Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR17
Affects Version/s: 7.1.0.DR13
Component/s: Security
Labels:

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security-incubator/wildfly-core/pull/115, https://github.com/wildfly/wildfly-core/pull/2385
Steps to Reproduce:
Hide

# use attached enable-elytron.cli script to switch to Elytron configuration bin/jboss-cli.sh --file=enable-elytron.xml # start the server bin/standalone.sh # after the full server start, add the "local" realm to ManagementDomain, which already contains it bin/jboss-cli.sh -c << EOT /subsystem=elytron/security-domain=ManagementDomain:list-add(name=realms, value={realm => "local"}) reload EOT

After the reload the server start fails.
Show
# use attached enable-elytron.cli script to switch to Elytron configuration bin/jboss-cli.sh --file=enable-elytron.xml # start the server bin/standalone.sh # after the full server start, add the "local" realm to ManagementDomain, which already contains it bin/jboss-cli.sh -c << EOT /subsystem=elytron/security-domain=ManagementDomain:list-add(name=realms, value={realm => "local" }) reload EOT After the reload the server start fails.

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Elytron subsystem allows to add the same realm more times into a single security domain. Nevertheless in such case domain stops to work with following error message:

16:14:17,411 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 54) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("security-domain" => "ManagementDomain")
]) - failure description: "WFLYELY00002: Can not inject the same realm 'local' in a single security domain."

If such the changed domain is ManagementDomain, then the server stops to start at all.

Suggested fix

either allow to have the same realm in a security domain more times
or check for duplicate realms already when adding/changing the domain

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

enable-elytron.cli
6 kB
2017/03/06 10:48 AM

is cloned by

WFCORE-2614 Elytron SecurityRealm included more times in a SecurityDomain breaks the domain service

Resolved

is incorporated by

JBEAP-10119 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta16

Closed

Assignee:: Darran Lofthouse

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017/03/06 10:49 AM

Updated:: 2024/09/02 4:42 PM

Resolved:: 2017/05/05 6:31 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates