[jboss-jira] [JBoss JIRA] (WFLY-7254) pattern-filter disappears if predefined-filter is used for configurable-sasl-server-factory in Elytron subsystem
Ondrej Lukas (JIRA)
issues at jboss.org
Tue Oct 4 01:21:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-7254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13301933#comment-13301933 ]
Ondrej Lukas commented on WFLY-7254:
------------------------------------
[~ivassile] In case when CLI commands should look like you mentioned in previous comments then command:
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:add(sasl-server-factory=global,filters=[{pattern-filter=(.*),predefined-filter=BINDING}])
{code}
should lead to "outcome" => "failed".
Currently that command results to store both pattern-filter and predefined-filter in dynamic model, but only predefined-filter is stored in configuration. You can try:
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:add(sasl-server-factory=global,filters=[{pattern-filter=(.*),predefined-filter=BINDING}])
{code}
then calling read-attribute operation is successful for both attribute:
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:read-attribute(name=filters[0].pattern-filter)
{
"outcome" => "success",
"result" => "(.*)"
}
{code}
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:read-attribute(name=filters[0].predefined-filter)
{
"outcome" => "success",
"result" => "BINDING"
}
{code}
However after {{reload}} pattern-filter disappears:
{code}
/subsystem=elytron/configurable-sasl-server-factory=someFactory:read-attribute(name=filters[0].pattern-filter)
{
"outcome" => "failed",
"result" => undefined,
"failure-description" => "WFLYCTL0393: Could not resolve attribute expression: 'filters[0].pattern-filter'",
"rolled-back" => true
}
{code}
You should also note, that following part of configuration can be correctly loaded when server is started:
{code}
<configurable-sasl-server-factory name="someFactory" sasl-server-factory="global">
<filters>
<filter>
<pattern-filter value="(someFilter)"/>
<predefined-filter value="BINDING"/>
</filter>
</filters>
</configurable-sasl-server-factory>
{code}
> pattern-filter disappears if predefined-filter is used for configurable-sasl-server-factory in Elytron subsystem
> ----------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7254
> URL: https://issues.jboss.org/browse/WFLY-7254
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Ilia Vassilev
> Fix For: 11.0.0.Alpha1
>
>
> In case when configurable-sasl-server-factory is created through CLI with filter which uses both pattern-filter and predefined-filter, then only predefined-filter is stored into configuration (pattern-filter disappears).
> Suggestion:
> In case when usage of both filters is unsupported option, then it should be denied by CLI. In case when it is supported option, then both of them should be stored in configuration.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list