2020年3月16日 23:24:59go评论62阅读模式

英文:

Can a key manger reference a credential store in WildFly?

问题

我创建了一个凭据存储并将应用程序密钥库密码保存在其中。计划是在TLS密钥管理器和密钥库中使用密码别名。

所以，这是我尝试过的。

/subsystem=elytron/key-store=LocalhostKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir,credential-reference={clear-text=&quot;keystore_password&quot;},type=JKS)

/subsystem=elytron/key-manager=LocalhostKeyManager:add(key-store=LocalhostKeyStore,alias-filter=server,credential-reference={clear-text=&quot;key_password&quot;})

/subsystem=elytron/server-ssl-context=LocalhostSslContext:add(key-manager=LocalhostKeyManager)

/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)

/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=LocalhostSslContext)

上述明文文本的方法运行良好，但是当尝试使用凭据存储替代时，无法工作。

创建存储并存储密码。

/subsystem=elytron/credential-store=LocalhostKeyStore:add(relative-to=jboss.server.data.dir, location=appks.jceks,create=true,credential-reference={clear-text=kspass, type=JKS})

/subsystem=elytron/credential-store=LocalhostKeyStore:add-alias(alias=kspass,secret-value=secret)

/subsystem=elytron/key-store=LocalhostKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir,credential-reference={store=LocalhostKeyStore, alias=kspass})

在下面的脚本中出现错误。

/subsystem=elytron/key-manager=LocalhostKeyManager:add(key-store=LocalhostKeyStore,alias-filter=server,credential-reference={store=&quot;LocalhostKeyStore&quot;, alias=kspass})

也尝试过明文文本，问题相同。

/subsystem=elytron/key-manager=LocalhostKeyManager:add(key-store=LocalhostKeyStore,alias-filter=server,credential-reference={clear-text=kspass})

失败消息如下：

{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0369: Required capabilities are not available:
    org.wildfly.security.key-store.LocalhostKeyStore; Possible registration points for this capability:
                /subsystem=security/elytron-key-store=*
                /subsystem=security/elytron-trust-store=*
                /subsystem=elytron/key-store=*
                /subsystem=elytron/ldap-key-store=*
                /subsystem=elytron/filtering-key-store=*",
    "rolled-back" => true
}

我漏掉了什么？非常感谢您的帮助！谢谢！

英文:

I created a credential store and saved the application keystore password in it.
Plan is to use the password alias in TLS keymanager and keystore.

So, here is what I tried.

/subsystem=elytron/key-store=LocalhostKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir,credential-reference={clear-text=&quot;keystore_password&quot;},type=JKS)

/subsystem=elytron/key-manager=LocalhostKeyManager:add(key-store=LocalhostKeyStore,alias-filter=server,credential-reference={clear-text=&quot;key_password&quot;})

/subsystem=elytron/server-ssl-context=LocalhostSslContext:add(key-manager=LocalhostKeyManager)

/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)

/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=LocalhostSslContext)

Above one with clear text works flawlessly but when tried to substitute credential store it does not work.

Create a store and store the password.

/subsystem=elytron/credential-store=LocalhostKeyStore:add(relative-to=jboss.server.data.dir, location=appks.jceks,create=true,credential-reference={clear-text=kspass, type=JKS})

/subsystem=elytron/credential-store=LocalhostKeyStore:add-alias(alias=kspass,secret-value=secret)

/subsystem=elytron/key-store=LocalhostKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir,credential-reference={store=LocalhostKeyStore, alias=kspass})

Getting error in the below script.

/subsystem=elytron/key-manager=LocalhostKeyManager:add(key-store=LocalhostKeyStore,alias-filter=server,credential-reference={store=&quot;LocalhostKeyStore&quot;, alias=kspass})

Tried with clear text too, same issue.

/subsystem=elytron/key-manager=LocalhostKeyManager:add(key-store=LocalhostKeyStore,alias-filter=server,credential-reference={clear-text=kspass})

Outcome failure message:

{
    &quot;outcome&quot; =&gt; &quot;failed&quot;,
    &quot;failure-description&quot; =&gt; &quot;WFLYCTL0369: Required capabilities are not available:
    org.wildfly.security.key-store.LocalhostKeyStore; Possible registration points for this capability:
                /subsystem=security/elytron-key-store=*
                /subsystem=security/elytron-trust-store=*
                /subsystem=elytron/key-store=*
                /subsystem=elytron/ldap-key-store=*
                /subsystem=elytron/filtering-key-store=*&quot;,
    &quot;rolled-back&quot; =&gt; true
}

What am I missing?

Help appreciated! Thank you!

答案1

得分: 0

是的，密钥管理器可以使用凭证存储来验证使用凭证存储中存储的安全密码的密钥库。在产生错误的语句中，我错误地将指向凭证存储而不是密钥库。

英文:

Yes, the key manager can use the credential store to vaildate the keystore with the secured password stored in the credential store. I have incorrect pointing to the credential-store rather than the key-store in the statement that produced error.

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

可以密钥管理器在WildFly中引用凭据存储吗？

问题

答案1

使用流从List<HashMap>中收集键

移除“Expires” HTTP头（用于StreamedFiles）

Spring Integration未在FTP文件夹中检测到文件。

Java 输出不同的行号以供每个输出使用。

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论