Description of problem: One-off patch for including WFLY-1904 and SECURITY-871 WFLY-1904 - Usage of vault for system-properties throws java.lang.SecurityException SECURITY-871 - AdvancedLdapLoginModule should be able to retrieve bindCredential from Vault Steps to Reproduce: 1. Configure Vault 2. Configure a system property that uses a "vaultified" string (WFLY-1904) <system-properties> <property name="my.property" value="${VAULT::LDAP::bindCredential::1}"/> </system-properties> 3. Configure the AdvancedLdap login module to use a "vaultified" string for the bindCredential (SECURITY-871) <module-option name="bindCredential" value="VAULT::LDAP::bindCredential::1"/>
Created attachment 969672 [details] BZ1174871.zip
*** Bug 1170767 has been marked as a duplicate of this bug. ***
WFLY-1904 is committed here: http://git.app.eng.bos.redhat.com/git/jbossas/jboss-as.git/log/?h=eap-6.1.3-bz-1174871 SECURITY-871 is committed here: http://git.app.eng.bos.redhat.com/git/jboss-negotiation.git/log/?h=security-negotiation-2.2.5.Final-bz-1174871
Verification failed. The BZ talks about EAP version 6.1.3 (Summary and Version fields), but the one-off is for the 6.1.1 version. Either the fields in BZ or the included patch have to be fixed.
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-871 to Resolved
Created attachment 976981 [details] BZ1174871.zip
This BZ has been fixed for 6.1.3, but it is for a future FSW rollup patch now. The 6.1.1 work has been split into bug 1179497 because of the underlying module.xml conflicts. If it is too late to finish this patch this week, that's fine. If it isn't, please do. In either case, bug 1179497 will be submitted next week.
Patch verified. Patch MD5 sum: dd473db6fbfc4796f359c38aa4885bb6 BZ1174871.zip Regression tests run (AS TS): https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-as-6.1.1-one-off-jcacek/5/ The patched jboss-negotiation-extras artifact was compiled with target Java version 5. (The unpatched version was compiled with target Java version 6).