[
https://issues.jboss.org/browse/AS7-5156?page=com.atlassian.jira.plugin.s...
]
Andy Goldstein commented on AS7-5156:
-------------------------------------
Hi Darran, in standalone.xml I basically had a section like this:
{code:xml}
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local"/>
<users>
<user username="agoldstein">
<password>${VAULT::users::agoldstein::MjEyYmRhNGItYTE3ZS00NjljLTllMTctMDY4YjJmOWJiMDYzTElORV9CUkVBS3ZhdWx0}</password>
</user>
</users>
</authentication>
</security-realm>
{code}
If I try to log in to the admin console (port 9990), instead of using the vault, it
actually requires me to type in ${VAULT::users....}.
Management doesn't work with vaulted passwords in security realm
correctly
--------------------------------------------------------------------------
Key: AS7-5156
URL:
https://issues.jboss.org/browse/AS7-5156
Project: Application Server 7
Issue Type: Bug
Components: Domain Management, Security
Affects Versions: 7.1.2.Final (EAP)
Reporter: Andy Goldstein
Assignee: Darran Lofthouse
Fix For: 7.1.3.Final (EAP), 7.2.0.Alpha1
I've been trying to get a vaulted password working with the management interface
(e.g.
http://localhost:9990), but it isn't working for me. I've tried EAP 6 and
I've also built the latest from the 7.1 git branch locally, and neither is
successful.
I think I've narrowed it down to the unmaskUsersPasswords method in
org.jboss.as.domain.management.security.SecurityRealmAddHandler. It looks like when the
for loop gets the list of properties to iterate through via
users.get(USER).asPropertyList(), I think it's actually cloning each individual
property. This means the property loop variable is essentially thrown away after looping,
and the users variable remains unmodified. I have stepped through the debugger and can
see the vault correctly decrypting my password, but when this method exits, it is no
longer decrypted.
I'd be happy to provide sample configuration files if necessary. Please let me know
if you need more information.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira