[jboss-jira] [JBoss JIRA] (WFLY-3492) JSSE configuration in security domain wrongly acceptes empty parameters

Kabir Khan (JIRA) issues at jboss.org
Mon Sep 1 11:58:00 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12997520#comment-12997520 ] 

Kabir Khan edited comment on WFLY-3492 at 9/1/14 11:57 AM:
-----------------------------------------------------------

Looking a bit more into this, if I use:

{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore={password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks}) 
{code} 
e.g. truststore *=* {...} the operation becomes:
{code}
{
    "address" => [
        ("subsystem" => "security"),
        ("security-domain" => "trust-domain"),
        ("jsse" => "classic")
    ],
    "operation" => "add",
    "keystore" => {
        "password" => "1234test",
        "url" => "/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks"
    },
---SNIP---
}
{code}

However, if I do 
{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks}) 
{code} 
e.g. truststore *=>* {...} the operation becomes:
{code}
{
    "address" => [
        ("subsystem" => "security"),
        ("security-domain" => "trust-domain"),
        ("jsse" => "classic")
    ],
    "operation" => "add",
    "keystore" => ">",
--- SNIP ----
}
{code}
So perhaps rather than a validation error, this is a CLI parsing problem in general? It seems that *=>* should get rejected.

[~loubyansky] [~brian.stansberry] What do you think?


was (Author: kabirkhan):
Looking a bit more into this, if I use:

{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore={password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks}) 
{code} 
e.g. truststore*=*{...} the operation becomes:
{code}
{
    "address" => [
        ("subsystem" => "security"),
        ("security-domain" => "trust-domain"),
        ("jsse" => "classic")
    ],
    "operation" => "add",
    "keystore" => {
        "password" => "1234test",
        "url" => "/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks"
    },
---SNIP---
}
{code}

However, if I do 
{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks}) 
{code} 
e.g. truststore*=>*{...} the operation becomes:
{code}
{
    "address" => [
        ("subsystem" => "security"),
        ("security-domain" => "trust-domain"),
        ("jsse" => "classic")
    ],
    "operation" => "add",
    "keystore" => ">",
--- SNIP ----
}
{code}
So perhaps rather than a validation error, this is a CLI parsing problem in general? It seems that *=>* should get rejected.

[~loubyansky] [~brian.stansberry] What do you think?

> JSSE configuration in security domain wrongly acceptes empty parameters
> -----------------------------------------------------------------------
>
>                 Key: WFLY-3492
>                 URL: https://issues.jboss.org/browse/WFLY-3492
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Domain Management
>    Affects Versions: 8.1.0.Final
>            Reporter: Chao Wang
>            Assignee: Chao Wang
>
> Description from https://bugzilla.redhat.com/show_bug.cgi?id=1080069:
> {noformat}
> When adding a jsse configuration in security domain through CLI, it's not persisted correctly.
> Steps to reproduce:
> * Run CLI (./jboss-cli.sh -c) and use this commands to configure new security domain:
> /subsystem=security/security-domain=trust-domain:add
> /subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore=>{password=1234test,url=/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
> reload
> * check standalone.xml, where should be sth. like
> <security-domain name="trust-domain">
> 	<jsse truststore-password="1234test" truststore-url="/home/jcacek/projects/ocsp-check/build/trusted-clients.jks"/>
> </security-domain>
> But there is:
> <security-domain name="trust-domain">
> 	<jsse/>
> </security-domain>
> {noformat}
> {noformat}
> I had a mistake in the second command, it should be:
> /subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore={password=>1234test,url=>/home/jcacek/projects/ocsp-check/build/trusted-clients.jks}) 
> Then it works.
> Nevertheless it's probably still a bug, when the original command returns:
> {
>     "outcome" => "success",
>     "response-headers" => {
>         "operation-requires-reload" => true,
>         "process-state" => "reload-required"
>     }
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jboss-jira mailing list