Red Hat Bugzilla – Bug 833155
Possible inconsistency in serialization signing configuration
Last modified: 2012-06-18 13:47:26 EDT
Created attachment 592710 [details]
Description of problem:
There are two options to configure serialization signing. If the properties are defined in jboss-brms.war/WEB-INF/classes/preferences.properties they are read by Guvnor and propagated as system properties, thus available to business central too. Important fact is that this is done upon logging into Guvnor (not during deployment). What can happen? See steps to reproduce.
Steps to Reproduce:
1. enable serialization signing using preferences.properties and start the server
2. log into Guvnor, optionally build a package with some processes
3. log into Business Central (it initializes new session with signing enabled)
4. shut down the server and start it again
5. go into Business Central without visiting Guvnor first
Because Guvnor haven't read the signing properties and haven't set them as system, Business Central now expects to load an unsigned session but the session was signed previously. Session cannot be loaded. See attached server log with the resulting exception.
Not sure, probably just describe the behavior in documentation and recommend using properties-service.xml to configure serialization signing to avoid this situation.