Clone Tools
  • last updated a few minutes ago
Constraints: committers
Constraints: files
Constraints: dates
[WFLY-490] / [WFLY-2037] Reply with a 403 for authz failures

    • -2
    • +14
  1. … 1 more file in changeset.
Update to Undertow 1.0.0.Beta11

  1. … 3 more files in changeset.
[WFLY-1923] / [WFLY-490] Where no authentication is required ensure an 'anonymous' user is associated with the current request.

Undertow Beta9

  1. … 5 more files in changeset.
[WFLY-490] / [WFLY-1864] Update the protocol so that servers receiving management requests from a trusted master can request a Subject to use when executing the operation.

For host controller to managed server interactions the two are always kept in sync version wise.

For master to slave communication the master must be the same version as the slave or higher i.e. a slave sending this new request will not cause an interop issue as the master must be at least a version that understands it.

  1. … 10 more files in changeset.
HAL-60: Fix for broken logout

[WFLY-490] Use own inet address principal so we don't have to pull remoting into the http management server module

  1. … 3 more files in changeset.
[WFLY-456] More fixes from code review

TODO to populate the subject higher up the chain

Missing copyright notices

Implement MBeanServerAuditLogger.shouldLog()

  1. … 14 more files in changeset.
Remove development-mode and replace with other options

    • -1
    • +1
  1. … 25 more files in changeset.
[WFLY-456] Audit Logging - squashed the below commits since master has changed so much

[WFLY-456] Minor OperationContext impl cleanups

[WFLY-456] Bring in John Bailey's audit log classes

[WFLY-456] Add real audit loggers into the model controllers; integrate management handlers

[WFLY-456] Log the full set of information

[WFLY-456] Fix problems from rebase

[WFLY-456] Use SecurityContext when invoking JMX methods via remoting

[WFLY-456] Move core security classes into own module

[WFLY-456] Rework things and make the controller logger work

[WFLY-456] Include the access mechanism in the log, move some more classes to core-security

[WFLY-456] Make audit logger available to JMX

[WFLY-456] Pluggable MBeanServer delegate to audit logger, and loads of exception handling

[WFLY-456] Jmx audit log proxy

[WFLY-456] Separate the configuration for the core controller and jmx audit logs

[WFLY-456] Set the booting flag in the jmx layer

[WFLY-456] Integrate audit logging resource and ops into JMX extension so it can be configured there

[WFLY-456] Correct copyright notices in my new files

[WFLY-456] fix problems from rebase

[WFLY-456] Get rid of the original hashing implementation

[WFLY-456] Add missing originalResultTxControl from rebase

[WFLY-456] Add config for appenders

[WFLY-456] Basic file appender and json formatter. The output needs cleaning up and everything is currently hardcoded

[WFLY-456] Back up the previous log file. Basic syslog appender (awaiting the improved logmanager SyslogHandler)

[WFLY-456] Use the org.wildfly:wildfly-xxx names. Start configuring file appenders

[WFLY-456] Configure model for syslog appender

[WFLY-456] Log audit log records for ParallelBootOperationContext and ReadOnlyContext

[WFLY-456] Make whether to log on boot configurable

[WFLY-456] Be able to add/remove appender references at runtime and update the appenders at runtime

[WFLY-456] Add boot-log to jmx audit-log as well and update xsd's for both core and jmx

[WFLY-456] Make additive changes to appenders take effect right away, and delay changes/removals until the current audit record has been written

[WFLY-456] Add schema support and parsing for managed server path overrides, and clean up the handlers

[WFLY-456] Use 'handler' rather than 'appender'

[WFLY-456] Pass in audit log operations to managed servers on boot

[WFLY-456] Separate handler chains for host and managed server audit logs

[WFLY-456] i18n and get rid of code no longer needed

[WFLY-456] Fix problems from rebase, revisit security after moved WildFlySecurityManager

[WFLY-456] Flesh out the syslog handler, tried with UDP

[WFLY-456] Start testing the handlers and ops

[WFLY-456] Set up proper syslog host and app names

[WFLY-456] More tests

[WFLY-456] Complete renaming appender->handler. Really

[WFLY-456] Nicer separate configuration for JMX

[WFLY-456] Better testing for enabled and log-read-only audit log write attribute handlers

[WFLY-456] Separate handlers for JMX subsystem audit logging, and tests

[WFLY-456] Maintan a failure count per appender

[WFLY-456] Configure the json formatter and reference from the audit log handlers

Expose 'max-length' and 'truncate' for the syslog handler

[WFLY-456] Make audit logging work in admin-only mode

Fix bug not enabling the appender in domain mode

[WFLY-456] Fixes to tls syslog handler having tried it out against rsyslog

[WFLY-456] don't enable log by default

[WFLY-456] Test jmx audit log transformation

[WFLY-456] Test audit logging in testsuite

[WFLY-456] Move new i18n bits into domain-management, rather than using the ones from controller

[WFLY-456] Recycle handler operation, make max-failure-count configurable per handler, expose runtime attributes for handler failure counts

[WFLY-456] Use strings instead of byte[] for the formatters for now. We can revisit the byte[] part if more tamper detecting formatters are used in the future

[WFLY-456] Use platform independent line terminator

[WFLY-456] Changes to work with latest logmanager following a squash

  1. … 206 more files in changeset.
[WFLY-1618] / [WFLY-490] Addition of the runtime role mapping implementation.

Also Switch identity association over to use an AccessControlContext instead of ThreadLocal.

Expose Caller from OperationContext and initialise based on the currently associated Subject.

As the role mapping is happening within controller additional Principal types are created that controller can expect to present in the Subject of the authenticated user.

Added a new is-caller-in-role operation, this allows a quick check that the currently authenticated user has the expected role.

The Subject is now marked as readOnly so we do need to deal with the contents changing.

Added a test case to test various permutations of role mapping and also minor fixes for issues detected by the test.

  1. … 41 more files in changeset.
[WFLY-490] Temp hack for reading operation-headers from HTTP GET

Upgrade to latest undertow

  1. … 3 more files in changeset.
[UNDERTOW-34] Update IdentityManager within Undertow to make use of a DigestCredential to provide a mechanism to intercept the prepared ha1 and remove all use of plain text passwords within Undertow for Digest authentication.

  1. … 2 more files in changeset.
[WFLY-292] Switch cache validation from last modified date to ETag

    • -14
    • +16
  1. … 1 more file in changeset.
[WFLY-292] Send complete model node for GET operation instead of just the result part

    • -6
    • +6
[WFLY-292] Add cache header to 304 response

    • -7
    • +11
[WFLY-292] Validate cachable operations against last modified date

    • -20
    • +45
    • -0
    • +119
[WFLY-292] Add caching for selected get operations

    • -0
    • +1
    • -8
    • +20
    • -0
    • +124
Fix compatibility with latest undertow, and convert to non-blocking

Fixes for latest Undertow

Move to the privileged methods on WildFlySecurityManager

    • -1
    • +2
  1. … 194 more files in changeset.
[WFLY-1318] send prepared response on reload

  1. … 3 more files in changeset.
Use isChecking() when deciding whether to construct privileged blocks or nontrivial permission checks

  1. … 100 more files in changeset.
Undertow Alpha12

  1. … 2 more files in changeset.
[WFLY-1283] If ClientCert is a possible authentication mechanism AND we have a peer certificate don't show the add user page.

Changes for undertow Alpha11

  1. … 5 more files in changeset.
    • -6
    • +37
Use bigger buffers

  1. … 2 more files in changeset.
Fix up the management server

  1. … 1 more file in changeset.