Clone Tools
  • last updated a few minutes ago
Constraints: committers
Constraints: files
Constraints: dates
[WFLY-2864] WildFly Domain HTTP Interface module

    • -1
    • +2
    • -0
    • +90
  1. … 2 more files in changeset.
[WFLY-2864] WildFly Controller module

    • -1
    • +1
  1. … 204 more files in changeset.
Undertow 1.0.0.CR1

    • -2
    • +2
  1. … 1 more file in changeset.
Undertow 1.0.0.Beta32

    • -2
    • +2
  1. … 6 more files in changeset.
[WFLY-1594] Detect if BASIC authentication is in use and adjust responses accordingly.

[WFLY-2498] Take the scheme into account when sending the redirect for logout.

i.e. preserve https.

Also eliminate the round trip to DomainApiHandler as that no longer needs to be cleared.

WFLY-2681 Send correct content type from management REST API

Also fix some Undertow usage to be more correct/efficent

    • -2
    • +2
    • -36
    • +8
  1. … 1 more file in changeset.
Don't use deprecated api

Change mgmt server defaults

Undertow 1.0.0.Beta26

  1. … 6 more files in changeset.
[WFLY-1597] / [WFLY-2208] Ensure that any HTTP to HTTPS redirect occurs BEFORE upgrade.

That is if the HTTP interface is configured with a secure port we do not support any unencrypted management access.

  1. … 1 more file in changeset.
Update to make latest EJB client work

  1. … 12 more files in changeset.
Undertow 1.0.0.Beta23

  1. … 14 more files in changeset.
[WFLY-490] / [WFLY-2337] Also ensure that there is always a Subject associated with the call even if one was not provided.

  1. … 6 more files in changeset.
[WFLY-490] / [WFLY-1852] Further enhancement to add an AccessAuditContext used for holding some state for the duration of the operation.

Whilst the OperationContext made a good candidate for holding some of this as soon as interaction with non-management components occurred this state was no longer accessible.

The use of a ThreadLocal here uses the Subject.doAs stye so we can ensure any previous context is cleared as the call returns up the stack.

  1. … 13 more files in changeset.
[WFLY-490] / [WFLY-1852] Move the access mechanism from a Principal to an operation-header

  1. … 12 more files in changeset.
[WFLY-490] / [WFLY-1852] Ensure the InetAddressPrincipal is added at the time of authentication and not retrospectively added.

  1. … 5 more files in changeset.
WFLY-2226: Get rid of double slash in console redirect

[WFLY-2049] Eliminate caching the user against the connection, this conflicts with the "logout" mechanism and causes further issues once "logout" is being used to switch to a user with different permissions.

[WFLY-2094] Include full DMR response in HTTP error responses

    • -6
    • +25
[WFLY-490] / [WFLY-2037] Reply with a 403 for authz failures

    • -2
    • +14
  1. … 1 more file in changeset.
Update to Undertow 1.0.0.Beta11

  1. … 3 more files in changeset.
[WFLY-1923] / [WFLY-490] Where no authentication is required ensure an 'anonymous' user is associated with the current request.

Undertow Beta9

  1. … 5 more files in changeset.
[WFLY-490] / [WFLY-1864] Update the protocol so that servers receiving management requests from a trusted master can request a Subject to use when executing the operation.

For host controller to managed server interactions the two are always kept in sync version wise.

For master to slave communication the master must be the same version as the slave or higher i.e. a slave sending this new request will not cause an interop issue as the master must be at least a version that understands it.

  1. … 10 more files in changeset.
HAL-60: Fix for broken logout

[WFLY-490] Use own inet address principal so we don't have to pull remoting into the http management server module

  1. … 3 more files in changeset.
[WFLY-456] More fixes from code review

TODO to populate the subject higher up the chain

Missing copyright notices

Implement MBeanServerAuditLogger.shouldLog()

  1. … 14 more files in changeset.
Remove development-mode and replace with other options

    • -1
    • +1
  1. … 25 more files in changeset.
[WFLY-456] Audit Logging - squashed the below commits since master has changed so much

[WFLY-456] Minor OperationContext impl cleanups

[WFLY-456] Bring in John Bailey's audit log classes

[WFLY-456] Add real audit loggers into the model controllers; integrate management handlers

[WFLY-456] Log the full set of information

[WFLY-456] Fix problems from rebase

[WFLY-456] Use SecurityContext when invoking JMX methods via remoting

[WFLY-456] Move core security classes into own module

[WFLY-456] Rework things and make the controller logger work

[WFLY-456] Include the access mechanism in the log, move some more classes to core-security

[WFLY-456] Make audit logger available to JMX

[WFLY-456] Pluggable MBeanServer delegate to audit logger, and loads of exception handling

[WFLY-456] Jmx audit log proxy

[WFLY-456] Separate the configuration for the core controller and jmx audit logs

[WFLY-456] Set the booting flag in the jmx layer

[WFLY-456] Integrate audit logging resource and ops into JMX extension so it can be configured there

[WFLY-456] Correct copyright notices in my new files

[WFLY-456] fix problems from rebase

[WFLY-456] Get rid of the original hashing implementation

[WFLY-456] Add missing originalResultTxControl from rebase

[WFLY-456] Add config for appenders

[WFLY-456] Basic file appender and json formatter. The output needs cleaning up and everything is currently hardcoded

[WFLY-456] Back up the previous log file. Basic syslog appender (awaiting the improved logmanager SyslogHandler)

[WFLY-456] Use the org.wildfly:wildfly-xxx names. Start configuring file appenders

[WFLY-456] Configure model for syslog appender

[WFLY-456] Log audit log records for ParallelBootOperationContext and ReadOnlyContext

[WFLY-456] Make whether to log on boot configurable

[WFLY-456] Be able to add/remove appender references at runtime and update the appenders at runtime

[WFLY-456] Add boot-log to jmx audit-log as well and update xsd's for both core and jmx

[WFLY-456] Make additive changes to appenders take effect right away, and delay changes/removals until the current audit record has been written

[WFLY-456] Add schema support and parsing for managed server path overrides, and clean up the handlers

[WFLY-456] Use 'handler' rather than 'appender'

[WFLY-456] Pass in audit log operations to managed servers on boot

[WFLY-456] Separate handler chains for host and managed server audit logs

[WFLY-456] i18n and get rid of code no longer needed

[WFLY-456] Fix problems from rebase, revisit security after moved WildFlySecurityManager

[WFLY-456] Flesh out the syslog handler, tried with UDP

[WFLY-456] Start testing the handlers and ops

[WFLY-456] Set up proper syslog host and app names

[WFLY-456] More tests

[WFLY-456] Complete renaming appender->handler. Really

[WFLY-456] Nicer separate configuration for JMX

[WFLY-456] Better testing for enabled and log-read-only audit log write attribute handlers

[WFLY-456] Separate handlers for JMX subsystem audit logging, and tests

[WFLY-456] Maintan a failure count per appender

[WFLY-456] Configure the json formatter and reference from the audit log handlers

Expose 'max-length' and 'truncate' for the syslog handler

[WFLY-456] Make audit logging work in admin-only mode

Fix bug not enabling the appender in domain mode

[WFLY-456] Fixes to tls syslog handler having tried it out against rsyslog

[WFLY-456] don't enable log by default

[WFLY-456] Test jmx audit log transformation

[WFLY-456] Test audit logging in testsuite

[WFLY-456] Move new i18n bits into domain-management, rather than using the ones from controller

[WFLY-456] Recycle handler operation, make max-failure-count configurable per handler, expose runtime attributes for handler failure counts

[WFLY-456] Use strings instead of byte[] for the formatters for now. We can revisit the byte[] part if more tamper detecting formatters are used in the future

[WFLY-456] Use platform independent line terminator

[WFLY-456] Changes to work with latest logmanager following a squash

  1. … 206 more files in changeset.