]
Jan Kalina moved JBEAP-11356 to WFCORE-2917:
--------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-2917 (was: JBEAP-11356)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Security
(was: Security)
Affects Version/s: 3.0.0.Beta24
(was: 7.1.0.DR19)
Revisit allow, forbid and selector of sasl mechanisms in Elytron
subsystem and client config file
-------------------------------------------------------------------------------------------------
Key: WFCORE-2917
URL:
https://issues.jboss.org/browse/WFCORE-2917
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 3.0.0.Beta24
Reporter: Jan Kalina
Assignee: Jan Kalina
Priority: Critical
There are some topics for revising in {{allow-all-mechanisms}},
{{allow-sasl-mechanisms}}, {{forbid-sasl-mechanisms}} and {{sasl-mechanism-selector}} of
Elytron subsystem and client config file.
1) Since selectors have been introduced in EAP 7.1.0.DR19 what is the reason for
{{allow-all-mechanisms}}, {{allow-sasl-mechanisms}} and {{forbid-sasl-mechanisms}}? AFAIK
they just provides the subset of configuration which can be set by
{{sasl-mechanism-selector}}. It that case {{allow-all-mechanisms}},
{{allow-sasl-mechanisms}} and {{forbid-sasl-mechanisms}} can be completely removed from
Elytron configuration because they just duplicates another configuration. Or they provide
something which cannot be configured by selectors?
2) These options are mutually exclusive in Elytron subsystem, but all of them can be
configured together in Elytron client configuration file. There should be added some check
for mutually exclusivity of these options in Elytron client configuration file.