[JBoss JIRA] (WFLY-3340) Authentication "module-options" inconsistently hash vs list of key/values

Thursday, 12 March 2015

    [
https://issues.jboss.org/browse/WFLY-3340?page=com.atlassian.jira.plugin....
] 

Tomaz Cerar commented on WFLY-3340:
-----------------------------------

I think this was resolved around 7.2.0 times when whole security subsystem moved to
resources instead of complex attributes.

...
 Authentication "module-options" inconsistently hash vs list
of key/values
 -------------------------------------------------------------------------

                 Key: WFLY-3340
                 URL: https://issues.jboss.org/browse/WFLY-3340
             Project: WildFly
          Issue Type: Enhancement
          Components: Domain Management, Security
    Affects Versions: JBoss AS7 7.1.1.Final
         Environment: RHEL 6.4, x86_64
            Reporter: Chris Pitman
            Assignee: Brian Stansberry
              Labels: automation, cli, configuration_management

 When adding an authentication mechanism to a security domain it is possible to set the
module-options with a hash (which is great!). However, as soon as a reload occurs they
revert back into a list of key-value pairs. This only makes sense if order matters (which
I hope it doesn't) or if keys can be repeated (again, hope not).
 Configuration management tools should only change a value when it needs to, and this is
way easier if the value that is set is the same value that is read. Hashes are also far
easier to work with in ruby/puppet/chef.
 Steps to reproduce:
 1. Set the module_options on an already existing authentication mechanism:
 {code}

/subsystem=security/security-domain=servlet-security-quickstart/authentication=classic:write-attribute(name=login-modules,
value=[{"code" =>
"Database","flag"=>"required","module-options"=>{"dsJndiName"
=>
 "java:jboss/datasources/ServletSecurityDS", "principalsQuery" =>
"SELECT PASSWORD FROM USERS WHERE USERNAME = ?", "role
 sQuery" => "SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN
ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME =
?"}}])
 {code}
 2. Read the resource (notice that module-options is till a nice easy to use hash!)
 {code}
 {
     "outcome" => "success",
     "result" => {"login-modules" => [{
         "module-options" => {
             "dsJndiName" =>
"java:jboss/datasources/ServletSecurityDS",
             "principalsQuery" => "SELECT PASSWORD FROM USERS WHERE
USERNAME = ?",
             "rolesQuery" => "SELECT R.NAME, 'Roles' FROM
USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID =
UR.USER_ID WHERE U.USERNAME = ?"
         },
         "flag" => "required",
         "code" => "Database"
     }]},
     "response-headers" => {"process-state" =>
"reload-required"}
 }
 {code}
 3. Reload, then read-resource
 {code}
 {
     "outcome" => "success",
     "result" => {"login-modules" => [{
         "code" => "Database",
         "flag" => "required",
         "module-options" => [
             ("dsJndiName" =>
"java:jboss/datasources/ServletSecurityDS"),
             ("principalsQuery" => "SELECT PASSWORD FROM USERS WHERE
USERNAME = ?"),
             ("rolesQuery" => "SELECT R.NAME, 'Roles' FROM
USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID =
UR.USER_ID WHERE U.USERNAME = ?")
         ]
     }]}
 }
 {code}
 4. module-options is now a list of key-value pairs, and is not equal to what it was set
to before 

--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006