Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9945

Elytron, be consistent with legacy for misconfigured kerberos authentication of http management interface

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.ER2
    • 7.1.0.DR15
    • Security
    • None

    Description

      Intention on legacy security realm is tracked by JBEAP-8563:

      • If this is the only mechanism enabled then 500 is the correct status code
      • however if a fallback mechanism was also enabled then that mechanism should be able to challenge with a HTTP 401 status code.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1256 Make SPNEGO mechanism fail quickly.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-11459 Upgrade WildFly Elytron to 1.1.0.Beta54

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8563 Legacy Kerberos for management interface returns 500 instead of 401

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10254 Elytron, SPNEGO in deployment exceptional states handling, 500 should be returned

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-12057 IBM java, 401 is returned instead of 403, when client send invalid ticket

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: