Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-6125

Stuck server after invoking update-key-pair on filesystem-realm

XMLWordPrintable

      jboss-cli stops responding and server cannot be shut down when updating a key pair of a filesystem security realm in the following way:

      [standalone@localhost:9990 /] /subsystem=elytron/key-store=exampleKeystore:add(path=keystore, relative-to=jboss.server.config.dir, type=JKS, credential-reference={clear-text=secret})
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/key-store=exampleKeystore:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,distinguished-name="CN=localhost")
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/key-store=exampleKeystore:store()
      {
          "outcome" => "success",
          "result" => undefined
      }
      
      [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=exampleSecurityRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir, key-store=exampleKeystore, key-store-alias=localhost)
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=exampleSecurityRealm:add-identity(identity=user1)
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=exampleSecurityRealm:set-password(identity=user1, clear={password="passwordUser1"})
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=exampleSecurityRealm:add-identity-attribute(identity=user1, name=Roles, value=["Admin","Guest"])
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/security-domain=exampleSecurityDomain:add(default-realm=exampleSecurityRealm,permission-mapper=default-permission-mapper,realms=[{realm=exampleSecurityRealm}])
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/security-domain=exampleSecurityDomain:read-identity(name=user1)
      {
          "outcome" => "success",
          "result" => {
              "name" => "user1",
              "attributes" => {"Roles" => [
                  "Admin",
                  "Guest"
              ]},
              "roles" => [
                  "Guest",
                  "Admin"
              ]
          }
      }
      
      [standalone@localhost:9990 /] /subsystem=elytron/key-store=exampleKeystoreFSRealm:add(path=keystore, relative-to=jboss.server.config.dir, type=JKS, credential-reference={clear-text=secret})
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/key-store=exampleKeystoreFSRealm:generate-key-pair(alias=examplehost,algorithm=RSA,key-size=2048,validity=365,distinguished-name="CN=examplehost")
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/key-store=exampleKeystoreFSRealm:store()
      {
          "outcome" => "success",
          "result" => undefined
      }
      
      [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=exampleSecurityRealm:write-attribute(name=key-store, value=exampleKeystoreFSRealm)
      {
          "outcome" => "success",
          "response-headers" => {
              "operation-requires-reload" => true,
              "process-state" => "reload-required"
          }
      }
      
      [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=exampleSecurityRealm:write-attribute(name=key-store-alias, value=examplehost)
      {
          "outcome" => "success",
          "response-headers" => {
              "operation-requires-reload" => true,
              "process-state" => "reload-required"
          }
      }
      
      [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=exampleSecurityRealm:update-key-pair()
      

      When we reload before calling update-key-pair, the procedure works as expected.

            lvydra Lukas Vydra
            lvydra Lukas Vydra
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: