Open skedi opened 4 years ago
Looks like the security code is calling System.getenv for keystore_password rather than going through the config runtime which should solve this. The code is here:
It should be possible to update the metatype for the attribute to have ibm:variable="keystore_password" which should cause the variable to be used if it isn't explicitly configured and provide the expected behaviour. That would mean removing the callback code form WSKeyStore. Alternatively using the VariableRegistry should result in the desired behaviour.
Describe the bug
In configuring a keystore in server.xml, we recognized that the environment variable keystore_password is not handled as it is described generally for environment variables in the open liberty reference for server configuration ( https://openliberty.io/docs/20.0.0.11/reference/config/server-configuration-overview.html ):
Open liberty accepts this environment variable under windows regardless of whether it is written uppercase or lower-case. On an unixoid system only lower-case gets accepted.
Steps to Reproduce
Provide a keystore with a custom password Configure this keystore in server.xml and do not set a password for this keystore in server.xml Start open liberty through maven with liberty:dev goal and configure the openliberty-runtime with true and provide a KEYSTORE_PASSWORD environment variable with the keystore custom password Here an example:
Expected behavior
Regardless through which notation (keystore.password, KEYSTORE_PASSWORD, keystore_password, etc. ) the environment variable keystore password gets provided, open liberty opens the provided keystore in the server.xml with the set password.
Diagnostic information:
Openliberty 20.0.0.x Java Version: AdoptOpenJdk 11 on Openj9 or Hotspot server.xml configuration: