• last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
SECURITY-731, SECURITY-732: JASPICallbackHandler now merges roles and subjects retrieved from Callbacks with those found in the underlying security context. Previous behavior was to override the security context completely
  1. … 1 more file in changeset.
[AS7-5737] Fixed referrals traversal for roles stored in LDAP referral.
[AS7-5737] allowReferralsForAuth option removed as we are not supporting username/password in referrals
[SECURITY-729] fixing logging in case of improper time out number is configured
  1. … 2 more files in changeset.
[SECURITY-729] Adding mechanism to cache passwords obtained from external sources supplied to login modules. Use {EXT} - non-cached, {EXTC[:timeout]} cached with optional expiration in milliseconds.
    • -0
    • +133
    ./jboss/security/ExternalPasswordCache.java
    • -0
    • +61
    ./jboss/security/PasswordCache.java
  1. … 4 more files in changeset.
Role-To-Roles mapping module added (PRODMGT-82)
[JBPAPP6-1704] Changing default of allow empty passwords to false.
    • -1
    • +1
    ./jboss/security/auth/spi/LdapLoginModule.java
[AS7-5737] Changes to handle LDAP referrals correctly. Use javax.naming.referral=follow as login module option to have the smoothest behavior.

Set "allowReferralsForAuth" true|false for handling roles which reside in referral's tree.

    • -70
    • +121
    ./jboss/security/auth/spi/LdapExtLoginModule.java
[SECURITY-712] Added vault support in "bindCredential" option.
SECURITY-703 Change log level of failed login attemps to DEBUG
  1. … 2 more files in changeset.
SECURITY-665: Added passwordIsA1Hash option to the set of valid options in UsernamePasswordLoginModule
JBPAPP6-1686 Consider the caller run-as identity when building the protection domain
[SECURITY-708] - Long vault alias name causes "Vault Mismatch" at startup of AS7/EAP6

- fix + testcase

  1. … 4 more files in changeset.
JBPAPP-10300 Remove all class caches
  1. … 2 more files in changeset.
[SECURITY-638] security modules option check
    • -6
    • +31
    ./jboss/security/AltClientLoginModule.java
    • -7
    • +33
    ./jboss/security/ClientLoginModule.java
    • -10
    • +36
    ./jboss/security/auth/spi/LdapExtLoginModule.java
    • -7
    • +29
    ./jboss/security/auth/spi/LdapLoginModule.java
    • -1
    • +4
    ./jboss/security/auth/spi/ProxyLoginModule.java
    • -1
    • +5
    ./jboss/security/auth/spi/RunAsLoginModule.java
Revert change to Base64Utils
JBPAPP-10034: Remove logger call that caused infinite loop when security manager is enabled.
    • -4
    • +3
    ./jboss/security/jacc/DelegatingPolicy.java
Fixed the base64 char table according to RFC 2045
SECURITY-690: Fixed system property replacement on Windows
Fixed regressions in AS tests
Restore constants and methods used by the application server
    • -18
    • +38
    ./jboss/security/jacc/DelegatingPolicy.java
  1. … 1 more file in changeset.
SECURITY-680: fixed AbstractServerLM.commit() to only create a caller principal group if the call to getRoleSets() didn't do it first.
  1. … 1 more file in changeset.
SECURITY-660: converted picketbox to use i18n logging and exceptions
    • -2
    • +2
    ./jboss/crypto/digest/SHAInterleave.java
    • -2
    • +2
    ./jboss/crypto/digest/SHAReverseInterleave.java
    • -21
    • +12
    ./jboss/security/AltClientLoginModule.java
    • -40
    • +20
    ./jboss/security/ClientLoginModule.java
  1. … 221 more files in changeset.
[SECURITY-658] - fixed handling of backslash in propertie inserted to options using $\{..\}. \n- fix for handling default value separator in AS7 \(":" instead of "::" for PicketBox\).
check if a jboss module has been specified when instantiating the JASPI auth modules
Fix JASPICallbackHandler to add authenticated principal to Subject. Synchronize access to the identities set in SubjectInfo
  1. … 1 more file in changeset.
[SECURITY-638] login module option checks
    • -2
    • +12
    ./jboss/security/auth/spi/BaseCertLoginModule.java
    • -3
    • +14
    ./jboss/security/auth/spi/CertRolesLoginModule.java
    • -3
    • +21
    ./jboss/security/auth/spi/DisabledLoginModule.java
    • -2
    • +12
    ./jboss/security/auth/spi/IdentityLoginModule.java
    • -21
    • +24
    ./jboss/security/auth/spi/LdapExtLoginModule.java
    • -13
    • +26
    ./jboss/security/auth/spi/LdapLoginModule.java
    • -12
    • +19
    ./jboss/security/auth/spi/LdapUsersLoginModule.java
    • -2
    • +28
    ./jboss/security/auth/spi/ProxyLoginModule.java
    • -2
    • +29
    ./jboss/security/auth/spi/RunAsLoginModule.java
  1. … 5 more files in changeset.
[SECURITY-638] login module option checks
[SECURITY-650] parameter names are now printed and any j_password parameter is filtered out
SECURITY-648: files, streams need to be closed
    • -9
    • +16
    ./jboss/security/auth/spi/UsersLoginModule.java
    • -7
    • +36
    ./jboss/security/auth/spi/Util.java
    • -12
    • +50
    ./jboss/security/plugins/FilePassword.java
    • -10
    • +66
    ./jboss/security/plugins/TmpFilePassword.java
  1. … 3 more files in changeset.