Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11795

Elytron subsystem should not register storage=runtime attributes on profile resources

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER2
    • None
    • Management, Security
    • None

      The elytron subsystem is not checking for appropriate conditions before registering attributes and operations, leading to inappropriate things being registered on the managed domain /profile=*/subsystem=elytron resources. In some cases the OSH handling things attempts to avoid having things blow up if executed on the profile (e.g. ElytronRuntimeOnlyHandler) but really things should not be registered at all if they are not functional.

      This JIRA is about attributes and resources, which are a simpler case from operations. A runtime-only resource or attribute really has no function in the /profile=* tree as any sort of runtime behind those is not allowed.

      Following are uses of AbstractAttributeDefinitionBuilder.setStorageRuntime() in the subsystem. All or nearly all of these have an issue of some nature:

      src/main/java/org/wildfly/extension/elytron/AvailableMechanismsRuntimeResource.java:        .setStorageRuntime() available-mechanisms -- FIXME not on profile
      src/main/java/org/wildfly/extension/elytron/CertificateChainAttributeDefinitions.java:        .setStorageRuntime() ok; just a base AD for next one
      src/main/java/org/wildfly/extension/elytron/CertificateChainAttributeDefinitions.java:                .setStorageRuntime() local-certificates and peer-certificates  -- FIXME not on profile
      src/main/java/org/wildfly/extension/elytron/CredentialStoreResourceDefinition.java:            .setStorageRuntime() "alias" -- ok; not an attribute (minor fixme to drop pointless call)
      src/main/java/org/wildfly/extension/elytron/CredentialStoreResourceDefinition.java:                .setStorageRuntime() "entry-type" -- ok; not an attribute (minor fixme to drop pointless call)
      src/main/java/org/wildfly/extension/elytron/CredentialStoreResourceDefinition.java:            .setStorageRuntime() "secret-value" -- ok; not an attribute (minor fixme to drop pointless call)
      src/main/java/org/wildfly/extension/elytron/KeyStoreDefinition.java:        .setStorageRuntime() size -- FIXME not on profile
      src/main/java/org/wildfly/extension/elytron/KeyStoreDefinition.java:        .setStorageRuntime() synchronized -- FIXME not on profile
      src/main/java/org/wildfly/extension/elytron/KeyStoreDefinition.java:        .setStorageRuntime() modified  -- FIXME not on profile
      src/main/java/org/wildfly/extension/elytron/LdapKeyStoreDefinition.java:            .setStorageRuntime() size  -- FIXME not on profile 
      src/main/java/org/wildfly/extension/elytron/PropertiesRealmDefinition.java:        .setStorageRuntime() synchronized   -- FIXME not on profile 
      src/main/java/org/wildfly/extension/elytron/ProviderAttributeDefinition.java:        .setStorageRuntime() loaded-provider -- FIXME not on profile
      src/main/java/org/wildfly/extension/elytron/ProviderAttributeDefinition.java:        .setStorageRuntime() service -- not relevant; inner field of "loaded-providers"
      src/main/java/org/wildfly/extension/elytron/ProviderAttributeDefinition.java:        .setStorageRuntime() loaded-providers -- FIXME not on profile
      src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java:            .setStorageRuntime() active-session-count  -- FIXME not on profile 
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java:            .setStorageRuntime() -- FIXME resource should not be on profile
      src/main/java/org/wildfly/extension/elytron/ServiceStateDefinition.java:        .setStorageRuntime() state  -- FIXME not on profile 
      

      I believe I'll resolve this via some sort of utility code that the registration logic can call in order to avoid invalid registrations. See also WFCORE-2829.

              bstansbe@redhat.com Brian Stansberry
              bstansbe@redhat.com Brian Stansberry
              Martin Simka Martin Simka
              Martin Simka Martin Simka
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: