[jboss-jira] [JBoss JIRA] (WFCORE-3421) Incorrect usage of requires for defining the relationship between outflow-anonymous and outflow-security-domains

Martin Choma (JIRA) issues at jboss.org
Thu Nov 16 06:54:00 EST 2017 

    [ https://issues.jboss.org/browse/WFCORE-3421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13490797#comment-13490797 ] 

Martin Choma commented on WFCORE-3421:
--------------------------------------

{noformat}
Emmanuel Hugonnet·Nov-15 6:34 PM
I don't understand :   * 
[standalone at embedded /] /subsystem=elytron/security-domain=ApplicationDomain:add(default-realm=ApplicationRealm,outflow-anonymous=false,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles}])
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0380: Attribute 'outflow-security-domains' needs to be set or passed before attribute 'outflow-anonymous' can be correctly set",
    "rolled-back" => true,
    "response-headers" => {"process-state" => "reload-required"}
}
as outflow-security-domains is not required

Brian Stansberry·Nov-15 6:35 PM
outflow-anonymous declares "requires" => ["outflow-security-domains"]
^^^ is a prediction, not something I looked at

Emmanuel Hugonnet·Nov-15 6:42 PM
yes but passing an undefined outflow-security-domains just for this feels strange
how can you require something that is not required ?
and not even present in the default config ?

Brian Stansberry·Nov-15 6:43 PM
that's a bug; it's a misuse of 'requires'
the meaning of 'requires' is "requires if defined" not "requires if defined and set to true"
that kind of "x requires y if x==true|1|etc" check requires currently requires custom validation code; using simple AD.setRequires(...) for it is a bug
{noformat}

> Incorrect usage of requires for defining the relationship between outflow-anonymous and outflow-security-domains
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-3421
>                 URL: https://issues.jboss.org/browse/WFCORE-3421
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 4.0.0.Alpha2
>            Reporter: ehsavoie Hugonnet
>
> If outflow-anonymous is set to false then there is no need for outflow-security-domains as the default configuration shows clearly.
> So 
> {noformat}
> /subsystem=elytron/security-domain=ApplicationDomain:add(default-realm=ApplicationRealm,outflow-anonymous=false,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles}])
> {noformat}
> should work like 
> {noformat}
> /subsystem=elytron/security-domain=ApplicationDomain:add(default-realm=ApplicationRealm,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles}])
> {noformat}
> A custom validation code is required instead of relying on the setRequires of SimpleAttributeDefinition



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list