[jboss-jira] [JBoss JIRA] (ELY-184) Update the properties KeyStore so a different type is used to distinguish between an enabled and disabled entry.

Darran Lofthouse (JIRA) issues at jboss.org
Thu May 7 06:26:46 EDT 2015 

    [ https://issues.jboss.org/browse/ELY-184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13066152#comment-13066152 ] 

Darran Lofthouse commented on ELY-184:
--------------------------------------

I think for simplicity then I will take the view that a KeyStore should only return the current valid entries so anything disabled will not be visible as a KeyStore has no real way to represent this.

Related to what you say above I think the KeyStore API is not going to be sufficient for our user management requirements anyway so no point trying to squeeze this bit in as we need an alternative anyway.

I could take the view that this KeyStore implementation returns the PasswordEntry but throws and exception if there is an attempt to obtain the actual password and the account is disabled but TBH we don't have a real requirement for that - our main requirement is that a user can not authenticate using a disabled account and that can be achieved by not making the account visible.

> Update the properties KeyStore so a different type is used to distinguish between an enabled and disabled entry.
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: ELY-184
>                 URL: https://issues.jboss.org/browse/ELY-184
>             Project: WildFly Elytron
>          Issue Type: Enhancement
>          Components: KeyStores
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: 1.0.0.Alpha1
>
>
> When representing this information at runtime we can not be sure that we can obtain the actual entries from the KeyStore as they may be password protected, all we can do is check the entry type.
> I think it would be fair to say an enabled account and a disabled account are two different entry types, the disabled type could even also prevent access to the password to prevent it's accidental use in a realm.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

More information about the jboss-jira mailing list