[jboss-jira] [JBoss JIRA] (WFLY-7254) pattern-filter disappears if predefined-filter is used for configurable-sasl-server-factory in Elytron subsystem
Ilia Vassilev (JIRA)
issues at jboss.org
Tue Oct 4 23:07:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-7254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13302621#comment-13302621 ]
Ilia Vassilev commented on WFLY-7254:
-------------------------------------
[~olukas] You are right that the following command should lead to "outcome" => "failed" so to fix the issue I'll work on changing the code to prevent such commands.
Invalid CLI command which should be prevented:
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:add(sasl-server-factory=global,filters=[{pattern-filter=(.*),predefined-filter=BINDING}])
{code}
Valid command:
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:add(sasl-server-factory=global,filters=[{pattern-filter=(.*), enabling="false"},{predefined-filter=BINDING}])
{code}
Configuration after executing it:
{code}
<configurable-sasl-server-factory name="someFactory" sasl-server-factory="global">
<filters>
<filter enabling="false">
<pattern-filter value="(.*)"/>
</filter>
<filter>
<predefined-filter value="BINDING"/>
</filter>
</filters>
</configurable-sasl-server-factory>
{code}
The above configuration can be correctly loaded when server is started:
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:read-attribute(name=filters)
{
"outcome" => "success",
"result" => [
{
"enabling" => false,
"pattern-filter" => "(.*)"
},
{"predefined-filter" => "BINDING"}
]
}
{code}
> pattern-filter disappears if predefined-filter is used for configurable-sasl-server-factory in Elytron subsystem
> ----------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7254
> URL: https://issues.jboss.org/browse/WFLY-7254
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Ilia Vassilev
> Fix For: 11.0.0.Alpha1
>
>
> In case when configurable-sasl-server-factory is created through CLI with filter which uses both pattern-filter and predefined-filter, then only predefined-filter is stored into configuration (pattern-filter disappears).
> Suggestion:
> In case when usage of both filters is unsupported option, then it should be denied by CLI. In case when it is supported option, then both of them should be stored in configuration.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list