PATCH NAME:
bz-1174871
PRODUCT NAME:
JBoss Enterprise Application Platform
VERSION:
6.1.3
SHORT DESCRIPTION:
LONG DESCRIPTION:
MANUAL INSTALL INSTRUCTIONS:
Backup and remove the following files:
$JBOSS_HOME/modules/system/layers/base/org/jboss/as/server/main/jboss-as-server-7.2.3.Final-redhat-2.jar
$JBOSS_HOME/modules/system/layers/base/org/jboss/as/server/main/module.xml
$JBOSS_HOME/modules/system/layers/base/org/jboss/security/negotiation/main/jboss-negotiation-extras-2.2.5.Final-redhat-2.jar
$JBOSS_HOME/modules/system/layers/base/org/jboss/security/negotiation/main/module.xml
Extract the patched files by either:
Using unzip:
unzip -d $JBOSS_HOME/ bz-1174871.zip
Or by extracting the files from the zip to the following locations:
$JBOSS_HOME/modules/system/layers/base/org/jboss/as/server/main/jboss-as-server-7.2.3.Final-redhat-2-bz-1174871.jar
$JBOSS_HOME/modules/system/layers/base/org/jboss/as/server/main/module.xml
$JBOSS_HOME/modules/system/layers/base/org/jboss/security/negotiation/main/jboss-negotiation-extras-2.2.5.Final-redhat-2-bz-1174871.jar
$JBOSS_HOME/modules/system/layers/base/org/jboss/security/negotiation/main/module.xml
Instructions to uninstall:
Restore the following files that were backed up before the patch was installed:
$JBOSS_HOME/modules/system/layers/base/org/jboss/as/server/main/jboss-as-server-7.2.3.Final-redhat-2.jar
$JBOSS_HOME/modules/system/layers/base/org/jboss/as/server/main/module.xml
$JBOSS_HOME/modules/system/layers/base/org/jboss/security/negotiation/main/jboss-negotiation-extras-2.2.5.Final-redhat-2.jar
$JBOSS_HOME/modules/system/layers/base/org/jboss/security/negotiation/main/module.xml
COMPATIBILITY:
DEPENDENCIES:
JBoss Enterprise Application Platform 6.1.3
SUPERSEDES:
SUPERSEDED BY:
CREATOR:
Derek Horton
DATE:
5 January 2015
Description of problem:
One-off patch for including WFLY-1904 and SECURITY-871
WFLY-1904 - Usage of vault for system-properties throws java.lang.SecurityException
SECURITY-871 - AdvancedLdapLoginModule should be able to retrieve bindCredential from Vault
Steps to Reproduce:
1. Configure Vault
2. Configure a system property that uses a "vaultified" string (WFLY-1904)
<system-properties>
<property name="my.property" value="${VAULT::LDAP::bindCredential::1}"/>
</system-properties>
3. Configure the AdvancedLdap login module to use a "vaultified" string for the bindCredential (SECURITY-871)
<module-option name="bindCredential" value="VAULT::LDAP::bindCredential::1"/>
Verification failed.
The BZ talks about EAP version 6.1.3 (Summary and Version fields), but the one-off is for the 6.1.1 version.
Either the fields in BZ or the included patch have to be fixed.
Comment 6JBoss JIRA Server
2015-01-06 15:59:21 UTC
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-871 to Resolved
This BZ has been fixed for 6.1.3, but it is for a future FSW rollup patch now. The 6.1.1 work has been split into bug 1179497 because of the underlying module.xml conflicts. If it is too late to finish this patch this week, that's fine. If it isn't, please do. In either case, bug 1179497 will be submitted next week.
Description of problem: One-off patch for including WFLY-1904 and SECURITY-871 WFLY-1904 - Usage of vault for system-properties throws java.lang.SecurityException SECURITY-871 - AdvancedLdapLoginModule should be able to retrieve bindCredential from Vault Steps to Reproduce: 1. Configure Vault 2. Configure a system property that uses a "vaultified" string (WFLY-1904) <system-properties> <property name="my.property" value="${VAULT::LDAP::bindCredential::1}"/> </system-properties> 3. Configure the AdvancedLdap login module to use a "vaultified" string for the bindCredential (SECURITY-871) <module-option name="bindCredential" value="VAULT::LDAP::bindCredential::1"/>