[JBoss JIRA] (WFCORE-2617) When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.

Monday, 3 April 2017

     [
https://issues.jboss.org/browse/WFCORE-2617?page=com.atlassian.jira.plugi...
]

Tomas Hofman moved ELY-1042 to WFCORE-2617:
-------------------------------------------

        Project: WildFly Core  (was: WildFly Elytron)
            Key: WFCORE-2617  (was: ELY-1042)
    Component/s: Security
                     (was: Credential Store)

...
 When failed credential store flush to file on the disk then we have
inconsistency between credential store in memory and persisted file.

----------------------------------------------------------------------------------------------------------------------------------------

                 Key: WFCORE-2617
                 URL: https://issues.jboss.org/browse/WFCORE-2617
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
            Reporter: Hynek Švábek
            Assignee: Tomas Hofman
            Priority: Critical

 When failed credential store flush to file on the disk then we have inconsistency between
credential store in memory and persisted file.
 I expect consistent state, same aliases in memory and persisted on disk.
 We must not add new aliases only to memory.
 This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866 
 where is noted as secondary problem.
 *HOW TO REPRODUCE*
 {code}

/subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/credentialstore.jceks?create=true",
credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir")
 {code}
 {code}
 /subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)
 {code}
 Now is credentialstore.jceks file persisted on disk here *JBOSS_HOME/standalone/data/cs*
 Please remove write permission for folder "cs"
 {code}
 chmod g-w  cs
 chmod u-w  cs
 {code}
 Try add another entry to credential store
 /subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue)
 {
     "outcome" => "failed",
     "failure-description" => "WFLYELY00009: Unable to complete
operation. 'ELY09525: Unable to flush credential store to storage'",
     "rolled-back" => true
 }
 And you get error message as above.
 Now you list all aliases in credential store:
 {code}
 /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
 {
     "outcome" => "success",
     "result" => [
         "alias001",
         "alias002"
     ]
 }
 {code}
 There is non persisted "alias002" too.
 *Now we check aliases in persisted file**:*
 {code}
 reload
 {code}
 There isn't any alias "alias002" after reload.
 {code}
 /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
 {
     "outcome" => "success",
     "result" => ["alias001"]
 }
 {code} 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006