• last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
[SECURITY-797] Fixed a bug where the DatabaseRolesMappingProvider will attempt to use an empty result set if the rolesQuery returns an empty set. This causes the authentication attempt to fail.

[SECURITY-796] Fixed an issue where the LdapExtended login module does not handle a user that has a slash character in the uid

[BZ1050058] Adding Java Security Manager checks.
    • -0
    • +108
    ./config/SecurityConfiguration.java
    • -0
    • +9
    ./plugins/ClassLoaderLocatorFactory.java
    • -0
    • +4
    ./plugins/TransactionManagerLocator.java
    • -0
    • +8
    ./plugins/audit/JBossAuditManager.java
  1. … 8 more files in changeset.
Add cleanSubject() to JASPIServerAuthenticationManager
    • -0
    • +47
    ./plugins/auth/JASPIServerAuthenticationManager.java
  1. … 2 more files in changeset.
[SECURITY-780] Fixing {EXTC:timeout} detection problem.
  1. … 1 more file in changeset.
SECURITY-769 Port changes applied to picketbox-container
    • -6
    • +6
    ./auth/spi/AbstractServerLoginModule.java
SECURITY-777: Make static maps thread safe
    • -3
    • +4
    ./authorization/modules/AbstractAuthorizationModule.java
    • -24
    • +21
    ./config/parser/AuthenticationConfigParser.java
    • -2
    • +2
    ./config/parser/ModuleOptionParser.java
[SECURITY-771] Enable white-space in parameters for external password command
    • -1
    • +1
    ./auth/callback/LdapCallbackHandler.java
  1. … 5 more files in changeset.
SECURITY-759 Configuration problems that can result in an AuthException when getting the ServerAuthConfig or ServerAuthContext are now logged at ERROR level
    • -29
    • +71
    ./plugins/auth/JASPIServerAuthenticationManager.java
  1. … 4 more files in changeset.
Add support for the JACC '**' role (any authenticated user).
  1. … 2 more files in changeset.
SECURITY-753 Mask credentials when logging the LDAP connection environment
    • -1
    • +19
    ./auth/callback/LdapCallbackHandler.java
    • -1
    • +20
    ./auth/spi/LdapUsersLoginModule.java
  1. … 1 more file in changeset.
Fixed the registration logic in JBossAuthConfigFactory. Changed JASPIServerAuthenticationManager to store the AuthException in the security context
    • -119
    • +151
    ./auth/message/config/JBossAuthConfigFactory.java
    • -0
    • +3
    ./plugins/auth/JASPIServerAuthenticationManager.java
  1. … 7 more files in changeset.
Allow null value for AuthConfigProvider in the register methods to comply with the spec
    • -18
    • +14
    ./auth/message/config/JBossAuthConfigFactory.java
SECURITY-750 Changed DBUtils.getRolesSets() method to receive the TxManagerJNDIName as a parameter

    • -3
    • +10
    ./auth/spi/DatabaseCertLoginModule.java
    • -6
    • +6
    ./auth/spi/DatabaseServerLoginModule.java
SECURITY-751 Fixed message that would incorrectly report an invalid KeyStore type when the KeyStore URL is null

  1. … 1 more file in changeset.
[SECURITY-749] LdapExtLoginModule cannot cope with roles contains a slash - fixed
[WFLY-1668] Cache passwords from external source for LdapExtLoginModule doesn't work with {EXTC}

Call fixed.

SECURITY-731, SECURITY-732: JASPICallbackHandler now merges roles and subjects retrieved from Callbacks with those found in the underlying security context. Previous behavior was to override the security context completely
    • -11
    • +45
    ./auth/callback/JASPICallbackHandler.java
  1. … 1 more file in changeset.
[AS7-5737] Fixed referrals traversal for roles stored in LDAP referral.
[AS7-5737] allowReferralsForAuth option removed as we are not supporting username/password in referrals
[SECURITY-729] fixing logging in case of improper time out number is configured
  1. … 2 more files in changeset.
[SECURITY-729] Adding mechanism to cache passwords obtained from external sources supplied to login modules. Use {EXT} - non-cached, {EXTC[:timeout]} cached with optional expiration in milliseconds.
    • -0
    • +133
    ./ExternalPasswordCache.java
    • -0
    • +61
    ./PasswordCache.java
  1. … 4 more files in changeset.
Role-To-Roles mapping module added (PRODMGT-82)
    • -0
    • +124
    ./mapping/providers/DeploymentRoleToRolesMappingProvider.java
[JBPAPP6-1704] Changing default of allow empty passwords to false.
[AS7-5737] Changes to handle LDAP referrals correctly. Use javax.naming.referral=follow as login module option to have the smoothest behavior.

Set "allowReferralsForAuth" true|false for handling roles which reside in referral's tree.

    • -70
    • +121
    ./auth/spi/LdapExtLoginModule.java
[SECURITY-712] Added vault support in "bindCredential" option.
SECURITY-703 Change log level of failed login attemps to DEBUG
    • -1
    • +1
    ./auth/spi/AbstractServerLoginModule.java
    • -1
    • +1
    ./plugins/auth/JaasSecurityManagerBase.java
  1. … 2 more files in changeset.
SECURITY-665: Added passwordIsA1Hash option to the set of valid options in UsernamePasswordLoginModule
    • -2
    • +3
    ./auth/spi/UsernamePasswordLoginModule.java
JBPAPP6-1686 Consider the caller run-as identity when building the protection domain
    • -4
    • +21
    ./authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java