1410583 – [GSS] (6.4.z) WFCORE-2182 - RuntimeVaultReader should not throw SecurityException

Bug 1410583 - [GSS] (6.4.z) WFCORE-2182 - RuntimeVaultReader should not throw SecurityException

Summary: [GSS] (6.4.z) WFCORE-2182 - RuntimeVaultReader should not throw SecurityExcep...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Domain Management
Sub Component:
Version:	6.4.11
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	CR1
Target Release:	EAP 6.4.15
Assignee:	Stephen Fikes
QA Contact:	Jiří Bílek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	eap6415-payload
TreeView+	depends on / blocked

Reported:	2017-01-05 19:46 UTC by Richard Foyle
Modified:	2020-06-11 13:10 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: A SecurityException is thrown if a vault reference cannot be resolved (because it does not exist) Consequence: When the SecurityException is raised while deploying datasources during server startup, the datasources subsystem deployment fails and all datasources are disabled. Fix: Handle the SecurityException so that only the invalid datasource is disabled. Result:
Clone Of:
Environment:
Last Closed:	2017-05-19 08:05:37 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBEAP-8246	Minor	Verified	[GSS] (7.1.z) WFCORE-2182 RuntimeVaultReader should not throw SecurityException	2017-06-27 18:12:45 UTC
Red Hat Issue Tracker	JBEAP-8247	Critical	Verified	[GSS] (7.0.z) WFCORE-2182 - RuntimeVaultReader should not throw SecurityException	2017-06-27 18:12:45 UTC
Red Hat Issue Tracker	WFCORE-2182	Major	Resolved	RuntimeVaultReader should not throw SecurityException	2017-06-27 18:12:45 UTC

Description Richard Foyle 2017-01-05 19:46:35 UTC

Description of problem: 
when restarting the server after configuring a datasource with an invalid vault reference (non-existent vault entry) for a user or password, an unhandled exception raised by Picketbox disables the entire datasource subsystem (all datasources). 

Version-Release number of selected component (if applicable):
6.4.11

How reproducible:


Steps to Reproduce:
1. configure a datasource with an invalid vault reference (non-existent vault entry) for a user or password
2. restart the server
3. observe error in server.log

Actual results:


Expected results:


Additional info:
error message
12:46:34,830 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 27) JBAS014612: Operation ("enable") failed - address: ([
    ("subsystem" => "datasources"),
    ("data-source" => "jdbc-brkgbtchsqlsr-bisDS")
]): java.lang.SecurityException: JBAS013311: Security Exception
        at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:115)
        at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)
        at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionString(ExpressionResolverImpl.java:319) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.ExpressionResolverImpl.parseAndResolve(ExpressionResolverImpl.java:228) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionStringRecursively(ExpressionResolverImpl.java:130) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:72) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:54) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:782) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:1002) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.ParallelBootOperationContext.resolveExpressions(ParallelBootOperationContext.java:351) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.AttributeDefinition$1.resolveExpressions(AttributeDefinition.java:338) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.AttributeDefinition.resolveValue(AttributeDefinition.java:402) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:361) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:335) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.connector.util.ModelNodeUtil.getResolvedStringIfSetOrGetDefault(ModelNodeUtil.java:33)
        at org.jboss.as.connector.subsystems.datasources.DataSourceModelNodeUtil.from(DataSourceModelNodeUtil.java:151)
        at org.jboss.as.connector.subsystems.datasources.DataSourceEnable.addServices(DataSourceEnable.java:183)
        at org.jboss.as.connector.subsystems.datasources.DataSourceEnable$1.execute(DataSourceEnable.java:102)
        at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:708) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:543) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:338) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:314) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:355) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_111]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_111]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
        at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.2.Final-redhat-1.jar:2.1.2.Final-redhat-1]
Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.IllegalArgumentException: Null input buffer
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:297)
        at org.jboss.as.security.vault.RuntimeVaultReader.getValue(RuntimeVaultReader.java:141)
        at org.jboss.as.security.vault.RuntimeVaultReader.getValueAsString(RuntimeVaultReader.java:123)
        at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:113)
        ... 26 more
Caused by: java.lang.IllegalArgumentException: Null input buffer
        at javax.crypto.Cipher.doFinal(Cipher.java:2161) [jce.jar:1.8.0_111]
        at org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134)
        at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293)
        ...

Comment 7 Jiří Bílek 2017-04-20 16:29:38 UTC

Verified with EAP 6.4.15.CP.CR2

Comment 8 Petr Penicka 2017-05-19 08:05:37 UTC

Released on May 18 as part of EAP 6.4.15.

Note You need to log in before you can comment on or make changes to this bug.