[jboss-jira] [JBoss JIRA] (AS7-5156) Management doesn't work with vaulted passwords in security realm correctly

Andy Goldstein (JIRA) jira-events at lists.jboss.org
Thu Aug 9 12:19:07 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-5156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710745#comment-12710745 ] 

Andy Goldstein commented on AS7-5156:
-------------------------------------

Hi Darran, in standalone.xml I basically had a section like this:

{code:xml}
<security-realm name="ManagementRealm">
    <authentication>
        <local default-user="$local"/>
        <users>
            <user username="agoldstein">
                <password>${VAULT::users::agoldstein::MjEyYmRhNGItYTE3ZS00NjljLTllMTctMDY4YjJmOWJiMDYzTElORV9CUkVBS3ZhdWx0}</password>
            </user>
        </users>
    </authentication>
</security-realm>
{code}

If I try to log in to the admin console (port 9990), instead of using the vault, it actually requires me to type in ${VAULT::users....}.
                
> Management doesn't work with vaulted passwords in security realm correctly
> --------------------------------------------------------------------------
>
>                 Key: AS7-5156
>                 URL: https://issues.jboss.org/browse/AS7-5156
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Domain Management, Security
>    Affects Versions: 7.1.2.Final (EAP)
>            Reporter: Andy Goldstein
>            Assignee: Darran Lofthouse
>             Fix For: 7.1.3.Final (EAP), 7.2.0.Alpha1
>
>
> I've been trying to get a vaulted password working with the management interface (e.g. http://localhost:9990), but it isn't working for me.  I've tried EAP 6 and I've also built the latest from the 7.1 git branch locally, and neither is successful.
> I think I've narrowed it down to the unmaskUsersPasswords method in org.jboss.as.domain.management.security.SecurityRealmAddHandler.  It looks like when the for loop gets the list of properties to iterate through via users.get(USER).asPropertyList(), I think it's actually cloning each individual property.  This means the property loop variable is essentially thrown away after looping, and the users variable remains unmodified.  I have stepped through the debugger and can see the vault correctly decrypting my password, but when this method exits, it is no longer decrypted.
> I'd be happy to provide sample configuration files if necessary.  Please let me know if you need more information.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list