There should not be a difference but do your ejb and undertow subsystems also have the application-security-domain mappings defined?
On the http-invoker I was still using the legacy realm by using <http-invoker securityRealm="acmeRealm"/> instead of the Elytron one <http-invoker http-authentication-factory="http-db-auth"/>.
However the undertow system still defines a https-listener
<https-listener name="https" socket-binding="https" security-realm="acmeRealm" enable-http2="true"/>
that seems to be making use of the legacy security configuration. Can this be upgraded to use elytron ?
I'm attaching my domain.xml.
domain.xml.zip 8.8 KB
Sergiu, this seems as bug. Your configuration seems ok. Please could you prepare smallest possible reproducer of the problem?
I do not think this is a bug but only me not knowing what attribute replaces (that relates to elytron) the security realm attribute which I understand redirects to the legacy security system.