[JBoss JIRA] (WFCORE-3947) Support SSL Certificate revocation using OCSP
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-3947?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-3947:
-------------------------------------
Issue Type: Feature Request (was: Task)
> Support SSL Certificate revocation using OCSP
> ---------------------------------------------
>
> Key: WFCORE-3947
> URL: https://issues.jboss.org/browse/WFCORE-3947
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Security
> Affects Versions: 6.0.0.Alpha2
> Reporter: Jan Kalina
> Assignee: Martin Mazanek
> Priority: Critical
> Fix For: 8.0.0.Beta6
>
>
> - Provide undertow's client certificate revocation capability when undertow is used as a load balancer using OCSP.
> (CRL capability is provided in the earlier release as part of Elytron SSL Consolidation effort that this JIRA is cloned from)
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFCORE-2930) Support a socket-binding-group as a child of profile
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-2930?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-2930:
-------------------------------------
Priority: Major (was: Critical)
Dropping to major as complex custom domain mode provisioning is not one of the current targets for what we're doing with Galleon.
> Support a socket-binding-group as a child of profile
> ----------------------------------------------------
>
> Key: WFCORE-2930
> URL: https://issues.jboss.org/browse/WFCORE-2930
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Management
> Reporter: Brian Stansberry
> Priority: Major
>
> Allow a single socket-binding-group resource as a child of profile, such that resolution of bindings from the subsystems are limited to the s-b-g associated with the profile.
> A server-group that uses such a profile cannot reference a socket-binding-group. And a server in that server-group cannot reference an s-b-g to override the one from the server-group/profile.
> I'm not sure how the s-b-g resource will work. Perhaps the resource would go away under 'profile' with the bindings direct children of profile. The 'default-interface' attribute then becomes an attribute of profile. Or perhaps there will be an s-b-g resource, but with a fixed name that's the same as the profile. Currently I think the latter.
> This will be necessary for resolution of config elements using the upcoming provisioning tool. The tool will not be able to do correct "feature" resolution using the complex rules we currently support.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFLY-10803) WildFly Single Sign On Documentation
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFLY-10803?page=com.atlassian.jira.plugin... ]
Brian Stansberry updated WFLY-10803:
------------------------------------
Fix Version/s: 16.0.0.CR1
(was: 16.0.0.Beta1)
> WildFly Single Sign On Documentation
> ------------------------------------
>
> Key: WFLY-10803
> URL: https://issues.jboss.org/browse/WFLY-10803
> Project: WildFly
> Issue Type: Task
> Components: Documentation, Security
> Environment: *
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 16.0.0.CR1
>
>
> Presently there are a lot of options for single sign on that can be used with the application server, it could be useful to pull all of these into a single document.
> * WildFly Clustering SSO
> * Kerberos
> * SAML
> * KeyCloak
> * OpenID Connect
> For anyone tasked with implementing "SSO" this should give enough information to select between the available options.
> From that point we should document how to implement each of these options possibly with further sub options identified.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFLY-10785) ConcurrentModificationException at AuthenticationForwardingSFSLTestCase
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFLY-10785?page=com.atlassian.jira.plugin... ]
Brian Stansberry updated WFLY-10785:
------------------------------------
Fix Version/s: 16.0.0.CR1
(was: 16.0.0.Beta1)
> ConcurrentModificationException at AuthenticationForwardingSFSLTestCase
> -----------------------------------------------------------------------
>
> Key: WFLY-10785
> URL: https://issues.jboss.org/browse/WFLY-10785
> Project: WildFly
> Issue Type: Bug
> Components: EJB
> Reporter: Richard Opalka
> Priority: Major
> Fix For: 16.0.0.CR1
>
>
> [INFO] Running org.wildfly.test.manual.elytron.seccontext.AuthenticationForwardingSFSLTestCase
> ^[[5~[ERROR] Tests run: 14, Failures: 0, Errors: 1, Skipped: 1, Time elapsed: 26.76 s <<< FAILURE! - in org.wildfly.test.manual.elytron.seccontext.AuthenticationForwardingSFSLTestCase
> [ERROR] testServer2ExceptionFromForwardedAuthn(org.wildfly.test.manual.elytron.seccontext.AuthenticationForwardingSFSLTestCase) Time elapsed: 0.669 s <<< ERROR!
> java.util.ConcurrentModificationException
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:592)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
> at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:594)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
> at org.jboss.ejb.client.TransactionPostDiscoveryInterceptor.handleInvocationResult(TransactionPostDiscoveryInterceptor.java:133)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:594)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
> at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:114)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:594)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
> at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:78)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:594)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
> at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:172)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:594)
> at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
> at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:938)
> at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:177)
> at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:112)
> at com.sun.proxy.$Proxy31.whoAmIAndServer2Exception(Unknown Source)
> at org.wildfly.test.manual.elytron.seccontext.AbstractSecurityContextPropagationTestBase.lambda$getWhoAmIAndServer2ExceptionCallable$2(AbstractSecurityContextPropagationTestBase.java:492)
> at org.wildfly.common.context.Contextual.runCallable(Contextual.java:127)
> at org.wildfly.test.manual.elytron.seccontext.AbstractAuthenticationForwardingTestCase.testServer2ExceptionFromForwardedAuthn(AbstractAuthenticationForwardingTestCase.java:359)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
> at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
> at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
> at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:379)
> at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
> at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
> at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
> at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136)
> at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:372)
> at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:246)
> at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
> at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
> at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:260)
> at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:324)
> at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:99)
> at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:72)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:124)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
> at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159)
> at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:317)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
> at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:205)
> at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
> at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
> at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:219)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
> at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:167)
> at org.junit.runners.Suite.runChild(Suite.java:128)
> at org.junit.runners.Suite.runChild(Suite.java:27)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
> at org.apache.maven.surefire.junitcore.JUnitCore.run(JUnitCore.java:55)
> at org.apache.maven.surefire.junitcore.JUnitCoreWrapper.createRequestAndRun(JUnitCoreWrapper.java:137)
> at org.apache.maven.surefire.junitcore.JUnitCoreWrapper.executeEager(JUnitCoreWrapper.java:107)
> at org.apache.maven.surefire.junitcore.JUnitCoreWrapper.execute(JUnitCoreWrapper.java:83)
> at org.apache.maven.surefire.junitcore.JUnitCoreWrapper.execute(JUnitCoreWrapper.java:75)
> at org.apache.maven.surefire.junitcore.JUnitCoreProvider.invoke(JUnitCoreProvider.java:158)
> at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:383)
> at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:344)
> at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:125)
> at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:417)
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFLY-10404) Review/revise 2lc caching design
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFLY-10404?page=com.atlassian.jira.plugin... ]
Brian Stansberry updated WFLY-10404:
------------------------------------
Fix Version/s: 16.0.0.CR1
(was: 16.0.0.Beta1)
> Review/revise 2lc caching design
> --------------------------------
>
> Key: WFLY-10404
> URL: https://issues.jboss.org/browse/WFLY-10404
> Project: WildFly
> Issue Type: Feature Request
> Components: Clustering, JPA / Hibernate
> Affects Versions: 13.0.0.Beta1
> Reporter: Scott Marlow
> Assignee: Paul Ferraro
> Priority: Major
> Fix For: 16.0.0.CR1
>
>
> Review cache isolation, cache region factories, override ISPN default behavior to handle more efficient names, updates to infinispan-hibernate-cache-spi, app configuration choices for choosing different strategies.
> * Avoid the ByteString byte length limitation of 255 ([https://github.com/infinispan/infinispan/commit/046517fc0829bb0a1768169e5...]) in region name prefix + region name as cache key. Also see [https://issues.jboss.org/browse/ISPN-9206].
> * Enhance the org.jboss.as.jpa.hibernate5.service.WildFlyCustomRegionFactoryInitiator to improve caching for:
> ** container managed persistence units
> ** non-container-managed persistence unit (e.g. native Hibernate or app calls into javax.persistence.Persistence.createEntityManagerFactory())
> ** WildFlyCustomRegionFactoryInitiator cannot start an Infinispan cache by default, should we offer an API/SPI that Spring could implement for specifying the cache (service) to be used for a particular persistence unit? The application could specify the custom API/SPI implementation class via a persistence unit property.
> *** Currently, Hibernate defaults the 2lc on but that fails when the Infinispan cache is not automatically started, so WildFlyCustomRegionFactoryInitiator defaults caching off.
> *** If this is not possible, then keep the current WildFlyCustomRegionFactoryInitiator logic to default Hibernate caching off, unless the app requests caching via configuration settings.
>
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFLY-1598) Out of the box SSL - or shortly after.
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFLY-1598?page=com.atlassian.jira.plugin.... ]
Brian Stansberry updated WFLY-1598:
-----------------------------------
Fix Version/s: 16.0.0.CR1
(was: 16.0.0.Beta1)
> Out of the box SSL - or shortly after.
> --------------------------------------
>
> Key: WFLY-1598
> URL: https://issues.jboss.org/browse/WFLY-1598
> Project: WildFly
> Issue Type: Sub-task
> Components: Management, Security
> Reporter: Darran Lofthouse
> Assignee: Farah Juma
> Priority: Critical
> Labels: management_security,, management_sso
> Fix For: 16.0.0.CR1
>
>
> There are various reasons that we do not support SSL/TLS out of the box e.g.
> - If we ship a default keystore then everyone has access to the private key.
> - Generating one on first boot we do not have sufficient information to generate it correctly, also the performance overhead.
> This issue is to explorer other options to encourage their use and make it easier to configure.
> As an example could the admin console detect a non encrypted connection and have an box that encourages the config along with a wizard like workflow to get it set up?
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFLY-11214) Periodic recovery does not recover XAResource after jvm crash when agroal subsystem is used
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFLY-11214?page=com.atlassian.jira.plugin... ]
Brian Stansberry updated WFLY-11214:
------------------------------------
Fix Version/s: 16.0.0.CR1
(was: 16.0.0.Beta1)
> Periodic recovery does not recover XAResource after jvm crash when agroal subsystem is used
> -------------------------------------------------------------------------------------------
>
> Key: WFLY-11214
> URL: https://issues.jboss.org/browse/WFLY-11214
> Project: WildFly
> Issue Type: Bug
> Components: Agroal, Transactions
> Reporter: Ivan Straka
> Assignee: Luis Barreiro
> Priority: Critical
> Fix For: 16.0.0.CR1
>
> Attachments: JPACrashRecoveryTestCase_commitHaltSecond_jta_server.log, JPACrashRecoveryTestCase_commitHaltSecond_jts_server.log
>
>
> Scenario:
> Halts server at commit phase ...
> # enlist TestXA resource
> # enlist XA resource
> # prepare TestXA resource
> # prepare XA resource
> # commit Test XA resource
> # JVM crash
> # recovery started
> # commit XA resource
> Periodic recovery does not recover xa resource. It looks like agroal subsystem does not register xa resource to xa recovery module.
> Test outcome:
> {code:java}
> Running org.jboss.as.test.jbossts.crashrec.test.JPACrashRecoveryTestCase
> Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 109.002 sec <<< FAILURE! - in org.jboss.as.test.jbossts.crashrec.test.JPACrashRecoveryTestCase
> commitHaltSecond(org.jboss.as.test.jbossts.crashrec.test.JPACrashRecoveryTestCase) Time elapsed: 102.976 sec <<< FAILURE!
> java.lang.AssertionError: Incorrect data in database after crash recovery. expected:<2> but was:<1>
> at org.junit.Assert.fail(Assert.java:88)
> at org.junit.Assert.failNotEquals(Assert.java:834)
> at org.junit.Assert.assertEquals(Assert.java:645)
> at org.jboss.as.test.jbossts.crashrec.test.JPABaseCrashRecoveryTestCase.checkAfterTestExecution(JPABaseCrashRecoveryTestCase.java:150)
> at org.jboss.as.test.jbossts.crashrec.test.TestBaseCrashRecovery.commitHaltTest(TestBaseCrashRecovery.java:485)
> at org.jboss.as.test.jbossts.crashrec.test.TestBaseCrashRecovery.commitHaltSecond(TestBaseCrashRecovery.java:418)
> at org.jboss.as.test.jbossts.crashrec.test.JPACrashRecoveryTestCase.commitHaltSecond(JPACrashRecoveryTestCase.java:76)
> {code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFLY-11101) Add CredentialStore documentation
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFLY-11101?page=com.atlassian.jira.plugin... ]
Brian Stansberry updated WFLY-11101:
------------------------------------
Fix Version/s: 16.0.0.CR1
(was: 16.0.0.Beta1)
> Add CredentialStore documentation
> ---------------------------------
>
> Key: WFLY-11101
> URL: https://issues.jboss.org/browse/WFLY-11101
> Project: WildFly
> Issue Type: Task
> Components: Documentation, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 16.0.0.CR1
>
>
> The CredentialStore is a significant component within WildFly Elytron, however it is not really covered in the documentation.
> We have a couple of different approaches to creating the store, we then have referencing the store. Finally we have custom implementations.
> New features are also being developed so really we need a source of documentation to add descriptions of the new features to.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months
[JBoss JIRA] (WFLY-11073) Support hex encoding in jdbc-realm for elytron
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFLY-11073?page=com.atlassian.jira.plugin... ]
Brian Stansberry updated WFLY-11073:
------------------------------------
Fix Version/s: 16.0.0.CR1
(was: 16.0.0.Beta1)
> Support hex encoding in jdbc-realm for elytron
> ----------------------------------------------
>
> Key: WFLY-11073
> URL: https://issues.jboss.org/browse/WFLY-11073
> Project: WildFly
> Issue Type: Feature Request
> Components: Documentation, Security
> Reporter: Jan Kalina
> Assignee: Darran Lofthouse
> Priority: Major
> Labels: elytron
> Fix For: 16.0.0.CR1
>
>
> Old database login-module can be configured passing the attribute {{hashEncoding}}, for example:
> {code:xml}
> <login-module code="Database" flag="required">
> <module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS"/>
> <module-option name="principalsQuery" value="SELECT password FROM User WHERE username = ?"/>
> <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM User WHERE username = ?"/>
> <module-option name="hashAlgorithm" value="SHA-1"/>
> <module-option name="hashEncoding" value="hex"/>
> <module-option name="hashCharset" value="UTF-8"/>
> </login-module>
> {code}
> Currently jdbc-realm in elytron only uses base64 encoding if hash is stored in a text column. This way the migration is more complicated cos the password hash is not valid changing from old security system to elytron.
> Think also about the charset attribute.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 7 months