Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10747

EAP server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

    XMLWordPrintable

Details

    • Hide 
      /subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create=true, location=cstore001.jceks)  

      /subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123)

      /subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create=true, location=cstore002.jceks)  

      /subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987)

      Now we create another credential store with credential-reference to first credential store

      /subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create=true, location=cstore003.jceks)

      /subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001)

      List of aliases in this credential store

      /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias)
{
    "outcome" => "success",
    "result" => {"alias001" => {}}
}

      Now we change credential-reference to second credential store which contains under same alias "password" different value

      /subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002)
{"outcome" => "success"}

      We have still access to credential store cstore003 with wrong password

      [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002)
{"outcome" => "success"}
[standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias)
{
    "outcome" => "success",
    "result" => {
        "alias001" => {},
        "alias002" => {}
    }
}

      After reload everything works right.

      Show
      /subsystem=elytron/credential-store=cstore001:add(credential-reference={clear-text=pass123}, create= true , location=cstore001.jceks) /subsystem=elytron/credential-store=cstore001/alias=password:add(secret-value=pass123) /subsystem=elytron/credential-store=cstore002:add(credential-reference={clear-text=pass123}, create= true , location=cstore002.jceks) /subsystem=elytron/credential-store=cstore002/alias=password:add(secret-value=pass987) Now we create another credential store with credential-reference to first credential store /subsystem=elytron/credential-store=cstore003:add(credential-reference={store=cstore001, alias=password}, create= true , location=cstore003.jceks) /subsystem=elytron/credential-store=cstore003/alias=alias001:add(secret-value=value001) List of aliases in this credential store /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}} } Now we change credential-reference to second credential store which contains under same alias "password" different value /subsystem=elytron/credential-store=cstore003:write-attribute(name=credential-reference.store, value=cstore002) { "outcome" => "success" } We have still access to credential store cstore003 with wrong password [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003/alias=alias002:add(secret-value=value002) { "outcome" => "success" } [standalone@localhost:9990 /] /subsystem=elytron/credential-store=cstore003:read-children-resources(child-type=alias) { "outcome" => "success" , "result" => { "alias001" => {}, "alias002" => {} } } After reload everything works right.

    Description

      EAP server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

      In model is "restart-required" => "no-services" and credential-reference update operation ends with success message without any information about reload.

      allow-resource-service-restart=true header doesn't help.

      Unable to find source-code formatter for language: collapse. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      "credential-reference" => {
                "type" => OBJECT,
                "description" => "Credential reference to be used to create protection parameter.",
                "expressions-allowed" => false,
                "required" => true,
                "nillable" => false,
                "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
                "value-type" => {
                    "store" => {
                        "type" => STRING,
                        "description" => "The name of the credential store holding the alias to credential.",
                        "expressions-allowed" => false,
                        "required" => false,
                        "nillable" => true,
                        "capability-reference" => "org.wildfly.security.credential-store",
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "alias" => {
                        "type" => STRING,
                        "description" => "The alias which denotes stored secret or credential in the store.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "type" => {
                        "type" => STRING,
                        "description" => "The type of credential this reference is denoting.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    },
                    "clear-text" => {
                        "type" => STRING,
                        "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
                        "expressions-allowed" => true,
                        "required" => false,
                        "nillable" => true,
                        "min-length" => 1L,
                        "max-length" => 2147483647L
                    }
                },
                "access-type" => "read-write",
                "storage" => "configuration",
                "restart-required" => "no-services"
            },

      Attachments

        Issue Links

          blocks

          Tracker - Issue tracking a bug fix or improvement in another component JBEAP-8571 CredentialStore issues

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2766 Application server must be reloaded when is updated credential reference of credential store. There isn't any information that it needs reload.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-11466 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta28

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10741 Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6939 Elytron allow-resource-service-restart=true handling

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6961 Elytron resources runtime updates without reload

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              yborgess1@redhat.com Yeray Borges Santana
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: