[jboss-jira] [JBoss JIRA] (WFLY-7071) Changing default-realm of Elytron security-domain through CLI can put the server configuration to wrong state

Darran Lofthouse (JIRA) issues at jboss.org
Thu Sep 8 05:56:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-7071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13290395#comment-13290395 ] 

Darran Lofthouse commented on WFLY-7071:
----------------------------------------

[~harald.pehl] / [~claudio4j] In this case the default-realm attribute in the security domain is required to reference one of the referenced security realms, we need some checking in our subsystem to ensure the selected realm is already referenced but as this is slightly outside capabilities and requirements I think worth flagging in case anything else is needed to make it easier to maintain integrity from admin clients.



> Changing default-realm of Elytron security-domain through CLI can put the server configuration to wrong state
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-7071
>                 URL: https://issues.jboss.org/browse/WFLY-7071
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Ondrej Lukas
>            Assignee: Jan Kalina
>
> Values of write-attribute operation for default-realm of Elytron security-domain are not checked. It means that CLI allows users to set application server to wrong state. The same happens if realm, which is considered as default-realm, is removed from used security-domain realms. CLI should deny write attribute operation with wrong value (in the same way as it works for another security-domain attributes).
> After reload, server is not started and following logs occur in console:
> {code}
> ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 25) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("subsystem" => "elytron"),
>     ("security-domain" => "ApplicationDomain")
> ]) - failure description: "WFLYELY00013: The default_realm 'WrongRealm' is not in the list or realms referenced by this domain."
> ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) "WFLYCTL0193: Failed executing subsystem elytron boot operations"
> ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("parallel-subsystem-boot") failed - address: ([]) - failure description: "\"WFLYCTL0193: Failed executing subsystem elytron boot operations\""
> FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list