[Red Hat JIRA] (WFWIP-373) :resolve-expression does not resolve encrypted expressions

Friday, 19 February 2021

    [
https://issues.redhat.com/browse/WFWIP-373?page=com.atlassian.jira.plugin...
] 

Brian Stansberry commented on WFWIP-373:
----------------------------------------

Looking at ResolveExpressionHandler it's likely vault expressions would have the same
odd output, so this should become a WFCORE and isn't related to the credential-store
expression RFE, other than it manifests the existing issue too.

A likely fix is to resolve as it does now using ExpressionResolver.SIMPLE, and if the
result is different from the input, then resolve using the full-powered context. If that
result is different from the SIMPLE result, just send back the unresolved value, and use
OperationContext.addResponseWarning to note the situation. Failing is an option, but
that's somewhat a breaking change and probably not worth the hassle, at least not in
WF 23.

...
 :resolve-expression does not resolve encrypted expressions
 ----------------------------------------------------------

                 Key: WFWIP-373
                 URL: https://issues.redhat.com/browse/WFWIP-373
             Project: WildFly WIP
          Issue Type: Bug
          Components: Security
            Reporter: Ondrej Kotek
            Assignee: Darran Lofthouse
            Priority: Major

 The {{:resolve-expression}} operation does not resolve encrypted expressions.
 {noformat}
 [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:read-resource
 {
     "outcome" => "success",
     "result" => {
         "default-resolver" => "Default",
         "prefix" => "ENC",
         "resolvers" => [
             {
                 "name" => "Default",
                 "credential-store" => "credentialstorethree",
                 "secret-key" => "secretkey"
             },
             {
                 "name" => "resolver2",
                 "credential-store" => "credentialstorethree",
                 "secret-key" => "secretkey2"
             }
         ]
     }
 }
 [standalone@localhost:9990 /]
/subsystem=elytron/expression=encryption:create-expression(clear-text=CredentialStoreTwoPassword)
 {
     "outcome" => "success",
     "result" => {"expression" =>
"${ENC::RUxZAUMQHrI7PMuvU+0pJ9EgITJmFPWa9iIb5yZ6i9K3mtgnY2kLo3AIL4d/GIeo7GKzSkXB}"}
 }
 [standalone@localhost:9990 /]
:resolve-expression(expression="${ENC::RUxZAUMQHrI7PMuvU+0pJ9EgITJmFPWa9iIb5yZ6i9K3mtgnY2kLo3AIL4d/GIeo7GKzSkXB}")
 {
     "outcome" => "success",
     "result" =>
":RUxZAUMQHrI7PMuvU+0pJ9EgITJmFPWa9iIb5yZ6i9K3mtgnY2kLo3AIL4d/GIeo7GKzSkXB"
 }
 {noformat} 

--
This message was sent by Atlassian Jira
(v8.13.1#813001)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006