Clone Tools
  • last updated a few minutes ago
Constraints: committers
Constraints: files
Constraints: dates
[WFLY-3048] Allow group loading to be switched off where the local authentication mechanism has been used.

  1. … 8 more files in changeset.
[WFLY-2951] Add support for a named provider to be specified, this now opens the way for PKCS#11 defined providers to be selected.

  1. … 9 more files in changeset.
Spelling fixes

  1. … 378 more files in changeset.
[WFLY-1848] Enable the loading of the users actual username from LDAP.

This allows a different username to be discovered compared to the one supplied by the user.

  1. … 10 more files in changeset.
[WFLY-1523] Introduce caching for LDAP access by security realms for user searching, caching validated passwords and caching the results of group searches.

  1. … 24 more files in changeset.
[WFLY-573] Deprecate any-ipv4-address and any-ipv6-address

  1. … 2 more files in changeset.
[WFLY-2214] Adding support for custom properties to be defined for outbound LDAP connections.

  1. … 5 more files in changeset.
[WFLY-490][WFLY-1756] Include access control for read-operation-description

  1. … 2 more files in changeset.
[WFLY-490][WFLY-2131] Filter the operations shown by read-operation-names

  1. … 4 more files in changeset.
[WFLY-490] / [WFLY-455] / [WFLY-2084] Updating the LDAP configuration to be task based allowing for the different stages to be configured independently, and completing the group loading implementation.

Also allows any distingushed name discovered for the user during authentication to be re-used when loading groups.

  1. … 42 more files in changeset.
[WFLY-490] / [WFLY-455] Further working adding group loading capabilities for LDAP.

  1. … 3 more files in changeset.
[WFLY-490] Add 'attributes' parameter to r-r-d

  1. … 2 more files in changeset.
[WFLY-456] Audit Logging - squashed the below commits since master has changed so much

[WFLY-456] Minor OperationContext impl cleanups

[WFLY-456] Bring in John Bailey's audit log classes

[WFLY-456] Add real audit loggers into the model controllers; integrate management handlers

[WFLY-456] Log the full set of information

[WFLY-456] Fix problems from rebase

[WFLY-456] Use SecurityContext when invoking JMX methods via remoting

[WFLY-456] Move core security classes into own module

[WFLY-456] Rework things and make the controller logger work

[WFLY-456] Include the access mechanism in the log, move some more classes to core-security

[WFLY-456] Make audit logger available to JMX

[WFLY-456] Pluggable MBeanServer delegate to audit logger, and loads of exception handling

[WFLY-456] Jmx audit log proxy

[WFLY-456] Separate the configuration for the core controller and jmx audit logs

[WFLY-456] Set the booting flag in the jmx layer

[WFLY-456] Integrate audit logging resource and ops into JMX extension so it can be configured there

[WFLY-456] Correct copyright notices in my new files

[WFLY-456] fix problems from rebase

[WFLY-456] Get rid of the original hashing implementation

[WFLY-456] Add missing originalResultTxControl from rebase

[WFLY-456] Add config for appenders

[WFLY-456] Basic file appender and json formatter. The output needs cleaning up and everything is currently hardcoded

[WFLY-456] Back up the previous log file. Basic syslog appender (awaiting the improved logmanager SyslogHandler)

[WFLY-456] Use the org.wildfly:wildfly-xxx names. Start configuring file appenders

[WFLY-456] Configure model for syslog appender

[WFLY-456] Log audit log records for ParallelBootOperationContext and ReadOnlyContext

[WFLY-456] Make whether to log on boot configurable

[WFLY-456] Be able to add/remove appender references at runtime and update the appenders at runtime

[WFLY-456] Add boot-log to jmx audit-log as well and update xsd's for both core and jmx

[WFLY-456] Make additive changes to appenders take effect right away, and delay changes/removals until the current audit record has been written

[WFLY-456] Add schema support and parsing for managed server path overrides, and clean up the handlers

[WFLY-456] Use 'handler' rather than 'appender'

[WFLY-456] Pass in audit log operations to managed servers on boot

[WFLY-456] Separate handler chains for host and managed server audit logs

[WFLY-456] i18n and get rid of code no longer needed

[WFLY-456] Fix problems from rebase, revisit security after moved WildFlySecurityManager

[WFLY-456] Flesh out the syslog handler, tried with UDP

[WFLY-456] Start testing the handlers and ops

[WFLY-456] Set up proper syslog host and app names

[WFLY-456] More tests

[WFLY-456] Complete renaming appender->handler. Really

[WFLY-456] Nicer separate configuration for JMX

[WFLY-456] Better testing for enabled and log-read-only audit log write attribute handlers

[WFLY-456] Separate handlers for JMX subsystem audit logging, and tests

[WFLY-456] Maintan a failure count per appender

[WFLY-456] Configure the json formatter and reference from the audit log handlers

Expose 'max-length' and 'truncate' for the syslog handler

[WFLY-456] Make audit logging work in admin-only mode

Fix bug not enabling the appender in domain mode

[WFLY-456] Fixes to tls syslog handler having tried it out against rsyslog

[WFLY-456] don't enable log by default

[WFLY-456] Test jmx audit log transformation

[WFLY-456] Test audit logging in testsuite

[WFLY-456] Move new i18n bits into domain-management, rather than using the ones from controller

[WFLY-456] Recycle handler operation, make max-failure-count configurable per handler, expose runtime attributes for handler failure counts

[WFLY-456] Use strings instead of byte[] for the formatters for now. We can revisit the byte[] part if more tamper detecting formatters are used in the future

[WFLY-456] Use platform independent line terminator

[WFLY-456] Changes to work with latest logmanager following a squash

  1. … 208 more files in changeset.
[WFLY-1635] Add a new map-groups-to-roles attribute to allow users to configure if there is a 1:1 mapping between the two.

If set to false (The new default) then no mapping occurs and at the time of authorization mapping is expected to occur dynamically.

  1. … 26 more files in changeset.
[WFLY-490] Add access-control for resources to read-resource-description

  1. … 15 more files in changeset.
AS7-6846 BZ-949127 Expose module loading information via the management API

  1. … 9 more files in changeset.
[AS7-6789] Move the subsystem .dmr files from controller module to subsystem-test

    • -50
    • +0
    • -567
    • +0
    • -440
    • +0
    • -12
    • +0
    • -332
    • +0
    • -4
    • +0
    • -35
    • +0
    • -17
    • +0
    • -9
    • +0
    • -188
    • +0
  1. … 50 more files in changeset.
AS7-6607: removal of cmp subsystem

    • -119
    • +0
  1. … 578 more files in changeset.
[AS7-6612] Remove JAXR support

    • -43
    • +0
  1. … 72 more files in changeset.
AS7-6334 implementation and test cases for DS transformer

  1. … 9 more files in changeset.
Add 7.1.3. legacy dmr definitions

- changed file name format to include micro version

- enabled transaction subsystem 7.1.3 transformers tests

    • -0
    • +0
    • -119
    • +0
    • -0
    • +0
    • -50
    • +0
    • -0
    • +0
    • -567
    • +0
    • -0
    • +0
    • -440
    • +0
    • -0
    • +0
  1. … 53 more files in changeset.
Fix jgroup's broken model & enable transformers

    • -0
    • +9
  1. … 12 more files in changeset.
[AS7-6108] By default disable the acceptance of empty passwords from remote users attempting to authenticate.

Also added a new option 'allow-empty-passwords' on the LDAP authentication definition so that users that do have a valid use for empty passwords can reverse the change.

  1. … 7 more files in changeset.
[AS7-5246] Allow the outbound LDAP connection to be associated with a security realm to pull in keystore and truststore definitions to use when communicating with LDAP.

As one aspect of connecting is also to verify the remote user has supplied a valid password the keystore portion can be ommitted when the step to authenticate as the remote user takes place to prevent authenticating as the server again.

  1. … 14 more files in changeset.
Convert operations to use OperationDefinition

  1. … 48 more files in changeset.
[AS7-5390] Add resolve-path operation for relative-to paths.

  1. … 33 more files in changeset.
Convert Whoami Operation

  1. … 5 more files in changeset.
Convert namespaces & schema handlers

  1. … 11 more files in changeset.
Convert snapshots

  1. … 10 more files in changeset.
Fixes after model compare

  1. … 5 more files in changeset.