In previous versions of JBoss EAP 6, the expression resolving logic in the `DefaultPropertyReplacer` and `PropertyResolver` classes (used for parsing deployment descriptor files) assumed that the expression content between `"${"` and `"}"` was of a fixed format where any `":"` char in the expression represented a separator between a system property name and a default value.
This meant that security vault expressions in deployment descriptors could not be successfully parsed, as `":"` is always used in those expressions and not as a separator preceding a default value. Vault expressions would be evaluated incorrectly with the expression content following the first `":"` being treated as the resolved value.
In this versions of the product, when the end of an expression is detected, before returning the expression contents following the first `":"` as the resolved value, the resolver first checks whether the entire expression can be resolved.
Security vault expressions can now be used in deployment descriptor files where expressions are allowed in general.
Created attachment 854107[details]
source for test war
Description of problem:
After enabling property replacement with spec-descriptor-property-replacement, the property replacement fails.
Version-Release number of selected component (if applicable):
EAP 6.2
How reproducible:
With test case.
Steps to Reproduce:
1. Create vault with test::queue property:
mkdir standalone/configuration/vault
keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass password -keypass password -keystore standalone/configuration/vault/vault.keystore
bin/vault.sh -k standalone/configuration/vault/vault.keystore -p password -s saltsalt -v vault -i 44 -e standalone/configuration/vault/ -b test -a queue -x /queue/HELLOWORLDMDBQueue
2. modify standalone-full.xml, adding the results of vault.sh
3. modify standalone-full.xml, setting spec-descriptor-property-replacement to true
4. build and deploy sample war with mdb (based on helloworld-mdb quickstart)
Actual results:
Could log messages complaining that it can't find the queue:
17:00:22,108 INFO [org.hornetq.ra] (default-threads - 2) HQ151000: awaiting topic/queue creation :test::queue::1
17:00:24,109 INFO [org.hornetq.ra] (default-threads - 2) HQ151001: Attempting to reconnect org.hornetq.ra.inflow.HornetQActivationSpec(ra=org.hornetq.ra.HornetQResourceAdapter@371c02e5 destination=:test::queue::1 destinationType=javax.jms.Queue ack=Auto-acknowledge durable=false clientID=null user=null maxSession=15)
Expected results:
Successful mdb deploy.
Additional info:
Vault properties were intended to work because there is a VaultPropertyResolver registered. However, the property resolving fails because it always is passed "VAULT" as the property name. DefaultPropertyReplacer is terminating parsing at the ":" because it is looking for a default value to use if the property lookup fails.
Comment 1JBoss JIRA Server
2014-01-24 22:32:05 UTC
Brian Stansberry <brian.stansberry> updated the status of jira JBMETA-371 to Resolved
Created attachment 854107 [details] source for test war Description of problem: After enabling property replacement with spec-descriptor-property-replacement, the property replacement fails. Version-Release number of selected component (if applicable): EAP 6.2 How reproducible: With test case. Steps to Reproduce: 1. Create vault with test::queue property: mkdir standalone/configuration/vault keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass password -keypass password -keystore standalone/configuration/vault/vault.keystore bin/vault.sh -k standalone/configuration/vault/vault.keystore -p password -s saltsalt -v vault -i 44 -e standalone/configuration/vault/ -b test -a queue -x /queue/HELLOWORLDMDBQueue 2. modify standalone-full.xml, adding the results of vault.sh 3. modify standalone-full.xml, setting spec-descriptor-property-replacement to true 4. build and deploy sample war with mdb (based on helloworld-mdb quickstart) Actual results: Could log messages complaining that it can't find the queue: 17:00:22,108 INFO [org.hornetq.ra] (default-threads - 2) HQ151000: awaiting topic/queue creation :test::queue::1 17:00:24,109 INFO [org.hornetq.ra] (default-threads - 2) HQ151001: Attempting to reconnect org.hornetq.ra.inflow.HornetQActivationSpec(ra=org.hornetq.ra.HornetQResourceAdapter@371c02e5 destination=:test::queue::1 destinationType=javax.jms.Queue ack=Auto-acknowledge durable=false clientID=null user=null maxSession=15) Expected results: Successful mdb deploy. Additional info: Vault properties were intended to work because there is a VaultPropertyResolver registered. However, the property resolving fails because it always is passed "VAULT" as the property name. DefaultPropertyReplacer is terminating parsing at the ":" because it is looking for a default value to use if the property lookup fails.