[ https://issues.jboss.org/browse/WFLY-8973?page=com.atlassian.jira.plugin.... ] Stefan Guilhen updated WFLY-8973: --------------------------------- Description: Security subsystem contains attributes with capabilities which don't set access-constraint. How to reproduce: {code} /subsystem=security:read-resource-description(recursive=true) {code} Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint. Furthermore, these resources expose Elytron capabilities and they should also define access constraints. In the Elytron subsystem all resources exposing capabilities use constraints named "elytron-security" and the legacy subsystem resources should follow the same convention for consistency. was: Security subsystem contains attributes with capabilities which don't set access-constraint. How to reproduce: {code} /subsystem=security:read-resource-description(recursive=true) {code} Resources elytron-realm, elytron-key-store, elytron-trust-store, elytron-key-manager and elytron-trust-manager all contain attributes that reference a JAAS security domain and that are missing the SECURITY_DOMAIN_REF constraint. -- This message was sent by Atlassian JIRA (v7.2.3#72005)