Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10747

EAP server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

XMLWordPrintable

    • Hide 
      /subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create=true, location=cstore001.jceks)  

      /subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123)

      /subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create=true, location=cstore002.jceks)  

      /subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987)

      Now we create another credential store with credential-reference to first credential store

      /subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create=true, location=cstore003.jceks)

      /subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001)

      List of aliases in this credential store

      /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias)
{
    "outcome" => "success",
    "result" => {"alias001" => {}}
}

      Now we change credential-reference to second credential store which contains under same alias "password" different value

      /subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002)
{"outcome" => "success"}

      We have still access to credential store cstore003 with wrong password

      [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002)
{"outcome" => "success"}
[standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias)
{
    "outcome" => "success",
    "result" => {
        "alias001" => {},
        "alias002" => {}
    }
}

      After reload everything works right.

      Show
      /subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create= true , location=cstore001.jceks) /subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123) /subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create= true , location=cstore002.jceks) /subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987) Now we create another credential store with credential-reference to first credential store /subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create= true , location=cstore003.jceks) /subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001) List of aliases in this credential store /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}} } Now we change credential-reference to second credential store which contains under same alias "password" different value /subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002) { "outcome" => "success" } We have still access to credential store cstore003 with wrong password [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002) { "outcome" => "success" } [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}, "alias002" => {} } } After reload everything works right.

      EAP server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

      In model is "restart-required" => "no-services" and credential-reference update operation ends with success message without any information about reload.

      allow-resource-service-restart=true header doesn't help.

      Unable to find source-code formatter for language: collapse. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      "credential-reference" => {
                "type" => OBJECT,
                "description" => "Credential reference to be used to create protection parameter.",
                "expressions-allowed" => false,
                "required" => true,
                "nillable" => false,
                "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
                "value-type" => {
                    "store" => {
                        "type" => STRING,
                        "description" => "The name of the credential store holding the alias to credential.",
                        "expressions-allowed" => false,
                        "required" => false,
                        "nillable" => true,
                        "capability-reference" => "org.wildfly.security.credential-store",
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "alias" => {
                        "type" => STRING,
                        "description" => "The alias which denotes stored secret or credential in the store.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "type" => {
                        "type" => STRING,
                        "description" => "The type of credential this reference is denoting.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "clear-text" => {
                        "type" => STRING,
                        "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    }
                },
                "access-type" => "read-write",
                "storage" => "configuration",
                "restart-required" => "no-services"
            },

              yborgess1@redhat.com Yeray Borges Santana
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: