-
1. Re: Active-mq messaging with elytron on wildfly 11
mchoma Mar 19, 2018 1:19 PM (in response to nikhilsb)Credential store strings can be currently used only in specialized "credential-reference" attributes. keyStorePassword is not such case.
This is known issue as Elytron integration in this area is not complete.See https://issues.jboss.org/browse/EAP7-683
http-acceptor part can be solved by configuring Undertow using Elytron ssl context which is aware of credential store.
Can you elaborate your use case. Are you trying to configure 2-way SSL between client and server? Where is your client located? Is it in same WF instance/another WF instance/standalone app? What are you expecting vault role is here? Most probably vault expression is resolved at server boot and client gets object with plain password over network, anyway.
-
2. Re: Active-mq messaging with elytron on wildfly 11
jorith.van.den.heuvel Apr 17, 2018 7:52 AM (in response to mchoma)We have a similar issue regarding a Websphere MQ resource adapter. Our current configuration looks like below:
<subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">
<resource-adapters>
<resource-adapter id="wmq.jmsra.rar">
<archive>
wmq.jmsra.rar
</archive>
<transaction-support>LocalTransaction</transaction-support>
...
<connection-definitions>
<connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl" jndi-name="java:/jboss/jms/wmq/connectionFactory" use-java-context="true" pool-name="MQConnectionFactoryPool">
...
<config-property name="password">
${VAULT::some_vault::password_websphere_mq::1}
</config-property>
...
</connection-definitions>
</resource-adapter>
</resource-adapters>
</subsystem>
I think it's not possible to add a credential reference here instead of the VAULT string. Since I cannot view the EAP7-683 issue: will this use case be supported in a future version?