Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.ER2
Affects Version/s: 7.1.0.DR17
Component/s: Security, User Experience
Labels:
- eap71_priority

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

/subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create=true, location=cstore001.jceks)

/subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123)

/subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create=true, location=cstore002.jceks)

/subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987)

Now we create another credential store with credential-reference to first credential store

/subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create=true, location=cstore003.jceks)

/subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001)

List of aliases in this credential store

/subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success", "result" => {"alias001" => {}} }

Now we change credential-reference to second credential store which contains under same alias "password" different value

/subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002) {"outcome" => "success"}

We have still access to credential store cstore003 with wrong password

[standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success", "result" => { "alias001" => {}, "alias002" => {} } }

After reload everything works right.
Show
/subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create= true , location=cstore001.jceks) /subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123) /subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create= true , location=cstore002.jceks) /subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987) Now we create another credential store with credential-reference to first credential store /subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create= true , location=cstore003.jceks) /subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001) List of aliases in this credential store /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}} } Now we change credential-reference to second credential store which contains under same alias "password" different value /subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002) { "outcome" => "success" } We have still access to credential store cstore003 with wrong password [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002) { "outcome" => "success" } [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}, "alias002" => {} } } After reload everything works right.

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

EAP server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

In model is "restart-required" => "no-services" and credential-reference update operation ends with success message without any information about reload.

allow-resource-service-restart=true header doesn't help.

Unable to find source-code formatter for language: collapse. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml

"credential-reference" => {
                "type" => OBJECT,
                "description" => "Credential reference to be used to create protection parameter.",
                "expressions-allowed" => false,
                "required" => true,
                "nillable" => false,
                "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
                "value-type" => {
                    "store" => {
                        "type" => STRING,
                        "description" => "The name of the credential store holding the alias to credential.",
                        "expressions-allowed" => false,
                        "required" => false,
                        "nillable" => true,
                        "capability-reference" => "org.wildfly.security.credential-store",
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "alias" => {
                        "type" => STRING,
                        "description" => "The alias which denotes stored secret or credential in the store.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "type" => {
                        "type" => STRING,
                        "description" => "The type of credential this reference is denoting.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "clear-text" => {
                        "type" => STRING,
                        "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    }
                },
                "access-type" => "read-write",
                "storage" => "configuration",
                "restart-required" => "no-services"
            },

blocks

JBEAP-8571 CredentialStore issues

Resolved

is cloned by

WFCORE-2766 Application server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

Resolved

is incorporated by

JBEAP-11466 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta28

Closed

is related to

JBEAP-6939 Elytron allow-resource-service-restart=true handling

Closed

JBEAP-10741 Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"

Closed

JBEAP-6961 Elytron resources runtime updates without reload

Closed

(1 is related to)

Assignee:: Yeray Borges Santana

Reporter:: Hynek Švábek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017/05/04 8:01 AM

Updated:: 2024/09/02 4:10 PM

Resolved:: 2017/06/20 10:53 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates