[jboss-jira] [JBoss JIRA] (WFLY-7623) Multiple CredentialStores with ONE backed credential store file can rewrite values each other.

Hynek Švábek (JIRA) issues at jboss.org
Mon Dec 5 06:17:01 EST 2016 

     [ https://issues.jboss.org/browse/WFLY-7623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hynek Švábek updated WFLY-7623:
-------------------------------
    Priority: Blocker  (was: Major)


> Multiple CredentialStores with ONE backed credential store file can rewrite values each other.
> ----------------------------------------------------------------------------------------------
>
>                 Key: WFLY-7623
>                 URL: https://issues.jboss.org/browse/WFLY-7623
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Hynek Švábek
>            Assignee: Peter Skopek
>            Priority: Blocker
>
> Multiple CredentialStores with ONE backed credential store file can rewrite values each other.
> *How to reproduce*
> {code}
> /subsystem=elytron/credential-store=credStore001:add(uri="cr-store://test/cs001.jceks?store.password=pass123;create.storage=true")
> /subsystem=elytron/credential-store=credStore001/alias="alias1":add(secret-value=Elytron)
> {code}
> {code}
> /subsystem=elytron/credential-store=credStore002:add(uri="cr-store://test/cs001.jceks?store.password=pass123")
> {code}
> check CS file
> there is "alias1" entry
> {code}
> /subsystem=elytron/credential-store=credStore001/alias="alias2":add(secret-value=Elytron)
> {code}
> check CS file
> there are "alias1" and "alias2" entries
> {code}
> /subsystem=elytron/credential-store=credStore002/alias="alias123":add(secret-value=Elytron)
> {code}
> check CS file
> there are "alias1" and "alias123" entries".
> *NOTE*
> It is problem, because we have one backed file. In memory we have right values for all Credential Stores, but after restart we can lost new entries.
> In my opinion reason for this behaviour is:
> We have CS loaded in memory and when we add new alias to CS then we save whole CS from memory to file.
> We can set CS as non-modifiable when we use same backed file for CredentialStore but we must find better default behaviour.
> *My suggestion for default behaviour*
> When we want to add new alias to CredentialStore we can do this:
> # refresh CS from file (and this file lock)
> # add new alias to CS
> # save CS to file
> # unlock file
> *But there is posible problem with performance....*



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list