Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
[WFCORE-3995] Validate Sensitivity Classification attributes and tests.

    • -0
    • +38
    ./constraint/AbstractSensitivity.java
  1. … 8 more files in changeset.
[WFCORE-3995] Validate Sensitivity Classification attributes and tests.

    • -0
    • +38
    ./constraint/AbstractSensitivity.java
  1. … 8 more files in changeset.
[WFCORE-3455] Reduce lambda usage (controller)

  1. … 10 more files in changeset.
[WFCORE-2927] Share the AttributeAccess.Flag, OperationEntry.Flag and ModelTypeValidator.validTypes sets

  1. … 14 more files in changeset.
[WFCORE-2071] - Ignore unknown roles instead of throwing exception

[WFCORE-2293] Add additional sensitivity classifications and constraint definitions to be used for attributes referencing Elytron capabilities.

    • -0
    • +1
    ./constraint/SensitivityClassification.java
    • -0
    • +1
    ./management/SensitiveTargetAccessConstraintDefinition.java
  1. … 2 more files in changeset.
[WFCORE-2293] Add security classifications for references to Elytron capabilities.

    • -0
    • +3
    ./constraint/SensitivityClassification.java
    • -0
    • +3
    ./management/SensitiveTargetAccessConstraintDefinition.java
[WFCORE-2287] Withdraw the supplier when the service stops; guard against changes in volatile fields

    • -3
    • +5
    ./management/ManagementSecurityIdentitySupplier.java
  1. … 1 more file in changeset.
[WFCORE-2228] Convert legacy Subject reading and writing to work with a SecurityIdentity and InetAddress.

The protocol remains compatible with legacy hosts that may be managed by newer domain controllers, in that situation it will still be restored as a Subject.

    • -1
    • +5
    ./management/ManagementSecurityIdentitySupplier.java
  1. … 20 more files in changeset.
[WFCORE-2230] Associate the SecurityRealm name with the Principal of the SecurityIdentity for legacy realm integration and use for role mapping.

  1. … 3 more files in changeset.
[WFCORE-2182][JBEAP-8247] Use a single Pattern instance for the vaulted data format

(cherry picked from commit 592bd20fa36cffb8f8f769f18f849a2d09922a4c)

    • -5
    • +2
    ./constraint/SensitiveVaultExpressionConstraint.java
  1. … 3 more files in changeset.
[WFCORE-2182] Use a single Pattern instance for the vaulted data format

    • -5
    • +2
    ./constraint/SensitiveVaultExpressionConstraint.java
  1. … 3 more files in changeset.
[WFCORE-1842] Add a 'use-identity-roles' attribute to use an identities roles directly.

    • -4
    • +8
    ./management/WritableAuthorizerConfiguration.java
  1. … 12 more files in changeset.
[WFCORE-1948] Add a permission checked API for in-vm invocations of the management tier to allow use of SuperUser role.

    • -0
    • +113
    ./InVmAccess.java
    • -0
    • +78
    ./rbac/SecurityActions.java
  1. … 1 more file in changeset.
[WFCORE-610] Add resource definition so security domain and inflow security domains can be associated for management requests.

    • -2
    • +31
    ./management/ManagementSecurityIdentitySupplier.java
  1. … 25 more files in changeset.
[WFCORE-610] Add a 'null' check to ensure the AccessAuditContext did contain a SecurityIdentity so we can fall back to 'anonymous'.

    • -12
    • +15
    ./management/ManagementSecurityIdentitySupplier.java
[WFCORE-610] Changes to RoleMappingTestCase to cover unauthenticated users to now be 'anonymous'.

Rework will be required for true in-vm permissions.

  1. … 2 more files in changeset.
[WFCORE-610] / [WFCORE-1602] Switch to an Elytron defined SecurityIdentity for Management and JMX.

    • -0
    • +86
    ./management/ManagementSecurityIdentitySupplier.java
    • -0
    • +114
    ./management/SecurityActions.java
  1. … 37 more files in changeset.
[WFCORE-610] Update the OperationContext to return an Elytron SecurityIdentity, convert Caller to wrap a SecurityIdentity and deprecate it.

  1. … 15 more files in changeset.
Track the correct SensitivityClassification/ApplicationTypeConfig instance if a second one with the same key gets registered

    • -1
    • +15
    ./constraint/ApplicationTypeConstraint.java
    • -1
    • +15
    ./constraint/SensitiveTargetConstraint.java
    • -4
    • +5
    ./management/ApplicationTypeAccessConstraintDefinition.java
    • -4
    • +5
    ./management/SensitiveTargetAccessConstraintDefinition.java
  1. … 1 more file in changeset.
[JBEAP-2514] / [WFCORE-1135] Add a sensitive target access constraint to the new resource.

    • -0
    • +1
    ./constraint/SensitivityClassification.java
    • -0
    • +1
    ./management/SensitiveTargetAccessConstraintDefinition.java
  1. … 2 more files in changeset.
[WFCORE-1135] Add a sensitive target access constraint to the new resource.

    • -0
    • +1
    ./constraint/SensitivityClassification.java
    • -0
    • +1
    ./management/SensitiveTargetAccessConstraintDefinition.java
  1. … 2 more files in changeset.
[WFCORE-1028]: Poor handling of invalid roles.

Getting the authorization error passed to the handler so it can get back cleanly.

    • -0
    • +43
    ./rbac/UnknowRoleException.java
  1. … 3 more files in changeset.
[WFCORE-1068] Add a utility to throw a standard failure when management authorization is denied

  1. … 3 more files in changeset.
[WFCORE-696] Reduce PathAddress creation in access control checks

    • -0
    • +9
    ./permission/ManagementPermissionAuthorizer.java
[WFCORE-639] : ManagementPermissionAuthorizer is limited to the standard roles for its authorizeJmxOperation impl

Removing the JmxPermissionFactory as it has no real value.

Adding tests in domain mode.

Provide JMX-related data to RoleMapper for mapping JMX calls

Refactor PluggableMBeanServerImpl authz calls

Replace Impact EXTRA_SENSITIVE with CLASSLOADING as that more precisely describes the relevant impact

    • -0
    • +7
    ./constraint/ApplicationTypeConstraint.java
    • -0
    • +14
    ./constraint/ConstraintFactory.java
    • -0
    • +7
    ./constraint/HostEffectConstraint.java
    • -0
    • +7
    ./constraint/SensitiveTargetConstraint.java
    • -0
    • +21
    ./constraint/SensitiveVaultExpressionConstraint.java
    • -0
    • +7
    ./constraint/ServerGroupEffectConstraint.java
    • -1
    • +11
    ./constraint/TopRoleConstraint.java
    • -2
    • +9
    ./management/DelegatingConfigurableAuthorizer.java
  1. … 34 more files in changeset.
[WFCORE-573] Handle disappearance of resources in the middle of read ops

    • -0
    • +44
    ./ResourceNotAddressableException.java
  1. … 9 more files in changeset.
[WFCORE-504] Allow any server-group scoped role to read non-server host resources

    • -14
    • +29
    ./constraint/ServerGroupEffectConstraint.java
  1. … 2 more files in changeset.
WFCORE-135: replace jdk runtime permissions with controller runtime permissions, rework permission names to follow similar format

  1. … 11 more files in changeset.
WFCORE-58 Don't use toUpperCase() without specifying locale

  1. … 8 more files in changeset.