[jboss-jira] [JBoss JIRA] (WFLY-3492) JSSE configuration in security domain wrongly acceptes empty parameters
Alexey Loubyansky (JIRA)
issues at jboss.org
Tue Sep 9 08:33:00 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13000305#comment-13000305 ]
Alexey Loubyansky commented on WFLY-3492:
-----------------------------------------
I've created WFCORE-90 for the CLI to improve the parsing in this case. It's been merged now, so once wildfly switches to the core 1.0.0.Alpha6 the changes will be in effect. So, with the changes in parsing the request for the operation will look like this
[standalone at localhost:9990 /] echo-dmr /subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{
"address" => [
("subsystem" => "security"),
("security-domain" => "trust-domain"),
("jsse" => "classic")
],
"operation" => "add",
"keystore" => {
">{password" => "1234test",
"url" => "/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks}"
}
}
and if you try to execute it, it will fail with the following error
[standalone at localhost:9990 /] /subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0155: password may not be null",
"rolled-back" => true
}
which will happen on the server. It won't find the required password parameter. And it doesn't care of the presence of the parameters it doesn't expect like >{password.
> JSSE configuration in security domain wrongly acceptes empty parameters
> -----------------------------------------------------------------------
>
> Key: WFLY-3492
> URL: https://issues.jboss.org/browse/WFLY-3492
> Project: WildFly
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 8.1.0.Final
> Reporter: Chao Wang
> Assignee: Alexey Loubyansky
>
> Description from https://bugzilla.redhat.com/show_bug.cgi?id=1080069:
> {noformat}
> When adding a jsse configuration in security domain through CLI, it's not persisted correctly.
> Steps to reproduce:
> * Run CLI (./jboss-cli.sh -c) and use this commands to configure new security domain:
> /subsystem=security/security-domain=trust-domain:add
> /subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore=>{password=1234test,url=/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
> reload
> * check standalone.xml, where should be sth. like
> <security-domain name="trust-domain">
> <jsse truststore-password="1234test" truststore-url="/home/jcacek/projects/ocsp-check/build/trusted-clients.jks"/>
> </security-domain>
> But there is:
> <security-domain name="trust-domain">
> <jsse/>
> </security-domain>
> {noformat}
> {noformat}
> I had a mistake in the second command, it should be:
> /subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore={password=>1234test,url=>/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
> Then it works.
> Nevertheless it's probably still a bug, when the original command returns:
> {
> "outcome" => "success",
> "response-headers" => {
> "operation-requires-reload" => true,
> "process-state" => "reload-required"
> }
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list