[WFLY-8131]: Aliases in credential stores should be case insensitive. #81
Conversation
| transformOperationAddress(operation); | ||
| super.execute(context, operation); | ||
| ModelNode transformedOperation = transformOperation(context, operation); | ||
| if(!CASE_SENSITIVE.resolveModelAttribute(context, context.readResourceFromRoot(context.getCurrentAddress().getParent()).getModel()).asBoolean()) { |
There was a problem hiding this comment.
context.readResourceFromRoot(....., false) to save cloning children that aren't needed.
|
Sorry we probably should get the Jira issue moved to WFCORE and the commit messages updated for the new number. As we used to pull in the subsystem in WildFly we were using WFLY issues to make it easier for QE but now we have moved we should use the correct project. |
| @@ -1169,6 +1169,7 @@ elytron.server-ssl-context.ssl-session.invalidate=Invalidate the SSLSession (Not | |||
| # Credential Store # | |||
| #################### | |||
| elytron.credential-store=Credential store to keep alias for sensitive information such as passwords for external services. | |||
| elytron.credential-store.case-sensitive=Case sensitivity of the credential store. | |||
| super.execute(context, operation); | ||
| ModelNode transformedOperation = transformOperation(context, operation); | ||
| if(!CASE_SENSITIVE.resolveModelAttribute(context, context.readResourceFromRoot(context.getCurrentAddress().getParent()).getModel()).asBoolean()) { | ||
| ALIAS_NAME.resolveModelAttribute(context, transformedOperation).asString(); |
There was a problem hiding this comment.
A reusable validator is nice, but this isn't a parameter, so the validator is providing a misleading message. I think we're better off providing a precise message, since this kind of constraint on resource names is not common and the reason why case matters isn't obvious.
ehsavoie
force-pushed
the
WFLY-8131
branch
4 times, most recently
from
6590eab
to
161383e
Compare
| if (sameAlias(context, operation)) { | ||
| context.addResource(PathAddress.EMPTY_ADDRESS, resource); | ||
| } | ||
| context.addResource(PathAddress.EMPTY_ADDRESS, resource); | ||
| return resource; | ||
| } |
There was a problem hiding this comment.
This doesn't need to be changed to merge this but I think this entire method override can be removed.
Adding validation step to ensure that the alias is lower case. Adding parameter on CredentialStore to allow disabling of this validation in case the store supports case sensitivity.
There was a problem hiding this comment.
https://issues.jboss.org/browse/JBEAP-8871 is recorded as resolved. Possibly because half the work came from the subsystem PR linked by 8871?
Adding validation step to ensure that the alias is lower case.
Adding parameter on CredentialStore to allow disabling of this validation in case the store supports case sensitivity.
Jira: https://issues.jboss.org/browse/WFCORE-2556
JBEAP: https://issues.jboss.org/browse/JBEAP-8871
Test update PR : wildfly-security-incubator/wildfly#162