<div dir="ltr">Is this discussion triggered by the recent JDBC realm issue that has been reported? <div><br></div><div>The problem in this case is I think it depends on the running mode requirements of a specific instance of a capability not all capabilities of that type so the impact becomes transitive.</div><div><br></div><div>If we have: -</div><div><br></div><div>SecurityDomain -> JDBC Realm -> DataSource</div><div><br></div><div>This chain only makes sense in modes where a DataSource can be started.</div><div><br></div><div>But we also have: -</div><div><br></div><div>SecurityDomain -> PropertiesRealm</div><div><br></div><div>This last one makes sense in all modes.</div><div><br></div><div>So the overall effect is the minimum running mode of the DataSource affects the minimum running mode of the SecurityDomain.</div><div><br></div><div>Regards,</div><div>Darran Lofthouse.</div><div><br><br><div class="gmail_quote"><div dir="ltr">On Tue, 12 Dec 2017 at 19:40 Brian Stansberry <<a href="mailto:brian.stansberry@redhat.com">brian.stansberry@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Something the current capabilities/requirements stuff doesn't handle is the fact that some capabilities can be configured but won't be turned on in some situations (i.e. admin-only). Which means other capabilities that might require them and that are present in admin-only will pass configuration consistency checks but will fail at runtime.<div><br></div><div>I'm not sure what to do about this. Some off the top of my head thoughts:</div><div><br></div><div>1) The capability description data on wildly-capabilities includes something about this, so people who want to require the capability understand whether it can be required.</div><div><br></div><div>This is easy, and helps avoids future bugs. It's just documentation so it does nothing about the actual server behavior.</div><div><br></div><div>2) The registration for capabilities could include "minimal running-mode" data, and then the capability resolution could check that and fail if it finds a mismatch in the current running mode.<br clear="all"><div><br></div><div>This is more work obviously. It may help surface problems earlier, i.e. make it more likely that a testsuite catches a mismatch in time to correct it before a .Final release. It would also have the minor benefit of perhaps providing a better error message for a user who configures a mismatch.</div><div><br></div><div>3) The management layer could somehow makes this data available to subsystems so they could utilize it. So, the requiror sees the required cap is not available in the current run level so it in turn doesn't try and install its own cap. Instead logs a WARN or something.</div><div><br></div><div>This is the most work, and I have huge doubts about its wisdom. The software no longer is reasonably predictable, where something is on or off in a given run level; now it's or off depending on whether something else is on or off.</div><div><br></div><div>For any of these we'll need to formalize our existing concepts into a solid run-level concept. I don't think that should be too hard.</div><div><br></div><div>[1] <a>https://github.com/wildfly/wildfly-capabilities</a></div><div><br></div>-- <br><div class="m_7151353332946199090gmail_signature"><div dir="ltr">Brian Stansberry<div>Manager, Senior Principal Software Engineer</div><div>Red Hat</div></div></div>
</div></div>
_______________________________________________<br>
wildfly-dev mailing list<br>
<a>wildfly-dev@lists.jboss.org</a><br>
<a rel="noreferrer">https://lists.jboss.org/mailman/listinfo/wildfly-dev</a></blockquote></div></div></div>