Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2820

Elytron, changing security-domain/mechanism-configurations of http-authentication-factory ends in reload-required state

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • Security
    • None

      Changing attributes security-domain and mechanism-configurations of http-authentication-factory does not apply immediatelly even though header allow-resource-service-restart=true is used

      [standalone@localhost:9990 /] /subsystem=elytron/http-authentication-factory=application-http-authentication:write-attribute(name=security-domain,value=ApplicationDomain){allow-resource-service-restart=true}
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.UnsupportedOperationException",
    "rolled-back" => true
}

[standalone@localhost:9990 /] /subsystem=elytron/http-authentication-factory=application-http-authentication:write-attribute(name=mechanism-configurations[0].host-name,value=localhost){allow-resource-service-restart=true}
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

      Header should work as attributes are declared as "restart-required" => "resource-services"

      "security-domain" => {
    "type" => STRING,
    "description" => "The SecurityDomain to associate with this resource",
    "expressions-allowed" => false,
    "required" => true,
    "nillable" => false,
    "capability-reference" => "org.wildfly.security.security-domain",
    "min-length" => 1L,
    "max-length" => 2147483647L,
    "access-type" => "read-write",
    "storage" => "configuration",
    "restart-required" => "resource-services"
}

      And according to documentation [1]:

      resource-services – The operation can only immediately update the persistent configuration; applying the operation to the runtime will require a subsequent restart of some services associated with the resource. If the operation includes the request header "allow-resource-service-restart" => true, the handler for the operation will go ahead and restart the runtime service. Otherwise executing the operation will put the server into a "reload-required" state. (See the discussion of "all-services" above for more on the "reload-required" state.)

      [1] https://docs.jboss.org/author/display/WFLY10/Description+of+the+Management+Model

      Make allow-resource-service-restart=true work or if it is not achievable redefine restart-required model metadata appropriately, e.g. "all-services"

              thofman Tomas Hofman
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: