[jboss-jira] [JBoss JIRA] (WFCORE-4407) Cannot configure Elytron security domain using embedded server in admin mode
Yeray Borges (Jira)
issues at jboss.org
Tue Jul 16 05:22:00 EDT 2019
[ https://issues.jboss.org/browse/WFCORE-4407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yeray Borges updated WFCORE-4407:
---------------------------------
Git Pull Request: https://github.com/wildfly/wildfly-core/pull/3729, https://github.com/wildfly/wildfly-core/pull/3861 (was: https://github.com/wildfly/wildfly-core/pull/3729)
> Cannot configure Elytron security domain using embedded server in admin mode
> ----------------------------------------------------------------------------
>
> Key: WFCORE-4407
> URL: https://issues.jboss.org/browse/WFCORE-4407
> Project: WildFly Core
> Issue Type: Bug
> Components: Embedded
> Environment:
> Reporter: Yeray Borges
> Assignee: Yeray Borges
> Priority: Major
> Fix For: 10.0.0.Beta2
>
>
> There are some configurations that are impossible to do using the embedded server, for example, we cannot create a security domain in Elytron that references a security domain in the security subsystem:
> {noformat}
> embed-server --server-config=standalone-full-ha.xml --std-out=echo
> /subsystem=security/security-domain=my-sec-domain:add(cache-type=default)
> /subsystem=security/security-domain=my-sec-domain/authentication=classic:add(login-modules=[{code=RealmUsersRoles, flag=required, module=RealmUsersRoles, module-options=[("usersProperties"=>"usersProperties"),("rolesProperties"=>"rolesProperties")]}])
> /subsystem=security/elytron-realm=my-sec-domain:add(legacy-jaas-config=my-sec-domain)
> /subsystem=elytron/security-domain=my-sec-domain:add(realms=[{realm=my-sec-domain}],default-realm=my-sec-domain,permission-mapper=default-permission-mapper)
> stop-embedded-server
> {noformat}
> The execution of these operations in an embedded server running in admin-mode throws the following error:
> {noformat}
> [standalone at embedded /] /subsystem=elytron/security-domain=my-sec-domain:add(realms=[{realm=my-sec-domain}],default-realm=my-sec-domain,permission-mapper=default-permission-mapper)
> 12:30:53,429 ERROR [org.jboss.as.controller.management-operation] (pool-3-thread-1) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("security-domain" => "my-sec-domain")
> ]) - failure description: {
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.my-sec-domain"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.my-sec-domain.initial is missing [org.wildfly.security.security-realm.my-sec-domain]"]
> }
> {
> "outcome" => "failed",
> "failure-description" => {
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.my-sec-domain"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.my-sec-domain.initial is missing [org.wildfly.security.security-realm.my-sec-domain]"]
> },
> "rolled-back" => true
> }
> {noformat}
> The problem here is Elytron security domain services cannot be up because they require the legacy installed realm services, which are not up when we are using embedded in admin-only mode.
> The SecurityDomain advertises no runtime operation, if no services are installed that would ever depend on security domain we may be able to skip installing some of these services entirely and allow their configuration in embedded / admin-only.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list