[JBoss JIRA] (WFCORE-2691) Elytron modifiable realms should show existing identities in subsystem

Thursday, 20 April 2017

    [
https://issues.jboss.org/browse/WFCORE-2691?page=com.atlassian.jira.plugi...
] 

Brian Stansberry commented on WFCORE-2691:
------------------------------------------

[~honza889] AFAIK in the messaging subsystem case it is reading local resources. Those
queues are part of the in-vm messaging broker. The biggest concern I have with this
security realm stuff is it introduces remote call into the picture. That and the potential
for an extremely large number of resources. Granted a messaging broker could have that
problem as well.

Please start a wildfly-dev list thread on this. It is something that deserves a broadly
visible discussion.

With /subsystem=messaging-activemq:read-resource(include-runtime=false,recursive=true) for
core-address do you see the details of the core-address resources or just an empty
placeholder? I expect the latter. We could look into eliminating even that.

For the JMX issue, I don't think include-runtime=false is relevant. A query for all
mbeans will return all mbeans, runtime-only resource or not.

...
 Elytron modifiable realms should show existing identities in
subsystem
 ----------------------------------------------------------------------

                 Key: WFCORE-2691
                 URL: https://issues.jboss.org/browse/WFCORE-2691
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
    Affects Versions: 3.0.0.Beta15
            Reporter: Jan Kalina
            Assignee: Jan Kalina
            Priority: Blocker
              Labels: eap71_beta, filesystem-realm, security-realm

 Elytron {{filesystem-realm}} should load existing identities from file system. The steps
to reproduce results in:
 {noformat}
 [standalone@localhost:9990 /]
/subsystem=elytron/filesystem-realm=realm/identity=user:read-identity
 {
     "outcome" => "failed",
     "failure-description" => "WFLYCTL0216: Management resource '[
     (\"subsystem\" => \"elytron\"),
     (\"filesystem-realm\" => \"realm\"),
     (\"identity\" => \"user\")
 ]' not found",
     "rolled-back" => true
 }
 [standalone@localhost:9990 /]
/subsystem=elytron/filesystem-realm=realm/identity=user:add
 {
     "outcome" => "failed",
     "failure-description" => "WFLYELY01000: Identity with name [user]
already exists.",
     "rolled-back" => true
 }
 {noformat} 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006