Brian Stansberry created WFCORE-3013: ---------------------------------------- Summary: Elytron subsystem should not register storage=runtime attributes on profile resources Key: WFCORE-3013 URL: https://issues.jboss.org/browse/WFCORE-3013 Project: WildFly Core Issue Type: Bug Components: Domain Management, Security Reporter: Brian Stansberry Assignee: Brian Stansberry Priority: Blocker Fix For: 3.0.0.Beta28 The elytron subsystem is not checking for appropriate conditions before registering attributes and operations, leading to inappropriate things being registered on the managed domain /profile=*/subsystem=elytron resources. In some cases the OSH handling things attempts to avoid having things blow up if executed on the profile (e.g. ElytronRuntimeOnlyHandler) but really things should not be registered at all if they are not functional. This JIRA is about attributes and resources, which are a simpler case from operations. A runtime-only resource or attribute really has no function in the /profile=* tree as any sort of runtime behind those is not allowed. Following are uses of AbstractAttributeDefinitionBuilder.setStorageRuntime() in the subsystem. All or nearly all of these have an issue of some nature: {code} src/main/java/org/wildfly/extension/elytron/AvailableMechanismsRuntimeResource.java: .setStorageRuntime() available-mechanisms -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/CertificateChainAttributeDefinitions.java: .setStorageRuntime() ok; just a base AD for next one src/main/java/org/wildfly/extension/elytron/CertificateChainAttributeDefinitions.java: .setStorageRuntime() local-certificates and peer-certificates -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/CredentialStoreResourceDefinition.java: .setStorageRuntime() "alias" -- ok; not an attribute (minor fixme to drop pointless call) src/main/java/org/wildfly/extension/elytron/CredentialStoreResourceDefinition.java: .setStorageRuntime() "entry-type" -- ok; not an attribute (minor fixme to drop pointless call) src/main/java/org/wildfly/extension/elytron/CredentialStoreResourceDefinition.java: .setStorageRuntime() "secret-value" -- ok; not an attribute (minor fixme to drop pointless call) src/main/java/org/wildfly/extension/elytron/KeyStoreDefinition.java: .setStorageRuntime() size -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/KeyStoreDefinition.java: .setStorageRuntime() synchronized -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/KeyStoreDefinition.java: .setStorageRuntime() modified -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/LdapKeyStoreDefinition.java: .setStorageRuntime() size -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/PropertiesRealmDefinition.java: .setStorageRuntime() synchronized -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/ProviderAttributeDefinition.java: .setStorageRuntime() loaded-provider -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/ProviderAttributeDefinition.java: .setStorageRuntime() service -- not relevant; inner field of "loaded-providers" src/main/java/org/wildfly/extension/elytron/ProviderAttributeDefinition.java: .setStorageRuntime() loaded-providers -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java: .setStorageRuntime() active-session-count -- FIXME not on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/SSLSessionDefinition.java: .setStorageRuntime() -- FIXME resource should not be on profile src/main/java/org/wildfly/extension/elytron/ServiceStateDefinition.java: .setStorageRuntime() state -- FIXME not on profile {code} I believe I'll resolve this via some sort of utility code that the registration logic can call in order to avoid invalid registrations. See also WFCORE-2829. -- This message was sent by Atlassian JIRA (v7.2.3#72005)