.html", > "input-stream-index" => 1 > } > ] > }, > { > "operation" => "add", > "address" => [ > ("server-group" => "other-server-group"), > ("deployment" => "test.war") > ], > "enabled" => true > }, > { > "operation" => "add", > "address" => [ > ("server-group" => "main-server-group"), > ("deployment" => "test.war") > ], > "enabled" => true > } > ], > "operation-headers" => { > "caller-type" => "user", > "access-mechanism" => "NATIVE", > "domain-uuid" => "b016e0a3-4175-4f40-b6b9-779fc0fd1745", > "execute-for-coordinator" => true > } > } > {code} > What ends up being pushed to the slave is: > {code} > { > "operation" => "composite", > "address" => [], > "steps" => [ > { > "operation" => "add", > "address" => [("deployment" => "test.war")], > "content" => [{ > "hash" => bytes { > 0x8f, 0x7c, 0x8c, 0x80, 0x35, 0x88, 0x36, 0x16, > 0x61, 0xfa, 0x0a, 0x10, 0x30, 0xf9, 0x13, 0x29, > 0x04, 0x05, 0x9d, 0x82 > }, > "archive" => false > }], > "operation-headers" => { > "caller-type" => "user", > "access-mechanism" => "NATIVE", > "domain-uuid" => "9f6d874e-24f8-41ec-a1d0-9c98509964fc" > }, > "runtime-name" => undefined > }, > { > "operation" => "add-content", > "address" => [("deployment" => "test.war")], > "content" => [{ > "hash" => bytes { > 0x52, 0x3a, 0x0a, 0x7b, 0x3b, 0xae, 0x1c, 0x67, > 0x22, 0x51, 0xf6, 0x34, 0xb5, 0x3b, 0xe7, 0xf9, > 0x78, 0x59, 0x91, 0x63 > }, > "target-path" => "." > }], > "operation-headers" => { > "caller-type" => "user", > "access-mechanism" => "NATIVE", > "domain-uuid" => "9f6d874e-24f8-41ec-a1d0-9c98509964fc" > }, > "path" => [ > "index.html", > "index2.html" > ] > }, > { > "operation" => "add", > "address" => [ > ("server-group" => "other-server-group"), > ("deployment" => "test.war") > ], > "enabled" => true > }, > { > "operation" => "add", > "address" => [ > ("server-group" => "main-server-group"), > ("deployment" => "test.war") > ], > "enabled" => true > } > ], > "operation-headers" => { > "caller-type" => "user", > "access-mechanism" => "NATIVE", > "domain-uuid" => "9f6d874e-24f8-41ec-a1d0-9c98509964fc", > "execute-for-coordinator" => true > } > } > {code} > The error reported by the DC is: > {code} > { > "outcome" => "failed", > "result" => { > "step-1" => { > "outcome" => "failed", > "rolled-back" => true > }, > "step-2" => { > "outcome" => "failed", > "rolled-back" => true > }, > "step-3" => { > "outcome" => "failed", > "rolled-back" => true > }, > "step-4" => { > "outcome" => "failed", > "rolled-back" => true > } > }, > "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"other-server-group" => {"host" => {"slave" => {"server-one" => {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test.war\")]' not found"}}}}}}}}, > "rolled-back" => true, > "server-groups" => {"other-server-group" => {"host" => {"slave" => {"server-one" => {"response" => { > "outcome" => "failed", > "result" => { > "step-1" => { > "outcome" => "failed", > "failure-description" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test.war\")]' not found", > "rolled-back" => true > }, > "step-2" => {"outcome" => undefined} > }, > "failure-description" => {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test.war\")]' not found"}}, > "rolled-back" => true > }}}}}} > } > {code} > Having debugged the slave process a bit, I *believe* the following is what is passed to the servers by the slave HC: > {code} > { > "operation" => "composite", > "steps" => [ > { > "operation" => "add-content", > "address" => [("deployment" => "test.war")], > "content" => [{ > "hash" => bytes { > 0x52, 0x3a, 0x0a, 0x7b, 0x3b, 0xae, 0x1c, 0x67, > 0x22, 0x51, 0xf6, 0x34, 0xb5, 0x3b, 0xe7, 0xf9, > 0x78, 0x59, 0x91, 0x63 > }, > "target-path" => "." > }], > "operation-headers" => { > "access-mechanism" => "NATIVE", > "domain-uuid" => "2bd6c01d-a844-43fc-8d10-7d6e4c32e5b1" > }, > "path" => [ > "index.html", > "index2.html" > ] > }, > { > "operation" => "add", > "address" => [("deployment" => "test.war")], > "enabled" => true, > "operation-headers" => { > "access-mechanism" => "NATIVE", > "domain-uuid" => "2bd6c01d-a844-43fc-8d10-7d6e4c32e5b1" > }, > "runtime-name" => "test.war", > "content" => [{ > "hash" => bytes { > 0x52, 0x3a, 0x0a, 0x7b, 0x3b, 0xae, 0x1c, 0x67, > 0x22, 0x51, 0xf6, 0x34, 0xb5, 0x3b, 0xe7, 0xf9, > 0x78, 0x59, 0x91, 0x63 > }, > "archive" => false > }] > } > ], > "operation-headers" => { > "access-mechanism" => "NATIVE", > "domain-uuid" => "2bd6c01d-a844-43fc-8d10-7d6e4c32e5b1" > }, > "address" => [] > } > {code} > Note that 'add-content' now comes BEFORE 'add', which would explain the "Management resource '[(\"deployment\" => \"test.war\")]' not found". -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3457) Reduce class loading of Elytron subsystem

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3457?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3457: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Reduce class loading of Elytron subsystem > ----------------------------------------- > > Key: WFCORE-3457 > URL: https://issues.jboss.org/browse/WFCORE-3457 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 4.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3424) Replace MSC listeners with stability monitors

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3424?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3424: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Replace MSC listeners with stability monitors > --------------------------------------------- > > Key: WFCORE-3424 > URL: https://issues.jboss.org/browse/WFCORE-3424 > Project: WildFly Core > Issue Type: Enhancement > Components: Server > Affects Versions: 4.0.0.Alpha2 > Reporter: Richard Opalka > Assignee: Richard Opalka > Fix For: 4.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3386) Add configuration required to support JASPIC to the Elytron subsystem

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3386?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3386: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Add configuration required to support JASPIC to the Elytron subsystem > --------------------------------------------------------------------- > > Key: WFCORE-3386 > URL: https://issues.jboss.org/browse/WFCORE-3386 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 4.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3382) Further Enhance Elytron Permission Configuration

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3382?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3382: ------------------------------------- Fix Version/s: 4.0.0.Beta1 (was: 4.0.0.Alpha9) > Further Enhance Elytron Permission Configuration > ------------------------------------------------ > > Key: WFCORE-3382 > URL: https://issues.jboss.org/browse/WFCORE-3382 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Darran Lofthouse > Fix For: 4.0.0.Beta1 > > > This has currently been simplified to a single resource for the out of the box configuration, however this brings issues as now permissions are duplicated so modifications need to be replicated instead of to a single location. > Finding a way for the default required permissions to be defined in one location could help eliminate the duplication. > We could also consider going one step further and subsystems register the default permissions that should be granted. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2018