Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2917

Revisit allow, forbid and selector of sasl mechanisms in Elytron subsystem and client config file

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 3.0.0.Beta24
    • Fix Version/s: 3.0.0.Beta25
    • Component/s: Security
    • Labels:
      None

      Description

      There are some topics for revising in allow-all-mechanisms, allow-sasl-mechanisms, forbid-sasl-mechanisms and sasl-mechanism-selector of Elytron subsystem and client config file.

      1) Since selectors have been introduced in EAP 7.1.0.DR19 what is the reason for allow-all-mechanisms, allow-sasl-mechanisms and forbid-sasl-mechanisms? AFAIK they just provides the subset of configuration which can be set by sasl-mechanism-selector. It that case allow-all-mechanisms, allow-sasl-mechanisms and forbid-sasl-mechanisms can be completely removed from Elytron configuration because they just duplicates another configuration. Or they provide something which cannot be configured by selectors?

      2) These options are mutually exclusive in Elytron subsystem, but all of them can be configured together in Elytron client configuration file. There should be added some check for mutually exclusivity of these options in Elytron client configuration file.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  honza889 Jan Kalina
                  Reporter:
                  honza889 Jan Kalina
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: