7:48 p.m.
Brian Stansberry created SECURITY-690:
-----------------------------------------
Summary: System property replacement mangles windows paths
Key: SECURITY-690
URL: https://issues.jboss.org/browse/SECURITY-690
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: PicketBox_4_0_12.Final
Reporter: Brian Stansberry
Assignee: Anil Saldhana
Priority: Critical
PicketBoxSecurityVault is replacing all appearances of ":" in the KEYSTORE_URL
and ENC_FILE_DIR with "::". It is assuming the ":" is separator in
system property replacement expression, but ":" is also a common character in a
URL. Result is:
00:17:22,777 ERROR [org.jboss.as.controller.management-operation] JBAS014612: Operation
("add") failed - address: ([("core-service" =>
"vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --
org.jboss.as.server.services.security.VaultReaderException:
org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:115)
at
org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.ParallelBootOperationStepHandler.execute(ParallelBootOperationStepHandler.java:161)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:175)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:191)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at org.jboss.as.server.ServerService.boot(ServerService.java:300)
at org.jboss.as.server.ServerService.boot(ServerService.java:275)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:156)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_31]
Caused by: org.jboss.as.server.services.security.VaultReaderException:
org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84)
at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:113)
... 14 more
Caused by: org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:195)
at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82)
... 15 more
Caused by: org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:173)
... 16 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:50 p.m.
[
https://issues.jboss.org/browse/SECURITY-690?page=com.atlassian.jira.plug...
]
Brian Stansberry updated SECURITY-690:
--------------------------------------
Attachment: windows-fix.patch
Attached is a patch Tomaz Cerar prepared.
System property replacement mangles windows paths
-------------------------------------------------
Key: SECURITY-690
URL: https://issues.jboss.org/browse/SECURITY-690
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: PicketBox_4_0_12.Final
Reporter: Brian Stansberry
Assignee: Anil Saldhana
Priority: Critical
Attachments: windows-fix.patch
PicketBoxSecurityVault is replacing all appearances of ":" in the KEYSTORE_URL
and ENC_FILE_DIR with "::". It is assuming the ":" is separator in
system property replacement expression, but ":" is also a common character in a
URL. Result is:
00:17:22,777 ERROR [org.jboss.as.controller.management-operation] JBAS014612: Operation
("add") failed - address: ([("core-service" =>
"vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --
org.jboss.as.server.services.security.VaultReaderException:
org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:115)
at
org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.ParallelBootOperationStepHandler.execute(ParallelBootOperationStepHandler.java:161)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:175)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:191)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at org.jboss.as.server.ServerService.boot(ServerService.java:300)
at org.jboss.as.server.ServerService.boot(ServerService.java:275)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:156)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_31]
Caused by: org.jboss.as.server.services.security.VaultReaderException:
org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84)
at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:113)
... 14 more
Caused by: org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:195)
at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82)
... 15 more
Caused by: org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:173)
... 16 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:38 a.m.
[
https://issues.jboss.org/browse/SECURITY-690?page=com.atlassian.jira.plug...
]
Stefan Guilhen closed SECURITY-690.
-----------------------------------
Resolution: Done
Patch applied. Proceeding with a PicketBox release for AS7.
System property replacement mangles windows paths
-------------------------------------------------
Key: SECURITY-690
URL: https://issues.jboss.org/browse/SECURITY-690
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: PicketBox_4_0_12.Final
Reporter: Brian Stansberry
Assignee: Anil Saldhana
Priority: Critical
Attachments: windows-fix.patch
PicketBoxSecurityVault is replacing all appearances of ":" in the KEYSTORE_URL
and ENC_FILE_DIR with "::". It is assuming the ":" is separator in
system property replacement expression, but ":" is also a common character in a
URL. Result is:
00:17:22,777 ERROR [org.jboss.as.controller.management-operation] JBAS014612: Operation
("add") failed - address: ([("core-service" =>
"vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --
org.jboss.as.server.services.security.VaultReaderException:
org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:115)
at
org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.ParallelBootOperationStepHandler.execute(ParallelBootOperationStepHandler.java:161)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:175)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:191)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at org.jboss.as.server.ServerService.boot(ServerService.java:300)
at org.jboss.as.server.ServerService.boot(ServerService.java:275)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:156)
[jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_31]
Caused by: org.jboss.as.server.services.security.VaultReaderException:
org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84)
at
org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:113)
... 14 more
Caused by: org.jboss.security.vault.SecurityVaultException:
org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:195)
at
org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82)
... 15 more
Caused by: org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory
C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/
does not exist
at
org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:173)
... 16 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4461
days inactive
4461
days old
2 comments
2 participants
participants (2)
-
Brian Stansberry (JIRA) -
Stefan Guilhen (JIRA)