[jboss-jira] [JBoss JIRA] (WFCORE-2691) Elytron modifiable realms should show existing identities in subsystem

Brian Stansberry (JIRA) issues at jboss.org
Wed Apr 19 16:14:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-2691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13395423#comment-13395423 ] 

Brian Stansberry commented on WFCORE-2691:
------------------------------------------

We have dynamic resources similar to what seems to be contemplated here, see core-queue resources in the messaging-artemis subsystem. So it's doable. But the implementations we have are based on the management layer accessing locally available data, e.g. the in-vm messaging server. Accessing things like an ldap server is a whole different thing.

We also have users who do things like JMX queries for ObjectName *.* which means for every mbean which means for every management resource. Which would mean for every relevant record in LDAP. And those users complain if their query is slow.

> Elytron modifiable realms should show existing identities in subsystem
> ----------------------------------------------------------------------
>
>                 Key: WFCORE-2691
>                 URL: https://issues.jboss.org/browse/WFCORE-2691
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 3.0.0.Beta15
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>              Labels: eap71_beta, filesystem-realm, security-realm
>
> Elytron {{filesystem-realm}} should load existing identities from file system. The steps to reproduce results in:
> {noformat}
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:read-identity
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0216: Management resource '[
>     (\"subsystem\" => \"elytron\"),
>     (\"filesystem-realm\" => \"realm\"),
>     (\"identity\" => \"user\")
> ]' not found",
>     "rolled-back" => true
> }
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:add
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYELY01000: Identity with name [user] already exists.",
>     "rolled-back" => true
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list