Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2617

When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 3.0.0.Beta18
    • None
    • Security
    • None

    Description

      When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.

      I expect consistent state, same aliases in memory and persisted on disk.
      We must not add new aliases only to memory.

      This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866
      where is noted as secondary problem.

      HOW TO REPRODUCE

      /subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/credentialstore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir")

      /subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)

      Now is credentialstore.jceks file persisted on disk here JBOSS_HOME/standalone/data/cs
      Please remove write permission for folder "cs"

      chmod g-w  cs
chmod u-w  cs

      Try add another entry to credential store
      /subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue)

      { "outcome" => "failed", "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09525: Unable to flush credential store to storage'", "rolled-back" => true } And you get error message as above. Now you list all aliases in credential store: {code}

      /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)

      { "outcome" => "success", "result" => [ "alias001", "alias002" ] } {code}

      There is non persisted "alias002" too.

      Now we check aliases in persisted file:

      reload

      There isn't any alias "alias002" after reload.

      /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
{
    "outcome" => "success",
    "result" => ["alias001"]
}

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9989 When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              thofman Tomas Hofman
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: