[jboss-jira] [JBoss JIRA] (WFCORE-2691) Elytron modifiable realms should show existing identities in subsystem
Brian Stansberry (JIRA)
issues at jboss.org
Wed Apr 19 16:09:00 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-2691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13395414#comment-13395414 ]
Brian Stansberry edited comment on WFCORE-2691 at 4/19/17 4:08 PM:
-------------------------------------------------------------------
My comment from the related JBEAP-9547 applies here too:
The management kernel requires that a Resource object exists for any address against which an operation is executed. Those Resource objects need to be reachable from the parent Resource object (i.e. /subsystem=elytron/ldap-realm=ldapRealm)
That might be a big problem for these resources each of which represents an item in an external system, since navigating through the resource tree can mean needing to identify all possible resources, which means remote calls and possibly massive numbers of children.
For example, imagine this:
/subsystem=elytron/ldap-realm=ldapRealm:read-children-names(child-type=identity)
This is a Blocker issue, because the management API of this subsystem has to be correct. We can't ship with large potential design problems.
was (Author: brian.stansberry):
My comment from the related JBEAP-9547 applies here too:
The management kernel requires that a Resource object exists for any address against which an operation is executed. Those Resource objects need to be reachable from the parent Resource object (i.e. /subsystem=elytron/ldap-realm=ldapRealm)
That might be a big problem for these resources each of which represents an item in an external system, since navigating through the resource tree can mean needing to identify all possible resources, which means remote calls and possibly massive numbers of children.
For example, imagine this:
/subsystem=elytron/ldap-realm=ldapRealm:read-children-names(child-type=identity)
This is a Blocker issue, because TP or no, the management API of this subsystem has to be correct. We can't ship with large potential design problems.
> Elytron modifiable realms should show existing identities in subsystem
> ----------------------------------------------------------------------
>
> Key: WFCORE-2691
> URL: https://issues.jboss.org/browse/WFCORE-2691
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta15
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Blocker
> Labels: eap71_beta, filesystem-realm, security-realm
>
> Elytron {{filesystem-realm}} should load existing identities from file system. The steps to reproduce results in:
> {noformat}
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:read-identity
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0216: Management resource '[
> (\"subsystem\" => \"elytron\"),
> (\"filesystem-realm\" => \"realm\"),
> (\"identity\" => \"user\")
> ]' not found",
> "rolled-back" => true
> }
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:add
> {
> "outcome" => "failed",
> "failure-description" => "WFLYELY01000: Identity with name [user] already exists.",
> "rolled-back" => true
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list