[jboss-jira] [JBoss JIRA] (WFLY-1067) Integrate JGroups with core AS security infrastructure

Richard Achmatowicz (JIRA) issues at jboss.org
Mon Jan 16 17:05:00 EST 2017 

    [ https://issues.jboss.org/browse/WFLY-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13348983#comment-13348983 ] 

Richard Achmatowicz edited comment on WFLY-1067 at 1/16/17 5:04 PM:
--------------------------------------------------------------------

Add to this the need to secure probe.sh via a passcode so that non-authorized users cannot probe a cluster which has probe operations restricted to authorized users. When running probe in authorised mode, the passcode is set in the configuration of the transport on the server(s) with the property diagnostics_passcode..

configuration: JGroups probe authentication
--------------------------------------------------------
The TP layer on a server (i.e. UDP/TCP) can make use of probe in an authenticated mode by configuring it with a probe passcode. This passcode could be provisoned by (i) providing a security-realm attribute for the UDP/TCP layer and then (ii) obtaining the passcode from the specified security realm as a configured <secret-key/>




was (Author: rachmato):
Add to this the need to secure probe.sh via a passcode so that non-authorized users cannot probe a cluster which has been secured with a probe passcode. The passcode is set in the configuration of the transport with the property diagnostics_passcode..

configuration: probe
--------------------------
The TP layer requires a passcode (or secret key) to configure the use of the DiagnosticsHandler in authenticated mode: in this mode, only users who configure their probe client with the same passcode can have their probe requests processed by the server. This passcode could be configured by providing a security-realm attribute for the UDP/TCP layer and then obtaining the passcode from the security realm as a configured <secret-key/>



> Integrate JGroups with core AS security infrastructure
> ------------------------------------------------------
>
>                 Key: WFLY-1067
>                 URL: https://issues.jboss.org/browse/WFLY-1067
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Clustering, Security
>            Reporter: Brian Stansberry
>            Assignee: Richard Achmatowicz
>
> Container task for better integrating JGroups security with overall AS security. The basic concept is the various security aware aspects of JGroups will expose an SPI, and the AS can create implementations of those SPIs that integrate with the AS security realms. The AS JGroups subsystem will inject the implementation into the JGroups runtime components.
> Subtasks are for the various aspects. These can be done separately but a common overall design should be created to ensure a consistent approach is taken.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list