Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2182

RuntimeVaultReader should not throw SecurityException

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 3.0.0.Alpha20
    • None
    • Management
    • None

      RuntimeVaultReader is throwing SecurityException if it catches a SecurityVaultException from PicketBoxSecurityVault. But the causes of those SecurityVaultException are not really security breaches, they just reflect failed searches, or, less likely, incorrect vault setup.

      Converting these into SecurityException, which is a RuntimeException, means the vault lookup will fail the management op that triggered it in a way that overrides rollback-on-runtime-failure=false. But at least in the case of failed searches, this is no different than any other failed attempt to resolve an expression and should be treated as such.

      Perhaps the type of the getCause() value from the SecurityVaultException can be used to discriminate behavior between failed searches and other issues, or perhaps the distinction can be ignored.

      Here is an example of a failed search using EAP 6:

      12:46:34,830 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 27) JBAS014612: Operation ("enable") failed - address: ([
          ("subsystem" => "datasources"),
          ("data-source" => "xyzDS")
      ]): java.lang.SecurityException: JBAS013311: Security Exception
              at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:115)
              at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionString(ExpressionResolverImpl.java:319) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.ExpressionResolverImpl.parseAndResolve(ExpressionResolverImpl.java:228) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionStringRecursively(ExpressionResolverImpl.java:130) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:72) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:54) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:782) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:1002) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.ParallelBootOperationContext.resolveExpressions(ParallelBootOperationContext.java:351) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.AttributeDefinition$1.resolveExpressions(AttributeDefinition.java:338) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.AttributeDefinition.resolveValue(AttributeDefinition.java:402) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:361) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:335) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.connector.util.ModelNodeUtil.getResolvedStringIfSetOrGetDefault(ModelNodeUtil.java:33)
              at org.jboss.as.connector.subsystems.datasources.DataSourceModelNodeUtil.from(DataSourceModelNodeUtil.java:151)
              at org.jboss.as.connector.subsystems.datasources.DataSourceEnable.addServices(DataSourceEnable.java:183)
              at org.jboss.as.connector.subsystems.datasources.DataSourceEnable$1.execute(DataSourceEnable.java:102)
              at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:708) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:543) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:338) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:314) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:355) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_111]
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_111]
              at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
              at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.2.Final-redhat-1.jar:2.1.2.Final-redhat-1]
      Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.IllegalArgumentException: Null input buffer
              at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:297)
              at org.jboss.as.security.vault.RuntimeVaultReader.getValue(RuntimeVaultReader.java:141)
              at org.jboss.as.security.vault.RuntimeVaultReader.getValueAsString(RuntimeVaultReader.java:123)
              at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:113)
              ... 26 more
      Caused by: java.lang.IllegalArgumentException: Null input buffer
              at javax.crypto.Cipher.doFinal(Cipher.java:2161) [jce.jar:1.8.0_111]
              at org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134)
              at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293)
              ...
      

            bstansbe@redhat.com Brian Stansberry
            bstansbe@redhat.com Brian Stansberry
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: