by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Apr 26 19:04
    Neustradamus commented #37
  • Apr 26 13:30
    siepkes commented #37
  • Apr 26 11:25
    pavelhoral commented #37
  • Apr 20 10:33
    Neustradamus opened #37
  • Sep 18 2019 08:46
    pavelhoral commented #36
  • Sep 17 2019 10:36
    jefflks opened #36
  • Sep 09 2019 12:53
    Neustradamus opened #7
  • Sep 09 2019 12:53
    Neustradamus opened #6
  • Aug 30 2019 12:38
    karelmaxa review_requested #20
  • Aug 30 2019 12:38
    karelmaxa opened #20
  • Aug 30 2019 12:32
    karelmaxa opened #19
  • Aug 29 2019 11:21
    karelmaxa opened #6
  • Aug 29 2019 09:01
    karelmaxa edited #4
  • Aug 29 2019 09:01
    karelmaxa synchronize #4
  • Aug 29 2019 08:58
    karelmaxa opened #5
  • Aug 29 2019 07:15
    karelmaxa opened #70
  • Aug 28 2019 08:40

    karelmaxa on feature-69

    (compare)

  • Aug 28 2019 08:39

    karelmaxa on feature-69

    Update commons to 22.0.0-M1. Fi… (compare)

  • Aug 06 2019 07:59
    pavelhoral commented #43
  • Aug 06 2019 07:44
    RomainWilbert commented #43
Kortanul
@Kortanul
Yeah, we did. I don't remember running into this class cast issue before. Most of the issues we had in the other projects were that assertThat() takes an overload for Future now, in addition to assertThat(T), so it was ambiguous at compile time. I was able to resolve that; this runtime issue feels new
Pavel Horal
@pavelhoral
I remember (maybe it was on a different project) fixing a lot of generics when upgrading Mockito matcher functions.
anyList -> any or something like that
Kortanul
@Kortanul
Aha, that was on this project -- I remember that. I'll see if that's applicable here
Kortanul
@Kortanul
@siepkes or @pavelhoral I have a PR for fixing the JAX-RPC GPG sigs, if one of you can take a look: WrenSecurity/jax-rpc-ri#3
Sandro
@stonick
hi all, i'm just arrived and hope in someone help.
in wrenam, we (my crew) need to exclude query strings from policy url evaluation. Is there any method without write a custom authorization module ?
Pavel Horal
@pavelhoral
Not sure if I understand the question. You want to map URL with any query string to your policy?
Sandro
@stonick

we need to protect many applications, which urls can contains several "?" character and it's very difficult define resource policy for everyone.
Our question is:
It's possible define a policy resource that evaluate only the base url ignoring the query string ?

I hope you understood ... my english isn't not so perfect.

Pavel Horal
@pavelhoral
You can place * to match any query string.
*://*:*/*?*
Sandro
@stonick
yes, thi is the canonic method but, in several cases we have query strings that contains other '?' so we have to write policy resource as:
://:/??? and so on due to the "" wildcard doesn't include the "?" character
*://*:*/*?*?*?*
Pavel Horal
@pavelhoral
Is question mark even a valid character there? Shouldn't it be encoded?
Hm, RFC allows that - https://tools.ietf.org/html/rfc3986#section-3.4. So that might be a bug.
Pavel Horal
@pavelhoral
*://*:*/*?* should (in theory) match http://example.com/foo?bar?baz
Sandro
@stonick
in order:
1, To encode the '?' it's necessary an apache before the actual architecture because the AM agent intercepts the before all. We would avoid this.
  1. Your example match exactly with our problem ... doesn't match!!!

sorry ... somthing incomplete ...

  1. To encode the '?' it's necessary an apache before the actual architecture because the AM agent intercepts calls the before all. We would avoid this.

  2. Your example match exactly with our problem ... doesn't match!!!

Pavel Horal
@pavelhoral
I will need to check source code for this as I am not sure which component is responsible for this.
Sandro
@stonick
ok, thanks
we remain waiting hoping in a solution
Pavel Horal
@pavelhoral
I have created issue WrenSecurity/wrenam#44 . Unfortunatelly I need to work on a different project right now, but maybe someone else will pick it up from there.
Sandro
@stonick
Thank you
Jiří Špaček
@geostarling

hi wrens!

FYI, the wrensecurity.org domain expires on 2019-06-01:

Domain Name: WRENSECURITY.ORG
Registry Domain ID: D402200000002592295-LROR
Registrar WHOIS Server: whois.regtons.com
Registrar URL: http://subreg.cz
Updated Date: 2018-05-29T13:03:59Z
Creation Date: 2017-06-01T15:04:05Z
Registry Expiry Date: 2019-06-01T15:04:05Z
Registrar Registration Expiration Date:
Registrar: Gransy s.r.o.
Registrar IANA ID: 1505
Registrar Abuse Contact Email: abuse@regtons.com
Registrar Abuse Contact Phone: +420.734463373
Reseller:
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Whois protection, this company does not own this domain name s.r.o.
Registrant State/Province:
Registrant Country: CZ
Name Server: NS.GRANSY.COM
Name Server: NS2.GRANSY.COM
Name Server: NS4.GRANSY.COM
Name Server: NS3.GRANSY.COM
Name Server: NS5.GRANSY.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2019-05-24T09:10:25Z <<<
cc @pavelhoral
Pavel Horal
@pavelhoral
@geostarling No worries. It should be set up for autorenew :)
Michael Power
@dodtsair
The wrensecurity site says that ForgeRock is not involved in the wren suite's development. But when I go to wrenidm it mentions in the readme "The project is led by ForgeRock". So which is it?
Jasper Siepkes
@siepkes
@dodtsair There is no affiliation with ForgeRock. Thats probably something we didn't see. We welcome PR's!
Alessandro Zucchelli
@AleZucchelli93_twitter
image.png
Hi to everyone :)
I have an issue during the build of WrenAM.
I clone the branch wrenam-sustaining-13.5.x
but I have this error:
And this error
image.png
Can someone help me?
Pavel Horal
@pavelhoral
What command are you using for the build?
Also I don't understand why your maven tries to download AM dependencies from your custom (possibly mirror-of central) nexus repo. Those dependencies are in jfrog repo.
Alessandro Zucchelli
@AleZucchelli93_twitter
I use this command mvn -Dignore-artifact-sigs clean install
Can I have the jfrog url repos?
Pavel Horal
@pavelhoral
https://github.com/WrenSecurity/wrenam/blob/sustaining/13.5.x/pom.xml#L448
Alessandro Zucchelli
@AleZucchelli93_twitter
It ask me for the auth if I point to:
https://stash.forgerock.org/projects/OPENAM/repos/openam-sustaining/browse
Pavel Horal
@pavelhoral
Why Forgerock git repo?
Alessandro Zucchelli
@AleZucchelli93_twitter
It's write on https://github.com/WrenSecurity/wrenam/blob/sustaining/13.5.x/pom.xml#L448
Pavel Horal
@pavelhoral
image.png
Alessandro Zucchelli
@AleZucchelli93_twitter
Thanks.
I think I have a little problem with my client.
Can I have the correct URL for git clone?
Pavel Horal
@pavelhoral
Not sure what you mean... you have to clone the project from GitHub (https://github.com/WrenSecurity/wrenam.git), then switch to branch sustaining/13.5.x and mvn package or install it with JDK 8 (I don't think the build works with 11)
JFrog (maven) repo should work out of the box as that is what is configured inside pom.xml.
Alessandro Zucchelli
@AleZucchelli93_twitter
Thanks for your help.
Now I try to rebuild
Alessandro Zucchelli
@AleZucchelli93_twitter
I think I missing one step.
but I don't know were.
I have this error now
image.png
Pavel Horal
@pavelhoral
Seems like SSL error with JFrog. Check your system time and date.
The certificate is pretty fresh there (one week).
Alessandro Zucchelli
@AleZucchelli93_twitter
Thanks a lot Pavel :)
Have a good day