[
https://issues.jboss.org/browse/WFCORE-3421?page=com.atlassian.jira.plugi...
]
Martin Choma commented on WFCORE-3421:
--------------------------------------
These are attributes in elytron subsystem which use "requires" and
"default" at once.
{noformat}
"search-recursive" => {
"type" => BOOLEAN,
"description" => "Indicates
if attribute LDAP search queries are recursive.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => true,
"requires" =>
["filter"]
},
"role-recursion-name" => {
"type" => STRING,
"description" => "Determine
LDAP attribute of role entry which will be substitute for \"{0}\" in filter-name
when searching roles of role.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => "cn",
"requires" =>
["role-recursion"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"version-comparison" => {
"type" => STRING,
"description" => "When set to
'less-than' a Provider will match against the filter if the Provider's version
is less-than the version specified here. Setting to 'greater-than' has the
opposite effect. Has no effect if a provider-version has not been specified in the
filter.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => "less-than",
"requires" => ["provider-version"],
"allowed" => [
"less-than",
"greater-than"
]
}
"required" => {
"type" => BOOLEAN,
"description" => "Is the file required to exist at the
time the KeyStore service starts?",
"attribute-group" => "file",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"requires" => ["path"],
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
{noformat}
e.g.
{noformat}
[standalone@localhost:9990 /] /subsystem=elytron/key-store=b:add(type=JKS,
credential-reference={clear-text=a}, required=false
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0380: Attribute 'path'
needs to be set or passed before attribute 'required' can be correctly set",
"rolled-back" => true
}
{noformat}
Incorrect usage of requires for defining the relationship between
outflow-anonymous and outflow-security-domains
----------------------------------------------------------------------------------------------------------------
Key: WFCORE-3421
URL:
https://issues.jboss.org/browse/WFCORE-3421
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 4.0.0.Alpha2
Reporter: ehsavoie Hugonnet
If outflow-anonymous is set to false then there is no need for outflow-security-domains
as the default configuration shows clearly.
So
{noformat}
/subsystem=elytron/security-domain=ApplicationDomain:add(default-realm=ApplicationRealm,outflow-anonymous=false,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles}])
{noformat}
should work like
{noformat}
/subsystem=elytron/security-domain=ApplicationDomain:add(default-realm=ApplicationRealm,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles}])
{noformat}
A custom validation code is required instead of relying on the setRequires of
SimpleAttributeDefinition
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)