]
Josef Cacek updated WFLY-8000:
------------------------------
Labels: user_experience (was: )
Default Elytron realm names are confusing - use same values as Legacy
security realms
-------------------------------------------------------------------------------------
Key: WFLY-8000
URL:
https://issues.jboss.org/browse/WFLY-8000
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Priority: Blocker
Labels: user_experience
The default application server profiles now contain Elytron subsystem configured (more in
EAP7-543). The subsystem contains 2 properties realms, which copy behavior of security
realms in legacy security. They use the same name as the original ones *ApplicationRealm*
and *ManagementRealm*:
{code:xml}
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties"
relative-to="jboss.server.config.dir"
digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties"
relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties"
relative-to="jboss.server.config.dir"
digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties"
relative-to="jboss.server.config.dir"/>
</properties-realm>
{code}
The new Elytron realms must use different names than legacy ones. Otherwise
customers/administrators may think about the Elytron realms as just references to the
legacy security.
*Suggested solution*
Rename the default Elytron realms to something like *ElytronManagementRealm* or
*ManagementElytronRealm*. So the configuration looks like:
{code:xml}
<properties-realm name="ApplicationElytronRealm">
<users-properties path="application-users.properties"
relative-to="jboss.server.config.dir"
digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties"
relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementElytronRealm">
<users-properties path="mgmt-users.properties"
relative-to="jboss.server.config.dir"
digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties"
relative-to="jboss.server.config.dir"/>
</properties-realm>
{code}