-
Bug
-
Resolution: Done
-
Blocker
-
7.1.0.DR15
-
None
When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
I expect consistent state, same aliases in memory and persisted on disk.
We must not add new aliases only to memory.
This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866
where is noted as secondary problem.
HOW TO REPRODUCE
/subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir", create=true, location=cs/credentialStore.jceks)
/subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)
Now is credentialstore.jceks file persisted on disk here JBOSS_HOME/standalone/data/cs
Please remove write permission for folder "cs"
chmod g-w cs chmod u-w cs
Try add another entry to credential store
/subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue) { "outcome" => "failed", "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09525: Unable to flush credential store to storage'", "rolled-back" => true }
And you get error message as above.
Now you list all aliases in credential store:
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias) { "outcome" => "success", "result" => [ "alias001", "alias002" ] }
There is non persisted "alias002" too.
Now we check aliases in persisted file:
reload
There isn't any alias "alias002" after reload.
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias) { "outcome" => "success", "result" => ["alias001"] }
- is cloned by
-
WFCORE-2617 When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
- Resolved
- is incorporated by
-
JBEAP-10508 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta21
- Closed