[jboss-jira] [JBoss JIRA] (WFCORE-2449) Default Elytron realm names are confusing - use same values as Legacy security realms

Darran Lofthouse (JIRA) issues at jboss.org
Tue Mar 7 13:16:37 EST 2017 

     [ https://issues.jboss.org/browse/WFCORE-2449?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse moved WFLY-8000 to WFCORE-2449:
------------------------------------------------

        Project: WildFly Core  (was: WildFly)
            Key: WFCORE-2449  (was: WFLY-8000)
    Component/s: Security
                     (was: Security)


> Default Elytron realm names are confusing - use same values as Legacy security realms
> -------------------------------------------------------------------------------------
>
>                 Key: WFCORE-2449
>                 URL: https://issues.jboss.org/browse/WFCORE-2449
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Josef Cacek
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>              Labels: user_experience
>
> The default application server profiles now contain Elytron subsystem configured (more in EAP7-543). The subsystem contains 2 properties realms, which copy behavior of security realms in legacy security. They use the same name as the original ones *ApplicationRealm* and *ManagementRealm*:
> {code:xml}
> <properties-realm name="ApplicationRealm">
>     <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
>     <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> <properties-realm name="ManagementRealm">
>     <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
>     <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> {code}
> The new Elytron realms must use different names than legacy ones. Otherwise customers/administrators may think about the Elytron realms as just references to the legacy security.
> *Suggested solution*
> Rename the default Elytron realms to something like *ElytronManagementRealm* or *ManagementElytronRealm*. So the configuration looks like:
> {code:xml}
> <properties-realm name="ApplicationElytronRealm">
>     <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
>     <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> <properties-realm name="ManagementElytronRealm">
>     <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
>     <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list