[jboss-jira] [JBoss JIRA] (WFCORE-2617) When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.

Tomas Hofman (JIRA) issues at jboss.org
Mon Apr 3 08:50:01 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomas Hofman moved ELY-1042 to WFCORE-2617:
-------------------------------------------

        Project: WildFly Core  (was: WildFly Elytron)
            Key: WFCORE-2617  (was: ELY-1042)
    Component/s: Security
                     (was: Credential Store)


> When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-2617
>                 URL: https://issues.jboss.org/browse/WFCORE-2617
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Hynek Švábek
>            Assignee: Tomas Hofman
>            Priority: Critical
>
> When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
> I expect consistent state, same aliases in memory and persisted on disk.
> We must not add new aliases only to memory.
> This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866 
> where is noted as secondary problem.
> *HOW TO REPRODUCE*
> {code}
> /subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/credentialstore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir")
> {code}
> {code}
> /subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)
> {code}
> Now is credentialstore.jceks file persisted on disk here *JBOSS_HOME/standalone/data/cs*
> Please remove write permission for folder "cs"
> {code}
> chmod g-w  cs
> chmod u-w  cs
> {code}
> Try add another entry to credential store
> /subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue)
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09525: Unable to flush credential store to storage'",
>     "rolled-back" => true
> }
> And you get error message as above.
> Now you list all aliases in credential store:
> {code}
> /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
> {
>     "outcome" => "success",
>     "result" => [
>         "alias001",
>         "alias002"
>     ]
> }
> {code}
> There is non persisted "alias002" too.
> *Now we check aliases in persisted file**:*
> {code}
> reload
> {code}
> There isn't any alias "alias002" after reload.
> {code}
> /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
> {
>     "outcome" => "success",
>     "result" => ["alias001"]
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list