Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: 11.0.0.Alpha1
Affects Version/s: None
Component/s: Security
Labels:
None

Steps to Reproduce:
Hide

Current command

/subsystem=elytron/http-authentication-factory=testdomain-authentication:add( \ http-server-mechanism-factory=global, \ security-domain=testdomain, \ mechanism-configurations=[ \ { mechanism-name=BASIC, \ mechanism-realm-configurations=[ \ {realm-name="Elytron secured"} \ ] \ }, \ {mechanism-name=FORM} \ ] \ )

could be decomposed to sth. like:

/subsystem=elytron/http-authentication-factory=testdomain-authentication:add( \ http-server-mechanism-factory=global, \ security-domain=testdomain) /subsystem=elytron/http-authentication-factory=testdomain-authentication/mechanism=BASIC:add() /subsystem=elytron/http-authentication-factory=testdomain-authentication/mechanism=BASIC/realm-config=name-config:add(realm-name="Elytron secured") /subsystem=elytron/http-authentication-factory=testdomain-authentication/mechanism=FORM:add()
Show
Current command /subsystem=elytron/http-authentication-factory=testdomain-authentication:add( \ http-server-mechanism-factory=global, \ security-domain=testdomain, \ mechanism-configurations=[ \ { mechanism-name=BASIC, \ mechanism-realm-configurations=[ \ {realm-name= "Elytron secured" } \ ] \ }, \ {mechanism-name=FORM} \ ] \ ) could be decomposed to sth. like: /subsystem=elytron/http-authentication-factory=testdomain-authentication:add( \ http-server-mechanism-factory=global, \ security-domain=testdomain) /subsystem=elytron/http-authentication-factory=testdomain-authentication/mechanism=BASIC:add() /subsystem=elytron/http-authentication-factory=testdomain-authentication/mechanism=BASIC/realm-config=name-config:add(realm-name= "Elytron secured" ) /subsystem=elytron/http-authentication-factory=testdomain-authentication/mechanism=FORM:add()

Description

User experience with Elytron domain model is sub-optimal.

It's hard to define correctly complex attributes in the Elytron Subsystem configuration. It's much simpler to write the CLI with primitive attributes instead. Also the Management console is not able to generate forms for complex-types automatically.

1) Domain model of subsystem is too flat. Every resource (realms, mappers, factories ...) is located at the base level of Elytron subsystem. Then it is hard to orientate in subsystem since it does not have deeper structure.

Suggestion:
It can be structuralized similar as PicketBox subsystem. There could be some subresources like realms, domains etc.

2) Elytron subsystem contains a lot of complex types which strongly complicate setting of attributes for resources. It mainly affects

add operation - there is insufficient support from CLI since tab button not sufficiently works. It is also non-intuitive and error-prone when all setting is mixed to one difficult command.
write-attribute operation - using write-attribute for some values from complex inner attribute is really hard - e.g. set particular value for some inner attribute of complex object stored in list.
It is different aproach than most of other subsystems uses.

Suggestion:
Replace complex attributes with child resources.

This could be also discussed with UX team. Once this domain model will be released in WildFly/EAP then it will be very hard to rewrite it do to backward compatibility.

Attachments

Issue Links

clones

JBEAP-6100 Too complex Elytron Domain Model

Closed

Activity

People

Assignee:: Darran Lofthouse

Reporter:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2016/09/21 1:32 AM

Updated:: 2017/12/06 11:53 AM

Resolved:: 2016/09/21 6:14 AM