[JBoss JIRA] (WFCORE-2301) Mount point not found exception raised by createTempFileWithAttributes on overlayfs [JDK-8165852]
by Bjoern Stuetz (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2301?page=com.atlassian.jira.plugi... ]
Bjoern Stuetz commented on WFCORE-2301:
---------------------------------------
Hi [~brian.stansberry], I meant to respond much much much earlier; I am very sorry for that. Just wanted to say many thanks for your help and wanted to confirm that we had no problems any more at all after your WFCORE-2301 fix. Thanks heaps!
> Mount point not found exception raised by createTempFileWithAttributes on overlayfs [JDK-8165852]
> -------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2301
> URL: https://issues.jboss.org/browse/WFCORE-2301
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Environment: WildFly via KeyCloak 2.5.1.Final
> {code:xml}
> <eap.version>7.0.0.Beta</eap.version>
> <jboss.as.version>7.2.0.Final</jboss.as.version>
> <wildfly.version>10.0.0.Final</wildfly.version>
> {code}
> on Docker with overlayfs or overlayfs2 as storage driver
> \# docker info | grep -i storage
> aufs: works (e.g., boot2docker, legacy minikube)
> overlay (e.g., CoreOS, current minikube): problem
> devicemapper (e.g., CentOS): works
> overlay2 (e.g., Docker for Mac): problem
> Reporter: Bjoern Stuetz
> Assignee: Brian Stansberry
> Fix For: 3.0.0.Beta3, 2.2.1.CR2
>
>
> Mount point not found exception raised by createTempFileWithAttributes on overlayfs [JDK-8165852], i.e.,
> /opt/jboss/bin/jboss-cli.sh --file=/opt/jboss/jboss-config.cli
> inside a Docker container running on overlayfs as storage driver
> causes (full stack trace below):
> {code:java}
> java.io.IOException: Mount point not foundImage
> at sun.nio.fs.LinuxFileStore.findMountEntry(LinuxFileStore.java:91)
> {code}
> triggered by
> {code:java}
> at org.jboss.as.controller.persistence.FilePersistenceUtils.createTempFileWithAttributes(FilePersistenceUtils.java:117)
> at org.jboss.as.controller.persistence.FilePersistenceUtils.writeToTempFile(FilePersistenceUtils.java:104)
> {code}
> due to OpenJDK bug/overlayfs bug.
> We acknowledge that this is in fact an OpenJDK AND/OR overlayfs bug. However everything seems to run fine in WildFly except once the backup of the config is triggered, for example by using the cli. Hence WildFly is of limited functionality when the more and more popular overlayfs storage driver is used, and the WildFly team might be interested in providing a workaround on their side since there is no indication the OpenJDK bug will be promptly fixed. We are happy to help in any way, we are still trying to find a workaround on the Java or WildFly side; but we might need insights on why findMountEntry is invoked.
> Full Stack Trace:
> {code:java}
> java.io.IOException: Mount point not foundImage
> at sun.nio.fs.LinuxFileStore.findMountEntry(LinuxFileStore.java:91)
> at sun.nio.fs.UnixFileStore.<init>(UnixFileStore.java:65)
> at sun.nio.fs.LinuxFileStore.<init>(LinuxFileStore.java:44)
> at sun.nio.fs.LinuxFileSystemProvider.getFileStore(LinuxFileSystemProvider.java:51)
> at sun.nio.fs.LinuxFileSystemProvider.getFileStore(LinuxFileSystemProvider.java:39)
> at sun.nio.fs.UnixFileSystemProvider.getFileStore(UnixFileSystemProvider.java:368)
> at java.nio.file.Files.getFileStore(Files.java:1461)
> at org.jboss.as.controller.persistence.FilePersistenceUtils.getPosixAttributes(FilePersistenceUtils.java:129)
> at org.jboss.as.controller.persistence.FilePersistenceUtils.createTempFileWithAttributes(FilePersistenceUtils.java:117)
> at org.jboss.as.controller.persistence.FilePersistenceUtils.writeToTempFile(FilePersistenceUtils.java:104)
> at org.jboss.as.controller.persistence.ConfigurationFilePersistenceResource.doCommit(ConfigurationFilePersistenceResource.java:55)
> at org.jboss.as.controller.persistence.AbstractFilePersistenceResource.commit(AbstractFilePersistenceResource.java:58)
> at org.jboss.as.controller.ModelControllerImpl$4.commit(ModelControllerImpl.java:781)
> at org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:743)
> at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:680)
> at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)
> at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1344)
> at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:392)
> at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:204)
> at org.jboss.as.controller.ModelControllerImpl$3.execute(ModelControllerImpl.java:659)
> at org.jboss.as.controller.ModelControllerImpl$3.execute(ModelControllerImpl.java:649)
> at org.jboss.as.controller.client.helpers.DelegatingModelControllerClient.execute(DelegatingModelControllerClient.java:63)
> at org.jboss.as.cli.embedded.ThreadContextsModelControllerClient.execute(ThreadContextsModelControllerClient.java:59)
> at org.jboss.as.cli.handlers.batch.BatchRunHandler.doHandle(BatchRunHandler.java:91)
> at org.jboss.as.cli.handlers.CommandHandlerWithHelp.handle(CommandHandlerWithHelp.java:88)
> at org.jboss.as.cli.impl.CommandContextImpl.handle(CommandContextImpl.java:776)
> at org.jboss.as.cli.impl.CommandContextImpl.handleSafe(CommandContextImpl.java:799)
> at org.jboss.as.cli.impl.CliLauncher.processFile(CliLauncher.java:334)
> at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:262)
> at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.modules.Module.run(Module.java:329)
> at org.jboss.modules.Main.main(Main.java:507)
> {code}
> Java Bug Overview:
> https://bugs.openjdk.java.net/browse/JDK-8165852
> http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u...
> Wildfly Stack Overflow issue, not solved:
> https://stackoverflow.com/questions/41022393/mount-point-not-found
> Background Info:
> http://mail.openjdk.java.net/pipermail/nio-dev/2016-October/003915.html
> A) chroot environment [1]
> B) Docker container with overlay and overlay2 storage drivers [2]
> C) btrfs file system with an unmounted sub-volume [2]
> [1] https://bugs.openjdk.java.net/browse/JDK-8165323 - cannot get FileStore in chroot environment
> [2] https://bugs.openjdk.java.net/browse/JDK-8165852 - cannot get FileStore for a file in overlayfs in Docker
> Docker file system/storage driver:
> https://docs.docker.com/engine/userguide/storagedriver/selectadriver/)
> Yum yum-plugin-ovl, similar problem:
> https://github.com/CentOS/sig-cloud-instance-images/issues/15
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years
[JBoss JIRA] (WFCORE-2767) Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"
by Yeray Borges (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2767?page=com.atlassian.jira.plugi... ]
Yeray Borges updated WFCORE-2767:
---------------------------------
Steps to Reproduce:
{code}
/subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs001:add-alias(alias=ff,secret-value=Elytron)
{code}
Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data
{code}
/subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff})
{code}
You can list all aliases in keystore
{code}
/subsystem=elytron/key-store=firefly:read-aliases
{
"outcome" => "success",
"result" => [
"ca",
"firefly"
]
}
{code}
We create another credential store with same alias entry but different value
{code}
/subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs002:add-alias(alias=ff, secret-value=ElytronWrong)
{code}
*Now we change credential-reference for keystore to second credential store with invalid password to keystore access.*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002)
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
Reload is required for credential-reference but in model we see "restart-required" => "no-services"
{code:collapse}
"credential-reference" => {
"type" => OBJECT,
"description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.credential-store",
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
{code}
*Set allow-resource-service-restart header property to true doesn't help*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true}
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
was:
{code}
/subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs001:add-alias(alias=ff,secret-value=Elytron)
{code}
Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data
{code}
/subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff})
{code}
You can list all aliases in keystore
{code}
/subsystem=elytron/key-store=firefly:read-children-names(child-type=alias)
{
"outcome" => "success",
"result" => [
"ca",
"firefly"
]
}
{code}
We create another credential store with same alias entry but different value
{code}
/subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs002/alias=ff:add(secret-value=ElytronWrong)
{code}
*Now we change credential-reference for keystore to second credential store with invalid password to keystore access.*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002)
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
Reload is required for credential-reference but in model we see "restart-required" => "no-services"
{code:collapse}
"credential-reference" => {
"type" => OBJECT,
"description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.credential-store",
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
{code}
*Set allow-resource-service-restart header property to true doesn't help*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true}
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
> Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2767
> URL: https://issues.jboss.org/browse/WFCORE-2767
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Yeray Borges
> Priority: Critical
>
> Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"
> There should be rather restart-required set to "resource-services" and ability to use allow-resource-service-restart=true header property
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years
[JBoss JIRA] (WFCORE-2767) Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"
by Yeray Borges (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2767?page=com.atlassian.jira.plugi... ]
Yeray Borges updated WFCORE-2767:
---------------------------------
Steps to Reproduce:
{code}
/subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs001:add-alias(alias=ff,secret-value=Elytron)
{code}
Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data
{code}
/subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff})
{code}
You can list all aliases in keystore
{code}
/subsystem=elytron/key-store=firefly:read-children-names(child-type=alias)
{
"outcome" => "success",
"result" => [
"ca",
"firefly"
]
}
{code}
We create another credential store with same alias entry but different value
{code}
/subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs002/alias=ff:add(secret-value=ElytronWrong)
{code}
*Now we change credential-reference for keystore to second credential store with invalid password to keystore access.*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002)
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
Reload is required for credential-reference but in model we see "restart-required" => "no-services"
{code:collapse}
"credential-reference" => {
"type" => OBJECT,
"description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.credential-store",
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
{code}
*Set allow-resource-service-restart header property to true doesn't help*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true}
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
was:
{code}
/subsystem=elytron/credential-store=cs001:add(credential-reference={clear-text=pass123}, create=true, location=cs001.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=Elytron)
{code}
Copy firefly.keystore from attachment to JBOSS_HOME/standalone/data
{code}
/subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff})
{code}
You can list all aliases in keystore
{code}
/subsystem=elytron/key-store=firefly:read-children-names(child-type=alias)
{
"outcome" => "success",
"result" => [
"ca",
"firefly"
]
}
{code}
We create another credential store with same alias entry but different value
{code}
/subsystem=elytron/credential-store=cs002:add(credential-reference={clear-text=pass123}, create=true, location=cs002.jceks)
{code}
{code}
/subsystem=elytron/credential-store=cs002/alias=ff:add(secret-value=ElytronWrong)
{code}
*Now we change credential-reference for keystore to second credential store with invalid password to keystore access.*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002)
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
Reload is required for credential-reference but in model we see "restart-required" => "no-services"
{code:collapse}
"credential-reference" => {
"type" => OBJECT,
"description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.credential-store",
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
{code}
*Set allow-resource-service-restart header property to true doesn't help*
{code}
/subsystem=elytron/key-store=firefly:write-attribute(name=credential-reference.store, value=cs002){allow-resource-service-restart=true}
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{code}
> Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2767
> URL: https://issues.jboss.org/browse/WFCORE-2767
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Yeray Borges
> Priority: Critical
>
> Elytron Keystore resource needs restart when is changed credential-reference attribute but restart-required is set to "no-services"
> There should be rather restart-required set to "resource-services" and ability to use allow-resource-service-restart=true header property
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years
[JBoss JIRA] (ELY-1207) Incorrectly named attribute match-user in authentication-context in Elytron subsystem
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1207?page=com.atlassian.jira.plugin.s... ]
Jan Kalina moved WFCORE-2875 to ELY-1207:
-----------------------------------------
Project: WildFly Elytron (was: WildFly Core)
Key: ELY-1207 (was: WFCORE-2875)
Component/s: XML
(was: Security)
> Incorrectly named attribute match-user in authentication-context in Elytron subsystem
> -------------------------------------------------------------------------------------
>
> Key: ELY-1207
> URL: https://issues.jboss.org/browse/ELY-1207
> Project: WildFly Elytron
> Issue Type: Bug
> Components: XML
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: user_experience
>
> Rule matcher {{match-user}} in authentication-context in Elytron subsystem internally uses {{org.wildfly.security.auth.client.MatchUserRule}}. This matcher works based on passed userinfo. However naming of {{match-user}} in Elytron subsystem indicates that just user part of userinfo should be used in matching.
> Also description in CLI is not correct, it says: _The user to match against._
> It means one of following should be changed:
> * name of {{match-user}}
> * functionality of {{MatchUserRule}}
> Since Elytron client configuration file includes for the same matcher with name {{match-userinfo}} then I suggest to rename attribute {{match-user}} in {{authentication-context}} in Elytron subsystem to {{match-userinfo}} and improve description in CLI and XSD.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years
[JBoss JIRA] (ELY-1207) Incorrectly named attribute match-user in authentication-context in Elytron subsystem
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1207?page=com.atlassian.jira.plugin.s... ]
Jan Kalina reassigned ELY-1207:
-------------------------------
Assignee: Jan Kalina (was: Darran Lofthouse)
> Incorrectly named attribute match-user in authentication-context in Elytron subsystem
> -------------------------------------------------------------------------------------
>
> Key: ELY-1207
> URL: https://issues.jboss.org/browse/ELY-1207
> Project: WildFly Elytron
> Issue Type: Bug
> Components: XML
> Reporter: Ondrej Lukas
> Assignee: Jan Kalina
> Priority: Critical
> Labels: user_experience
>
> Rule matcher {{match-user}} in authentication-context in Elytron subsystem internally uses {{org.wildfly.security.auth.client.MatchUserRule}}. This matcher works based on passed userinfo. However naming of {{match-user}} in Elytron subsystem indicates that just user part of userinfo should be used in matching.
> Also description in CLI is not correct, it says: _The user to match against._
> It means one of following should be changed:
> * name of {{match-user}}
> * functionality of {{MatchUserRule}}
> Since Elytron client configuration file includes for the same matcher with name {{match-userinfo}} then I suggest to rename attribute {{match-user}} in {{authentication-context}} in Elytron subsystem to {{match-userinfo}} and improve description in CLI and XSD.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years