-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
- Start server with standalone-elytron.xml configuration
- Run CLI command "/subsystem=elytron/security-domain=ApplicationDomain:write-attribute(name=default-realm,value=WrongRealm)"
- Try to reload server
Values of write-attribute operation for default-realm of Elytron security-domain are not checked. It means that CLI allows users to set application server to wrong state. The same happens if realm, which is considered as default-realm, is removed from used security-domain realms. CLI should deny write attribute operation with wrong value (in the same way as it works for another security-domain attributes).
After reload, server is not started and following logs occur in console:
ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 25) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("security-domain" => "ApplicationDomain") ]) - failure description: "WFLYELY00013: The default_realm 'WrongRealm' is not in the list or realms referenced by this domain." ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) "WFLYCTL0193: Failed executing subsystem elytron boot operations" ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("parallel-subsystem-boot") failed - address: ([]) - failure description: "\"WFLYCTL0193: Failed executing subsystem elytron boot operations\"" FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
- clones
-
JBEAP-5920 Changing default-realm of Elytron security-domain through CLI can put the server configuration to wrong state
- Closed
- is incorporated by
-
WFLY-7043 Upgrade to Elytron Subsystem 1.0.0.Alpha10
- Closed
- is related to
-
HAL-1179 Add validation for default-realm in /subsystem=elytron/security-domain
- Resolved