Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6614

Credential-reference(alias=) should be resolved in time of request.

XMLWordPrintable

    • Hide
      • firefly.keystore and credentialstore.jceks which are attached copy to eap_home/standalone/data/cs.
      • run EAP server
        ./bin/standalone.sh
      • run CLI
        ./bin/jboss-cli.sh -c
        if applicaple add Elytron extension and Elytron subsystem and reload server
        /extension=org.wildfly.extension.elytron:add()
        /subsystem=elytron:add()
        reload
      • /subsystem=elytron/credential-store=credStore2:add(uri="cr-store://test/cs/credentialstore.jceks?store.password=pass123;key.password=pass456"
      • /subsystem=elytron/credential-store=credStore2/alias=ffWithWrongPass:add(secret-value=ElytronWrongPass)
      • /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass}

        )

      Show
      firefly.keystore and credentialstore.jceks which are attached copy to eap_home/standalone/data/cs. run EAP server ./bin/standalone.sh run CLI ./bin/jboss-cli.sh -c if applicaple add Elytron extension and Elytron subsystem and reload server /extension=org.wildfly.extension.elytron:add() /subsystem=elytron:add() reload /subsystem=elytron/credential-store=credStore2:add(uri="cr-store://test/cs/credentialstore.jceks?store.password=pass123;key.password=pass456" /subsystem=elytron/credential-store=credStore2/alias=ffWithWrongPass:add(secret-value=ElytronWrongPass) /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass} )

      Credential-reference should be resolved in time of request - in this case the alias which contains wrong password in CredentialStore (we can change it later to right password...).

      If I add credential reference with alias which contains wrong password then I get this error:

      {
        "outcome" => "failed",                                                                                           
        "failure-description" => {                                                                                       
            "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fireflyWrong" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fireflyWrong: WFLYELY00004: Unable to start the service.      
        Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect                            
        Caused by: java.security.UnrecoverableKeyException: Password verification failed"},                              
            "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fireflyWrong"], 
            "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined                                   
        },                                                                                                               
        "rolled-back" => true                                                                                            
    }

      When I reload server then same command pass!
      But I nowhere got information about reload-required

      /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass})

            Unassigned Unassigned
            hsvabek_jira Hynek Švábek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: