Clone Tools
  • last updated a few minutes ago
Constraints: committers
Constraints: files
Constraints: dates
Merge pull request #5940 from ssilvert/cli-gui-logs

WFLY-2985 Simple implementation of view/download server logs from CLI GU...

    • -489
    • +0
    • -306
    • +0
  1. … 11 more files in changeset.
[WFLY-2581] Adding a new API to security that allows the identity from the connection to be obtained and optionally allow a new identity to be pushed.

    • -112
    • +0
    • -158
    • +0
    • -120
    • +0
    • -36
    • +0
    • -96
    • +0
    • -489
    • +0
  1. … 184 more files in changeset.
Spelling fixes

  1. … 376 more files in changeset.
Avoid some charset lookups

Background info:

  1. … 48 more files in changeset.
Update to WildFly Security Manager 1.0.0.Final

  1. … 41 more files in changeset.
WFLY-2743 Fix up some other static references to the ServiceContainer

Also make sure that code access it in a privilidged block if appropriate

  1. … 26 more files in changeset.
add Principal to subject

Principal is only added to subject if we use RemotingConnectionCredential or when there is no Principal at all.

If we have valid principal we forget about it.

This causes to be broken.

I'm not sure if this fix is correct (we can always get Principal from callbackHandler in LoginModule).

Another question what to do with roles? (JbossCallbackHandler don't contain this information) and what to do with roles added in LoginModule

WFLY-2610 vault tool can take an external password

WFLY-2053 Add a JACC based AuthorizationManager to Undertow

  1. … 9 more files in changeset.
WFLY-2468 MappingModuleDefinition is incorrectly constructing the write-attribute handler

[WFLY-2476] Security transformer improvements and better test coverage

    • -10
    • +13
    • -58
    • +223
  1. … 11 more files in changeset.
[WFLY-2475] Fix marshalling of identity-trust's module

  1. … 3 more files in changeset.
[WFLY-2474] Fix name and marshalling of acl's module + add transformers

  1. … 4 more files in changeset.
WFLY-2108 Add module attribute to JASPI auth-modules, enabling configuration of custom auth-modules

    • -4
    • +14
  1. … 2 more files in changeset.
[WFLY-2141], catch InputMismatchException caused by non-integer input when interact with

WFLY-981 : Adding a SecurityInterceptor for Singleton beans for postconstruct methods. The security context on postcontruct methods in singleton is not propagating the security context.

  1. … 7 more files in changeset.
[WFLY-490] Add READ_WHOLE_CONFIG sensitivity classification to :read-config-as-xml

  1. … 3 more files in changeset.
[WFLY-490][WFLY-1844] Add MISC-SECURITY sensitivity classification to deep-copy-subject-mode

[WFLY-490] / [WFLY-1820] Record and report where sensitivity and application constraints are used

  1. … 41 more files in changeset.
i18n of VaultTool messages and prompts.

    • -0
    • +432
[WFLY-567] / [WFLY-490] Update the security realm based services to provide 'ServiceUtil' implementations that can be used to provide service names based on a realm name and also to set dependencies.

Enable the use of the 'ServiceUtil' classes across WildFly.

  1. … 42 more files in changeset.
[WFLY-490] [WFLY-2005] [WFLY-2010] Don't reject 'add' ops due to non-configured, non-required attributes. Don't reject 'remove' ops based on attribute constraints.

  1. … 34 more files in changeset.
[WFLY-490] Move the controller module RBAC mgmt API classes into one package

  1. … 148 more files in changeset.
[WFLY-490] [WFLY-1936] RBAC Management API version changes

  1. … 12 more files in changeset.
WFLY-1575 : Since all jsse attributes are optionnal, checking that we only look for a password if a trustore or a keystore is defined. Checking also that adding a jsse element through the cli can't be empty. Adding some tests for parsing and cli usage.

    • -2
    • +45
  1. … 10 more files in changeset.
[WFLY-456] Audit Logging - squashed the below commits since master has changed so much

[WFLY-456] Minor OperationContext impl cleanups

[WFLY-456] Bring in John Bailey's audit log classes

[WFLY-456] Add real audit loggers into the model controllers; integrate management handlers

[WFLY-456] Log the full set of information

[WFLY-456] Fix problems from rebase

[WFLY-456] Use SecurityContext when invoking JMX methods via remoting

[WFLY-456] Move core security classes into own module

[WFLY-456] Rework things and make the controller logger work

[WFLY-456] Include the access mechanism in the log, move some more classes to core-security

[WFLY-456] Make audit logger available to JMX

[WFLY-456] Pluggable MBeanServer delegate to audit logger, and loads of exception handling

[WFLY-456] Jmx audit log proxy

[WFLY-456] Separate the configuration for the core controller and jmx audit logs

[WFLY-456] Set the booting flag in the jmx layer

[WFLY-456] Integrate audit logging resource and ops into JMX extension so it can be configured there

[WFLY-456] Correct copyright notices in my new files

[WFLY-456] fix problems from rebase

[WFLY-456] Get rid of the original hashing implementation

[WFLY-456] Add missing originalResultTxControl from rebase

[WFLY-456] Add config for appenders

[WFLY-456] Basic file appender and json formatter. The output needs cleaning up and everything is currently hardcoded

[WFLY-456] Back up the previous log file. Basic syslog appender (awaiting the improved logmanager SyslogHandler)

[WFLY-456] Use the org.wildfly:wildfly-xxx names. Start configuring file appenders

[WFLY-456] Configure model for syslog appender

[WFLY-456] Log audit log records for ParallelBootOperationContext and ReadOnlyContext

[WFLY-456] Make whether to log on boot configurable

[WFLY-456] Be able to add/remove appender references at runtime and update the appenders at runtime

[WFLY-456] Add boot-log to jmx audit-log as well and update xsd's for both core and jmx

[WFLY-456] Make additive changes to appenders take effect right away, and delay changes/removals until the current audit record has been written

[WFLY-456] Add schema support and parsing for managed server path overrides, and clean up the handlers

[WFLY-456] Use 'handler' rather than 'appender'

[WFLY-456] Pass in audit log operations to managed servers on boot

[WFLY-456] Separate handler chains for host and managed server audit logs

[WFLY-456] i18n and get rid of code no longer needed

[WFLY-456] Fix problems from rebase, revisit security after moved WildFlySecurityManager

[WFLY-456] Flesh out the syslog handler, tried with UDP

[WFLY-456] Start testing the handlers and ops

[WFLY-456] Set up proper syslog host and app names

[WFLY-456] More tests

[WFLY-456] Complete renaming appender->handler. Really

[WFLY-456] Nicer separate configuration for JMX

[WFLY-456] Better testing for enabled and log-read-only audit log write attribute handlers

[WFLY-456] Separate handlers for JMX subsystem audit logging, and tests

[WFLY-456] Maintan a failure count per appender

[WFLY-456] Configure the json formatter and reference from the audit log handlers

Expose 'max-length' and 'truncate' for the syslog handler

[WFLY-456] Make audit logging work in admin-only mode

Fix bug not enabling the appender in domain mode

[WFLY-456] Fixes to tls syslog handler having tried it out against rsyslog

[WFLY-456] don't enable log by default

[WFLY-456] Test jmx audit log transformation

[WFLY-456] Test audit logging in testsuite

[WFLY-456] Move new i18n bits into domain-management, rather than using the ones from controller

[WFLY-456] Recycle handler operation, make max-failure-count configurable per handler, expose runtime attributes for handler failure counts

[WFLY-456] Use strings instead of byte[] for the formatters for now. We can revisit the byte[] part if more tamper detecting formatters are used in the future

[WFLY-456] Use platform independent line terminator

[WFLY-456] Changes to work with latest logmanager following a squash

  1. … 205 more files in changeset.
New security vault implementation is not using shared keys anymore. References removed.

WFLY-1809 Remove usage of deprecated Infinispan API from the security subsystem

New implementation of SecurityVault requires different message to user of how to create vault keystore.

[WFLY-490] Configure application type constraints

  1. … 19 more files in changeset.