Bug 1076507 - [GSS] (6.2.x) Usage of vault for system-properties throws java.lang.SecurityException
Summary: [GSS] (6.2.x) Usage of vault for system-properties throws java.lang.SecurityE...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Server
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR2
: EAP 6.2.3
Assignee: Chao Wang
QA Contact:
Lucas Costi
URL:
Whiteboard:
Depends On: JBPAPP6-1735
Blocks: eap62-cp03-blockers
TreeView+ depends on / blocked
 
Reported: 2014-03-14 13:25 UTC by Chris Dolphy
Modified: 2018-12-09 17:38 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-06-09 12:46:31 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker WFLY-1904 0 Major Closed Usage of vault for system-properties throws java.lang.SecurityException 2018-09-19 16:42:05 UTC

Description Chris Dolphy 2014-03-14 13:25:35 UTC 
Description of problem:
Setting system properties using vault gies error (Vault is not initialized).

Version-Release number of selected component (if applicable):
EAP 6.2.0

How reproducible:
Follow steps.

Steps to Reproduce:
1. Create vault and store a attribute.
2. Add the lines in standalone.xml (values may be different based on step #2):-

{code}
    <system-properties>
      <property name="javax.net.ssl.trustStore" value="/dir/truststore.jks"/>
      <property name="javax.net.ssl.trustStorePassword" value="${VAULT::blk::attr::MTBlYWUzNDEtMjI2MC00NWYzLWFiZmUtM2EyYjZkNDgyZWM4TElORV9CUkVBS215YWxpYXM=}" />
    </system-properties>
    <vault>
        <vault-option name="KEYSTORE_URL" value="/opt/jboss-eap-6.0/standalone/configuration/vault.jks"/>
        <vault-option name="KEYSTORE_PASSWORD" value="MASK-2gTQPnrWJaqrh0pURMKAOw"/>
        <vault-option name="KEYSTORE_ALIAS" value="myalias"/>
        <vault-option name="SALT" value="12345678"/>
        <vault-option name="ITERATION_COUNT" value="44"/>
        <vault-option name="ENC_FILE_DIR" value="/opt/jboss-eap-6.0/standalone/configuration/"/>
    </vault>
{code}

3. start EAP6 in standalone mode

Actual results:

Usage of vault for system-properties throws java.lang.SecurityException.

boot.log:-
{code}
20:35:30,267 ERROR [org.jboss.as.controller.management-operation] JBAS014612: Operation ("add") failed - address: ([("system-property" => "javax.net.ssl.trustStorePassword")]): java.lang.SecurityException: JBAS013322: Vault is not initialized
	at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:98) [jboss-as-security-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
	at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45) [jboss-as-server-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
	at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
{code}

Expected results:
System property is set using vault.
Comment 2 Ondrej Lukas 2014-05-07 06:08:11 UTC 
Verified in EAP 6.2.3.CR2.
Note You need to log in before you can comment on or make changes to this bug.