Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.DR16
Affects Version/s: 7.1.0.DR13
Component/s: Mail, Security
Labels:

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/1543
Steps to Reproduce:
Hide

Start EAP

deploy attached deployment

create credentials store => /subsystem=elytron/credential-store=mail-credential-store:add(uri="cr-store://test/mail-credential-store?keyStoreType=JCEKS;modifiable=true;create=true", relative-to=jboss.server.data.dir, credential-reference={clear-text=clear-text-value-passdlfkj4})

create mail session => /subsystem=mail/mail-session=aaa:add(jndi-name="java:jboss/mail/aaa")

create mail server pointing to the credential reference without provided alias => /subsystem=mail/mail-session=aaa/server=smtp:add(outbound-socket-binding-ref=mail-smtp, credential-reference={store=mail-credential-store}, username=aaa)

request password authentization on the mail session and check used password, for this you can use attached application and doing request e.g. via curl => curl -i 'http://localhost:8080/mail_server_attributes/mailPassword.jsp?jndiName=java:jboss/mail/aaa&protocol=smtp'

You should get no password => application returning FAIL, but instead you get "undefined"
Show
Start EAP deploy attached deployment create credentials store => /subsystem=elytron/credential-store=mail-credential-store:add(uri="cr-store://test/mail-credential-store?keyStoreType=JCEKS;modifiable=true;create=true", relative-to=jboss.server.data.dir, credential-reference={clear-text=clear-text-value-passdlfkj4}) create mail session => /subsystem=mail/mail-session=aaa:add(jndi-name="java:jboss/mail/aaa") create mail server pointing to the credential reference without provided alias => /subsystem=mail/mail-session=aaa/server=smtp:add(outbound-socket-binding-ref=mail-smtp, credential-reference={store=mail-credential-store}, username=aaa) request password authentization on the mail session and check used password, for this you can use attached application and doing request e.g. via curl => curl -i 'http://localhost:8080/mail_server_attributes/mailPassword.jsp?jndiName=java:jboss/mail/aaa&protocol=smtp' You should get no password => application returning FAIL, but instead you get "undefined"

SFDC Cases Counter:
SFDC Cases Links:

When using credential-reference pointing only to store without password, it results in using password "undefined"

As providing password which is incorrect one is very bad from security point of view, marking as blocker for GA.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

mail_server_attributes.war
7 kB
2017/03/02 10:46 AM

blocks

JBEAP-8571 CredentialStore issues

Resolved

is cloned by

WFLY-8406 Referencing credential store from mail subsystem without alias results in returned password "undefined"

Closed

Assignee:: Martin Stefanko

Reporter:: Radim Hatlapatka (Inactive)

Tester:: Hynek Švábek (Inactive)

QA Contact:: Hynek Švábek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/03/02 10:54 AM

Updated:: 2020/09/14 5:39 AM

Resolved:: 2017/03/21 9:30 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates