3 Replies Latest reply on Jan 9, 2019 10:30 AM by simkam

    WildFly 15 resource-adapters subsystem requires legacy security subsystem

    Philippe Marschall Master

      We were running WildFly 13 with just the Elytron subsystem without the legacy security subsystem. When we try the same with WildFly 15 we get

      ERROR [org.jboss.as.controller.management-operation] WFLYCTL0013: Operation ("add") failed - address: ([
        ("subsystem" => "resource-adapters"),
        ("resource-adapter" => "wmq.jmsra-9.0.4.0.rar"),
        ("connection-definitions" => "MQ.CONNECTIONFACTORY.JMS")
      ]) - failure description: {
        "WFLYCTL0412: Required services that are not installed:" => [
        "jboss.security.subject-factory",
        "jboss.security.simple-security-manager"
        ],
        "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.resourceadapters.ra.\"wmq.jmsra-9.0.4.0.rar\".\"MQ.CONNECTIONFACTORY.JMS\" is missing [jboss.security.s
      imple-security-manager, jboss.security.subject-factory]"]
      }

      we have to add the following minimal security subsystem configuration

        
        
        
        
        
        
        
        
        
        
        
        
        

      is this intentional?

        • 1. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
          simkam Novice

          Hi,

           

          it looks like legacy security subsystem is always required when connection definition doesn't specify elytron-enabled=true or recovery-elytron-enabled=true. How does your connection definition look like?

           

          Thanks,

          Martin

          • 2. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
            Philippe Marschall Master

            This is the configuration of our subsystem, this was working with WildFly 13

             

            <subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">

              <resource-adapters>

                <resource-adapter id="wmq.jmsra-9.0.4.0.rar">

                  <archive>wmq.jmsra-9.0.4.0.rar</archive>

                  <transaction-support>LocalTransaction</transaction-support>

                  <connection-definitions>

                    <connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl"

                      jndi-name="java:jboss/MQ.CONNECTIONFACTORY.JMS" enabled="true" use-java-context="true" pool-name="MQ.CONNECTIONFACTORY.JMS">

                      <config-property name="queueManager">${env.QUEUE_MANAGER}</config-property>

                      <config-property name="transportType">CLIENT</config-property>

                      <config-property name="connectionNameList">${env.CONNECTION_NAME_LIST)}</config-property>

                      <config-property name="channel">${env.CHANNEL}</config-property>

                      <config-property name="username">${env.USERNAME}</config-property>

                    </connection-definition>

                  </connection-definitions>

                  <admin-objects>

                    <admin-object class-name="com.ibm.mq.connector.outbound.MQQueueProxy" jndi-name="java:jboss/MQ.Q1" pool-name="jms/queue/Q1">

                        <config-property name="targetClient">MQ</config-property>

                        <config-property name="baseQueueName">ACME.QUEUE</config-property>

                    </admin-object>

                  </admin-objects> 

                </resource-adapter>

              </resource-adapters>

            </subsystem>

             

            we tried the following but this produces the same error

             

            <subsystem xmlns="urn:jboss:domain:resource-adapters:5.0">

              <resource-adapters>

                <resource-adapter id="wmq.jmsra-9.0.4.0.rar">

                  <archive>wmq.jmsra-9.0.4.0.rar</archive>

                  <transaction-support>LocalTransaction</transaction-support>

                  <connection-definitions>

                    <connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl"

                      jndi-name="java:jboss/MQ.CONNECTIONFACTORY.JMS" enabled="true" use-java-context="true" pool-name="MQ.CONNECTIONFACTORY.JMS">

                      <security>

                        <elytron-enabled />

                      </security>

                      <config-property name="queueManager">${env.QUEUE_MANAGER}</config-property>

                      <config-property name="transportType">CLIENT</config-property>

                      <config-property name="connectionNameList">${env.CONNECTION_NAME_LIST)}</config-property>

                      <config-property name="channel">${env.CHANNEL}</config-property>

                      <config-property name="username">${env.USERNAME}</config-property>

                    </connection-definition>

                  </connection-definitions>

                  <admin-objects>

                    <admin-object class-name="com.ibm.mq.connector.outbound.MQQueueProxy" jndi-name="java:jboss/MQ.Q1" pool-name="jms/queue/Q1">

                        <config-property name="targetClient">MQ</config-property>

                        <config-property name="baseQueueName">ACME.QUEUE</config-property>

                    </admin-object>

                  </admin-objects> 

                </resource-adapter>

              </resource-adapters>

            </subsystem>

            • 3. Re: WildFly 15 resource-adapters subsystem requires legacy security subsystem
              simkam Novice

              It looks like you have to set both, elytron-enabled and recovery-elytron-enabled, to true when using elytron only configuration. The behavior probably changed with [WFLY-9978]. I think it makes sense as they can use different security backend. maeste WDYT?

               

              <connection-definitions>

                  <connection-definition>

                      <security>

                          <elytron-enabled>true</elytron-enabled>

                      </security>

                      <recovery>

                          <recover-credential>

                              <elytron-enabled>true</elytron-enabled>

                          </recover-credential>

                      </recovery>

                  </connection-definition>

              </connection-definitions>

              1 of 1 people found this helpful