-
Bug
-
Resolution: Won't Do
-
Blocker
-
None
-
7.1.0.DR8
Multiple CredentialStores with ONE backed credential store file can rewrite values each other.
How to reproduce
/subsystem=elytron/credential-store=credStore001:add(location=cs001.jceks,credential-reference={clear-text=pass123},create=true)
/subsystem=elytron/credential-store=credStore001/alias="alias1":add(secret-value=Elytron)
/subsystem=elytron/credential-store=credStore002:add(location=cs001.jceks,credential-reference={clear-text=pass123})
check CS file
there is "alias1" entry
/subsystem=elytron/credential-store=credStore001/alias="alias2":add(secret-value=Elytron)
check CS file
there are "alias1" and "alias2" entries
/subsystem=elytron/credential-store=credStore002/alias="alias123":add(secret-value=Elytron)
check CS file
there are "alias1" and "alias123" entries".
NOTE
It is problem, because we have one backed file. In memory we have right values for all Credential Stores, but after restart we can lost new entries.
In my opinion reason for this behaviour is:
We have CS loaded in memory and when we add new alias to CS then we save whole CS from memory to file.
We can set CS as non-modifiable when we use same backed file for CredentialStore but we must find better default behaviour.
My suggestion for default behaviour
When we want to add new alias to CredentialStore we can do this:
- refresh CS from file (and this file lock)
- add new alias to CS
- save CS to file
- unlock file
But there is posible problem with performance....
- blocks
-
JBEAP-8571 CredentialStore issues
-
- Resolved
-
- is cloned by
-
-
- Closed
-
-
JBEAP-10816 Documentation, Multiple CredentialStores with ONE backed credential store file can rewrite values each other.
-
- Closed
-
- is documented by
-
-
- Closed
-
- relates to
-
-
- Closed
-
