July 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-9804) AuthenticationForwardingSFSFTestCase fails on JDK9

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-9804?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-9804: -------------------------------------- Assignee: (was: Darran Lofthouse) > AuthenticationForwardingSFSFTestCase fails on JDK9 > --------------------------------------------------- > > Key: WFLY-9804 > URL: https://issues.jboss.org/browse/WFLY-9804 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.Beta1 > Reporter: Tomaz Cerar > Labels: jdk9 > > AuthenticationForwardingSFSFTestCase test fails on JDK9 with > {noformat} > javax.naming.CommunicationException: EJBCLIENT000062: Failed to look up "/entry-ejb/EntryBeanSFSB!org.wildfly.test.manual.elytron.seccontext.Entry?stateful" [Root exception is org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available] > at org.jboss.ejb.client.EJBRootContext.lookupNative(EJBRootContext.java:160) > at org.wildfly.naming.client.AbstractContext.lookup(AbstractContext.java:84) > at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:144) > at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409) > at org.wildfly.test.manual.elytron.seccontext.SeccontextUtil.lookup(SeccontextUtil.java:177) > at org.wildfly.test.manual.elytron.seccontext.AbstractSecurityContextPropagationTestBase.lambda$getDoubleWhoAmICallable$0(AbstractSecurityContextPropagationTestBase.java:435) > at org.wildfly.common.context.Contextual.runCallable(Contextual.java:127) > at org.wildfly.test.manual.elytron.seccontext.AbstractAuthenticationForwardingTestCase.testClientOauthbearerInsufficientRolesFails(AbstractAuthenticationForwardingTestCase.java:154) > ..... > Caused by: org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available > at org.jboss.ejb.client.NamingEJBClientInterceptor.handleSessionCreation(NamingEJBClientInterceptor.java:100) > at org.jboss.ejb.client.EJBSessionCreationInvocationContext.proceed(EJBSessionCreationInvocationContext.java:70) > at org.jboss.ejb.client.TransactionInterceptor.handleSessionCreation(TransactionInterceptor.java:100) > at org.jboss.ejb.client.EJBSessionCreationInvocationContext.proceed(EJBSessionCreationInvocationContext.java:70) > at org.jboss.ejb.client.EJBClientContext.createSession(EJBClientContext.java:835) > at org.jboss.ejb.client.EJBClient.createSessionProxy(EJBClient.java:198) > at org.jboss.ejb.client.EJBRootContext.lookupNative(EJBRootContext.java:158) > ... 137 more > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8399) Upgrade jboss-negotiation to 3.0.5

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8399?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-8399: -------------------------------------- Assignee: (was: Darran Lofthouse) > Upgrade jboss-negotiation to 3.0.5 > ---------------------------------- > > Key: WFLY-8399 > URL: https://issues.jboss.org/browse/WFLY-8399 > Project: WildFly > Issue Type: Component Upgrade > Components: Security > Reporter: Tomas Hofman > Labels: legacy > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9856) [JDK9+] org.jboss.security.negotiation package is exported by two jars

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-9856?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-9856: -------------------------------------- Assignee: (was: Darran Lofthouse) > [JDK9+] org.jboss.security.negotiation package is exported by two jars > ---------------------------------------------------------------------- > > Key: WFLY-9856 > URL: https://issues.jboss.org/browse/WFLY-9856 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Tomaz Cerar > > Currently if you have > jboss-negotiation-common-3.0.4.Final.jar and jboss-negotiation-extras-3.0.4.Final.jar > on your module path, jvm complains as both jars export package org.jboss.security.negotiation package > which violates the modules contract where only one module (jar) can provide single package. > example error that jvm prints > {noformat} > Error: Modules jboss.negotiation.common and jboss.negotiation.extras export package org.jboss.security.negotiation to module wildfly.clustering.common > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3836) Add operation to read the identities of a realm

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3836?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-3836: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Add operation to read the identities of a realm > ----------------------------------------------- > > Key: WFCORE-3836 > URL: https://issues.jboss.org/browse/WFCORE-3836 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Claudio Miranda > > The following realm resources contains operations to add, read, remove identity, but there is no operation to read all or a partial list of identities of a realm. It would improve usability on HAL to list all or a partial list of identities. > The realm resources are: custom-modifiable-realm, filesystem-realm, properties-realm -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9914) Server reload breaks security context

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-9914?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-9914: -------------------------------------- Assignee: (was: Darran Lofthouse) > Server reload breaks security context > ------------------------------------- > > Key: WFLY-9914 > URL: https://issues.jboss.org/browse/WFLY-9914 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Final > Environment: Ubuntu 16.04 LTS, Oracle JDK 1.8.0_161 > Reporter: Harald Wellmann > > h3. Summary > A minimal example webapp using Soteria and DeltaSpike Security works as expected when first deployed to WildFly. > After issuing a {{reload}} command via {{jboss-cli.sh}}, the application no longer works, since no groups are associated to the caller principal. > The problem no longer occurs after a server shutdown and restart. > h3. Details > {noformat} > # Start server > $ ${JBOSS_HOME}/bin/standalone.sh > # Build and deploy demo > $ git clone https://github.com/hwellmann/security-demo.git > $ cd security-demo > $ mvn deploy > # Request protected resource > $ curl -u operator:secret http://localhost:8080/api/version > {"version":1} > # Reload server > $ ${JBOSS_HOME}/bin/jboss-cli.sh -c --command=:reload > # Issue same request, access denied > $ curl -u operator:secret http://localhost:8080/api/version > {"message":"requested access to the resource is denied"} > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10308) PolicyContext.getContext("javax.security.auth.Subject.container")

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-10308?page=com.atlassian.jira.plugin... ] Darran Lofthouse reassigned WFLY-10308: --------------------------------------- Assignee: (was: Darran Lofthouse) > PolicyContext.getContext("javax.security.auth.Subject.container") > ----------------------------------------------------------------- > > Key: WFLY-10308 > URL: https://issues.jboss.org/browse/WFLY-10308 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Lin Gao > > PolicyContext.getContext("javax.security.auth.Subject.container") returns null when using elytron to protect a web application. > This should return the authenticated subject. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3839) Cannot read-identity of filesystem-realm if change level attribute later

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3839?page=com.atlassian.jira.plugi... ] Darran Lofthouse reassigned WFCORE-3839: ---------------------------------------- Assignee: (was: Darran Lofthouse) > Cannot read-identity of filesystem-realm if change level attribute later > ------------------------------------------------------------------------ > > Key: WFCORE-3839 > URL: https://issues.jboss.org/browse/WFCORE-3839 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Claudio Miranda > > Add filesystem-realm, add a identity, then change the levels to 3, the previously added identity cannot be recovered anymore. This is due to the directory structure previously created. Perhaps, the levels attribute should be set at creation time only ? > {code} > [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=file_realm1:add(path=file_realm) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=file_realm1:add-identity(identity=user1) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=file_realm1:read-identity(identity=user1) > { > "outcome" => "success", > "result" => { > "name" => "user1", > "attributes" => undefined > } > } > [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=file_realm1:write-attribute(name=levels,value=3) > { > "outcome" => "success", > "response-headers" => { > "operation-requires-reload" => true, > "process-state" => "reload-required" > } > } > [standalone@localhost:9990 /] reload > [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=file_realm1:read-identity(identity=user1) > { > "outcome" => "failed", > "failure-description" => "WFLYELY01002: Identity with name [user1] not found.", > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9607) Remove DigestAuthenticationMechanism code duplication between Wildfly, Undertow and Elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-9607?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-9607: -------------------------------------- Assignee: (was: Darran Lofthouse) > Remove DigestAuthenticationMechanism code duplication between Wildfly, Undertow and Elytron > ------------------------------------------------------------------------------------------- > > Key: WFLY-9607 > URL: https://issues.jboss.org/browse/WFLY-9607 > Project: WildFly > Issue Type: Enhancement > Components: Security > Affects Versions: 11.0.0.Final > Reporter: Bartosz Spyrko-Śmietanko > > Digest authentication mechanism is currently implemented in 3 places - in Wildfly undertow subsystem (legacy web authentication), Undertow itself (web console authentication) and Elytron (web authentication). > Any issue found in one of those scenarios is likely to affect others requiring fixing multiple codebases - ideally there should be a single implementation. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6085) Wrong AdvancedADLdap mapping in ModulesMap

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-6085?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-6085: -------------------------------------- Assignee: (was: Darran Lofthouse) > Wrong AdvancedADLdap mapping in ModulesMap > ------------------------------------------ > > Key: WFLY-6085 > URL: https://issues.jboss.org/browse/WFLY-6085 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > > There is wrong AdvancedADLdap mapping in ModulesMap. > In ModulesMap is "AdvancedAdLdap", but in documentation is "AdvancedADLdap". > https://github.com/jbossas/jboss-eap7/blob/7.x/security/subsystem/src/mai... > https://access.stage.redhat.com/documentation/en/red-hat-jboss-enterprise... > We suggest some like this for backward compatibility: > Add one extra mapping to ModulesMap with right mapping and leave there old mapping too. Some old app can use this old wrong mapping. > {code} > put("AdvancedAdLdap", AdvancedADLoginModule.class.getName()); > put("AdvancedADLdap", AdvancedADLoginModule.class.getName()); > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5593) VaultTool does not support KeySize != 128

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-5593?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-5593: -------------------------------------- Assignee: (was: Darran Lofthouse) > VaultTool does not support KeySize != 128 > ----------------------------------------- > > Key: WFLY-5593 > URL: https://issues.jboss.org/browse/WFLY-5593 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR4 > Reporter: Andreas Weise > Priority: Minor > > Vault tool (vault.sh) returns exception PBOX00137: Security Vault does not contain SecretKey entry under alias (vault) when using a JCEKS with AES 256. > It seems only 128 Bit Key Length is supported by the Vault Tool, which is default in [org/picketbox/plugins/vault/PicketBoxSecurityVault.java|https://github.co...] > Key length could be parametrized in PicketBoxSecurityVault, but vault tool does not support this, more specifically [org/jboss/as/security/vault/VaultSession.getVaultOptionsMap()|https://git...] -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2018