Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-23097

(7.4.z) Elytron local authentication doesn't work if no standalone/tmp/auth dir exists and no legacy security-realm is configured

    XMLWordPrintable

Details

    • False
    • False
    • +
    • Hide

      1) Unzip EAP 7.4
      2) cd jboss-eap-7.4
      2) rm -rf standalone/tmp
      3) Copy the attached standalone-se17.xml file to the standalone/configuration dir
      4) bin/standalone.sh -c=standalone-se17.xml
      5) Open another shell in the same dir
      6) bin/jboss-cli.sh -c

      Expected results:

      The CLI automatically authenticates as it is local to the server.

      $ bin/jboss-cli.sh -c
[standalone@localhost:9990 /]

      Actual results:

      The CLI can't authenticate using local authentication so the user is prompted for a login.

      $ bin/jboss-cli.sh -c
Authenticating against security realm: ManagementRealm
Username:

      If you kill the CLI process, mkdir -p standalone/tmp/auth and try again to start the CLI it will connect.

      Show
      1) Unzip EAP 7.4 2) cd jboss-eap-7.4 2) rm -rf standalone/tmp 3) Copy the attached standalone-se17.xml file to the standalone/configuration dir 4) bin/standalone.sh -c=standalone-se17.xml 5) Open another shell in the same dir 6) bin/jboss-cli.sh -c Expected results: The CLI automatically authenticates as it is local to the server. $ bin/jboss-cli.sh -c [standalone@localhost:9990 /] Actual results: The CLI can't authenticate using local authentication so the user is prompted for a login. $ bin/jboss-cli.sh -c Authenticating against security realm: ManagementRealm Username: If you kill the CLI process, mkdir -p standalone/tmp/auth and try again to start the CLI it will connect.

    Description

      The JBOSS_LOCAL_USER authentication mechanism requires that the ${jboss.server.tmp.dir}/auth directory exists, but the only code in the server that ensures it exists is only invoked if a legacy security-realm is configured.

      This has cropped up in testing work with SE 17 where the configs we are using can't include legacy security and some of the installations under test don't include the tmp/auth dir.

      I mark this as minor as our standard installation zip includes the tmp/auth dir, so this is more a problem if it is removed. So not a big deal from an end user point of view. But it's important to get it fixed for our own testing needs.

      Upstream this was corrected as part of the work removing legacy security altogether, so we just need to port that fix.

      Attachments

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. JBEAP-22870 (7.4.z) Fix testsuite/integration/rts failures on SE 17

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Task - Represents a small unit of work that is not end-user facing. JBEAP-22871 (7.4.z) Fix testsuite/integration/xts failures on SE 17

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Task - Represents a small unit of work that is not end-user facing. JBEAP-22872 (7.4.z) Fix testsuite/integration/multinode failures on SE 17

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Task - Represents a small unit of work that is not end-user facing. JBEAP-22873 (7.4.z) Fix testsuite/integration/domain failures on SE 17

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Task - Represents a small unit of work that is not end-user facing. JBEAP-23165 (7.4.z) (WFCORE) Fix testsuite/integration/domain failures on SE 17

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-22913 (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              bstansbe@redhat.com Brian Stansberry
              bstansbe@redhat.com Brian Stansberry
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: