]
Brian Stansberry updated WFCORE-1448:
-------------------------------------
Fix Version/s: 3.0.0.Alpha1
Git Pull Request:
AttributeParser for ObjectListAttributeDefinitions doesn't
differentiate between empty and absent object lists
--------------------------------------------------------------------------------------------------------------
Key: WFCORE-1448
URL:
https://issues.jboss.org/browse/WFCORE-1448
Project: WildFly Core
Issue Type: Bug
Components: Domain Management
Affects Versions: 2.1.0.Final
Reporter: Tomaz Cerar
Assignee: Tomaz Cerar
Fix For: 3.0.0.Alpha1
Attributes of type ObjectList are left undefined when their enclosing element is empty,
which makes it impossible to differentiate an empty object list from an unspecified one.
The ability to distinguish the two scenarios is important in the security manager
subsystem. Consider this configuration:
{code:xml}
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<mininum-set>
....
</minimum-set>
</deployment-permissions>
</subsystem>
{code}
The maximum-set is absent and this case we want to use a default set with AllPermission.
Now consider another configuration:
{code:xml}
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<mininum-set/>
<maximum-set/>
</deployment-permissions>
</subsystem>
{code}
In this case, maximum-set has been specified but it is empty, which means the admin/user
deliberately wants to use an emtpy set, possibly to enforce that no deployments with
special permissions requirements get deployed.
The problem is that both scenarios result in an undefined attribute for the maximum-set,
which means that the default AllPermission set ends up being used in both cases. The
parser doesn't initialize the attribute with an empty list when the enclosing element
is present but is empty. So in the end, both approaches result in an undefined attribute.