Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8091

Fix Elytron Enabled attributes at DataSources subsystem

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Alpha1
    • None
    • JCA
    • None
    • Workaround Exists
    • Hide

      Remote alternatives from the attribute and make the validation at the subsystem add.

      Show
      Remote alternatives from the attribute and make the validation at the subsystem add.

    Description

      This Jira is for all ELYTRON_ENABLED attributes defined in datasources subsystem.
      The attribute definition has two bugs:

      • alternatives defined:
        The alternative prevents the user from setting an ELYTRON_ENABLED attribute to false and using one of the alternative attributes, such as SECURITY_DOMAIN because the model will be considered invalid. (see more details below)

      The correct is using alternatives at the AUTHENTICATION_CONTEXT attributes instead and doing an extra validation at AbstractDataSourceAdd/XaDataSourceAdd.

      • marshalling of the attribute, we need to follow the same standard as other boolean attributes in the module, the attribute must be marshalled as a <elytron-enabled>true</elytron-enabled> instead of <elytron-enabled/>, which is the current form being used now

      More details on the alternatives bug:

      If elytron-enabled is set to false,we cannot use the other alternatives:

      /profile=full/subsystem=datasources/xa-data-source=H2XADS:add(driver-name=h2,
      jndi-name="java:/H2XADS",user-name=sa,password=sa)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=password)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=user-name)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=elytron-enabled,value=false)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)

      The last command fails with:

      /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)
      {
      "outcome" => "failed",
      "failure-description" =>

      {"domain-failure-description" => "WFLYCTL0105: user-name is invalid in combination with elytron-enabled"}

      ,
      "rolled-back" => true
      }

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8619 Elytron integration with datasources subsystem followup

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. HAL-1294 Fix elytron attributes on datasources and resource-adapters

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. WFLY-8092 Fix Elytron Enabled attributes at ResourceAdapters subsystem

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              flaviarnn Flavia Rainone
              flaviarnn Flavia Rainone
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: