]
Darran Lofthouse commented on WFLY-7623:
----------------------------------------
[~pskopek] Where did we get to re making it possible to inject a KeyStore instead of
having the file definition in the CredentialStore?
Multiple CredentialStores with ONE backed credential store file can
rewrite values each other.
----------------------------------------------------------------------------------------------
Key: WFLY-7623
URL:
https://issues.jboss.org/browse/WFLY-7623
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Hynek Švábek
Assignee: Peter Skopek
Multiple CredentialStores with ONE backed credential store file can rewrite values each
other.
*How to reproduce*
{code}
/subsystem=elytron/credential-store=credStore001:add(uri="cr-store://test/cs001.jceks?store.password=pass123;create.storage=true")
/subsystem=elytron/credential-store=credStore001/alias="alias1":add(secret-value=Elytron)
{code}
{code}
/subsystem=elytron/credential-store=credStore002:add(uri="cr-store://test/cs001.jceks?store.password=pass123")
{code}
check CS file
there is "alias1" entry
{code}
/subsystem=elytron/credential-store=credStore001/alias="alias2":add(secret-value=Elytron)
{code}
check CS file
there are "alias1" and "alias2" entries
{code}
/subsystem=elytron/credential-store=credStore002/alias="alias123":add(secret-value=Elytron)
{code}
check CS file
there are "alias1" and "alias123" entries".
*NOTE*
It is problem, because we have one backed file. In memory we have right values for all
Credential Stores, but after restart we can lost new entries.
In my opinion reason for this behaviour is:
We have CS loaded in memory and when we add new alias to CS then we save whole CS from
memory to file.
We can set CS as non-modifiable when we use same backed file for CredentialStore but we
must find better default behaviour.