[jboss-jira] [JBoss JIRA] (WFLY-13756) User is able to specify credential-reference with only store name
Jan Stourac (Jira)
issues at jboss.org
Fri Aug 7 16:55:00 EDT 2020
Jan Stourac created WFLY-13756:
----------------------------------
Summary: User is able to specify credential-reference with only store name
Key: WFLY-13756
URL: https://issues.redhat.com/browse/WFLY-13756
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 20.0.1.Final, 20.0.0.Final
Reporter: Jan Stourac
Assignee: Darran Lofthouse
It is possible to create a {{credential-reference}} to the credential store just with the name of credential store in question - without specifying {{alias}} (or {{password}} in case of automatic addition of new record into the credential store, see doc [16.4.2. Automatic Updates of Credential Stores|https://docs.wildfly.org/20/WildFly_Elytron_Security.html#referencing-credentials]). Actual configuration error is revealed when server is reloaded with following error message in server log:
{code}
22:03:26,791 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("key-store" => "exampleKS")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.exampleKS" => "WFLYELY00004: Unable to start the service.
Caused by: java.io.IOException: WFLYELY00910: Password cannot be resolved for key-store '/tmp/cred/wildfly-20.0.1.Final/standalone/configuration/example.keystore'"}}
{code}
This misconfiguration is not possible to do in {{Wildfly 19.1.0.Final}} as you are requested to specify {{alias}} attribute too.
I suspect that change in behavior has been introduced thanks to this new feature https://issues.redhat.com/browse/WFLY-12218 (see the doc referenced above).
Correct behavior is to require credential store name and:
# 'alias'
# or 'alias' and 'password'
# or 'password' (alias will be generated automatically in this case)
as described in the referenced documentation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list