[jboss-jira] [JBoss JIRA] (WFLY-8000) Default Elytron realm names are confusing - use same values as Legacy security realms

Josef Cacek (JIRA) issues at jboss.org
Tue Jan 31 06:32:01 EST 2017 

Josef Cacek created WFLY-8000:
---------------------------------

             Summary: Default Elytron realm names are confusing - use same values as Legacy security realms
                 Key: WFLY-8000
                 URL: https://issues.jboss.org/browse/WFLY-8000
             Project: WildFly
          Issue Type: Bug
          Components: Security
            Reporter: Josef Cacek
            Assignee: Darran Lofthouse
            Priority: Blocker


The default application server profiles now contain Elytron subsystem configured (more in EAP7-543). The subsystem contains 2 properties realms, which copy behavior of security realms in legacy security. They use the same name as the original ones *ApplicationRealm* and *ManagementRealm*:

{code:xml}
<properties-realm name="ApplicationRealm">
    <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
    <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
    <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
    <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
{code}

The new Elytron realms must use different names than legacy ones. Otherwise customers/administrators may think about the Elytron realms as just references to the legacy security.

*Suggested solution*
Rename the default Elytron realms to something like *ElytronManagementRealm* or *ManagementElytronRealm*. So the configuration looks like:

{code:xml}
<properties-realm name="ApplicationElytronRealm">
    <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
    <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementElytronRealm">
    <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
    <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
{code}




--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list