[jboss-jira] [JBoss JIRA] (WFCORE-1556) Poor handling of 'required', 'nillable' and 'alternatives' in AttributeDefinition

Brian Stansberry (JIRA) issues at jboss.org
Wed May 18 17:29:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFCORE-1556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239720#comment-13239720 ] 

Brian Stansberry commented on WFCORE-1556:
------------------------------------------

Another note to self: The "setValidateNull(false)" stuff is quite the black art. Here's one of the 3 uses of it in core and full, all of which are in the same LdapAuthenticationResourceDefinition class:

{code}
    public static final SimpleAttributeDefinition USERNAME_FILTER = new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.USERNAME_ATTRIBUTE, ModelType.STRING, false)
            .setXmlName("attribute")
            .setAlternatives(ModelDescriptionConstants.ADVANCED_FILTER)
            .setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true))
            .setValidateNull(false)
            .setAllowExpression(true)
            .setFlags(AttributeAccess.Flag.RESTART_RESOURCE_SERVICES).build();
{code}

The builder constructor passes "false" as the "allowNull" param, so this attribute is required. But it also has alternatives. This combination would normally fail to validate if the model has this attribute undefined but an alternative defined, even though such a combination is correct.

To get around this, the definition does two things:

1) It sets up a validator that has the "allowNull" field set to "true", meaning the validator will not reject undefined.

{code}
.setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true))
{code}

It does this even though the builder constructor says "allowNull=false".

2) It adds ".setValidateNull(false)". What this does is it turns off the logic added in AS7-3857 that resulted in the AD itself validating undefined values instead of relying on the provided validator to do this. Because this logic is turned off, the AD will not reject undefined, and instead will allow the validator to validate, and it is configured to accept undefined.

It works but is very kludgy. It's not surprising that out of hundreds of attributes that declare alternatives, a great many of which are probably required if no alternative is present, only 2 use this technique.

Also, it only kind of works, since all this does is cause the AD to accept undefined. It doesn't lead to proper validation of the overall model, i.e. a check that one of the alternatives is defined. To do that we had to add to the operation execution logic special validation at the end of Stage.MODEL execution.

> Poor handling of 'required', 'nillable' and 'alternatives' in AttributeDefinition
> ---------------------------------------------------------------------------------
>
>                 Key: WFCORE-1556
>                 URL: https://issues.jboss.org/browse/WFCORE-1556
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management
>            Reporter: Brian Stansberry
>
> The handling of the notions of 'require'd and 'nillable' don't comply with the specs in https://docs.jboss.org/author/display/WFLY10/Description+of+the+Management+Model, particularly the "Description of an Attribute" part, where the 'required' and 'alternatives' fields are well described, with their relationship spelled out, while 'nillable' doesn't appear at all. Then in "Description of an Operation Parameter or Return Value" nillable is specified, although I think those descriptions could be tightened up in general.
> The read-resource-description output for an attribute doesn't show "required" at all.
> After a fair bit of thinking, I've finally recalled why the two separate notions of "required" and "nillable" exist in the first place.
> The "required" and "alternatives" pieces go together. Is something required? And then if it is required, an alternative satisfies. So you can have two attributes/params, both required, but they are alternatives so one is defined and the other is not. And this is an ok thing.
> And then 'nillable' comes in to help clients understand in a simple way whether they need to account for the possibility an undefined value. Basically:
> nillable = !required || alternatives != null
> Right now, nillable is implemented as
> nillable = !required
> There are a number of problems I see with AttributeDefinition:
> 1) We don't output the 'required' metadata unless it's an operation param being described.  This is contrary to spec. However we we shouldn't fix this unless we can have meaningful values for 'required', ones where the value can be true but the attribute/param can still have an undefined value, due to an alternative being present. If we can't fix that, there's no point outputting required as it's just redundant with what we output for 'nillable'.
> 2) We do output the 'nillable' metadata, even for attribute descriptions, where it isn't in the spec. But in this case I think we change the spec, as dropping nillable would be an incompatible change.
> 3) We don't properly validate the "required but has alternatives case." This can't be validated solely with ParameterValidator impls as those only see a single attribute value and don't have contextual information about other attributes/params. To get around this limitation, devs are saying that attributes with alternatives "allowNull" which is equivalent to saying they are not required. But they are required! So I think a fix for this will require AttributeDefinition itself to validate the overall resource model or operation object, and skip calling the ParameterValidator if the attribute/param is undefined and an alternative is defined.
> 4) AttributeDefinition and AbstractAttributeDefinitionBuilder unfortunately have a getter/setter/constructor param for property "allowNull" instead of a property named "required". This is unfortunate because "allowNull" intuitively maps to "nillable", but "required" is a much more useful thing to set. The value of "nillable" can be derived from a "required" setting and an "alternatives" setting, but the value of required cannot be so derived.
> I think a fix for this would probably start from 4), deprecating setAllowNull, adding get/setRequired and changing the meaning of the AD(Builder) constructor param to "required". The effect of this would be that all current code setting "allowNull" would now be setting a new "required" field. This should be a non-breaking change as in current code that's the effect anyway.
> Next would be to fix 3), by changing how AD validates.
> Next would be to change the metadata we output, such that "required" is always present and the "nillable" value is !required || alternatives != null. And change the spec accordingly.
> Last, in a separate task, would be to find attributes that were configuring "allowNull = true" solely to allow validation to pass when alternatives are present, and fix them to say "required=false".



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list