[jboss-jira] [JBoss JIRA] (WFLY-3789) Vault cannot be initialized with external password provided by CLASS

Filip Bogyai (JIRA) issues at jboss.org
Thu Aug 28 05:22:59 EDT 2014 

Filip Bogyai created WFLY-3789:
----------------------------------

             Summary: Vault cannot be initialized with external password provided by CLASS 
                 Key: WFLY-3789
                 URL: https://issues.jboss.org/browse/WFLY-3789
             Project: WildFly
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
            Reporter: Filip Bogyai
            Assignee: Darran Lofthouse


When vault is configured to use external password obtained from CLASS, e.g. :{code:xml} <vault-option name="KEYSTORE_PASSWORD" value="{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password"/>  {code}

WildFly is unable to start, because of ClassNotFoundException: 
{code}
11:00:40,696 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: WFLYSRV0076: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception:
	at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:88) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:657) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:498) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:299) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:294) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1072) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:375) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:297) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.server.ServerService.boot(ServerService.java:373) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.server.ServerService.boot(ServerService.java:348) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:259) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
Caused by: org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception:
	at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:99) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT]
	at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:86) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	... 12 more
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:97) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT]
	... 13 more
Caused by: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab 
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:213) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.security.Util.invokePasswordClass(Util.java:174) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.jboss.security.Util.loadPassword(Util.java:126) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.loadKeystorePassword(PicketBoxSecurityVault.java:343) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:204) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	... 14 more
{code}

External passwords for vault were introduces by RFE: SECURITY-831



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jboss-jira mailing list