Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface --------------------------------------------------------------------------------------------------- Key: WFCORE-2163 URL: https://issues.jboss.org/browse/WFCORE-2163 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: ehsavoie Hugonnet Priority: Critical Fix For: 3.0.0.Beta11 In case when legacy security-realm for SSL is used together with Elytron authentication in HTTP management interface then server is not started. I am using following configuration for HTTP management interface (see Steps to Reproduce for more details): {code} <http-interface http-authentication-factory="management-http-authentication" security-realm="ManagementRealmHTTPS"> <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> <socket-binding http="management-http" https="management-https"/> </http-interface> {code} Server is not started and following errors occur in log: {code} ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:330) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided. at org.jboss.as.domain.http.server.ManagementHttpServer.getSSLContext(ManagementHttpServer.java:225) at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:254) at org.jboss.as.domain.http.server.ManagementHttpServer.access$2400(ManagementHttpServer.java:107) at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:589) at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:292) ... 5 more {code} and {code} ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("management-interface" => "http-interface") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined } ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("management-interface" => "http-interface") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined } {code} According to comments in EAP7-545 Analysis document [1], when security-realm and http-authentication-factory are specified but no ssl-context is used then it should lead to use legacy security-realm for SSL configuration and http-authentication-factory for authentication. [1] https://docs.google.com/document/d/1LsS-CGUJSDwGcFUva0g-BF9ZIq0jwx__1e_oJ...