]
Paul Ferraro moved JBEAP-10635 to WFLY-8673:
--------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-8673 (was: JBEAP-10635)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Clustering
(was: Clustering)
(was: Migration)
Affects Version/s: 11.0.0.Alpha1
(was: 7.1.0.DR16)
ASYM_ENCRYPT legacy configuration should not attempt to create
elytron reference
--------------------------------------------------------------------------------
Key: WFLY-8673
URL:
https://issues.jboss.org/browse/WFLY-8673
Project: WildFly
Issue Type: Bug
Components: Clustering
Affects Versions: 11.0.0.Alpha1
Reporter: Paul Ferraro
Assignee: Paul Ferraro
Priority: Blocker
Labels: eap7.1-rfe-failure
I found that currently, when configuring {{ASYM_ENCRYPT}} in legacy way, an elytron
key-store reference is always automatically created. That should not happen as people who
want to use the legacy security may want to remove the Elytron subsystem entirely. JGroups
boot would fail in that case.
{noformat}
/subsystem=jgroups/stack=udp2/protocol=ASYM_ENCRYPT:add()
/subsystem=jgroups/stack=udp2/protocol=ASYM_ENCRYPT/property=encrypt_entire_message:add(value=true)
/subsystem=jgroups/stack=udp2/protocol=ASYM_ENCRYPT/property=sym_keylength:add(value=512)
/subsystem=jgroups/stack=udp2/protocol=ASYM_ENCRYPT/property=sym_algorithm:add(value=AES/ECB/PKCS5Padding)
/subsystem=jgroups/stack=udp2/protocol=ASYM_ENCRYPT/property=asym_keylength:add(value=512)
/subsystem=jgroups/stack=udp2/protocol=ASYM_ENCRYPT/property=asym_algorithm:add(value=RSA)
{noformat}
Here, I removed the elytron subsystem and used configuration from JBEAP-8405.
{noformat}
12:56:22,202 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread
Pool -- 18) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "ASYM_ENCRYPT")
]) - failure description: "WFLYCLJG0026: No add operation registered at
/subsystem=elytron/key-store=jgroups-tcp"
{noformat}