[jboss-jira] [JBoss JIRA] (WFCORE-2455) Empty secret-value is not allowed in credential stores
Josef Cacek (JIRA)
issues at jboss.org
Fri Mar 10 05:55:00 EST 2017
[ https://issues.jboss.org/browse/WFCORE-2455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Josef Cacek updated WFCORE-2455:
--------------------------------
Description:
It's not possible to add an entry with empty secret-value into a credential store.
Masking the fact the password is empty is a valid scenario.
{code}
[standalone at localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add()
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0155: 'secret-value' may not be null",
"rolled-back" => true
}
[standalone at localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add(secret-value="")
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0113: '' is an invalid value for parameter secret-value. Values must have a minimum length of 1 characters",
"rolled-back" => true
}
{code}
*Unignore tests*
When this issue is fixed, unignore (and fix if needed) related tests in {{testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/application/}}. Thanks.
{code}
git grep WFLY-8143
{code}
was:
It's not possible to add an entry with empty secret-value into a credential store.
Masking the fact the password is empty is a valid scenario.
{code}
[standalone at localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add()
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0155: 'secret-value' may not be null",
"rolled-back" => true
}
[standalone at localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add(secret-value="")
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0113: '' is an invalid value for parameter secret-value. Values must have a minimum length of 1 characters",
"rolled-back" => true
}
{code}
> Empty secret-value is not allowed in credential stores
> -------------------------------------------------------
>
> Key: WFCORE-2455
> URL: https://issues.jboss.org/browse/WFCORE-2455
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: credential-store
>
> It's not possible to add an entry with empty secret-value into a credential store.
> Masking the fact the password is empty is a valid scenario.
> {code}
> [standalone at localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add()
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0155: 'secret-value' may not be null",
> "rolled-back" => true
> }
> [standalone at localhost:9990 /] /subsystem=elytron/credential-store=cred-store-default/alias=emptysecret:add(secret-value="")
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0113: '' is an invalid value for parameter secret-value. Values must have a minimum length of 1 characters",
> "rolled-back" => true
> }
> {code}
> *Unignore tests*
> When this issue is fixed, unignore (and fix if needed) related tests in {{testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/application/}}. Thanks.
> {code}
> git grep WFLY-8143
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list