Previous versions of JBoss EAP 6 could fail to start if a system property was used that contained a vault expression in its value attribute.
This was because the system property resources in the XML configuration were processed before the security vault resources. This meant that the security vault was not available as a source for resolving expressions. Any resources using a vault attribute would result in the following error:
----
java.lang.SecurityException: JBAS013322: Vault is not initialized
----
In this release, if a system property value expression fails to resolve, a second attempt is made later in the boot process at a point after the vault (if one is configured) is installed. This resolves the issue and systems using vault expressions now boot as expected.
Description of problem:
Setting system properties using vault gies error (Vault is not initialized).
Version-Release number of selected component (if applicable):
EAP 6.2.0
How reproducible:
Follow steps.
Steps to Reproduce:
1. Create vault and store a attribute.
2. Add the lines in standalone.xml (values may be different based on step #2):-
{code}
<system-properties>
<property name="javax.net.ssl.trustStore" value="/dir/truststore.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="${VAULT::blk::attr::MTBlYWUzNDEtMjI2MC00NWYzLWFiZmUtM2EyYjZkNDgyZWM4TElORV9CUkVBS215YWxpYXM=}" />
</system-properties>
<vault>
<vault-option name="KEYSTORE_URL" value="/opt/jboss-eap-6.0/standalone/configuration/vault.jks"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-2gTQPnrWJaqrh0pURMKAOw"/>
<vault-option name="KEYSTORE_ALIAS" value="myalias"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="44"/>
<vault-option name="ENC_FILE_DIR" value="/opt/jboss-eap-6.0/standalone/configuration/"/>
</vault>
{code}
3. start EAP6 in standalone mode
Actual results:
Usage of vault for system-properties throws java.lang.SecurityException.
boot.log:-
{code}
20:35:30,267 ERROR [org.jboss.as.controller.management-operation] JBAS014612: Operation ("add") failed - address: ([("system-property" => "javax.net.ssl.trustStorePassword")]): java.lang.SecurityException: JBAS013322: Vault is not initialized
at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:98) [jboss-as-security-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45) [jboss-as-server-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
{code}
Expected results:
System property is set using vault.
Description of problem: Setting system properties using vault gies error (Vault is not initialized). Version-Release number of selected component (if applicable): EAP 6.2.0 How reproducible: Follow steps. Steps to Reproduce: 1. Create vault and store a attribute. 2. Add the lines in standalone.xml (values may be different based on step #2):- {code} <system-properties> <property name="javax.net.ssl.trustStore" value="/dir/truststore.jks"/> <property name="javax.net.ssl.trustStorePassword" value="${VAULT::blk::attr::MTBlYWUzNDEtMjI2MC00NWYzLWFiZmUtM2EyYjZkNDgyZWM4TElORV9CUkVBS215YWxpYXM=}" /> </system-properties> <vault> <vault-option name="KEYSTORE_URL" value="/opt/jboss-eap-6.0/standalone/configuration/vault.jks"/> <vault-option name="KEYSTORE_PASSWORD" value="MASK-2gTQPnrWJaqrh0pURMKAOw"/> <vault-option name="KEYSTORE_ALIAS" value="myalias"/> <vault-option name="SALT" value="12345678"/> <vault-option name="ITERATION_COUNT" value="44"/> <vault-option name="ENC_FILE_DIR" value="/opt/jboss-eap-6.0/standalone/configuration/"/> </vault> {code} 3. start EAP6 in standalone mode Actual results: Usage of vault for system-properties throws java.lang.SecurityException. boot.log:- {code} 20:35:30,267 ERROR [org.jboss.as.controller.management-operation] JBAS014612: Operation ("add") failed - address: ([("system-property" => "javax.net.ssl.trustStorePassword")]): java.lang.SecurityException: JBAS013322: Vault is not initialized at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:98) [jboss-as-security-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1] at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45) [jboss-as-server-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1] at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1] {code} Expected results: System property is set using vault.