3 Replies Latest reply on Jan 9, 2019 10:30 AM by simkam

    WildFly 15 resource-adapters subsystem requires legacy security subsystem

    pmm
    pmm Jan 9, 2019 4:04 AM

      We were running WildFly 13 with just the Elytron subsystem without the legacy security subsystem. When we try the same with WildFly 15 we get

      ERROR [org.jboss.as.controller.management-operation] WFLYCTL0013: Operation ("add") failed - address: ([
  ("subsystem" => "resource-adapters"),
  ("resource-adapter" => "wmq.jmsra-9.0.4.0.rar"),
  ("connection-definitions" => "MQ.CONNECTIONFACTORY.JMS")
]) - failure description: {
  "WFLYCTL0412: Required services that are not installed:" => [
  "jboss.security.subject-factory",
  "jboss.security.simple-security-manager"
  ],
  "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.resourceadapters.ra.\"wmq.jmsra-9.0.4.0.rar\".\"MQ.CONNECTIONFACTORY.JMS\" is missing [jboss.security.s
imple-security-manager, jboss.security.subject-factory]"]
}

      we have to add the following minimal security subsystem configuration

        
  
  
  
  
  
  
  
  
  
  
  
 

      is this intentional?

        • 1. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
          simkam
          simkam Jan 9, 2019 5:52 AM (in response to pmm)

          Hi,

           

          it looks like legacy security subsystem is always required when connection definition doesn't specify elytron-enabled=true or recovery-elytron-enabled=true. How does your connection definition look like?

           

          Thanks,

          Martin

            • Actions
          • 2. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
            pmm
            pmm Jan 9, 2019 6:34 AM (in response to simkam)

            This is the configuration of our subsystem, this was working with WildFly 13

             

            <subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">

              <resource-adapters>

                <resource-adapter id="wmq.jmsra-9.0.4.0.rar">

                  <archive>wmq.jmsra-9.0.4.0.rar</archive>

                  <transaction-support>LocalTransaction</transaction-support>

                  <connection-definitions>

                    <connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl"

                      jndi-name="java:jboss/MQ.CONNECTIONFACTORY.JMS" enabled="true" use-java-context="true" pool-name="MQ.CONNECTIONFACTORY.JMS">

                      <config-property name="queueManager">${env.QUEUE_MANAGER}</config-property>

                      <config-property name="transportType">CLIENT</config-property>

                      <config-property name="connectionNameList">${env.CONNECTION_NAME_LIST)}</config-property>

                      <config-property name="channel">${env.CHANNEL}</config-property>

                      <config-property name="username">${env.USERNAME}</config-property>

                    </connection-definition>

                  </connection-definitions>

                  <admin-objects>

                    <admin-object class-name="com.ibm.mq.connector.outbound.MQQueueProxy" jndi-name="java:jboss/MQ.Q1" pool-name="jms/queue/Q1">

                        <config-property name="targetClient">MQ</config-property>

                        <config-property name="baseQueueName">ACME.QUEUE</config-property>

                    </admin-object>

                  </admin-objects> 

                </resource-adapter>

              </resource-adapters>

            </subsystem>

             

            we tried the following but this produces the same error

             

            <subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">

              <resource-adapters>

                <resource-adapter id="wmq.jmsra-9.0.4.0.rar">

                  <archive>wmq.jmsra-9.0.4.0.rar</archive>

                  <transaction-support>LocalTransaction</transaction-support>

                  <connection-definitions>

                    <connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl"

                      jndi-name="java:jboss/MQ.CONNECTIONFACTORY.JMS" enabled="true" use-java-context="true" pool-name="MQ.CONNECTIONFACTORY.JMS">

                      <security>

                        <elytron-enabled />

                      </security>

                      <config-property name="queueManager">${env.QUEUE_MANAGER}</config-property>

                      <config-property name="transportType">CLIENT</config-property>

                      <config-property name="connectionNameList">${env.CONNECTION_NAME_LIST)}</config-property>

                      <config-property name="channel">${env.CHANNEL}</config-property>

                      <config-property name="username">${env.USERNAME}</config-property>

                    </connection-definition>

                  </connection-definitions>

                  <admin-objects>

                    <admin-object class-name="com.ibm.mq.connector.outbound.MQQueueProxy" jndi-name="java:jboss/MQ.Q1" pool-name="jms/queue/Q1">

                        <config-property name="targetClient">MQ</config-property>

                        <config-property name="baseQueueName">ACME.QUEUE</config-property>

                    </admin-object>

                  </admin-objects> 

                </resource-adapter>

              </resource-adapters>

            </subsystem>

              • Actions
            • 3. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
              simkam
              simkam Jan 9, 2019 10:30 AM (in response to pmm)

              It looks like you have to set both, elytron-enabled and recovery-elytron-enabled, to true when using elytron only configuration. The behavior probably changed with [WFLY-9978]. I think it makes sense as they can use different security backend. maeste WDYT?

               

              <connection-definitions>

                  <connection-definition>

                      <security>

                          <elytron-enabled>true</elytron-enabled>

                      </security>

                      <recovery>

                          <recover-credential>

                              <elytron-enabled>true</elytron-enabled>

                          </recover-credential>

                      </recovery>

                  </connection-definition>

              </connection-definitions>

              1 of 1 people found this helpful
                • Actions