Error in Security realm after wildfly update
6,522 views
Skip to first unread message
Gagan Noor Singh
Mar 3, 2022, 7:07:54 AM3/3/22
to WildFly
After updating wildfly 16 to wildfly 26.0.1 via galleon. I am getting below error during wildfly startup
**2022-03-03 08:24:05,306 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0033: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:137)
at org.jboss.as.host.controller.HostControllerConfigurationPersister.load(HostControllerConfigurationPersister.java:211)
at org.jboss.as.host.controller.DomainModelControllerService.boot(DomainModelControllerService.java:668)
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:455)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.xml.stream.XMLStreamException: WFLYDM0145: Security realms are no longer supported, please remove them from the configuration.
at org.jboss.as.domain.management.parsing.ManagementXml_5.parseManagement(ManagementXml_5.java:94)
at org.jboss.as.host.controller.parsing.HostXml_10.readHostElement(HostXml_10.java:235)
at org.jboss.as.host.controller.parsing.HostXml_10.readElement(HostXml_10.java:145)
at org.jboss.as.host.controller.parsing.HostXml.readElement(HostXml.java:91)
at org.jboss.as.host.controller.parsing.HostXml.readElement(HostXml.java:51)
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:122)
at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:76)
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:126)
... 4 more**
**2022-03-03 08:24:05,306 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0033: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:137)
at org.jboss.as.host.controller.HostControllerConfigurationPersister.load(HostControllerConfigurationPersister.java:211)
at org.jboss.as.host.controller.DomainModelControllerService.boot(DomainModelControllerService.java:668)
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:455)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.xml.stream.XMLStreamException: WFLYDM0145: Security realms are no longer supported, please remove them from the configuration.
at org.jboss.as.domain.management.parsing.ManagementXml_5.parseManagement(ManagementXml_5.java:94)
at org.jboss.as.host.controller.parsing.HostXml_10.readHostElement(HostXml_10.java:235)
at org.jboss.as.host.controller.parsing.HostXml_10.readElement(HostXml_10.java:145)
at org.jboss.as.host.controller.parsing.HostXml.readElement(HostXml.java:91)
at org.jboss.as.host.controller.parsing.HostXml.readElement(HostXml.java:51)
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:122)
at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:76)
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:126)
... 4 more**
Ashpan Raskar
Mar 7, 2022, 10:57:02 AM3/7/22
to WildFly
As of WildFly 25, all legacy security realms have been deprecated, and WildFly only supports Elytron Security Realms now.
We have a migration guide available here to assist you: https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Migrate_Legacy_Security_to_Elytron_Security
This blog post also mentions some more details about the removal in Wildfly 25: https://www.wildfly.org/news/2021/10/05/WildFly25-Final-Released/
This blog post also mentions some more details about the removal in Wildfly 25: https://www.wildfly.org/news/2021/10/05/WildFly25-Final-Released/
Ashpan Raskar
Mar 7, 2022, 12:01:50 PM3/7/22
to WildFly
Quick note to clarify my last message.
Legacy security realms have been deprecated for a long time, and as of WildFly 25 support for them have been fully removed.
Gagan Noor Singh
Mar 8, 2022, 5:18:44 AM3/8/22
to WildFly
Hi,
I tried the commands given in migration document but failed. Below is my configuration which i need to migrate.
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domain name="einvoiceApplicationDomain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="principalsQuery" value="select password from einvoice.v_user_role where username=?"/>
<module-option name="rolesQuery" value="select group_name as Roles, 'Roles' as RoleGroup from einvoice.v_user_role where username=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="dsJndiName" value="java:/datasource/EinvoiceDS"/>
</login-module>
<login-module code="RoleMapping" flag="required">
<module-option name="rolesProperties" value="file:${jboss.domain.config.dir}/einvoiceApplicationDomain.properties"/>
<module-option name="replaceRole" value="false"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
<authentication>
<login-module code="Database" flag="required">
<module-option name="principalsQuery" value="select password from einvoice.v_user_role where username=?"/>
<module-option name="rolesQuery" value="select group_name as Roles, 'Roles' as RoleGroup from einvoice.v_user_role where username=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="dsJndiName" value="java:/datasource/EinvoiceDS"/>
</login-module>
<login-module code="RoleMapping" flag="required">
<module-option name="rolesProperties" value="file:${jboss.domain.config.dir}/einvoiceApplicationDomain.properties"/>
<module-option name="replaceRole" value="false"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
Below is command i executed in jboss cli and error i got:
./profile=einvoice/subsystem=security/elytron-realm=einvoiceApplicationDomain:add(legacy-jaas-config=einvoiceApplicationDomain)
Error:
{
"outcome" => "failed",
"result" => undefined,
"failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"einvoice" => {"host" => {"a
lt-esb-app01" => {"einvoice-01" => {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.einvoiceApplicationDomain"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-realm.einvoiceApplicationDomain is missing [jboss.security.
security-domain.einvoiceApplicationDomain]"]
}}}}}}},
"rolled-back" => true,
"server-groups" => {"einvoice" => {"host" => {"alt-esb-app01" => {"einvoice-01" => {"response" => {
"outcome" => "failed",
"failure-description" => {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.einvoiceApplicationDomain"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-realm.einvoiceApplicationDomain is missing [jboss.secur
ity.security-domain.einvoiceApplicationDomain]"]
},
"rolled-back" => true
}}}}}}
}
./profile=einvoice/subsystem=security/elytron-realm=einvoiceApplicationDomain:add(legacy-jaas-config=einvoiceApplicationDomain)
Error:
{
"outcome" => "failed",
"result" => undefined,
"failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"einvoice" => {"host" => {"a
lt-esb-app01" => {"einvoice-01" => {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.einvoiceApplicationDomain"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-realm.einvoiceApplicationDomain is missing [jboss.security.
security-domain.einvoiceApplicationDomain]"]
}}}}}}},
"rolled-back" => true,
"server-groups" => {"einvoice" => {"host" => {"alt-esb-app01" => {"einvoice-01" => {"response" => {
"outcome" => "failed",
"failure-description" => {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.einvoiceApplicationDomain"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-realm.einvoiceApplicationDomain is missing [jboss.secur
ity.security-domain.einvoiceApplicationDomain]"]
},
"rolled-back" => true
}}}}}}
}
Ashpan Raskar
Mar 14, 2022, 1:45:45 PM3/14/22
to WildFly
Hi,
It looks like these commands are coming from the Steps in the "Intermediate Configuration" of the Migration Guide. These steps were designed for migration when WildFly still supported Legacy Security Realms. Since there is no support anymore you will have to use the "Fully Migrated Configuration" steps to migrate your legacy configuration.
Let me know if you have any more questions
Reply all
Reply to author
Forward
0 new messages