glassfish
  1. glassfish
  2. GLASSFISH-18961

system property not resolving password alias

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2_b23, 4.0
    • Fix Version/s: 4.0_b50_ms4
    • Component/s: configuration
    • Labels:
      None
    • Environment:

      Windows 7 64 bit

      Description

      system property defined to reference a password alias such as "$

      {ALIAS=myPasswordAlias}"

      property resolves to the literal value of "${ALIAS=myPasswordAlias}

      " instead of the value of the alias (at least at a fresh start of the domain)

      If the system property is deleted and created again the alias is properly resolved

        Activity

        Hide
        Tom Mueller added a comment -

        If you have licensed Oracle GlassFish Server and have a support contract, then this fix can be backported to a 3.x release in a patch. I've added the 3_1-next tag to this issue which marks it as a candidate for a future open source release based on the latest 3.x (if there is one). The other option is to checkout 3.x and backport the fix yourself.

        Show
        Tom Mueller added a comment - If you have licensed Oracle GlassFish Server and have a support contract, then this fix can be backported to a 3.x release in a patch. I've added the 3_1-next tag to this issue which marks it as a candidate for a future open source release based on the latest 3.x (if there is one). The other option is to checkout 3.x and backport the fix yourself.
        Hide
        mjpatv added a comment -

        Does this mean I will have to wait for a future release (version 4) for this fix?

        Show
        mjpatv added a comment - Does this mean I will have to wait for a future release (version 4) for this fix?
        Hide
        Tom Mueller added a comment -

        Fixed on the trunk in revision 55379.

        Show
        Tom Mueller added a comment - Fixed on the trunk in revision 55379.
        Hide
        Tom Mueller added a comment -

        Confirmed on the trunk. There is an error message in the log file when this happens:

        Aug 7, 2012 8:22:35 AM org.glassfish.config.support.TranslatedConfigView getTranslatedValue
        SEVERE: Error in dealiasing the password $

        {ALIAS=foo}

        : password can't be null

        This comes from line 89 of TranslatedConfigView.java in the nucleus/admin/config-api module. The "password" referred to in the error message is the master password.

        The root cause of this is an ordering problem during startup between the SystemTasksImpl service and the IdmService service. The IdmService reads the master password file and sets the master password internally (which is needed to read the keystore that holds the alias values) and the SystemTasksImpl reads the system properties from the domain.xml and stores them in the environment within the JVM. If SystemTasksImpl is initialized before IdmService, then it cannot read the password aliases. Both IdmService and SystemTasksImpl are run at the "INIT" run-level, so there is no guarantee on the ordering between the services.

        Show
        Tom Mueller added a comment - Confirmed on the trunk. There is an error message in the log file when this happens: Aug 7, 2012 8:22:35 AM org.glassfish.config.support.TranslatedConfigView getTranslatedValue SEVERE: Error in dealiasing the password $ {ALIAS=foo} : password can't be null This comes from line 89 of TranslatedConfigView.java in the nucleus/admin/config-api module. The "password" referred to in the error message is the master password. The root cause of this is an ordering problem during startup between the SystemTasksImpl service and the IdmService service. The IdmService reads the master password file and sets the master password internally (which is needed to read the keystore that holds the alias values) and the SystemTasksImpl reads the system properties from the domain.xml and stores them in the environment within the JVM. If SystemTasksImpl is initialized before IdmService, then it cannot read the password aliases. Both IdmService and SystemTasksImpl are run at the "INIT" run-level, so there is no guarantee on the ordering between the services.

          People

          • Assignee:
            Tom Mueller
            Reporter:
            mjpatv
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: