Make undertow extension module's dependency on org.jboss.as.security module optional ------------------------------------------------------------------------------------ Key: WFLY-11137 URL: https://issues.jboss.org/browse/WFLY-11137 Project: WildFly Issue Type: Task Components: Security, Web (Undertow) Reporter: Brian Stansberry Priority: Major Don't require the legacy security subsystem module if it's not actually used. Usage looks like this: {code} wildfly bstansberry$ cd undertow/ undertow bstansberry$ git grep org.jboss.as.security src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentInfoService.java:import org.jboss.as.security.plugins.SecurityDomainContext; src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java:import org.jboss.as.security.deployment.AbstractSecurityDeployer; src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java:import org.jboss.as.security.deployment.SecurityAttachments; src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java:import org.jboss.as.security.plugins.SecurityDomainContext; src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java:import org.jboss.as.security.service.JaccService; src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java:import org.jboss.as.security.service.SecurityDomainService; src/main/java/org/wildfly/extension/undertow/security/DigestCredentialImpl.java:import org.jboss.as.security.DigestCredential; src/main/java/org/wildfly/extension/undertow/security/JAASIdentityManagerImpl.java:import org.jboss.as.security.plugins.SecurityDomainContext; src/main/java/org/wildfly/extension/undertow/security/SecurityContextThreadSetupAction.java:import org.jboss.as.security.plugins.SecurityDomainContext; src/main/java/org/wildfly/extension/undertow/security/jacc/WarJACCDeployer.java:import org.jboss.as.security.deployment.AbstractSecurityDeployer; src/main/java/org/wildfly/extension/undertow/security/jacc/WarJACCDeployer.java:import org.jboss.as.security.service.JaccService; src/main/java/org/wildfly/extension/undertow/security/jacc/WarJACCService.java:import org.jboss.as.security.service.JaccService; {code} Dropping the use of SecurityAttachments from UndertowDeploymentProcessor and instead having it check for the presence of the org.wildfly.legacy-security capability will go a long way here. After that, most if not all of the other uses only get called either as a result of that check being true, or some config attribute that directly or indirectly references a security domain. IOW the other uses are only needed if the security subsystem is known to be configured. Per Intellij, DigestCredentialImpl is unused.