[jboss-jira] [JBoss JIRA] (WFCORE-4833) Cannot configure Elytron legacy security domain integration in admin-only mode
Yeray Borges (Jira)
issues at jboss.org
Tue Feb 11 03:59:00 EST 2020
[ https://issues.redhat.com/browse/WFCORE-4833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yeray Borges updated WFCORE-4833:
---------------------------------
Priority: Blocker (was: Major)
This should be a blocker for cloud images because without this patch all Elytron+security domain configurations fail with the new boot performance improvements done for the cloud image.
> Cannot configure Elytron legacy security domain integration in admin-only mode
> ------------------------------------------------------------------------------
>
> Key: WFCORE-4833
> URL: https://issues.redhat.com/browse/WFCORE-4833
> Project: WildFly Core
> Issue Type: Bug
> Affects Versions: 10.0.0.Beta2
> Reporter: Yeray Borges
> Assignee: Yeray Borges
> Priority: Blocker
>
> The following sequence can be configured using the embedded server, however it doesn't work when we start the server in admin only:
> {noformat}
> /subsystem=security/security-domain=HiThere:add(cache-type=default)
> /subsystem=security/security-domain=HiThere/authentication=classic:add(login-modules=[{code="UsersRoles", flag=required, module-options={"usersProperties"=>"${jboss.server.config.dir}/users.properties","rolesProperties"=>"${jboss.server.config.dir}/roles.properties"}}])
> /subsystem=security/elytron-realm=HiThere:add(legacy-jaas-config=HiThere)
> /subsystem=elytron/security-domain=HiThere:add(realms=[{realm=HiThere}],default-realm=HiThere,permission-mapper=default-permission-mapper)
> /subsystem=elytron/http-authentication-factory=HiThere-http:add(http-server-mechanism-factory=global,security-domain=HiThere,mechanism-configurations=[{mechanism-name=BASIC},{mechanism-name=FORM}])
> {noformat}
> Executing it in admin-only mode, the following exception is thrown on the last command:
> {noformat}
> [standalone at localhost:9990 /] /subsystem=elytron/http-authentication-factory=HiThere-http:add(http-server-mechanism-factory=global,security-domain=HiThere,mechanism-configurations=[{mechanism-name=BASIC},{mechanism-name=FORM}])
> {
> "outcome" => "failed",
> "failure-description" => undefined,
> "rolled-back" => true
> }
> {noformat}
> {noformat}
> 11:43:43,034 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Full 19.0.0.Beta2-SNAPSHOT (WildFly Core 11.0.0.Beta8-SNAPSHOT) started in 129ms - Started 81 of 90 services (32 services are lazy, passive or on-demand)
> 11:43:47,923 INFO [org.jboss.as.controller] (management-handler-thread - 1) WFLYCTL0183: Service status report
> WFLYCTL0184: New missing/unsatisfied dependencies:
> service org.wildfly.security.security-realm.HiThere (missing) dependents: [service org.wildfly.security.security-domain.HiThere.initial]
> WFLYCTL0448: 1 additional services are down due to their dependencies being missing or failed
> {noformat}
> The execution using the embedded server works fine.
> This issue basically is a follow up on WFCORE-4407, where we fixed this issue on the embedded server, however, it looks like we were pretty conservative with the changes. Now we need this on a standard admin-only server mode to allow cloud images to apply the server configuration using CLI operations.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list