[jboss-jira] [JBoss JIRA] (WFCORE-1448) AttributeParser for ObjectListAttributeDefinitions doesn't differentiate between empty and absent object lists

Wed Mar 23 05:48:00 EDT 2016

     [ https://issues.jboss.org/browse/WFCORE-1448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomaz Cerar moved JBEAP-3935 to WFCORE-1448:
--------------------------------------------

              Project: WildFly Core  (was: JBoss Enterprise Application Platform)
                  Key: WFCORE-1448  (was: JBEAP-3935)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: Domain Management
                           (was: Domain Management)
       Target Release:   (was: 7.0.0.GA)
    Affects Version/s: 2.1.0.Final
                           (was: 7.0.0.ER6)


> AttributeParser for ObjectListAttributeDefinitions doesn't differentiate between empty and absent object lists
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-1448
>                 URL: https://issues.jboss.org/browse/WFCORE-1448
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management
>    Affects Versions: 2.1.0.Final
>            Reporter: Tomaz Cerar
>            Assignee: Tomaz Cerar
>
> Attributes of type ObjectList are left undefined when their enclosing element is empty, which makes it impossible to differentiate an empty object list from an unspecified one.
> The ability to distinguish the two scenarios is important in the security manager subsystem. Consider this configuration:
> {code:xml}
> <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
>     <deployment-permissions>
>         <mininum-set>
>              ....
>         </minimum-set>
>     </deployment-permissions>
> </subsystem>
> {code}
> The maximum-set is absent and this case we want to use a default set with AllPermission. Now consider another configuration:
> {code:xml}
> <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
>     <deployment-permissions>
>         <mininum-set/>
>         <maximum-set/>
>     </deployment-permissions>
> </subsystem>
> {code}
> In this case, maximum-set has been specified but it is empty, which means the admin/user deliberately wants to use an emtpy set, possibly to enforce that no deployments with special permissions requirements get deployed.
> The problem is that both scenarios result in an undefined attribute for the maximum-set, which means that the default AllPermission set ends up being used in both cases. The parser doesn't initialize the attribute with an empty list when the enclosing element is present but is empty. So in the end, both approaches result in an undefined attribute.


--
This message was sent by Atlassian JIRA
(v6.4.11#64026)