[JBoss JIRA] (WFCORE-3452) If the legacy SecurityRealm references a non-existant alias in the CredentialStore a null password is assumed.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3452?page=com.atlassian.jira.plugi... ]
Darran Lofthouse reassigned WFCORE-3452:
----------------------------------------
Assignee: (was: Darran Lofthouse)
> If the legacy SecurityRealm references a non-existant alias in the CredentialStore a null password is assumed.
> --------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-3452
> URL: https://issues.jboss.org/browse/WFCORE-3452
> Project: WildFly Core
> Issue Type: Bug
> Components: Management, Security
> Affects Versions: 3.0.9.Final, 4.0.0.Alpha4
> Reporter: Darran Lofthouse
>
> We may need to double check CredentialStore references in general as a reference to non-existant alias probably should cause service start up to fail.
> {noformat}
> 18:41:45,072 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.core.management.security.realm.SimpleSSL.key-manager: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.SimpleSSL.key-manager: WFLYDM0018: Unable to start service
> at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:91)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.security.UnrecoverableKeyException: Password must not be null
> at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:132)
> at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
> at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
> at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
> at java.security.KeyStore.getKey(KeyStore.java:1023)
> at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
> at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
> at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:140)
> at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:89)
> ... 5 more
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 2 months
[JBoss JIRA] (DROOLS-2530) DMN Decision Table - wrong evaluation of parameter named "product"
by Edson Tirelli (JIRA)
[ https://issues.jboss.org/browse/DROOLS-2530?page=com.atlassian.jira.plugi... ]
Edson Tirelli updated DROOLS-2530:
----------------------------------
Sprint: 2018 Week 17-18
> DMN Decision Table - wrong evaluation of parameter named "product"
> ------------------------------------------------------------------
>
> Key: DROOLS-2530
> URL: https://issues.jboss.org/browse/DROOLS-2530
> Project: Drools
> Issue Type: Bug
> Components: dmn engine
> Affects Versions: 7.5.0.Final, 7.6.0.Final, 7.7.0.Final
> Reporter: David Le Moing
> Assignee: Fedor Gavrilov
> Priority: Critical
> Fix For: 7.8.0.Final
>
> Attachments: product_issue.dmn
>
>
> We have an input named "product" that is used in a decision table.
> We upgraded to Drools 7.7.0.Final and noticed that now, what was evaluated was not the object passed as parameter, but an object of type ProductFunction.
> The same issue is present in version 7.5.0.Final and 7.6.0.Final. It was working fine previously.
> I think the issue is coming from the method getAllValues() of EvaluationContextImpl. Maybe the stack should be reversed before iterating over it and putting the values in the map.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 2 months
[JBoss JIRA] (WFCORE-3747) Enhance credential-store description related to location and type attributes
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3747?page=com.atlassian.jira.plugi... ]
Darran Lofthouse reassigned WFCORE-3747:
----------------------------------------
Assignee: (was: Darran Lofthouse)
> Enhance credential-store description related to location and type attributes
> ----------------------------------------------------------------------------
>
> Key: WFCORE-3747
> URL: https://issues.jboss.org/browse/WFCORE-3747
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Security
> Reporter: Claudio Miranda
>
> The description for "location" and "type" for credential-store resource is displayed below.
> Following discussion of WFCORE-3458, the "location" attribute is required only when the "type" is file based, but the description doesn't says that, the description may be improved to reflect this behavior and list the possible file based types.
> When the user doesn't set the "type" attribute it defaults to "JCEKS", but there is no "default" value on resource description for "type" attribute.
> {code}
> "location" => {
> "type" => STRING,
> "description" => "File name of credential store storage.",
> "attribute-group" => "implementation",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "all-services"
> },
> "type" => {
> "type" => STRING,
> "description" => "The credential store type, e.g. KeyStoreCredentialStore.",
> "attribute-group" => "implementation",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "all-services"
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 2 months
[JBoss JIRA] (WFCORE-3767) Ability to configure each aggregated realm separately
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3767?page=com.atlassian.jira.plugi... ]
Darran Lofthouse reassigned WFCORE-3767:
----------------------------------------
Assignee: (was: Darran Lofthouse)
> Ability to configure each aggregated realm separately
> -----------------------------------------------------
>
> Key: WFCORE-3767
> URL: https://issues.jboss.org/browse/WFCORE-3767
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Security
> Reporter: Jean-Francois Denise
> Attachments: conf-extract
>
>
> The use-case is EXTERNAL + role derived from mgmt-groups.properties. To achieve this use-case a realm aggregate is needed. Each aggregated realm can't be configured with its own principal-transformer. So each realm is impacted by the transformer set on the aggregation.
> Allowing to configure each realm separately would offer the flexibility to isolate principal transformation for authorisation and not impact authentication.
> Authentication impact is quite important, an alias in the trust-store and the decoded principal must match exactly. Something that shouldn't be made mandatory in this case.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 2 months