[jboss-jira] [JBoss JIRA] (SECURITY-690) System property replacement mangles windows paths

Brian Stansberry (JIRA) jira-events at lists.jboss.org
Tue Aug 14 20:48:14 EDT 2012 

Brian Stansberry created SECURITY-690:
-----------------------------------------

             Summary: System property replacement mangles windows paths
                 Key: SECURITY-690
                 URL: https://issues.jboss.org/browse/SECURITY-690
             Project: PicketBox (JBoss Security and Identity Management)
          Issue Type: Bug
      Security Level: Public (Everyone can see)
    Affects Versions: PicketBox_4_0_12.Final
            Reporter: Brian Stansberry
            Assignee: Anil Saldhana
            Priority: Critical


PicketBoxSecurityVault is replacing all appearances of ":" in the KEYSTORE_URL and ENC_FILE_DIR with "::".  It is assuming the ":" is separator in system property replacement expression, but ":" is also a common character in a URL. Result is:

00:17:22,777 ERROR [org.jboss.as.controller.management-operation] JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: org.jboss.security.vault.SecurityVaultException: org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/ does not exist
	at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:115)
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.ParallelBootOperationStepHandler.execute(ParallelBootOperationStepHandler.java:161) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:397) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:284) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:211) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:175) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:191) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at org.jboss.as.server.ServerService.boot(ServerService.java:300)
	at org.jboss.as.server.ServerService.boot(ServerService.java:275)
	at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:156) [jboss-as-controller-7.1.3.Final-SNAPSHOT.jar:7.1.3.Final-SNAPSHOT]
	at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_31]
Caused by: org.jboss.as.server.services.security.VaultReaderException: org.jboss.security.vault.SecurityVaultException: org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/ does not exist
	at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:84)
	at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:113)
	... 14 more
Caused by: org.jboss.security.vault.SecurityVaultException: org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/ does not exist
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:195)
	at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:82)
	... 15 more
Caused by: org.jboss.security.vault.SecurityVaultException: PBOX000123: File or directory C::\development\java\jboss-as\testsuite\integration\basic/src/test/resources/security/ does not exist
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:173)
	... 16 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list