Bug 833155 - Possible inconsistency in serialization signing configuration
Possible inconsistency in serialization signing configuration
Status: NEW
Product: JBoss Enterprise BRMS Platform 5
Classification: JBoss
Component: Configuration (Show other bugs)
BRMS 5.3.0.GA
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Julian Coleman
Jiri Locker
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-18 13:47 EDT by Jiri Locker
Modified: 2012-06-18 13:47 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
server.log (26.14 KB, text/plain)
2012-06-18 13:47 EDT, Jiri Locker
no flags Details

  None (edit)
Description Jiri Locker 2012-06-18 13:47:26 EDT
Created attachment 592710 [details]
server.log

Description of problem:
There are two options to configure serialization signing. If the properties are defined in jboss-brms.war/WEB-INF/classes/preferences.properties they are read by Guvnor and propagated as system properties, thus available to business central too. Important fact is that this is done upon logging into Guvnor (not during deployment). What can happen? See steps to reproduce.

Steps to Reproduce:
1. enable serialization signing using preferences.properties and start the server
2. log into Guvnor, optionally build a package with some processes
3. log into Business Central (it initializes new session with signing enabled)
4. shut down the server and start it again
5. go into Business Central without visiting Guvnor first
  
Actual results:
Because Guvnor haven't read the signing properties and haven't set them as system, Business Central now expects to load an unsigned session but the session was signed previously. Session cannot be loaded. See attached server log with the resulting exception.

Expected results:
Not sure, probably just describe the behavior in documentation and recommend using properties-service.xml to configure serialization signing to avoid this situation.

Note You need to log in before you can comment on or make changes to this bug.