Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-1575

jboss-cli.sh allows creation of an invalid jsse element within a security-domain

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 8.0.0.Beta1
    • 8.0.0.Alpha2
    • Security
    • None
    • Hide

      1) Build Wildfly 8.0.0.Alpha2 and start it (admin-only or normal):
      ./standalone.sh

      2) Start the jboss-cli.sh session:
      ./jboss-cli.sh -c

      3) Add a new security-domain definition:
      /subsystem=security/security-domain=new:add()

      4) Add a new jsse element to the new security-domain:
      /subsystem=security/security-domain=new/jsse=classic:add()

      5) Observe command success:

      {"outcome" => "success"}

      6) Reload the server:
      :reload

      7) Observe the stacktrace upon the server's attempted reload:
      http://pastebin.test.redhat.com/148589

      8) The server is now in a state where it cannot start.

      Show
      1) Build Wildfly 8.0.0.Alpha2 and start it (admin-only or normal): ./standalone.sh 2) Start the jboss-cli.sh session: ./jboss-cli.sh -c 3) Add a new security-domain definition: /subsystem=security/security-domain=new:add() 4) Add a new jsse element to the new security-domain: /subsystem=security/security-domain=new/jsse=classic:add() 5) Observe command success: {"outcome" => "success"} 6) Reload the server: :reload 7) Observe the stacktrace upon the server's attempted reload: http://pastebin.test.redhat.com/148589 8) The server is now in a state where it cannot start.

    Description

      The jboss-cli.sh allows me to add a security-domain definition which is not valid. Apparently you must have a keystore-password or truststore-password, but this restriction is not enforced in the cli.

      I do not have too deep an understanding of how the cli decides that a given attribute is required, but I have seen cases where the cli will warn me if I try to do something without all required attributes. Something similar should probably be done here.

      Attachments

        Activity

          People

            ehugonne1@redhat.com Emmanuel Hugonnet
            thauser_jira Thomas Hauser (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: