[jboss-jira] [JBoss JIRA] (AS7-4180) Ensure expressions are supported for messaging attributes that should be encrypted

Brian Stansberry (JIRA) jira-events at lists.jboss.org
Wed Mar 14 21:53:47 EDT 2012 

     [ https://issues.jboss.org/browse/AS7-4180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Stansberry updated AS7-4180:
----------------------------------

    Summary: Ensure expressions are supported for messaging attributes that should be encrypted  (was: Ensure expressions are supported for attributes that should be encrypted)

    
> Ensure expressions are supported for messaging attributes that should be encrypted
> ----------------------------------------------------------------------------------
>
>                 Key: AS7-4180
>                 URL: https://issues.jboss.org/browse/AS7-4180
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Domain Management, JMS
>    Affects Versions: 7.1.0.Final, 7.1.1.Final
>            Reporter: Brian Stansberry
>            Assignee: Jeff Mesnil
>            Priority: Critical
>             Fix For: 7.1.2.Final
>
>
> CommonAttributes.CLUSTER_PASSWORD needs to support expressions, so its value can be vault encoded and the encoded value can be resolved against the vault at runtime.
> Recommend changing:
> SimpleAttributeDefinition CLUSTER_PASSWORD = new SimpleAttributeDefinition("cluster-password",
>             new ModelNode().set(ConfigurationImpl.DEFAULT_CLUSTER_PASSWORD),  ModelType.STRING, true,
>             AttributeAccess.Flag.RESTART_ALL_SERVICES);
> to
> SimpleAttributeDefinition CLUSTER_PASSWORD = new SimpleAttributeDefinitionBuilder("cluster-password", ModelType.STRING, true)
>             .setAllowExpression(true)
>             .setDefaultValue(new ModelNode(ConfigurationImpl.DEFAULT_CLUSTER_PASSWORD))
>             .setRestartAllServices()
>             .build();
> A similar change should be made to CLUSTER_USER, not so much so the value can be read from the vault, but rather so a system property can be used, e.g. <cluster-user>${some.user.property}</cluster-user>
> I recommend looking at all the other config attributes and adding expression support where it makes sense. It's a must though for any password or other security sensitive value that users won't want stored in plain text. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list