Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-14617

Subject private credentials have zeroes when passed to elytron-enabled datasource

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 24.0.0.Beta1
    • 22.0.1.Final, 23.0.0.Final
    • Security
    • None
    • Undefined

    Description

      We have a web application that uses via hibernate a datasource.

      This datasource is elytron-enabled.

       

      The problem that we face is that when we set our security domain to have a properties realm, Subject passed to DS connection info has correctly assigned in privCredentials property the user's password.

      When we change the realm to be an ldap realm, password characters stay the same regarding the length, but we see only zeroes.

       

      <datasource jndi-name="java:/devDS" pool-name="devDS">
 <connection-url>jdbc:postgresql://localhost:5432/testDB</connection-url>
 <driver>postgres</driver>
 <pool>
 <max-pool-size>100</max-pool-size>
 </pool>
 <security>
 <elytron-enabled>true</elytron-enabled>
 <authentication-context>test-authentication-context</authentication-context>
 </security>
 <validation>
 <check-valid-connection-sql>select 1</check-valid-connection-sql>
 <background-validation>false</background-validation>
 </validation>
 <timeout>
 <idle-timeout-minutes>5</idle-timeout-minutes>
 </timeout>
 </datasource>
      <authentication-client>
  <authentication-configuration name="test-authentication-configuration" security-  domaim="testSD" forwarding-mode="authentication"/>
  <authentication-context name="test-authentication-context">
     <match-rule authentication-configuration="test-authentication-configuration"/>
  </authentication-context>
</authentication-client>
      <security-domain name="testSD" default-realm="idmLR" permission-mapper="default-permission-mapper"> <realm name="idmLR" role-decoder="from-roles-attribute"/> </security-domain>
      <dir-context name="idmDC" url=our_ldap_url" principal="principal_query">
    <credential-reference clear-text="xxxxx"/>
</dir-context>

       

      <ldap-realm name="idmLR" dir-context="idmDC" direct-verification="true">
  <identity-mapping rdn-identifier="uid" search-base-dn="cn=users,cn=accounts,dc=internal,dc=net">
  <attribute-mapping>
 <attribute from="cn" to="Roles" filter="(member=uid={0},cn=users,cn=accounts,dc=internal,dc=net)" filter-base-dn="cn=groups,cn=accounts,dc=internal,dc=net"/>
    </attribute-mapping>
  </identity-mapping>
</ldap-realm>

       

       

      Attachments

        Issue Links

          is caused by

          Bug - A problem that impairs or prevents the functions of the product. ELY-2108 Subject private credentials have zeroes when passed to elytron-enabled datasource

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-14616 Subject private credentials have zeroes when passed to elytron-enabled datasource

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              djapal@gmail.com Apostolos Alexiadis (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: