[JBoss JIRA] (AS7-5332) vault util requests a URL but expects an absolute path.
by Darran Lofthouse (JIRA)
Darran Lofthouse created AS7-5332:
-------------------------------------
Summary: vault util requests a URL but expects an absolute path.
Key: AS7-5332
URL: https://issues.jboss.org/browse/AS7-5332
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.2.Final (EAP)
Reporter: Darran Lofthouse
Assignee: Anil Saldhana
The vault utility asks for a URL to the keystore but then treats it as an absolute path: -
{code}
Enter Keystore URL:file:///home/darranl/tmp/vault/vault.keystore
Enter Keystore password:
Enter Keystore password again:
Values match
Enter 8 character salt:abcdefgh
Enter iteration count as a number (Eg: 44):13
Exception encountered:Keystore [file:///home/darranl/tmp/vault/vault.keystore] doesn't exist.
{code}
Also is there really a need to take the password twice? That is normally used on setting a new password to ensure it is set correctly, in this case the password could easily be verified against the keystore.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
11 years, 10 months
[JBoss JIRA] (AS7-5156) Management doesn't work with vaulted passwords in security realm correctly
by Andy Goldstein (JIRA)
Andy Goldstein created AS7-5156:
-----------------------------------
Summary: Management doesn't work with vaulted passwords in security realm correctly
Key: AS7-5156
URL: https://issues.jboss.org/browse/AS7-5156
Project: Application Server 7
Issue Type: Bug
Affects Versions: 7.1.2.Final (EAP)
Reporter: Andy Goldstein
I've been trying to get a vaulted password working with the management interface (e.g. http://localhost:9990), but it isn't working for me. I've tried EAP 6 and I've also built the latest from the 7.1 git branch locally, and neither is successful.
I think I've narrowed it down to the unmaskUsersPasswords method in org.jboss.as.domain.management.security.SecurityRealmAddHandler. It looks like when the for loop gets the list of properties to iterate through via users.get(USER).asPropertyList(), I think it's actually cloning each individual property. This means the property loop variable is essentially thrown away after looping, and the users variable remains unmodified. I have stepped through the debugger and can see the vault correctly decrypting my password, but when this method exits, it is no longer decrypted.
I'd be happy to provide sample configuration files if necessary. Please let me know if you need more information.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
11 years, 10 months