Problem configuring messaging-activemq in bootable wildfly 25

Question

I try to migrate a bootable wildly from Version 24 to Version 25.0.1.Final. During the build process the wildfly-jar-maven-plugin executes a cli-file which configures some subsystems. The following entries work perfectly fine in Version 24 but fail in Version 25 to configure the messaging-activemq-subsystem:

/subsystem=messaging-activemq/server=default:add
/subsystem=messaging-activemq/server=default/security-setting=#:add
/subsystem=messaging-activemq/server=default/security-setting=#/role=guest:add(send=true,consume=true,create-non-durable-queue=true, delete-non-durable-queue=true)
/subsystem=messaging-activemq/server=default/address-setting=#:add(dead-letter-address=jms.queue.DLQ, expiry-address=jms.queue.ExpiryQueue, expiry-delay=-1L, max-delivery-attempts=10, max-size-bytes=10485760, page-size-bytes=2097152, message-counter-history-day-limit=10)
/subsystem=messaging-activemq/server=default/http-connector=http-connector:add(socket-binding=http, endpoint=http-acceptor)
/subsystem=messaging-activemq/server=default/http-connector=http-connector-throughput:add(socket-binding=http, endpoint="http-acceptor-throughput" ,params={batch-delay="50"})
/subsystem=messaging-activemq/server=default/in-vm-connector=in-vm:add(server-id="0", params={buffer-pooling=false})
/subsystem=messaging-activemq/server=default/http-acceptor=http-acceptor:add(http-listener="default")
/subsystem=messaging-activemq/server=default/http-acceptor=http-acceptor-throughput:add(http-listener="default", params={batch-delay="50", direct-deliver="false"})
/subsystem=messaging-activemq/server=default/in-vm-acceptor=in-vm:add(server-id="0", params={buffer-pooling=false})
/subsystem=messaging-activemq/server=default/jms-queue=ExpiryQueue:add(entries=["java:/jms/queue/ExpiryQueue"])
/subsystem=messaging-activemq/server=default/jms-queue=DLQ:add(entries=["java:/jms/queue/DLQ"])
/subsystem=messaging-activemq/server=default/jms-queue=LoggingQueue:add(entries=["java:/jms/queue/LoggingQueue"])
/subsystem=messaging-activemq/server=default/connection-factory=InVmConnectionFactory:add(entries=[java:/ConnectionFactory], connectors=[in-vm])
/subsystem=messaging-activemq/server=default/connection-factory=RemoteConnectionFactory:add(entries=[java:jboss/exported/jms/RemoteConnectionFactory], connectors=[http-connector])
/subsystem=messaging-activemq/server=default/pooled-connection-factory=activemq-ra:add(entries=[ava:/JmsXA java:jboss/DefaultJMSConnectionFactory], connectors=[in-vm], transaction=xa)

The error-message reads as follows:

[ERROR] Exception in thread "main" java.lang.reflect.InvocationTargetException
[ERROR]     at jdk.internal.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
[ERROR]     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[ERROR]     at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[ERROR]     at org.wildfly.plugins.bootablejar.maven.cli.CLIWrapper.handle(CLIWrapper.java:82)
[ERROR]     at org.wildfly.plugins.bootablejar.maven.cli.CLIForkedExecutor.main(CLIForkedExecutor.java:49)
[ERROR] Caused by: org.jboss.as.cli.CommandLineException: {
[ERROR]     "outcome" => "failed",
[ERROR]     "failure-description" => "WFLYCTL0369: Required capabilities are not available:
[ERROR]     org.wildfly.security.legacy-security-domain.other; There are no known registration points which can provide this capability.",
[ERROR]     "rolled-back" => true
[ERROR] }

The standalone-full.xml of a downloaded wildly 25 configures the messaging-activemq-subsystem as follows:

<subsystem xmlns="urn:jboss:domain:messaging-activemq:13.0">
            <server name="default">
                <security elytron-domain="ApplicationDomain"/>
                <statistics enabled="${wildfly.messaging-activemq.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
                <security-setting name="#">
                    <role name="guest" send="true" consume="true" create-non-durable-queue="true" delete-non-durable-queue="true"/>
                </security-setting>
                <address-setting name="#" dead-letter-address="jms.queue.DLQ" expiry-address="jms.queue.ExpiryQueue" max-size-bytes="10485760" page-size-bytes="2097152" message-counter-history-day-limit="10"/>
                <http-connector name="http-connector" socket-binding="http" endpoint="http-acceptor"/>
                <http-connector name="http-connector-throughput" socket-binding="http" endpoint="http-acceptor-throughput">
                    <param name="batch-delay" value="50"/>
                </http-connector>
                <in-vm-connector name="in-vm" server-id="0">
                    <param name="buffer-pooling" value="false"/>
                </in-vm-connector>
                <http-acceptor name="http-acceptor" http-listener="default"/>
                <http-acceptor name="http-acceptor-throughput" http-listener="default">
                    <param name="batch-delay" value="50"/>
                    <param name="direct-deliver" value="false"/>
                </http-acceptor>
                <in-vm-acceptor name="in-vm" server-id="0">
                    <param name="buffer-pooling" value="false"/>
                </in-vm-acceptor>
                <jms-queue name="ExpiryQueue" entries="java:/jms/queue/ExpiryQueue"/>
                <jms-queue name="DLQ" entries="java:/jms/queue/DLQ"/>
                <connection-factory name="InVmConnectionFactory" entries="java:/ConnectionFactory" connectors="in-vm"/>
                <connection-factory name="RemoteConnectionFactory" entries="java:jboss/exported/jms/RemoteConnectionFactory" connectors="http-connector"/>
                <pooled-connection-factory name="activemq-ra" entries="java:/JmsXA java:jboss/DefaultJMSConnectionFactory" connectors="in-vm" transaction="xa"/>
            </server>
        </subsystem>

Since the error-message refers to a security domain I assume that the given orders do not generate the line <security elytron-domain="ApplicationDomain“/> as in the downloaded version.

Thanks for any help.

The "wilfly-jar-maven-plugin" defines as layers:

`<layer>datasources</layer>
<layer>jaxrs-server</layer>
<layer>jpa</layer>
<layer>cdi</layer>
<layer>ee</layer>
<layer>security-manager</layer>
<layer>elytron</layer>
<layer>ee-security</layer>
<layer>ejb</layer>
<layer>ejb-lite</layer>
<layer>mail</layer>
<layer>management</layer>
<layer>web-server</layer>
<layer>webservices</layer>
<layer>batch-jberet</layer>
<layer>messaging-activemq</layer>
<layer>resource-adapters</layer>
<layer>transactions</layer>`

The project can be build via maven when the lines supposed to configure messaging-activemq are commented out. In that case the generated "standalone.xml" only shows the line "<subsystem xmlns="urn:jboss:domain:messaging-activemq:13.0"/>". As expected the subsystem exists without any configuration.

I checked whether the elytron subsystem is present in the generated "standalone.xml". It is. Exactly as in the "standalone-full.xml" of a downloaded wildfly 25.

The error message refers to a missing "legacy-security-domain.other". In fact the "wildfly-jar-maven-plugin" previously defined a layer "legacy-security" which is gone in wildfly 25. From this I conclude that the cli-file commands used to configure the messaging subsystem in wildfly 24 only work in the context of a "legacy security"-system. This then boils down to the question: What are the equivalent commands in order to use the elytron security system?

Answer 1

I think you are hitting https://issues.redhat.com/browse/WFLY-17640 so I'm afraid that you'd still need to have a legacy realm