4 Replies Latest reply on Feb 26, 2018 8:55 AM by Martin Vecera

    WildFly 11 deprecated attributes

    Martin Vecera Novice

      Hello, I am using Kyecloak 3.4.3.Final that is based on WildFly 11. I added a tcpping JGroups stack for clustering according to the available WildFly 10 documentation. First, what is strange is that I cannot find WildFly 11 specific documentation, however, many things seem to be updated.

       

      At the server start I am receiving several warning about deprecated configuration attributes like the following one:

      12:29:42,529 INFO  [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 20) WFLYCTL0028: Attribute 'socket-binding' in the resource at address '/subsystem=jgroups/stack=tcpping/protocol=FD_SOCK' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.

       

      This protocol is in the stack I added. So I was about to follow the advice and had a look in jboss-cli:

      "socket-binding" => {
                      "type" => STRING,
                      "description" => "The socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.",
                      "expressions-allowed" => false,
                      "required" => false,
                      "nillable" => true,
                      "min-length" => 1L,
                      "max-length" => 2147483647L,
                      "deprecated" => {
                          "since" => "5.0.0",
                          "reason" => "Deprecated.  Supports EAP 7.0 slaves."
                      },
                      "access-type" => "read-only",
                      "storage" => "configuration"
                  },

      When I checked the documentation (for WildFly 10 as I cannot find it for version 11) I can still see that I should use "socket-binding". Also Google does not help. This is like fifth similar issue I am trying to overcome today. What is wrong with the docs?

       

      What is the correct method to use instead of socket binding? Should I use protocol properties and its attributes according to JGroups documentation?

       

      Some more warnings from the server startup:

      12:29:42,318 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
      12:29:42,392 INFO  [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 3) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in future version. See the attribute ad-resource-description operation to learn more about the deprecation.

      Many thanks for any advise!

        • 1. Re: WildFly 11 deprecated attributes
          Anup Dey Expert

          - Elytron, security subsystem is introduced in Wildfly 11

          - Old security subsystem is deprecated as the attribute description is defined.

           

          [standalone@localhost:9990 /] /core-service=management/management-interface=http-interface:read-resource-description

          :

                      "security-realm" => {

                          "type" => STRING,

                          "description" => "The legacy security realm to use for the HTTP management interface.",

          :

                             "reason" => "Configuration should migrate to reference 'http-authentication-factory', 'sasl-authentication-factory', and 'ssl-context' capabilities as required."

          :

          [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:read-resource-description

           

           

                      "security-realm" => {

                          "type" => STRING,

                          "description" => "The listeners security realm",

          :

                             "reason" => "Use the ssl-context attribute to reference a configured SSLContext directly."

          :

           

          - These messages can be ignored since the message is just INFO level. However, if you want to suppress the messages, proceed the following steps.

           

          For 'security-realm' under "core-service=management"

           

          - Check the attribute description to know why the deprecated message is logged:

          [standalone@localhost:9990 /] /core-service=management/management-interface=http-interface:read-resource-description

          :

                          "deprecated" => {

                              "since" => "5.0.0",

                              "reason" => "Configuration should migrate to reference 'http-authentication-factory', 'sasl-authentication-factory', and 'ssl-context' capabilities as required."

          :

           

          - In the migration guide CHAPTER 7. MIGRATING TO ELYTRON IN JBOSS EAP 7.1, you can find the article 7.3.1.2. Migrate Legacy Properties-based Configuration to Elytron.

           

          1.Define a new security realm in the elytron subsystem that references the properties files.

          2.Define a security domain subsystem and an HTTP authentication factory in the elytron subsystem.

          3.Change security-realm attribute to http-authentication-factory, which is created by the above steps.

           

          before :<http-interface security-realm="ManagementRealm">

          after : <http-interface http-authentication-factory="application-security-http">

           

          For 'security-realm' under "https-listener=https"

           

          - Check the attribute description to know why the deprecated message is logged:

          [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:read-resource-description

                      "security-realm" => {

                          "type" => STRING,

                          "description" => "The listeners security realm",

          :

                             "reason" => "Use the ssl-context attribute to reference a configured SSLContext directly."

          :

           

           

          This guide 7.5.1. Migrate a Simple SSL Configuration to Elytron shows steps to define ssl-context.

           

          1.Create a key-store in the elytron subsystem that specifies the location of the keystore and the password by which it is encrypted.

          2.Create a key-manager in the elytron subsystem that specifies the key-store defined in the previous step, the alias, and password of the key.

          3.Change security-realm attribute to ssl-context, which is created by the above steps and reload.

          before :<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>

          after : <https-listener name="https" socket-binding="https" ssl-context="LocalhostSslContext" enable-http2="true"/>

          • 2. Re: WildFly 11 deprecated attributes
            Martin Vecera Novice

            Hello Anup, thank you very much for your advise! I did not know about the subsystem change. This explains a lot...

            • 3. Re: WildFly 11 deprecated attributes
              Tomaz Cerar Master

              You could even just run enable-elytron.cli script which you can find in WILDFLY_HOME/docs/examples

               

              which will convert whole (default) config from legacy security to elytron one.

              1 of 1 people found this helpful
              • 4. Re: WildFly 11 deprecated attributes
                Martin Vecera Novice

                Hello Tomaz, that is a very useful tip! Thanks!