Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-4407

Cannot configure Elytron security domain using embedded server in admin mode

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 10.0.0.Beta2
    • None
    • Embedded
    • None

    Description

      There are some configurations that are impossible to do using the embedded server, for example, we cannot create a security domain in Elytron that references a security domain in the security subsystem:

      embed-server --server-config=standalone-full-ha.xml --std-out=echo

/subsystem=security/security-domain=my-sec-domain:add(cache-type=default)
/subsystem=security/security-domain=my-sec-domain/authentication=classic:add(login-modules=[{code=RealmUsersRoles, flag=required, module=RealmUsersRoles, module-options=[("usersProperties"=>"usersProperties"),("rolesProperties"=>"rolesProperties")]}])

/subsystem=security/elytron-realm=my-sec-domain:add(legacy-jaas-config=my-sec-domain)

/subsystem=elytron/security-domain=my-sec-domain:add(realms=[{realm=my-sec-domain}],default-realm=my-sec-domain,permission-mapper=default-permission-mapper)

stop-embedded-server

      The execution of these operations in an embedded server running in admin-mode throws the following error:

      [standalone@embedded /] /subsystem=elytron/security-domain=my-sec-domain:add(realms=[{realm=my-sec-domain}],default-realm=my-sec-domain,permission-mapper=default-permission-mapper)
12:30:53,429 ERROR [org.jboss.as.controller.management-operation] (pool-3-thread-1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("security-domain" => "my-sec-domain")
]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.my-sec-domain"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.my-sec-domain.initial is missing [org.wildfly.security.security-realm.my-sec-domain]"]
}
{
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.my-sec-domain"],
        "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.my-sec-domain.initial is missing [org.wildfly.security.security-realm.my-sec-domain]"]
    },
    "rolled-back" => true
}

      The problem here is Elytron security domain services cannot be up because they require the legacy installed realm services, which are not up when we are using embedded in admin-only mode.

      The SecurityDomain advertises no runtime operation, if no services are installed that would ever depend on security domain we may be able to skip installing some of these services entirely and allow their configuration in embedded / admin-only.

      Attachments

        Issue Links

          incorporates

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-20131 (7.3.z) Elytron is unable to use legacy realms in admin-only mode

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              yborgess1@redhat.com Yeray Borges Santana
              yborgess1@redhat.com Yeray Borges Santana
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: