[jboss-jira] [JBoss JIRA] (WFCORE-5079) Adjust management layers to be secured by Elytron or legacy security only

Friday, 21 August 2020

    [
https://issues.redhat.com/browse/WFCORE-5079?page=com.atlassian.jira.plug...
] 

Darran Lofthouse commented on WFCORE-5079:
------------------------------------------

[~jdenise] Overall we need to be making sure the management interfaces we pull in are
secured, we should not be providing distributions with these unsecured.  The provided
tooling can already make use of the local authentication mechanism.

Elytron is the security framework of the whole application server, all layers will being
it's modules in anyway so we are only talking about the subsystem.

In relation to the subsystem I do believe that needs breaking into some smaller layers.
elytron-minimal, elytron-common, elytron-applications, elytron-management with the
existing elytron layer depending on all of these.  The management layer will then be
adjusted to depend on the elytron-management-layer whilst most other layers that presently
depend on elytron can instead depend on elytron-applications.  I will be starting a
separate thread on that one later.

The alternative follow up is adjust core tools to bring in tools ONLY - i.e. don't
pull in the management layer

...
 Adjust management layers to be secured by Elytron or legacy security
only
 -------------------------------------------------------------------------

                 Key: WFCORE-5079
                 URL: https://issues.redhat.com/browse/WFCORE-5079
             Project: WildFly Core
          Issue Type: Task
          Components: Build System, Management
            Reporter: Darran Lofthouse
            Assignee: Darran Lofthouse
            Priority: Major
             Fix For: 13.0.0.Beta5, 13.0.0.Final

 At the moment it is only in the documentation that it is unsecured, a list of layers
could be created similar to:
 {code:xml}
                             <configs>
                                 <config>
                                     <name>standalone.xml</name>
                                     <model>standalone</model>
                                     <layers>
                                         <layer>management</layer>
                                         <layer>remoting</layer>
                                         <layer>elytron</layer>
                                         <layer>web-server</layer>
                                     </layers>
                                 </config>
 {code}
 From a code review of a snippet like this unless the documentation is cross referenced
nothing looks out of place, if instead management was renamed unsecured-management it
would be obvious in a review.
 The following gist diff show the effect each of the three management layers presently has
on the configuration.
 * management -
https://gist.github.com/darranl/e9f1c5a943684ce124c35638e376644f/revision...
 * secure-management -
https://gist.github.com/darranl/e9f1c5a943684ce124c35638e376644f/revision...
 * legacy-management -
https://gist.github.com/darranl/e9f1c5a943684ce124c35638e376644f/revision...

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (WFCORE-5079) Adjust management layers to be secured by Elytron or legacy security only