Wildfly 11 Messaging: How to specify elytron security domain?

cgiordano Mar 5, 2018 2:56 PM

I am trying to get elytron security to work with active-mq on Wildfly 11. According to the Wildfly 11.0 Model Reference the attribute elytron-domain of the server element looked like a good candidate. Wildfly won't start with the elytron-domain attribute. It spits out:

445:   
|  446:   
|  447:       
|                                    ^^^^ 'elytron-domain' isn't an allowed attribute for the 'server' element
|
|                                         Attributes allowed here are:
|                                           async-connection-execution-enabled
|                                           persist-delivery-count-before-delivery
|                                           connection-ttl-override                 persist-id-cache
|
|                                           id-cache-size                           persistence-enabled
|
|                                           incoming-interceptors                   scheduled-thread-pool-max-size
|
|                                           name                                    thread-pool-max-size
|
|                                           outgoing-interceptors                   wild-card-routing-enabled
|
|                                           page-max-concurrent-io
|
|  448:

If I don't apply the attribute I see that the principal query is invoked by elytron, and elytron indicates "success" but then picketbox steps in and fails the authentication. At wits end here when the Wildfly 11.0 Model Reference misleads.

1. Re: Wildfly 11 Messaging: How to specify elytron security domain?

mchoma Mar 6, 2018 1:19 AM (in response to cgiordano)

Model reference and its xml persistence location are not guaranteed to match - xml can change in future.

Use CLI command to define elytron domain [1].
[1] Messaging configuration - Latest WildFly Documentation - Project Documentation Editor
Actions