[jboss-jira] [JBoss JIRA] (WFLY-7499) Elytron "expressions-allowed" => false attributes
Martin Choma (JIRA)
issues at jboss.org
Tue Nov 8 09:01:00 EST 2016
[ https://issues.jboss.org/browse/WFLY-7499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma updated WFLY-7499:
-------------------------------
Description:
Please change these attributes to {{"expressions-allowed" => true}} if reasonable
{code}
/configurable-sasl-server-factory/protocol
/configurable-sasl-server-factory/server-name
/filesystem-realm/levels
/token-realm/public-key
/token-realm/principal-claim
/token-realm/oauth2-introspection/host-name-verification-policy
/token-realm/oauth2-introspection/introspection-url
/token-realm/oauth2-introspection/client-secret
/token-realm/oauth2-introspection/client-id
/token-realm/oauth2-introspection/public-key
/token-realm/oauth2-introspection/token-realm
/jdbc-realm/principal-query/sql
/jdbc-realm/principal-query/data-source
/jdbc-realm/clear-password-mapper/password-index
/jdbc-realm/bcrypt-mapper/password-index
/jdbc-realm/bcrypt-mapper/salt-index
/jdbc-realm/bcrypt-mapper/iteration-count-index
/jdbc-realm/salted-simple-digest-mapper/algorithm
/jdbc-realm/salted-simple-digest-mapper/password-index
/jdbc-realm/salted-simple-digest-mapper/salt-index
/jdbc-realm/simple-digest-mapper/password-index
/jdbc-realm/scram-mapper/algorithm
/jdbc-realm/scram-mapper/password-index
/jdbc-realm/scram-mapper/salt-index
/jdbc-realm/scram-mapper/iteration-count-index
/security-domain/default-realm
These applies to key-store and key-manager:
*/credential-reference/store
*/credential-reference/alias
*/credential-reference/type
*/credential-reference/clear-text
{code}
These are not marked as capability reference. But seems referencing another service, so not sure if it is issue in these cases:
* /jdbc-realm/principal-query/data-source
* /security-domain/default-realm
* /credential-reference/store
"Collection of primitives" , e.g. LIST of STRING, OBJECT of STRING :
{code}
/configurable-sasl-server-factory/properties
/custom-role-mapper/configuration
/mapped-regex-realm-mapper/realm-map
/x500-attribute-principal-decoder/required-oids
/custom-permission-mapper/configuration
/configurable-http-server-mechanism-factory/properties
/custom-name-rewriter/configuration
/custom-principal-decoder/configuration
/custom-realm-mapper/configuration
/custom-modifiable-realm/configuration
/custom-credential-security-factory/configuration
/custom-role-decoder/configuration
/custom-realm/configuration
{code}
was:
Please change these attributes to {{"expressions-allowed" => true}} if reasonable
{code}
/configurable-sasl-server-factory/protocol
/configurable-sasl-server-factory/server-name
/filesystem-realm/levels
/token-realm/public-key
/token-realm/principal-claim
/token-realm/oauth2-introspection/host-name-verification-policy
/token-realm/oauth2-introspection/introspection-url
/token-realm/oauth2-introspection/client-secret
/token-realm/oauth2-introspection/client-id
/token-realm/oauth2-introspection/public-key
/token-realm/oauth2-introspection/token-realm
/jdbc-realm/principal-query/sql
/jdbc-realm/principal-query/data-source
/jdbc-realm/clear-password-mapper/password-index
/jdbc-realm/bcrypt-mapper/password-index
/jdbc-realm/bcrypt-mapper/salt-index
/jdbc-realm/bcrypt-mapper/iteration-count-index
/jdbc-realm/salted-simple-digest-mapper/algorithm
/jdbc-realm/salted-simple-digest-mapper/password-index
/jdbc-realm/salted-simple-digest-mapper/salt-index
/jdbc-realm/simple-digest-mapper/password-index
/jdbc-realm/scram-mapper/algorithm
/jdbc-realm/scram-mapper/password-index
/jdbc-realm/scram-mapper/salt-index
/jdbc-realm/scram-mapper/iteration-count-index
/security-domain/default-realm
These applies to key-store and key-manager:
*/credential-reference/store
*/credential-reference/alias
*/credential-reference/type
*/credential-reference/clear-text
{code}
These are not marked as capability reference. But seems referencing another service, so not sure if it is issue in these cases:
* /jdbc-realm/principal-query/data-source
* /security-domain/default-realm
* /credential-reference/store
> Elytron "expressions-allowed" => false attributes
> -------------------------------------------------
>
> Key: WFLY-7499
> URL: https://issues.jboss.org/browse/WFLY-7499
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Labels: user_experience
>
> Please change these attributes to {{"expressions-allowed" => true}} if reasonable
> {code}
> /configurable-sasl-server-factory/protocol
> /configurable-sasl-server-factory/server-name
> /filesystem-realm/levels
> /token-realm/public-key
> /token-realm/principal-claim
> /token-realm/oauth2-introspection/host-name-verification-policy
> /token-realm/oauth2-introspection/introspection-url
> /token-realm/oauth2-introspection/client-secret
> /token-realm/oauth2-introspection/client-id
> /token-realm/oauth2-introspection/public-key
> /token-realm/oauth2-introspection/token-realm
> /jdbc-realm/principal-query/sql
> /jdbc-realm/principal-query/data-source
> /jdbc-realm/clear-password-mapper/password-index
> /jdbc-realm/bcrypt-mapper/password-index
> /jdbc-realm/bcrypt-mapper/salt-index
> /jdbc-realm/bcrypt-mapper/iteration-count-index
> /jdbc-realm/salted-simple-digest-mapper/algorithm
> /jdbc-realm/salted-simple-digest-mapper/password-index
> /jdbc-realm/salted-simple-digest-mapper/salt-index
> /jdbc-realm/simple-digest-mapper/password-index
> /jdbc-realm/scram-mapper/algorithm
> /jdbc-realm/scram-mapper/password-index
> /jdbc-realm/scram-mapper/salt-index
> /jdbc-realm/scram-mapper/iteration-count-index
> /security-domain/default-realm
> These applies to key-store and key-manager:
> */credential-reference/store
> */credential-reference/alias
> */credential-reference/type
> */credential-reference/clear-text
> {code}
> These are not marked as capability reference. But seems referencing another service, so not sure if it is issue in these cases:
> * /jdbc-realm/principal-query/data-source
> * /security-domain/default-realm
> * /credential-reference/store
> "Collection of primitives" , e.g. LIST of STRING, OBJECT of STRING :
> {code}
> /configurable-sasl-server-factory/properties
> /custom-role-mapper/configuration
> /mapped-regex-realm-mapper/realm-map
> /x500-attribute-principal-decoder/required-oids
> /custom-permission-mapper/configuration
> /configurable-http-server-mechanism-factory/properties
> /custom-name-rewriter/configuration
> /custom-principal-decoder/configuration
> /custom-realm-mapper/configuration
> /custom-modifiable-realm/configuration
> /custom-credential-security-factory/configuration
> /custom-role-decoder/configuration
> /custom-realm/configuration
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list