Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10747

EAP server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

XMLWordPrintable

    • Hide
      /subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create=true, location=cstore001.jceks)  
      
      /subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123)
      
      /subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create=true, location=cstore002.jceks)  
      
      /subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987)
      

      Now we create another credential store with credential-reference to first credential store

      /subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create=true, location=cstore003.jceks)
      
      /subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001)
      

      List of aliases in this credential store

      /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias)
      {
          "outcome" => "success",
          "result" => {"alias001" => {}}
      }
      

      Now we change credential-reference to second credential store which contains under same alias "password" different value

      /subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002)
      {"outcome" => "success"}
      

      We have still access to credential store cstore003 with wrong password

      [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002)
      {"outcome" => "success"}
      [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias)
      {
          "outcome" => "success",
          "result" => {
              "alias001" => {},
              "alias002" => {}
          }
      }
      

      After reload everything works right.

      Show
      /subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create= true , location=cstore001.jceks) /subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123) /subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create= true , location=cstore002.jceks) /subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987) Now we create another credential store with credential-reference to first credential store /subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create= true , location=cstore003.jceks) /subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001) List of aliases in this credential store /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}} } Now we change credential-reference to second credential store which contains under same alias "password" different value /subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002) { "outcome" => "success" } We have still access to credential store cstore003 with wrong password [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002) { "outcome" => "success" } [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}, "alias002" => {} } } After reload everything works right.

      EAP server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

      In model is "restart-required" => "no-services" and credential-reference update operation ends with success message without any information about reload.

      allow-resource-service-restart=true header doesn't help.

      Unable to find source-code formatter for language: collapse. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      "credential-reference" => {
                      "type" => OBJECT,
                      "description" => "Credential reference to be used to create protection parameter.",
                      "expressions-allowed" => false,
                      "required" => true,
                      "nillable" => false,
                      "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
                      "value-type" => {
                          "store" => {
                              "type" => STRING,
                              "description" => "The name of the credential store holding the alias to credential.",
                              "expressions-allowed" => false,
                              "required" => false,
                              "nillable" => true,
                              "capability-reference" => "org.wildfly.security.credential-store",
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          },
                          "alias" => {
                              "type" => STRING,
                              "description" => "The alias which denotes stored secret or credential in the store.",
                              "expressions-allowed" => true,
                              "required" => false,
                              "nillable" => true,
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          },
                          "type" => {
                              "type" => STRING,
                              "description" => "The type of credential this reference is denoting.",
                              "expressions-allowed" => true,
                              "required" => false,
                              "nillable" => true,
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          },
                          "clear-text" => {
                              "type" => STRING,
                              "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
                              "expressions-allowed" => true,
                              "required" => false,
                              "nillable" => true,
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          }
                      },
                      "access-type" => "read-write",
                      "storage" => "configuration",
                      "restart-required" => "no-services"
                  },
      

            yborgess1@redhat.com Yeray Borges Santana
            hsvabek_jira Hynek Švábek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: