pzampino commented on a change in pull request #243: KNOX-2200 -
DefaultKeystoreService can lose entries under concurrent access
URL: https://github.com/apache/knox/pull/243#discussion_r371407655
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
##########
@@ -286,18 +287,21 @@ public KeyStore getCredentialStoreForCluster(String
clusterName)
@Override
public void addCredentialForCluster(String clusterName, String alias, String
value)
throws KeystoreServiceException {
- removeFromCache(clusterName, alias);
- KeyStore ks = getCredentialStoreForCluster(clusterName);
- if (ks != null) {
- try {
- final Key key = new
SecretKeySpec(value.getBytes(StandardCharsets.UTF_8), "AES");
- ks.setKeyEntry(alias, key, masterService.getMasterSecret(), null);
-
- final Path keyStoreFilePath = keyStoreDirPath.resolve(clusterName +
CREDENTIALS_SUFFIX);
- writeKeyStoreToFile(ks, keyStoreFilePath,
masterService.getMasterSecret());
- addToCache(clusterName, alias, value);
- } catch (KeyStoreException | IOException | CertificateException |
NoSuchAlgorithmException e) {
- LOG.failedToAddCredentialForCluster(clusterName, e);
+ // Needed to prevent read then write synchronization issue where alias is
not added
+ synchronized (this) {
Review comment:
Why not just mark the whole method as synchronized?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
