Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Aug 06 07:59
    pavelhoral commented #43
  • Aug 06 07:44
    RomainWilbert commented #43
  • Apr 18 19:02
    siepkes commented #28
  • Apr 18 16:43
    Kortanul commented #30
  • Apr 18 16:41
    Kortanul labeled #32
  • Apr 18 16:41
    Kortanul edited #32
  • Apr 18 16:41
    Kortanul labeled #34
  • Apr 18 16:41
    Kortanul labeled #30
  • Apr 18 16:41
    Kortanul labeled #31
  • Apr 18 16:40
    Kortanul assigned #35
  • Apr 18 16:40
    Kortanul edited #10
  • Apr 18 16:40
    Kortanul edited #12
  • Apr 18 16:39
    Kortanul edited #16
  • Apr 18 16:39
    Kortanul edited #18
  • Apr 18 16:39
    Kortanul edited #17
  • Apr 18 16:39
    Kortanul edited #25
  • Apr 18 16:39
    Kortanul edited #26
  • Apr 18 16:39
    Kortanul edited #29
  • Apr 18 16:39
    Kortanul edited #35
  • Apr 18 16:38
    Kortanul edited #33
Mike Schwartz
@nynymike
I think we should patch this...
Pavel Horal
@pavelhoral
@nynymike The link leads to private repo I believe (got 404).
Mike Schwartz
@nynymike
oh sorry
The opendj bug is documented here:
https://bugster.forgerock.org/jira/browse/OPENDJ-2969
Pavel Horal
@pavelhoral
I thought you were talking about this one :)
I am facing the same issue on one project.
We will probably talk about this later today here.
Kortanul
@Kortanul
@nynymike @pavelhoral Looks like the fix for that issue is included in both our master branch and our 3.5 branch. For master, search for OPENDJ-2969 in this listing: https://github.com/WrenSecurity/wrends/commits/053e00fd901
3.5 is harder to track down because we don't have the commit history, just the source; but if FR's bugster is to be trusted (it usually is) then they shipped a fix for this issue in 3.5 and we have 3.5, so I assume we have it there too
Pavel Horal
@pavelhoral
Oh... I was kind of expecting that the fix it is not in our repo.
Kortanul
@Kortanul
If that's the issue number, looks like we have it. :)
My status for this week is that I'd like to finally get DS 3.5.x builds with Wren branding off my plate :) If @martincizek can help me out with the logo changes requested in November (either through the designer or by sending me the PSDs) I can handle that.
Kortanul
@Kortanul
Ran into an issue rebuilding AM 13.5 on my new machine -- looks like somehow I did not apply signatures to jaxrpc-impl when we published com.sun.xml.rpc:jaxrpc-spi:jar:1.1.4_01-wren1. Remedying that now
Pavel Horal
@pavelhoral
Martin is on vacation this week.
Kortanul
@Kortanul
Ok.
Pavel Horal
@pavelhoral
I guess he will respond next week.
Kortanul
@Kortanul
I will see if I can make do with what we have. I may have to do some font sleuthing to identify what font we used for the portion that needs correction
Not sure if you guys have a common place for files like this over at Orchitech? Was wondering if maybe Martin stashed them somewhere you guys can access
Pavel Horal
@pavelhoral
I can check our GDrive.
Kortanul
@Kortanul
That would be awesome. Please let me know what you find
Pavel Horal
@pavelhoral
I will PM you.
Kortanul
@Kortanul
Thanks
In other news, I'm working with a client that is interested in using OpenIG. I dusted off our copy of IG and worked on getting it to build but there are some test failures related to Mockito upgrades that will need some attention. Basically the tests are checking that an object is an instance of a specific type; it's failing because it's a CGLib mock instead.
Pavel Horal
@pavelhoral
I think we did the same upgrade in other projects.
Kortanul
@Kortanul
Yeah, we did. I don't remember running into this class cast issue before. Most of the issues we had in the other projects were that assertThat() takes an overload for Future now, in addition to assertThat(T), so it was ambiguous at compile time. I was able to resolve that; this runtime issue feels new
Pavel Horal
@pavelhoral
I remember (maybe it was on a different project) fixing a lot of generics when upgrading Mockito matcher functions.
anyList -> any or something like that
Kortanul
@Kortanul
Aha, that was on this project -- I remember that. I'll see if that's applicable here
Kortanul
@Kortanul
@siepkes or @pavelhoral I have a PR for fixing the JAX-RPC GPG sigs, if one of you can take a look: WrenSecurity/jax-rpc-ri#3
Sandro
@stonick
hi all, i'm just arrived and hope in someone help.
in wrenam, we (my crew) need to exclude query strings from policy url evaluation. Is there any method without write a custom authorization module ?
Pavel Horal
@pavelhoral
Not sure if I understand the question. You want to map URL with any query string to your policy?
Sandro
@stonick

we need to protect many applications, which urls can contains several "?" character and it's very difficult define resource policy for everyone.
Our question is:
It's possible define a policy resource that evaluate only the base url ignoring the query string ?

I hope you understood ... my english isn't not so perfect.

Pavel Horal
@pavelhoral
You can place * to match any query string.
*://*:*/*?*
Sandro
@stonick
yes, thi is the canonic method but, in several cases we have query strings that contains other '?' so we have to write policy resource as:
://:/??? and so on due to the "" wildcard doesn't include the "?" character
*://*:*/*?*?*?*
Pavel Horal
@pavelhoral
Is question mark even a valid character there? Shouldn't it be encoded?
Hm, RFC allows that - https://tools.ietf.org/html/rfc3986#section-3.4. So that might be a bug.
Pavel Horal
@pavelhoral
*://*:*/*?* should (in theory) match http://example.com/foo?bar?baz
Sandro
@stonick
in order:
1, To encode the '?' it's necessary an apache before the actual architecture because the AM agent intercepts the before all. We would avoid this.
  1. Your example match exactly with our problem ... doesn't match!!!

sorry ... somthing incomplete ...

  1. To encode the '?' it's necessary an apache before the actual architecture because the AM agent intercepts calls the before all. We would avoid this.

  2. Your example match exactly with our problem ... doesn't match!!!

Pavel Horal
@pavelhoral
I will need to check source code for this as I am not sure which component is responsible for this.
Sandro
@stonick
ok, thanks
we remain waiting hoping in a solution
Pavel Horal
@pavelhoral
I have created issue WrenSecurity/wrenam#44 . Unfortunatelly I need to work on a different project right now, but maybe someone else will pick it up from there.
Sandro
@stonick
Thank you
Jiří Špaček
@geostarling

hi wrens!

FYI, the wrensecurity.org domain expires on 2019-06-01:

Domain Name: WRENSECURITY.ORG
Registry Domain ID: D402200000002592295-LROR
Registrar WHOIS Server: whois.regtons.com
Registrar URL: http://subreg.cz
Updated Date: 2018-05-29T13:03:59Z
Creation Date: 2017-06-01T15:04:05Z
Registry Expiry Date: 2019-06-01T15:04:05Z
Registrar Registration Expiration Date:
Registrar: Gransy s.r.o.
Registrar IANA ID: 1505
Registrar Abuse Contact Email: abuse@regtons.com
Registrar Abuse Contact Phone: +420.734463373
Reseller:
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Whois protection, this company does not own this domain name s.r.o.
Registrant State/Province:
Registrant Country: CZ
Name Server: NS.GRANSY.COM
Name Server: NS2.GRANSY.COM
Name Server: NS4.GRANSY.COM
Name Server: NS3.GRANSY.COM
Name Server: NS5.GRANSY.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2019-05-24T09:10:25Z <<<
cc @pavelhoral
Pavel Horal
@pavelhoral
@geostarling No worries. It should be set up for autorenew :)