Bug 1315741 - Security subsystem has been deprecated
Security subsystem has been deprecated
Product: JBoss Operations Network
Classification: JBoss
Component: Plugin -- JBoss EAP 7 (Show other bugs)
JON 3.3.5
Unspecified Unspecified
medium Severity medium
: ER01
: One-off release
Assigned To: Michael Burman
Mike Foley
: Triaged
: 1320488 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2016-03-08 08:54 EST by Michael Burman
Modified: 2016-04-12 09:09 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-12 02:15:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michael Burman 2016-03-08 08:54:20 EST
Description of problem: 
       "deprecated" => {
            "since" => "1.3.0",
            "reason" => "The Security subsystem is deprecated and may be removed, significantly revised, or limited to managed domain legacy server use in future versions."

Following messages are printed on the agent logs that indicate the properties have changed also:

016-03-08 12:02:03,427 WARN  [ConfigurationManager.threadpool-1] (rhq.core.pc.configuration.ConfigurationCheckExecutor)- Plugin Error: Invalid Login Module Stack resource configuration returned by EAP7 plugin - Required property 'code' has a null value.
2016-03-08 12:02:03,427 WARN  [ConfigurationManager.threadpool-1] (rhq.core.pc.configuration.ConfigurationCheckExecutor)- Plugin Error: Invalid Login Module Stack resource configuration returned by EAP7 plugin - Required property 'flag' has a null value.

We should probably remove this subsystem from the EAP7 module and see later if we need to add the new security modules.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:
Comment 2 John Doyle 2016-03-17 11:21:38 EDT
We should retain it.  The subsystem is deprecated but remains supported for the life of EAP 7. The deprecated state is intended to communicate that the subsystem will no longer receive updates, and that users should transition to the replacement, KeyCloak.
Comment 3 Michael Burman 2016-03-23 07:50:29 EDT
*** Bug 1320488 has been marked as a duplicate of this bug. ***
Comment 4 Michael Burman 2016-04-01 07:59:21 EDT
Further note, the log lines I'm seeing could happen in the 6.4 as well, as the properties are indeed identical between 6.4.0 and 7.0.0.ER07. The plugin code is based on some older EAP6 version and we can't separate the versions in XML..
Comment 5 Michael Burman 2016-04-04 09:30:32 EDT
And the errors only happen in jaspitest security-domain, not elsewhere.. (we have several places where we can't support the jaspitest domain as it uses a different path than other security-domains for some reason)
Comment 6 Michael Burman 2016-04-06 10:39:00 EDT
At this point it seems that changing things to support jaspitest's different structure is quite high risk. There's a lot of code (which is also complicated) that supports the old paths, which seems to be used by every other authentication module (and they seem to work fine).

Jaspitest is an isolated case which doesn't work.
Comment 9 Simeon Pinder 2016-04-12 02:15:02 EDT
See comments 6-8. Closing as WONTFIX as too risky. Might need to revisit if different problems present themselves at a later time.

Note You need to log in before you can comment on or make changes to this bug.