Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8091

Fix Elytron Enabled attributes at DataSources subsystem

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Done
    • None
    • 11.0.0.Alpha1
    • JCA
    • None
    • Workaround Exists
    • Hide

      Remote alternatives from the attribute and make the validation at the subsystem add.

      Show
      Remote alternatives from the attribute and make the validation at the subsystem add.

    Description

      This Jira is for all ELYTRON_ENABLED attributes defined in datasources subsystem.
      The attribute definition has two bugs:

      • alternatives defined:
        The alternative prevents the user from setting an ELYTRON_ENABLED attribute to false and using one of the alternative attributes, such as SECURITY_DOMAIN because the model will be considered invalid. (see more details below)

      The correct is using alternatives at the AUTHENTICATION_CONTEXT attributes instead and doing an extra validation at AbstractDataSourceAdd/XaDataSourceAdd.

      • marshalling of the attribute, we need to follow the same standard as other boolean attributes in the module, the attribute must be marshalled as a <elytron-enabled>true</elytron-enabled> instead of <elytron-enabled/>, which is the current form being used now

      More details on the alternatives bug:

      If elytron-enabled is set to false,we cannot use the other alternatives:

      /profile=full/subsystem=datasources/xa-data-source=H2XADS:add(driver-name=h2,
      jndi-name="java:/H2XADS",user-name=sa,password=sa)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=password)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=user-name)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=elytron-enabled,value=false)
      /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)

      The last command fails with:

      /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)
      {
      "outcome" => "failed",
      "failure-description" =>

      {"domain-failure-description" => "WFLYCTL0105: user-name is invalid in combination with elytron-enabled"}

      ,
      "rolled-back" => true
      }

      Attachments

        Issue Links

          Activity

            People

              flaviarnn Flavia Rainone
              flaviarnn Flavia Rainone
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: