Daran,
I have looked at the /subsystem=elytron content. From this long list it
is difficult to extract use cases.
Grouping the resources (as Claudio did) in a way that reflects your
object model
(
https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security)
can help. Thinking at various administrator use cases (that would
activate multiple resources in sequential steps) could help define the
best security related CLI commands.
I guess that we would not expose commands for everything but if we cover
the main actions, the low level operation support (with completion for
capabilities) would help handle the missing pieces.
I am available if you are ready to teach me a bit ;-).
Thanks.
JF
On 28/09/16 17:20, Claudio Miranda wrote:
On Wed, Sep 28, 2016 at 9:53 AM, Harald Pehl <hpehl(a)redhat.com>
wrote:
> More important to me is a logical grouping of resources which belong
> together. This should be reflected in both the documentation and in HAL.
This is the grouping I did, suggestions are welcome
* Role Mapper
add-prefix-role-mapper
add-suffix-role-mapper
aggregate-role-mapper
constant-role-mapper
custom-role-mapper
logical-role-mapper
* Decoder
aggregate-principal-decoder
concatenating-principal-decoder
constant-principal-decoder
custom-principal-decoder
x500-attribute-principal-decoder
custom-role-decoder
empty-role-decoder
simple-role-decoder
* Factory
aggregate-http-server-mechanism-factory
aggregate-sasl-server-factory
configurable-http-server-mechanism-factory
configurable-sasl-server-factory
custom-credential-security-factory
http-authentication-factory
kerberos-security-factory
mechanism-provider-filtering-sasl-server-factory
provider-http-server-mechanism-factory
provider-sasl-server-factory
sasl-authentication-factory
service-loader-http-server-mechanism-factory
service-loader-sasl-server-factory
* Realm
properties-realm
filesystem-realm
jdbc-realm
ldap-realm
key-store-realm
aggregate-realm
custom-modifiable-realm
custom-realm
custom-realm-mapper
mapped-regex-realm-mapper
simple-regex-realm-mapper
* Rewriter
aggregate-name-rewriter
chained-name-rewriter
constant-name-rewriter
custom-name-rewriter
regex-name-validating-rewriter
regex-name-rewriter
* Permission Mapper
custom-permission-mapper
logical-permission-mapper
simple-permission-mapper
* SSL
key-managers
key-store
provider-loader
server-ssl-context
trust-managers
* Security Domain
security-domain
security-property
* LDAP Connection
dir-context