5 Replies Latest reply on Jun 26, 2019 1:29 PM by daveagill

How to add Elytron jdbc-realm in embed-server mode? (wildfly16)

daveagill Jun 26, 2019 9:42 AM

I am trying to add a configure a jdbc-realm using the jboss-cli in "embed-server" mode but it keeps failing.

I have managed to condense my problem down to a minimal example on a completely clean Wildfly16 install, if I run the following commands in jboss-cli:

embed-server --server-config=standalone.xml

/subsystem=elytron/jdbc-realm=MyRealm:add(principal-query=[{sql="SELECT hash, salt, iters FROM Users WHERE username = ?", data-source=ExampleDS}])

Then I get the following output:

ERROR [org.jboss.as.controller.management-operation] (pool-3-thread-1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("jdbc-realm" => "MyRealm")
]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.data-source.ExampleDS"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-realm.MyRealm is missing [org.wildfly.data-source.ExampleDS]"]
}
{
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.data-source.ExampleDS"],
        "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-realm.MyRealm is missing [org.wildfly.data-source.ExampleDS]"]
    },
    "rolled-back" => true
}

The ExampleDS is defined in the default standalone.xml shipped with wildfly16 but it doesn't make any difference if I define my own datasource first, I get the same error.

And I can confirm that the embedded server 'knows' about the Example DS:

/subsystem=datasources:read-resource
{
    "outcome" => "success",
    "result" => {
        "data-source" => {"ExampleDS" => undefined},
        "jdbc-driver" => {"h2" => undefined},
        "xa-data-source" => undefined
    }
}

If I run the embed-server command with --admin-only=false then the jdbc-realm can be added successfully.

So it would seem the data-sources are not installed when starting with an embedded server in the admin-only mode.

I can't tell if this is expected behaviour, a bug or if I'm just doing something wrong?

Any help much appreciated, thanks.

1. Re: How to add Elytron jdbc-realm in embed-server mode? (wildfly16)

yersan Jun 26, 2019 11:21 AM (in response to daveagill)

Hello David,

I cannot see anything wrong in your procedure, and at first glance, it looks like it should be possible to add the realm in admin mode. We fixed a similar issue on WildFly 17 [WFCORE-4407] Cannot configure Elytron security domain using embedded server in admin mode - JBoss Issue Tracker , although in that case, the issue was affecting to the security domain definitions.

As far as I know, there are still services that can be modified to make them unrequired in admin mode. Would you mind opening a Jira issue so can take a closer look?

Thanks!
Actions
2. Re: How to add Elytron jdbc-realm in embed-server mode? (wildfly16)

daveagill Jun 26, 2019 11:42 AM (in response to yersan)

Hi yersan,

Yes happy to raise a jira issue although never quite sure which project to raise under, should it be WFLY or WFCORE?

In the meantime I have found a workaround for this. The trick is to first add and remove some other type of realm with the same name as the jdbc-realm that you want to add; after that the jdbc-realm will add successfully.
Here for example I used a dummy identity-realm:
embed-server --server-config=standalone.xml

# First add & remove a dummy realm with the same name as the jdbc-realm you want to add
/subsystem=elytron/identity-realm=MyRealm:add(identity='dummy identity realm')
/subsystem=elytron/identity-realm=MyRealm:remove

# Now the jdbc-realm will add successfully
/subsystem=elytron/jdbc-realm=MyRealm:add(principal-query=[{sql="SELECT hash, salt, iters FROM Users WHERE username = ?", data-source=ExampleDS}])
Actions
3. Re: How to add Elytron jdbc-realm in embed-server mode? (wildfly16)

yersan Jun 26, 2019 12:19 PM (in response to daveagill)

Thanks for the investigation, that information is useful to be able to find the proper fix.

In this case, WCORE is the correct one for this stuff since Elytron is involved and that subsystem is in WildFly core.
Actions
4. Re: How to add Elytron jdbc-realm in embed-server mode? (wildfly16)

brian.stansberry Jun 26, 2019 1:12 PM (in response to yersan)

+1; WFCORE is right for this. But if you're ever unsure and want to file an issue, guessing WFLY is fine. The same folks work on both codebases and It's trivial for us to move an issue so guessing wrong is not a problem!
Actions
5. Re: How to add Elytron jdbc-realm in embed-server mode? (wildfly16)

daveagill Jun 26, 2019 1:29 PM (in response to yersan)

Thanks guys,

Here is the Jira issue I have created: [WFCORE-4551] Cannot add Elytron jdbc-realm using embedded server in admin mode - JBoss Issue Tracker
Actions

Go to original post