4 Replies Latest reply on Feb 26, 2018 8:55 AM by mvecera

WildFly 11 deprecated attributes

mvecera Feb 24, 2018 7:42 AM

Hello, I am using Kyecloak 3.4.3.Final that is based on WildFly 11. I added a tcpping JGroups stack for clustering according to the available WildFly 10 documentation. First, what is strange is that I cannot find WildFly 11 specific documentation, however, many things seem to be updated.

At the server start I am receiving several warning about deprecated configuration attributes like the following one:

12:29:42,529 INFO  [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 20) WFLYCTL0028: Attribute 'socket-binding' in the resource at address '/subsystem=jgroups/stack=tcpping/protocol=FD_SOCK' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.

This protocol is in the stack I added. So I was about to follow the advice and had a look in jboss-cli:

"socket-binding" => {
                "type" => STRING,
                "description" => "The socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.",
                "expressions-allowed" => false,
                "required" => false,
                "nillable" => true,
                "min-length" => 1L,
                "max-length" => 2147483647L,
                "deprecated" => {
                    "since" => "5.0.0",
                    "reason" => "Deprecated.  Supports EAP 7.0 slaves."
                },
                "access-type" => "read-only",
                "storage" => "configuration"
            },

When I checked the documentation (for WildFly 10 as I cannot find it for version 11) I can still see that I should use "socket-binding". Also Google does not help. This is like fifth similar issue I am trying to overcome today. What is wrong with the docs?

What is the correct method to use instead of socket binding? Should I use protocol properties and its attributes according to JGroups documentation?

Some more warnings from the server startup:

12:29:42,318 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
12:29:42,392 INFO  [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 3) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in future version. See the attribute ad-resource-description operation to learn more about the deprecation.

Many thanks for any advise!

1. Re: WildFly 11 deprecated attributes

andey Feb 26, 2018 5:56 AM (in response to mvecera)

- Elytron, security subsystem is introduced in Wildfly 11
- Old security subsystem is deprecated as the attribute description is defined.

[standalone@localhost:9990 /] /core-service=management/management-interface=http-interface:read-resource-description
:
            "security-realm" => {
                "type" => STRING,
                "description" => "The legacy security realm to use for the HTTP management interface.",
:
                   "reason" => "Configuration should migrate to reference 'http-authentication-factory', 'sasl-authentication-factory', and 'ssl-context' capabilities as required."
:
[standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:read-resource-description

            "security-realm" => {
                "type" => STRING,
                "description" => "The listeners security realm",
:
                   "reason" => "Use the ssl-context attribute to reference a configured SSLContext directly."
:

- These messages can be ignored since the message is just INFO level. However, if you want to suppress the messages, proceed the following steps.

For 'security-realm' under "core-service=management"

- Check the attribute description to know why the deprecated message is logged:
[standalone@localhost:9990 /] /core-service=management/management-interface=http-interface:read-resource-description
:
                "deprecated" => {
                    "since" => "5.0.0",
                    "reason" => "Configuration should migrate to reference 'http-authentication-factory', 'sasl-authentication-factory', and 'ssl-context' capabilities as required."
:

- In the migration guide CHAPTER 7. MIGRATING TO ELYTRON IN JBOSS EAP 7.1, you can find the article 7.3.1.2. Migrate Legacy Properties-based Configuration to Elytron.

1.Define a new security realm in the elytron subsystem that references the properties files.
2.Define a security domain subsystem and an HTTP authentication factory in the elytron subsystem.
3.Change security-realm attribute to http-authentication-factory, which is created by the above steps.

before :<http-interface security-realm="ManagementRealm">
after : <http-interface http-authentication-factory="application-security-http">

For 'security-realm' under "https-listener=https"

- Check the attribute description to know why the deprecated message is logged:
[standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:read-resource-description
            "security-realm" => {
                "type" => STRING,
                "description" => "The listeners security realm",
:
                   "reason" => "Use the ssl-context attribute to reference a configured SSLContext directly."
:

This guide 7.5.1. Migrate a Simple SSL Configuration to Elytron shows steps to define ssl-context.

1.Create a key-store in the elytron subsystem that specifies the location of the keystore and the password by which it is encrypted.
2.Create a key-manager in the elytron subsystem that specifies the key-store defined in the previous step, the alias, and password of the key.
3.Change security-realm attribute to ssl-context, which is created by the above steps and reload.
before :<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
after : <https-listener name="https" socket-binding="https" ssl-context="LocalhostSslContext" enable-http2="true"/>
Actions
2. Re: WildFly 11 deprecated attributes

mvecera Feb 26, 2018 6:41 AM (in response to andey)

Hello Anup, thank you very much for your advise! I did not know about the subsystem change. This explains a lot...
Actions
3. Re: WildFly 11 deprecated attributes

ctomc Feb 26, 2018 8:16 AM (in response to mvecera)

You could even just run enable-elytron.cli script which you can find in WILDFLY_HOME/docs/examples

which will convert whole (default) config from legacy security to elytron one.
1 of 1 people found this helpful
Actions
4. Re: WildFly 11 deprecated attributes

mvecera Feb 26, 2018 8:55 AM (in response to ctomc)

Hello Tomaz, that is a very useful tip! Thanks!
Actions

Go to original post