Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3789

Vault cannot be initialized with external password provided by CLASS

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • None
    • Security
    • None

    Description

      When vault is configured to use external password obtained from CLASS, e.g. :

       <vault-option name="KEYSTORE_PASSWORD" value="{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password"/>

      WildFly is unable to start, because of ClassNotFoundException: 

      11:00:40,696 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: WFLYSRV0076: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception:
	at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:88) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:657) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:498) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:299) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:294) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1072) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:375) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:297) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.server.ServerService.boot(ServerService.java:373) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.server.ServerService.boot(ServerService.java:348) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:259) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
Caused by: org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception:
	at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:99) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT]
	at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:86) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
	... 12 more
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:97) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT]
	... 13 more
Caused by: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab 
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:213) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.3.Final]
	at org.jboss.security.Util.invokePasswordClass(Util.java:174) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.jboss.security.Util.loadPassword(Util.java:126) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.loadKeystorePassword(PicketBoxSecurityVault.java:343) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:204) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
	... 14 more

      External passwords for vault were introduces by RFE: SECURITY-831

      Attachments

        Activity

          People

            pskopek@redhat.com Peter Skopek
            fbogyai Filip Bogyai (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: