[jboss-jira] [JBoss JIRA] (WFLY-8000) Default Elytron realm names are confusing - use same values as Legacy security realms

Josef Cacek (JIRA) issues at jboss.org
Tue Jan 31 06:32:02 EST 2017 

     [ https://issues.jboss.org/browse/WFLY-8000?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Josef Cacek updated WFLY-8000:
------------------------------
    Labels: user_experience  (was: )


> Default Elytron realm names are confusing - use same values as Legacy security realms
> -------------------------------------------------------------------------------------
>
>                 Key: WFLY-8000
>                 URL: https://issues.jboss.org/browse/WFLY-8000
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Josef Cacek
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>              Labels: user_experience
>
> The default application server profiles now contain Elytron subsystem configured (more in EAP7-543). The subsystem contains 2 properties realms, which copy behavior of security realms in legacy security. They use the same name as the original ones *ApplicationRealm* and *ManagementRealm*:
> {code:xml}
> <properties-realm name="ApplicationRealm">
>     <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
>     <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> <properties-realm name="ManagementRealm">
>     <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
>     <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> {code}
> The new Elytron realms must use different names than legacy ones. Otherwise customers/administrators may think about the Elytron realms as just references to the legacy security.
> *Suggested solution*
> Rename the default Elytron realms to something like *ElytronManagementRealm* or *ManagementElytronRealm*. So the configuration looks like:
> {code:xml}
> <properties-realm name="ApplicationElytronRealm">
>     <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
>     <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> <properties-realm name="ManagementElytronRealm">
>     <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
>     <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list