[jboss-jira] [JBoss JIRA] (WFCORE-2691) Elytron modifiable realms should show existing identities in subsystem

Brian Stansberry (JIRA) issues at jboss.org
Thu Apr 20 11:10:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-2691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396011#comment-13396011 ] 

Brian Stansberry commented on WFCORE-2691:
------------------------------------------

[~honza889] AFAIK in the messaging subsystem case it is reading local resources. Those queues are part of the in-vm messaging broker. The biggest concern I have with this security realm stuff is it introduces remote call into the picture. That and the potential for an extremely large number of resources. Granted a messaging broker could have that problem as well.

Please start a wildfly-dev list thread on this. It is something that deserves a broadly visible discussion.

With /subsystem=messaging-activemq:read-resource(include-runtime=false,recursive=true) for core-address do you see the details of the core-address resources or just an empty placeholder? I expect the latter. We could look into eliminating even that.

For the JMX issue, I don't think include-runtime=false is relevant. A query for all mbeans will return all mbeans, runtime-only resource or not.

> Elytron modifiable realms should show existing identities in subsystem
> ----------------------------------------------------------------------
>
>                 Key: WFCORE-2691
>                 URL: https://issues.jboss.org/browse/WFCORE-2691
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 3.0.0.Beta15
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>              Labels: eap71_beta, filesystem-realm, security-realm
>
> Elytron {{filesystem-realm}} should load existing identities from file system. The steps to reproduce results in:
> {noformat}
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:read-identity
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0216: Management resource '[
>     (\"subsystem\" => \"elytron\"),
>     (\"filesystem-realm\" => \"realm\"),
>     (\"identity\" => \"user\")
> ]' not found",
>     "rolled-back" => true
> }
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:add
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYELY01000: Identity with name [user] already exists.",
>     "rolled-back" => true
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list