[jboss-jira] [JBoss JIRA] (WFCORE-2503) Legacy security domain used as Elytron security realm does not work in authorization part of aggregate-realm
Ondrej Lukas (JIRA)
issues at jboss.org
Wed Mar 8 06:16:01 EST 2017
Ondrej Lukas created WFCORE-2503:
------------------------------------
Summary: Legacy security domain used as Elytron security realm does not work in authorization part of aggregate-realm
Key: WFCORE-2503
URL: https://issues.jboss.org/browse/WFCORE-2503
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
Attachments: print-roles.war
In case when legacy security domain is used as Elytron security realm and is added as authorization realm to aggregate-realm then no roles are assigned to authenticated user.
I tried to use following legacy security domain:
{code}
<security-domain name="legacyDomain" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="/tmp/users.properties"/>
<module-option name="rolesProperties" value="/tmp/roles.properties"/>
</login-module>
</authentication>
<mapping>
<mapping-module code="SimpleRoles" type="role">
<module-option name="admin" value="User"/>
</mapping-module>
</mapping>
</security-domain>
{code}
Roles should be assigned from mapping. Since it seems that there is no documentation related to this topic I am not sure whether roles should be assigned also from rolesProperties of UsersRoles login module - it needs to be clarified by developers.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list