New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WFLY-8131]: Aliases in credential stores should be case insensitive. #81
[WFLY-8131]: Aliases in credential stores should be case insensitive. #81
Conversation
transformOperationAddress(operation); | ||
super.execute(context, operation); | ||
ModelNode transformedOperation = transformOperation(context, operation); | ||
if(!CASE_SENSITIVE.resolveModelAttribute(context, context.readResourceFromRoot(context.getCurrentAddress().getParent()).getModel()).asBoolean()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
context.readResourceFromRoot(....., false) to save cloning children that aren't needed.
Sorry we probably should get the Jira issue moved to WFCORE and the commit messages updated for the new number. As we used to pull in the subsystem in WildFly we were using WFLY issues to make it easier for QE but now we have moved we should use the correct project. |
@@ -1169,6 +1169,7 @@ elytron.server-ssl-context.ssl-session.invalidate=Invalidate the SSLSession (Not | |||
# Credential Store # | |||
#################### | |||
elytron.credential-store=Credential store to keep alias for sensitive information such as passwords for external services. | |||
elytron.credential-store.case-sensitive=Case sensitivity of the credential store. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs more explanation.
super.execute(context, operation); | ||
ModelNode transformedOperation = transformOperation(context, operation); | ||
if(!CASE_SENSITIVE.resolveModelAttribute(context, context.readResourceFromRoot(context.getCurrentAddress().getParent()).getModel()).asBoolean()) { | ||
ALIAS_NAME.resolveModelAttribute(context, transformedOperation).asString(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A reusable validator is nice, but this isn't a parameter, so the validator is providing a misleading message. I think we're better off providing a precise message, since this kind of constraint on resource names is not common and the reason why case matters isn't obvious.
6590eab
to
161383e
Compare
if (sameAlias(context, operation)) { | ||
context.addResource(PathAddress.EMPTY_ADDRESS, resource); | ||
} | ||
context.addResource(PathAddress.EMPTY_ADDRESS, resource); | ||
return resource; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't need to be changed to merge this but I think this entire method override can be removed.
Adding validation step to ensure that the alias is lower case. Adding parameter on CredentialStore to allow disabling of this validation in case the store supports case sensitivity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://issues.jboss.org/browse/JBEAP-8871 is recorded as resolved. Possibly because half the work came from the subsystem PR linked by 8871?
Adding validation step to ensure that the alias is lower case.
Adding parameter on CredentialStore to allow disabling of this validation in case the store supports case sensitivity.
Jira: https://issues.jboss.org/browse/WFCORE-2556
JBEAP: https://issues.jboss.org/browse/JBEAP-8871
Test update PR : wildfly-security-incubator/wildfly#162