[jboss-jira] [JBoss JIRA] (WFCORE-2867) Credential store reload operation doesn't has effect in dependent resources.

Peter Skopek (JIRA) issues at jboss.org
Wed May 24 07:07:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Peter Skopek reassigned WFCORE-2867:
------------------------------------

    Assignee: Peter Skopek


> Credential store reload operation doesn't has effect in dependent resources.
> ----------------------------------------------------------------------------
>
>                 Key: WFCORE-2867
>                 URL: https://issues.jboss.org/browse/WFCORE-2867
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Hynek Švábek
>            Assignee: Peter Skopek
>            Priority: Blocker
>
> Credential store reload operation doesn't has effect in dependent resources.
> When we have keystore which obtains password from credential store, we change on file system backed storage file which contains wrong password to keystore and reload it. Credential store is right state, but keystore still works.
> There is expected fail.
> *How to reproduce*
> For simplifying we only update value in credential store and reload it (it should work too JBEAP-6614).
> In my opinion is there same problem and solving one will solve both problems.
> {code}
> /subsystem=elytron/credential-store=cs001:add(uri="cr-store://cs001.jceks?create=true", relative-to="jboss.server.data.dir", credential-reference={clear-text=pass123})
> /subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=Elytron)
> /subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff}
> this command show all aliases
> /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias)
> {code}
> *Now we change keystore password to wrong and reload credential store*
> OR
> *You can replace storage file which contains wrong password to keystore and call RELOAD command only*
> {code}
> /subsystem=elytron/credential-store=cs001/alias=ff:remove
> /subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=ElytronWrong)
> /subsystem=elytron/credential-store=cs001:reload
> {code}
> *This command wrongly prints all aliases*
> {code}
> /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias)
> {code}
> *We expect error message about wrong password to access to keystore*



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list