-
Bug
-
Resolution: Done
-
Blocker
-
None
-
None
Credential store reload operation doesn't have effect in dependent resources.
When we have keystore which obtains password from credential store, we change on file system backed storage file which contains wrong password to keystore and reload it. Credential store is right state, but keystore still works.
There is expected fail.
How to reproduce
For simplifying we only update value in credential store and reload it (it should work too JBEAP-6614).
In my opinion is there same problem and solving one will solve both problems.
/subsystem=elytron/credential-store=cs001:add(uri="cr-store://cs001.jceks?create=true", relative-to="jboss.server.data.dir", credential-reference={clear-text=pass123}) /subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=Elytron) /subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff} this command show all aliases /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias)
Now we change keystore password to wrong and reload credential store
OR
You can replace storage file which contains wrong password to keystore and call RELOAD command only
/subsystem=elytron/credential-store=cs001/alias=ff:remove /subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=ElytronWrong) /subsystem=elytron/credential-store=cs001:reload
This command wrongly prints all aliases
/subsystem=elytron/key-store=firefly:read-children-names(child-type=alias)
We expect error message about wrong password to access to keystore
- clones
-
JBEAP-10650 Credential store reload operation doesn't have effect in dependent resources.
- Closed