diff --git a/domain-management/src/main/java/org/jboss/as/domain/management/access/AccessAuthorizationUseIdentityRolesWriteAttributeHandler.java b/domain-management/src/main/java/org/jboss/as/domain/management/access/AccessAuthorizationUseIdentityRolesWriteAttributeHandler.java index 6c9517a4a57..0f6e421b597 100644 --- a/domain-management/src/main/java/org/jboss/as/domain/management/access/AccessAuthorizationUseIdentityRolesWriteAttributeHandler.java +++ b/domain-management/src/main/java/org/jboss/as/domain/management/access/AccessAuthorizationUseIdentityRolesWriteAttributeHandler.java @@ -2,7 +2,6 @@ * Copyright The WildFly Authors * SPDX-License-Identifier: Apache-2.0 */ - package org.jboss.as.domain.management.access; import org.jboss.as.controller.AbstractWriteAttributeHandler; @@ -29,13 +28,13 @@ class AccessAuthorizationUseIdentityRolesWriteAttributeHandler extends AbstractW @Override protected void finishModelStage(OperationContext context, ModelNode operation, String attributeName, ModelNode newValue, ModelNode oldValue, Resource model) throws OperationFailedException { - boolean useIdentityRoles = newValue.asBoolean(); - if (useIdentityRoles == false) { - /* + boolean useIdentityRoles = newValue.isDefined() ? newValue.asBoolean() : AccessAuthorizationResourceDefinition.USE_IDENTITY_ROLES.getDefaultValue().asBoolean(); + if (useIdentityRoles == false) { + /* * As we are no longer using identity roles we may need another role mapping strategy. - */ - RbacSanityCheckOperation.addOperation(context); - } + */ + RbacSanityCheckOperation.addOperation(context); + } } @Override diff --git a/testsuite/standalone/src/test/java/org/jboss/as/test/integration/management/cli/GenericCommandTestCase.java b/testsuite/standalone/src/test/java/org/jboss/as/test/integration/management/cli/GenericCommandTestCase.java index 7d30924ae5d..dd1b70de8bc 100644 --- a/testsuite/standalone/src/test/java/org/jboss/as/test/integration/management/cli/GenericCommandTestCase.java +++ b/testsuite/standalone/src/test/java/org/jboss/as/test/integration/management/cli/GenericCommandTestCase.java @@ -83,7 +83,7 @@ public void testNodeChild() throws Exception { assertTrue(readOutput2.contains("use-identity-roles=true")); assertTrue(readOutput2.contains("permission-combination-policy=rejecting")); } finally { - cli.sendLine("/core-service=management/access=authorization:write-attribute(name=use-identity-roles, value=false"); + cli.sendLine("/core-service=management/access=authorization:undefine-attribute(name=use-identity-roles"); cli.sendLine("/core-service=management/access=authorization:undefine-attribute(name=permission-combination-policy"); cli.sendLine("command remove --command-name=authorization"); }