Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-9069

[Fuse 7] Undertow unable to externalize strings containing password

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: fuse-7.0
    • Fix Version/s: fuse-7.1
    • Component/s: Karaf, Undertow
    • Labels:
      None
    • Workaround Description:
      Hide

      Set these properties in etc/custom.properties or etc/config.properties - these are available as new BundleContextPropertyResolver(bundleContext)

      but these are still unencrypted !!

      Show
      Set these properties in etc/custom.properties or etc/config.properties - these are available as new BundleContextPropertyResolver(bundleContext) but these are still unencrypted !!
    • Sprint:
      Fuse 7.1 Sprint 31, Fuse 7.1 Sprint 32

      Description

      Externalizing those parameters it doesn't works 

          <security-realm name="https">
      		 
              <w:server-identities>
      		 
                  <w:ssl>
      		 
                      <w:engine enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
      		 
                      <w:keystore path="${karaf.etc}/certs/server.keystore" provider="JKS" alias="server"
      		 
                              keystore-password="${org.osgi.service.http.keystore.password}" key-password="${org.osgi.service.http.key-password}"
      		 
                              generate-self-signed-certificate-host="localhost" />
      		 
                  </w:ssl>
      		 
              </w:server-identities>
      		 
              <w:authentication>
      		 
                  <w:truststore path="${karaf.etc}/certs/server.truststore" provider="JKS" keystore-password="${org.osgi.service.http.truststore.password}" />
      		 
              </w:authentication>
      		 
          </security-realm>

      org.ops4j.pax.web.cfg :

      org.osgi.service.http.truststore.password=secret
      		 
      org.osgi.service.http.key-password=secret
      		 
      org.osgi.service.http.keystore.password=secret

      Some improvements should be done here:
      https://github.com/ops4j/org.ops4j.pax.web/blob/master/pax-web-undertow/src/main/java/org/ops4j/pax/web/service/undertow/internal/ServerControllerImpl.java#L386-L388

        Gliffy Diagrams

          Attachments

            Issue Links

            is related to

            Enhancement - An enhancement or refactoring of existing functionality ENTESB-9132 Use Elytron Credential Store in custom PersistenceManager with new felix.configadmin 1.9.0

            • Major - A request that should be considered seriously but is not a show stopper.
            • Open
            links to

            Web Link https://ops4j1.jira.com/browse/PAXWEB-1169 - Pass entire org.ops4j.pax.web PID configuration to property placeholder for undertow.xml parser

              Activity

                People

                • Assignee:
                  grgrzybek Grzegorz Grzybek
                  Reporter:
                  rhn-support-aboucham Abel BOUCHAMA
                  Tester:
                  Vratislav Hais
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: