1056799 – [GSS] (6.3.0) JBMETA-371: DefaultPropertyReplacer + PropertyResolver is broken for vault expressions

Bug 1056799 - [GSS] (6.3.0) JBMETA-371: DefaultPropertyReplacer + PropertyResolver is broken for vault expressions

Summary: [GSS] (6.3.0) JBMETA-371: DefaultPropertyReplacer + PropertyResolver is broke...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	EE
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	DR2
Target Release:	EAP 6.3.0
Assignee:	David M. Lloyd
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1066365
Blocks:	1058959 1058961
TreeView+	depends on / blocked

Reported:	2014-01-22 23:10 UTC by Chris Dolphy
Modified:	2018-12-06 15:43 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	In previous versions of JBoss EAP 6, the expression resolving logic in the `DefaultPropertyReplacer` and `PropertyResolver` classes (used for parsing deployment descriptor files) assumed that the expression content between `"${"` and `"}"` was of a fixed format where any `":"` char in the expression represented a separator between a system property name and a default value. This meant that security vault expressions in deployment descriptors could not be successfully parsed, as `":"` is always used in those expressions and not as a separator preceding a default value. Vault expressions would be evaluated incorrectly with the expression content following the first `":"` being treated as the resolved value. In this versions of the product, when the end of an expression is detected, before returning the expression contents following the first `":"` as the resolved value, the resolver first checks whether the entire expression can be resolved. Security vault expressions can now be used in deployment descriptor files where expressions are allowed in general.
Clone Of:
Clones:	1058959 1060260 (view as bug list)
Environment:
Last Closed:	2014-06-28 15:30:02 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
source for test war (4.61 KB, application/x-compressed-tar) 2014-01-22 23:10 UTC, Chris Dolphy	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBMETA-371	0	Major	Resolved	DefaultPropertyReplacer + PropertyResolver is broken for vault expressions	2015-07-02 19:04:45 UTC

Description Chris Dolphy 2014-01-22 23:10:42 UTC

Created attachment 854107 [details]
source for test war

Description of problem:
After enabling property replacement with spec-descriptor-property-replacement, the property replacement fails.  

Version-Release number of selected component (if applicable):
EAP 6.2

How reproducible:
With test case.

Steps to Reproduce:
1. Create vault with test::queue property:

mkdir standalone/configuration/vault

keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass password -keypass password -keystore standalone/configuration/vault/vault.keystore

bin/vault.sh -k standalone/configuration/vault/vault.keystore -p password -s saltsalt -v vault -i 44 -e standalone/configuration/vault/ -b test -a queue -x /queue/HELLOWORLDMDBQueue

2. modify standalone-full.xml, adding the results of vault.sh 
3. modify standalone-full.xml, setting spec-descriptor-property-replacement to true

4. build and deploy sample war with mdb (based on helloworld-mdb quickstart)

Actual results:

Could log messages complaining that it can't find the queue:
17:00:22,108 INFO  [org.hornetq.ra] (default-threads - 2) HQ151000: awaiting topic/queue creation :test::queue::1
17:00:24,109 INFO  [org.hornetq.ra] (default-threads - 2) HQ151001: Attempting to reconnect org.hornetq.ra.inflow.HornetQActivationSpec(ra=org.hornetq.ra.HornetQResourceAdapter@371c02e5 destination=:test::queue::1 destinationType=javax.jms.Queue ack=Auto-acknowledge durable=false clientID=null user=null maxSession=15)


Expected results:
Successful mdb deploy.

Additional info:
Vault properties were intended to work because there is a VaultPropertyResolver registered.  However, the property resolving fails because it always is passed "VAULT" as the property name.  DefaultPropertyReplacer is terminating parsing at the ":" because it is looking for a default value to use if the property lookup fails.

Comment 1 JBoss JIRA Server 2014-01-24 22:32:05 UTC

Brian Stansberry <brian.stansberry> updated the status of jira JBMETA-371 to Resolved

Comment 3 Nichola Moore 2014-05-02 04:18:19 UTC

Please can someone provide some Doc Text. Thanks.

Comment 4 Jan Martiska 2014-05-05 11:05:23 UTC

Verified in EAP 6.3.0.ER3.

Note You need to log in before you can comment on or make changes to this bug.