-
1. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
simkam Jan 9, 2019 5:52 AM (in response to pmm)Hi,
it looks like legacy security subsystem is always required when connection definition doesn't specify elytron-enabled=true or recovery-elytron-enabled=true. How does your connection definition look like?
Thanks,
Martin
-
2. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
pmm Jan 9, 2019 6:34 AM (in response to simkam)This is the configuration of our subsystem, this was working with WildFly 13
<subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">
<resource-adapters>
<resource-adapter id="wmq.jmsra-9.0.4.0.rar">
<archive>wmq.jmsra-9.0.4.0.rar</archive>
<transaction-support>LocalTransaction</transaction-support>
<connection-definitions>
<connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl"
jndi-name="java:jboss/MQ.CONNECTIONFACTORY.JMS" enabled="true" use-java-context="true" pool-name="MQ.CONNECTIONFACTORY.JMS">
<config-property name="queueManager">${env.QUEUE_MANAGER}</config-property>
<config-property name="transportType">CLIENT</config-property>
<config-property name="connectionNameList">${env.CONNECTION_NAME_LIST)}</config-property>
<config-property name="channel">${env.CHANNEL}</config-property>
<config-property name="username">${env.USERNAME}</config-property>
</connection-definition>
</connection-definitions>
<admin-objects>
<admin-object class-name="com.ibm.mq.connector.outbound.MQQueueProxy" jndi-name="java:jboss/MQ.Q1" pool-name="jms/queue/Q1">
<config-property name="targetClient">MQ</config-property>
<config-property name="baseQueueName">ACME.QUEUE</config-property>
</admin-object>
</admin-objects>
</resource-adapter>
</resource-adapters>
</subsystem>
we tried the following but this produces the same error
<subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">
<resource-adapters>
<resource-adapter id="wmq.jmsra-9.0.4.0.rar">
<archive>wmq.jmsra-9.0.4.0.rar</archive>
<transaction-support>LocalTransaction</transaction-support>
<connection-definitions>
<connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl"
jndi-name="java:jboss/MQ.CONNECTIONFACTORY.JMS" enabled="true" use-java-context="true" pool-name="MQ.CONNECTIONFACTORY.JMS">
<security>
<elytron-enabled />
</security>
<config-property name="queueManager">${env.QUEUE_MANAGER}</config-property>
<config-property name="transportType">CLIENT</config-property>
<config-property name="connectionNameList">${env.CONNECTION_NAME_LIST)}</config-property>
<config-property name="channel">${env.CHANNEL}</config-property>
<config-property name="username">${env.USERNAME}</config-property>
</connection-definition>
</connection-definitions>
<admin-objects>
<admin-object class-name="com.ibm.mq.connector.outbound.MQQueueProxy" jndi-name="java:jboss/MQ.Q1" pool-name="jms/queue/Q1">
<config-property name="targetClient">MQ</config-property>
<config-property name="baseQueueName">ACME.QUEUE</config-property>
</admin-object>
</admin-objects>
</resource-adapter>
</resource-adapters>
</subsystem>
-
3. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
simkam Jan 9, 2019 10:30 AM (in response to pmm)1 of 1 people found this helpfulIt looks like you have to set both, elytron-enabled and recovery-elytron-enabled, to true when using elytron only configuration. The behavior probably changed with [WFLY-9978]. I think it makes sense as they can use different security backend. maeste WDYT?
<connection-definitions>
<connection-definition>
<security>
<elytron-enabled>true</elytron-enabled>
</security>
<recovery>
<recover-credential>
<elytron-enabled>true</elytron-enabled>
</recover-credential>
</recovery>
</connection-definition>
</connection-definitions>