Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7400

Multiple CredentialStores with ONE backed credential store file can rewrite values each other.

    XMLWordPrintable

Details

    Description

      Multiple CredentialStores with ONE backed credential store file can rewrite values each other.

      How to reproduce

      /subsystem=elytron/credential-store=credStore001:add(location=cs001.jceks,credential-reference={clear-text=pass123},create=true)
/subsystem=elytron/credential-store=credStore001/alias="alias1":add(secret-value=Elytron)

      /subsystem=elytron/credential-store=credStore002:add(location=cs001.jceks,credential-reference={clear-text=pass123})

      check CS file
      there is "alias1" entry

      /subsystem=elytron/credential-store=credStore001/alias="alias2":add(secret-value=Elytron)

      check CS file
      there are "alias1" and "alias2" entries

      /subsystem=elytron/credential-store=credStore002/alias="alias123":add(secret-value=Elytron)

      check CS file
      there are "alias1" and "alias123" entries".
      NOTE
      It is problem, because we have one backed file. In memory we have right values for all Credential Stores, but after restart we can lost new entries.

      In my opinion reason for this behaviour is:
      We have CS loaded in memory and when we add new alias to CS then we save whole CS from memory to file.
      We can set CS as non-modifiable when we use same backed file for CredentialStore but we must find better default behaviour.

      My suggestion for default behaviour
      When we want to add new alias to CredentialStore we can do this:

      1. refresh CS from file (and this file lock)
      2. add new alias to CS
      3. save CS to file
      4. unlock file

      But there is posible problem with performance....

      Attachments

        Issue Links

          blocks

          Tracker - Issue tracking a bug fix or improvement in another component JBEAP-8571 CredentialStore issues

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2490 Multiple CredentialStores with ONE backed credential store file can rewrite values each other.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Documentation - JBEAP-10816 Documentation, Multiple CredentialStores with ONE backed credential store file can rewrite values each other.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is documented by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9650 Multiple CredentialStores with ONE backed credential store file in domain mode

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6862 Creating Credentail Store from scratch when keystore file exists is successful.

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              rhn-cservice-bbaranow Bartosz Baranowski
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: