-
Bug
-
Resolution: Done
-
Major
-
25.0.0.Final, 25.0.1.Final
-
None
The ee-security does not work properly. The CLI commands are invalid for WildFly 25+.
configure-elytron.cli
# Batch script to enable elytron for the quickstart application in the application server # Start batching commands batch # Disable legacy PicketBox JACC so Elytron can take over /subsystem=security:write-attribute(name=initialize-jacc, value=false) # Enable a default JACC policy with WildFly Elytron /subsystem=elytron/policy=jacc:add(jacc-policy={}) # Map the 'other' security domain to WildFly Elytron /subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false) # Run the batch commands run-batch # Reload the server configuration reload
The first failure is that /subsystem=security does not exist.
Next the /subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false) fails as a duplicate resource.
Finally even with those executing:
curl -v http://localhost:8080/ee-security/secured -H 'X-Username:quickstartUser' -H 'X-Password:quickstartPwd1!'
returns
* Trying 127.0.0.1:8080... * Connected to localhost (127.0.0.1) port 8080 (#0) > GET /ee-security/secured HTTP/1.1 > Host: localhost:8080 > User-Agent: curl/7.79.1 > Accept: */* > X-Username:quickstartUser > X-Password:quickstartPwd1! > * Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Connection: keep-alive < X-MESSAGE: Please resubmit the request with a username specified using the X-USERNAME and a password specified using the X-PASSWORD header. < Content-Type: text/html;charset=UTF-8 < Content-Length: 71 < Date: Wed, 17 Nov 2021 15:02:47 GMT < * Connection #0 to host localhost left intact <html><head><title>Error</title></head><body>Unauthorized</body></html>
The instructions also need to be updated to indicate the $JBOSS_HOME/bin/add-user.sh needs to be used to add the user.
