[jboss-jira] [JBoss JIRA] (WFCORE-2691) Elytron modifiable realms should show existing identities in subsystem

Brian Stansberry (JIRA) issues at jboss.org
Wed Apr 26 12:45:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-2691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398683#comment-13398683 ] 

Brian Stansberry commented on WFCORE-2691:
------------------------------------------

[~okotek] Good question. Yes, I think we need to file something to at least reconsider this.

>From a naive point of view, the "identity" case seemed particularly troublesome, as standard identity stores are things like LDAP servers or databases which typically are 1) remote and 2) may have a very great number of entries. While a credential-store seems more likely to at least be on the local system, perhaps with the contents in memory anyway and the number of aliases not in the thousands. But that "seems more likely" is what I mean by a naive point of view.

JBEAP-8971 also relates to this. In a domain if you invoke an "add" or "remove" operation against a resource address, people have a natural expectation for a certain behavior pattern, but that can't be achieved with these alias resources.

> Elytron modifiable realms should show existing identities in subsystem
> ----------------------------------------------------------------------
>
>                 Key: WFCORE-2691
>                 URL: https://issues.jboss.org/browse/WFCORE-2691
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 3.0.0.Beta15
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>              Labels: filesystem-realm, security-realm
>
> Elytron {{filesystem-realm}} should load existing identities from file system. The steps to reproduce results in:
> {noformat}
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:read-identity
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0216: Management resource '[
>     (\"subsystem\" => \"elytron\"),
>     (\"filesystem-realm\" => \"realm\"),
>     (\"identity\" => \"user\")
> ]' not found",
>     "rolled-back" => true
> }
> [standalone at localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:add
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYELY01000: Identity with name [user] already exists.",
>     "rolled-back" => true
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list