Wildfly 32 legacy domain issue for security domain configured in elytron

844 views
Skip to first unread message

Goren Zicwar

unread,
Jun 13, 2024, 1:05:51 AM6/13/24
to WildFly
Hi all,
We are upgrading our webservices from Wildfly 18.0.1 to Wildfly 32.0.1. We are facing a deployment issue with security domain created in standalone.xml and configured in our webapp.

I configured a new security domain in elytron in standalone.xml as mentioned in the wildfly documentation:
https://docs.wildfly.org/32/WildFly_Elytron_Security.html#Migrate_Legacy_Security_to_Elytron_Security


standalone.xml contents <subsystem xmlns="urn:wildfly:elytron:community:18.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> ... <security-domains> ... <security-domain name="application-security" default-realm="application-properties" permission-mapper="default-permission-mapper"> <realm name="application-properties"/> </security-domain> </security-domains> <security-realms> ... <properties-realm name="application-properties" groups-attribute="Roles"> <users-properties path="example-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="Application Security" plain-text="true"/> <groups-properties path="example-roles.properties" relative-to="jboss.server.config.dir"/> </properties-realm> </security-realms> ... <http> ... <http-authentication-factory name="application-security-http" http-server-mechanism-factory="global" security-domain="application-security"> <mechanism-configuration> <mechanism mechanism-name="FORM"/> </mechanism-configuration> </http-authentication-factory> ... </http> ... </subsystem> <subsystem xmlns="urn:jboss:domain:undertow:14.0"> ... <application-security-domains> <application-security-domain name="application-security" http-authentication-factory="application-security-http"/> </application-security-domains> ... </subsystem>

Then I configured my webapp project to use this domain and realm. jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>

<context-root><--our web app context root--></context-root>-->

<security-domain>application-security</security-domain>

</jboss-web> web.xml contents

<login-config>

<auth-method>FORM</auth-method>

<realm-name>application-properties</realm-name>

</login-config>


While deployment of our webapp ear in wildfly 32, we are getting following error : 
2024-06-11 16:29:47,130 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 1) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "webservice.ear")]) - failure description: {
    "WFLYCTL0080: Failed services" => {"jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".INSTALL" => "WFLYSRV0153: Failed to process phase INSTALL of subdeployment \"webservice.war\" of deployment \"webservice.ear\"
    Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEE0052: Failed to install component ServiceComponent
    Caused by: java.lang.IllegalStateException: WFLYEJB0530: The deployment is configured to use a legacy security domain 'application-security' which is no longer supported."},
    "WFLYCTL0412: Required services that are not installed:" => [
        "jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".jndiDependencyService",
        "jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".deploymentCompleteService",
        "jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".beanmanager",
        "jboss.persistenceunit.\"webservice.ear/webservice.war#webservice\""
    ],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => [
        "service jboss.deployment.unit.\"webservice.ear\".WeldStartService is missing [jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".jndiDependencyService, jboss.persistenceunit.\"webservice.ear/webservice.war#webservice\"]",
        "service jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".weld.weldClassIntrospector is missing [jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".beanmanager]",
        "service jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".batch.artifact.factory is missing [jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".beanmanager]",
        "service jboss.deployment.unit.\"webservice.ear\".deploymentCompleteService is missing [jboss.deployment.subunit.\"webservice.ear\".\"webservice.war\".deploymentCompleteService]"
    ]
} This is all implemented as per wildfly documentation and there is no reference of old security domain configuration in entire standalone.xml still unable to understand how its considering the security domain as legacy. Someone please help out. Thank

Francisco Machado

unread,
Aug 27, 2024, 6:59:47 AM8/27/24
to WildFly
In case you're using ejb3 subsystem, make sure your security domain is also there

<subsystem xmlns="urn:jboss:domain:ejb3:10.0">
   ...
    <application-security-domains>
          <application-security-domain name="other" security-domain="application-security"/>
     </application-security-domains>
<subsystem>
Reply all
Reply to author
Forward
0 new messages