[
https://issues.apache.org/jira/browse/KNOX-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868868#comment-16868868
]
Kevin Risden commented on KNOX-1881:
------------------------------------
End up with errors like this:
{code:java}
2019-06-18 13:53:55,939 ERROR knox.gateway
(DefaultKeystoreService.java:loadKeyStore(575)) - Failed to load keystore
[filename=/var/lib/knox/gateway/data/security/keystores/admin-credentials.jceks,
type=JCEKS]: java.io.EOFException
2019-06-18 13:53:55,940 ERROR knox.gateway
(DefaultAliasService.java:addAliasForCluster(171)) - Failed to add credential
for cluster admin:
org.apache.knox.gateway.services.security.KeystoreServiceException:
java.io.EOFException
{code}
when the jceks files are corrupted. The file sizes are also all over the map
and look like two things wrote to the file at once.
> DefaultKeystoreService should use Java NIO API locking as well
> --------------------------------------------------------------
>
> Key: KNOX-1881
> URL: https://issues.apache.org/jira/browse/KNOX-1881
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxCLI, Server
> Reporter: Robert Levas
> Assignee: Kevin Risden
> Priority: Critical
> Fix For: 1.3.0
>
>
> The file locking mechanism in
> {{org.apache.knox.gateway.services.security.impl.DefaultKeystoreService}}
> today relies on read/write locks to prevent multiple threads from editing a
> single keystore. Java NIO API file locking adds the protection for
> reading/writing from multiple JVMs. Since DefaultKeystoreService is used in
> both gateway and knoxcli, we need to protect against this type of access
> happening at once.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
