[jboss-jira] [JBoss JIRA] (WFCORE-2503) Legacy security domain used as Elytron security realm does not work in authorization part of aggregate-realm

Darran Lofthouse (JIRA) issues at jboss.org
Fri Jul 7 06:39:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFCORE-2503.
--------------------------------------
    Resolution: Rejected


The legacy security domain needs to be used for both authentication and the authorization step.

> Legacy security domain used as Elytron security realm does not work in authorization part of aggregate-realm
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-2503
>                 URL: https://issues.jboss.org/browse/WFCORE-2503
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Critical
>         Attachments: print-roles.war
>
>
> In case when legacy security domain is used as Elytron security realm and is added as authorization realm to aggregate-realm then no roles are assigned to authenticated user.
> I tried to use following legacy security domain:
> {code}
> <security-domain name="legacyDomain" cache-type="default">
>     <authentication>
>         <login-module code="UsersRoles" flag="required">
>             <module-option name="usersProperties" value="/tmp/users.properties"/>
>             <module-option name="rolesProperties" value="/tmp/roles.properties"/>
>         </login-module>
>     </authentication>
>     <mapping>
>         <mapping-module code="SimpleRoles" type="role">
>             <module-option name="admin" value="User"/>
>         </mapping-module>
>     </mapping>
> </security-domain>
> {code}
> Roles should be assigned from mapping. Since it seems that there is no documentation related to this topic I am not sure whether roles should be assigned also from rolesProperties of UsersRoles login module - it needs to be clarified by developers.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list