Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11448

Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.ER2
    • 7.1.0.DR19
    • Security
    • None

    Description

      Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.

      There must work these two scenarious:

      • User uses only clear-text password <credential-store-reference clear-text="pass123"/>
      • User uses password obtained from another credential store <credential-store-reference store="CS_STORE_NAME" alias="pwd"/> and both "store" and "alias" must be defined.

      I see problem in ElytronXmlParser [1], where is always used "storeName" and then "alias" to create new CredentialStoreCredentialSource(credentialStore, alias);

      How to reproduce

      • Please use files which are attached
      • set right path to cs.jceks in wildfly-config.xml
      • run EAP server
      • run client 
        [hsvabek@dhcp-10-40-5-166 bin]$ ./jboss-cli.sh -c -Dwildfly.config.url=wildfly-config.xml
java.lang.ExceptionInInitializerError: org.wildfly.client.config.ConfigXMLParseException: ELY09503: Credential store name "null" not defined
        at file:/home/hsvabek/securityworkspace/VERIFICATION/2017_06_08_wfly-config.xml/jboss-eap-7.1/bin/wildfly-config.xml:9:4: ELY09503: Credential store name "null" not defined
        at file:/home/hsvabek/securityworkspace/VERIFICATION/2017_06_08_wfly-config.xml/jboss-eap-7.1/bin/wildfly-config.xml:9:4

        When you set correct store to credential-store-reference, then you get error about "alias is required..."

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/1.1.0.Beta47/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java#L1569

      Attachments

        1. cs.jceks
          1 kB
        2. mgmt-users.properties
          1 kB
        3. standalone.xml
          25 kB
        4. wildfly-config.xml
          3 kB

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1238 Elytron client, wildfly-config.xml, User is not able to use credential-store-reference with clear-text password to access credential store. Store name and alias must be incorrectly defined.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11451 Elytron client, elytron-1_0.xsd, protection-parameter-credentials is incorrectly defined as client-credentials-type.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              thofman Tomas Hofman
              hsvabek_jira Hynek Švábek (Inactive)
              Hynek Švábek Hynek Švábek (Inactive)
              Hynek Švábek Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: