[JBoss JIRA] (ELY-1822) security domain with multiple realms
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/ELY-1822?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse commented on ELY-1822:
---------------------------------------
This looks like something that would be be a better topic in the user forums, we tend to use jira one we have reached a bug that requires working on or a request for a new feature.
As you have two mechanisms each using a specific realm the piece I believe that is missing is that in each mechanism-configuration you also need to reference a realm-mapper that references a constant-realm-mapper to select the appropriate realm for that mechanism.
As you can see the configuration gets quite verbose at this point so this issue could remain for us to look into that. For situations like this where a 1:1 mapping is highly likely i.e. Mechanism:Realm it would make more sense if we add an attribute here that allows the realm to specified without an intermediate realm mapper. Internally our architecture would use a realm mapper but as a user you shouldn't be forced to need to see that.
> security domain with multiple realms
> -------------------------------------
>
> Key: ELY-1822
> URL: https://issues.jboss.org/browse/ELY-1822
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Server
> Affects Versions: 1.8.0.Final
> Environment: windows mssql
> Reporter: Christopher Willems
> Priority: Major
> Attachments: D95_J00_VM-DEV95-LS01, D95_J00_VM-DEV95-LS01.1, D95_J00_VM-DEV95-LS01.2, D95_SCS01_VM-DEV95-LS01, DEFAULT.PFL, HistorianMIIActionBlock - Shortcut.lnk, HistorianMIIActionBlock.zip, MaterialLotServicesMII.java, MovilitasFileHandling.zip, config-jwt-elytron.cli, config-jwtnw-elytron.cli, config-jwtnw-elytron.cli.txt, defaultTrace_00.8, defaultTrace_00.8.trc, defaultTracehana.txt, demofile.txt, editingactivitieswithnestedactivities.txt, inxites.be~inx~veri95.ejb.jar, jboss-ejb-client.properties, jboss-ejb3.xml, jboss-ejb3.xml, jboss-web.xml, jboss-web.xml, public.txt, server.log, standalone.xml
>
>
> we have an ear file with 2 war files and one ejb jar . Purpose of the war files is to allow for different authentication mechanisms, one for jwt (BEARER_TOKEN) the other one jdbc (BASIC) .
> After the authentication we have a call to the ejb layer which we expect to have the principal of the authentication.
> Everything works fine for one realm, the default realm. The other realm will return unauthorized . With no default nothing works. The relevant information from the standalone xml is pasted below and others are attached.
> <subsystem xmlns="urn:jboss:domain:ejb3:5.0">
> <default-security-domain value="other"/>
> <application-security-domains>
> <application-security-domain name="war-domain" security-domain="war-domain"/>
> </application-security-domains>
> <default-missing-method-permissions-deny-access value="false"/>
>
> <subsystem xmlns="urn:wildfly:elytron:6.0"
> <security-domain name="war-domain" default-realm="jdbc-realm" permission-mapper="default-permission-mapper" outflow-security-domains="ApplicationDomain">
> <realm name="jdbc-realm"/>
> <realm name="jwt-realm"/>
> </security-domain>
>
> <http-authentication-factory name="war-http-authentication" security-domain="war-domain" http-server-mechanism-factory="global">
> <mechanism-configuration>
> <mechanism mechanism-name="BEARER_TOKEN">
> <mechanism-realm realm-name="jwt-realm"/>
> </mechanism>
> <mechanism mechanism-name="BASIC">
> <mechanism-realm realm-name="jdbc-realm"/>
> </mechanism>
> </mechanism-configuration>
> </http-authentication-factory>
> below the exert from the log on using the jdbc realm when jwt is the default
> 2019-05-30 15:28:05,290 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /veri95web
> 2019-05-30 15:28:05,290 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
> 2019-05-30 15:28:05,290 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
> 2019-05-30 15:28:05,290 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@1505d380] for mechanism [BASIC]
> 2019-05-30 15:28:05,290 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost' protocol='http'
> 2019-05-30 15:28:05,290 TRACE [org.wildfly.security] (default task-1) Handling AvailableRealmsCallback: realms = [jdbc-realm]
> 2019-05-30 15:28:05,290 DEBUG [org.wildfly.security.http.password] (default task-1) Username authentication. Realm: [jdbc-realm], Username: [user1].
> 2019-05-30 15:28:05,290 TRACE [org.wildfly.security] (default task-1) Handling RealmCallback: selected = [jdbc-realm]
> 2019-05-30 15:28:05,291 TRACE [org.wildfly.security] (default task-1) Handling NameCallback: authenticationName = user1
> 2019-05-30 15:28:05,291 TRACE [org.wildfly.security] (default task-1) Principal assigning: [user1], pre-realm rewritten: [user1], realm name: [jwt-realm], post-realm rewritten: [user1], realm rewritten: [user1]
> 2019-05-30 15:28:05,291 DEBUG [org.wildfly.security.http.basic] (default task-1) User user1 authentication failed.
> 2019-05-30 15:28:05,291 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: fail
> 2019-05-30 15:28:05,291 DEBUG [io.undertow.request.security] (default task-1) Authentication failed with message ELY06002: An authentication attempt for user 'user1' failed validation using mechanism 'BASIC'. and mechanism BASIC for HttpServerExchange{ POST /veri95web/rest/Xml/process/Equipment request {Accept=[*/*], Postman-Token=[9bba6216-81a7-4048-aa24-ec110d677e4a], Cache-Control=[no-cache], accept-encoding=[gzip, deflate], User-Agent=[PostmanRuntime/7.13.0], Connection=[keep-alive], Authorization=[Basic dXNlcjE6MGZmZDkzNDkyNzgzNzE5YQ==], Content-Type=[applicati
> [^server.log]
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 1 month
[JBoss JIRA] (DROOLS-4086) [GSS-RFE] Search feature in GDST
by Elizabeth Clayton (Jira)
[ https://issues.jboss.org/browse/DROOLS-4086?page=com.atlassian.jira.plugi... ]
Elizabeth Clayton commented on DROOLS-4086:
-------------------------------------------
[~jfomin] Just jumping in, if it's to find a text string within data cells, I like [~manstis]'s suggestion #3. It could be more of a "Find" command that would identify and highlight matched strings. Google sheets has this.
!Screen Shot 2019-05-30 at 5.14.30 PM.png|thumbnail! . If you select the ellipsis menu to the right of that widget you can use more granular criteria to find text.
> [GSS-RFE] Search feature in GDST
> --------------------------------
>
> Key: DROOLS-4086
> URL: https://issues.jboss.org/browse/DROOLS-4086
> Project: Drools
> Issue Type: Epic
> Components: DMN Editor
> Affects Versions: 7.23.0.Final
> Reporter: Yevgeniy Fomin
> Assignee: Yevgeniy Fomin
> Priority: Major
> Labels: drools-tools
> Attachments: Example.png, Screen Shot 2019-05-30 at 5.14.30 PM.png
>
>
> This is a community epic for the [BAPL-1279|https://issues.jboss.org/browse/BAPL-1279]. The epic was created according to the [definition of ready|https://docs.google.com/document/d/1WKv_Cx7jCts7gCQCGt_323ANH_H7dv4...] that advices what needs to be agreed before each feature implementation.
> h1. Requirement
> - The user would like to have additional search for text in *Guided Decision Table* and *Decision Model and Notation (DMN)* editor because standard browser search not allows to do it.
> - We may add auto-suggestion mechanism
> - Do we need search history?
> - Search is possible when you type only the part of indicated word. For example, if you type text like 'test', the words 'testing', 'tester' should be displayed.
> - The example text in the input field disappears when you enter the first character, and appears again, if the input field is empty.
> h1. UX design
> - Add magnifying-glass icon.
> - Search-box can be popup window after clicking on icon or just pop field
> - The simple way is just create search inside of "Expression editor" or we can make search from "Graph editor" which return result from both "Expression editor" and "Graph editor" as a list, so it may looks as search we do in DMN data types tab. Also we can make separate search for both.
> h1. Documentation
> - Replace picture of GDT and DMN editor where they become obsolete
> h1. Acceptance test
> - Enter to large amount of data in search box
> - Search is possible when you type only the part of indicated word. For example, if you type text like 'test', the words 'testing', 'tester' should be displayed.
> - Set of inputs:
> *- A-Z
> *- a-z
> *- 0-9
> *- Symbols: } { ] [ ) ( ~ ! @ # $ % ^ & ` | \ : " ; ' < > ? , . ⁄ - +
> *- Blank spaces
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 1 month
[JBoss JIRA] (DROOLS-4086) [GSS-RFE] Search feature in GDST
by Elizabeth Clayton (Jira)
[ https://issues.jboss.org/browse/DROOLS-4086?page=com.atlassian.jira.plugi... ]
Elizabeth Clayton updated DROOLS-4086:
--------------------------------------
Attachment: Screen Shot 2019-05-30 at 5.14.30 PM.png
> [GSS-RFE] Search feature in GDST
> --------------------------------
>
> Key: DROOLS-4086
> URL: https://issues.jboss.org/browse/DROOLS-4086
> Project: Drools
> Issue Type: Epic
> Components: DMN Editor
> Affects Versions: 7.23.0.Final
> Reporter: Yevgeniy Fomin
> Assignee: Yevgeniy Fomin
> Priority: Major
> Labels: drools-tools
> Attachments: Example.png, Screen Shot 2019-05-30 at 5.14.30 PM.png
>
>
> This is a community epic for the [BAPL-1279|https://issues.jboss.org/browse/BAPL-1279]. The epic was created according to the [definition of ready|https://docs.google.com/document/d/1WKv_Cx7jCts7gCQCGt_323ANH_H7dv4...] that advices what needs to be agreed before each feature implementation.
> h1. Requirement
> - The user would like to have additional search for text in *Guided Decision Table* and *Decision Model and Notation (DMN)* editor because standard browser search not allows to do it.
> - We may add auto-suggestion mechanism
> - Do we need search history?
> - Search is possible when you type only the part of indicated word. For example, if you type text like 'test', the words 'testing', 'tester' should be displayed.
> - The example text in the input field disappears when you enter the first character, and appears again, if the input field is empty.
> h1. UX design
> - Add magnifying-glass icon.
> - Search-box can be popup window after clicking on icon or just pop field
> - The simple way is just create search inside of "Expression editor" or we can make search from "Graph editor" which return result from both "Expression editor" and "Graph editor" as a list, so it may looks as search we do in DMN data types tab. Also we can make separate search for both.
> h1. Documentation
> - Replace picture of GDT and DMN editor where they become obsolete
> h1. Acceptance test
> - Enter to large amount of data in search box
> - Search is possible when you type only the part of indicated word. For example, if you type text like 'test', the words 'testing', 'tester' should be displayed.
> - Set of inputs:
> *- A-Z
> *- a-z
> *- 0-9
> *- Symbols: } { ] [ ) ( ~ ! @ # $ % ^ & ` | \ : " ; ' < > ? , . ⁄ - +
> *- Blank spaces
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 1 month
[JBoss JIRA] (WFLY-12148) HotRod-based session manager should use max-active-sessions to configure L1 per remote cache
by Paul Ferraro (Jira)
Paul Ferraro created WFLY-12148:
-----------------------------------
Summary: HotRod-based session manager should use max-active-sessions to configure L1 per remote cache
Key: WFLY-12148
URL: https://issues.jboss.org/browse/WFLY-12148
Project: WildFly
Issue Type: Bug
Components: Clustering
Affects Versions: 17.0.0.Beta1
Reporter: Paul Ferraro
Assignee: Paul Ferraro
Currently, the hotrod-based session manager uses the l1 configuration of the associated remote-cache-container to determine the number of entries to retain in memory. This has the following drawbacks:
* any configured max-active-sessions (from jboss-web.xml) is ignored
* the remote cache for each deployment of a given remote-cache-container will use the same configuration
* the value does not reflect the number of sessions, but, rather, the number of cache entries, which requires the user to be familiar with how sessions are mapped to the cache, which itself depends on the configured granularity.
In order to align this behavior with the other session manager implementations, L1 should be configured per remote cache based on the value specified by max-active-sessions. This requires several changes:
* Add the ability to override the near cache implementation per remote cache
* Create a custom NearCache<K, V> implementation configured with a custom Caffeine cache configured with a custom weigher, similar to how max-active-session is implemented via a custom data container.
* Add listener mechanism to support cascading of L1 invalidations to dependent entries
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 1 month