Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-9069

[Fuse 7] Undertow unable to externalize strings containing password

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • fuse-7.1
    • fuse-7.0
    • Karaf, Undertow
    • None
    • % %
    • Hide

      Set these properties in etc/custom.properties or etc/config.properties - these are available as new BundleContextPropertyResolver(bundleContext)

      but these are still unencrypted !!

      Show
      Set these properties in etc/custom.properties or etc/config.properties - these are available as new BundleContextPropertyResolver(bundleContext) but these are still unencrypted !!
    • Fuse 7.1 Sprint 31, Fuse 7.1 Sprint 32

    Description

      Externalizing those parameters it doesn't works 

          <security-realm name="https">
        <w:server-identities>
            <w:ssl>
                <w:engine enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
                <w:keystore path="${karaf.etc}/certs/server.keystore" provider="JKS" alias="server"
                        keystore-password="${org.osgi.service.http.keystore.password}" key-password="${org.osgi.service.http.key-password}"
                        generate-self-signed-certificate-host="localhost" />
            </w:ssl>
        </w:server-identities>
        <w:authentication>
            <w:truststore path="${karaf.etc}/certs/server.truststore" provider="JKS" keystore-password="${org.osgi.service.http.truststore.password}" />
        </w:authentication>
    </security-realm>

      org.ops4j.pax.web.cfg :

      org.osgi.service.http.truststore.password=secret
org.osgi.service.http.key-password=secret
org.osgi.service.http.keystore.password=secret

      Some improvements should be done here:
      https://github.com/ops4j/org.ops4j.pax.web/blob/master/pax-web-undertow/src/main/java/org/ops4j/pax/web/service/undertow/internal/ServerControllerImpl.java#L386-L388

      Attachments

        Issue Links

          is related to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ENTESB-9132 Use Elytron Credential Store in custom PersistenceManager with new felix.configadmin 1.9.0

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          Web Link https://ops4j1.jira.com/browse/PAXWEB-1169 - Pass entire org.ops4j.pax.web PID configuration to property placeholder for undertow.xml parser

          Activity

            People

              ggrzybek Grzegorz Grzybek
              rhn-support-aboucham Abel Bouchama
              Vratislav Hais Vratislav Hais (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: