WildFly 11 CR1 is now available! · WildFly

While WildFly 11 introduces a new security infrastructure, the existing security-domain and security-realm configurations and APIs are all present and internally mapped to Elytron. To further ease the impact of this change, WildFly 11’s default configurations still use the legacy security-domains and security-realms. A subsequent release will convert the default configurations over to the new configuration model.

Does it even matter?

If you want to switch everything to use WildFly Elytron instead of the legacy configuration there is an enable-elytron.cli script within the 'docs/examples' folder.

The reason we didn't do this by default with WildFly 11 was to give users an opportunity to migrate individual aspects of their model as they were ready.

The WildFly Elytron subsystem is build around security realms rather than LoginModules so LoginModules are not directly supported, however if you have a security domain in the legacy security subsystem you can map it to an elytron-realm resource so it can be referenced from the elytron subsystem: -

[standalone@localhost:9990 /] ./subsystem=security/elytron-realm=*:read-resource-description

{

    "outcome" => "success",

    "result" => [{

        "address" => [

            ("subsystem" => "security"),

            ("elytron-realm" => "*")

        ],

        "outcome" => "success",

        "result" => {

            "description" => "The configuration of an Elytron-compatible realm that delegates authentication decisions to a legacy security domain.",

            "capabilities" => [{

                "name" => "org.wildfly.security.security-realm",

                "dynamic" => true

            }],

            "access-constraints" => {

                "sensitive" => {"elytron-security" => {"type" => "security"}},

                "application" => {"elytron-security" => {"type" => "security"}}

            },

            "attributes" => {

                "apply-role-mappers" => {

                    "type" => BOOLEAN,

                    "description" => "Indicates to the realm if it should apply the role mappers defined in the legacy domain to the roles obtained from authenticated Subjects or not.",

                    "expressions-allowed" => true,

                    "required" => false,

                    "nillable" => true,

                    "default" => true,

                    "access-type" => "read-write",

                    "storage" => "configuration",

                    "restart-required" => "resource-services"

                },

                "legacy-jaas-config" => {

                    "type" => STRING,

                    "description" => "The name of the legacy security domain to which authentication will be delegated.",

                    "expressions-allowed" => false,

                    "required" => true,

                    "nillable" => false,

                    "min-length" => 1L,

                    "max-length" => 2147483647L,

                    "access-constraints" => {"sensitive" => {"security-domain-ref" => {"type" => "core"}}},

                    "access-type" => "read-write",

                    "storage" => "configuration",

                    "restart-required" => "resource-services"

                }

            },

            "operations" => undefined,

            "notifications" => undefined,

            "children" => {}

        }

    }]

}