Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9754

Elytron properties-realm is not able to read users dynamically

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • None
    • 7.1.0.DR14
    • Security
    • None
    • Hide

      1) Change http-interface to use Elytron:

      <http-interface http-authentication-factory="management-http-authentication">
    <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
    <socket-binding http="management-http"/>
</http-interface>

      2) Start application server and add user through add-user.sh:

      ./bin/add-user.sh -u user -p pass@123 -r ManagementRealm

      3) Try to access Management Console with added user - it will fail

      4) Reload server and try to access Management Console with added user again - it will passes

      Show
      1) Change http-interface to use Elytron: <http- interface http-authentication-factory= "management-http-authentication" > <http-upgrade enabled= " true " sasl-authentication-factory= "management-sasl-authentication" /> <socket-binding http= "management-http" /> </http- interface > 2) Start application server and add user through add-user.sh: ./bin/add-user.sh -u user -p pass@123 -r ManagementRealm 3) Try to access Management Console with added user - it will fail 4) Reload server and try to access Management Console with added user again - it will passes

    Description

      Elytron properties-realm reads users only during server start. As consequence it means that when Elytron properties-realm is used for securing management interface and user is added through add-user.sh script then authentication with that user is not possible until server is reloaded/restarted. In legacy security, users can be added and used without needed of reloading server.

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8443 There isn't possibility log in to management web console as user which was dynamically added after EAP was started.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11251 [DOC RFE]There isn't possibility log in to management web console as user which was dynamically added after EAP was started.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2569 Elytron properties-realm is not able to read users dynamically

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              Unassigned Unassigned
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: