Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6614

Credential-reference(alias=) should be resolved in time of request.

    XMLWordPrintable

Details

    • Hide
      • firefly.keystore and credentialstore.jceks which are attached copy to eap_home/standalone/data/cs.
      • run EAP server
        ./bin/standalone.sh
      • run CLI
        ./bin/jboss-cli.sh -c
        if applicaple add Elytron extension and Elytron subsystem and reload server
        /extension=org.wildfly.extension.elytron:add()
        /subsystem=elytron:add()
        reload
      • /subsystem=elytron/credential-store=credStore2:add(uri="cr-store://test/cs/credentialstore.jceks?store.password=pass123;key.password=pass456"
      • /subsystem=elytron/credential-store=credStore2/alias=ffWithWrongPass:add(secret-value=ElytronWrongPass)
      • /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass}

        )

      Show
      firefly.keystore and credentialstore.jceks which are attached copy to eap_home/standalone/data/cs. run EAP server ./bin/standalone.sh run CLI ./bin/jboss-cli.sh -c if applicaple add Elytron extension and Elytron subsystem and reload server /extension=org.wildfly.extension.elytron:add() /subsystem=elytron:add() reload /subsystem=elytron/credential-store=credStore2:add(uri="cr-store://test/cs/credentialstore.jceks?store.password=pass123;key.password=pass456" /subsystem=elytron/credential-store=credStore2/alias=ffWithWrongPass:add(secret-value=ElytronWrongPass) /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass} )

    Description

      Credential-reference should be resolved in time of request - in this case the alias which contains wrong password in CredentialStore (we can change it later to right password...).

      If I add credential reference with alias which contains wrong password then I get this error:

      {
        "outcome" => "failed",                                                                                           
        "failure-description" => {                                                                                       
            "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fireflyWrong" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fireflyWrong: WFLYELY00004: Unable to start the service.      
        Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect                            
        Caused by: java.security.UnrecoverableKeyException: Password verification failed"},                              
            "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fireflyWrong"], 
            "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined                                   
        },                                                                                                               
        "rolled-back" => true                                                                                            
    }

      When I reload server then same command pass!
      But I nowhere got information about reload-required

      /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass})

      Attachments

        Issue Links

          blocks

          Tracker - Issue tracking a bug fix or improvement in another component JBEAP-8571 CredentialStore issues

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          clones

          Bug - A problem that impairs or prevents the functions of the product. ELY-678 Credential-reference(alias=) should be resolved in time of request.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10650 Credential store reload operation doesn't have effect in dependent resources.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6788 Elytron key-store with WrongPassword is replace with zero size file when I process "store" operation over CLI.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6615 Credential-reference(store=...) should be resolved in time of request.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: