[jboss-jira] [JBoss JIRA] (WFLY-8091) Fix Elytron Enabled attributes at DataSources subsystem

Flavia Rainone (JIRA) issues at jboss.org
Mon Feb 13 09:13:00 EST 2017 

     [ https://issues.jboss.org/browse/WFLY-8091?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Flavia Rainone updated WFLY-8091:
---------------------------------
    Description: 
This Jira is for all ELYTRON_ENABLED attributes defined in datasources subsystem.
The attribute definition has two bugs: 
- alternatives defined:
The alternative prevents the user from setting an ELYTRON_ENABLED attribute to false and using one of the alternative attributes, such as SECURITY_DOMAIN because the model will be considered invalid. (see more details below)

The correct is using alternatives at the AUTHENTICATION_CONTEXT attributes instead and doing an extra validation at AbstractDataSourceAdd/XaDataSourceAdd.

- marshalling of the attribute, we need to follow the same standard as other boolean attributes in the module, the attribute must be marshalled as a <elytron-enabled>true</elytron-enabled> instead of <elytron-enabled/>, which is the current form being used now

More details on the alternatives bug:

If elytron-enabled is set to false,we cannot use the other alternatives:

/profile=full/subsystem=datasources/xa-data-source=H2XADS:add(driver-name=h2,
jndi-name="java:/H2XADS",user-name=sa,password=sa)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=password)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=user-name)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=elytron-enabled,value=false)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)

The last command fails with:

/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)
{
    "outcome" => "failed",
    "failure-description" => {"domain-failure-description" =>
"WFLYCTL0105: user-name is invalid in combination with
elytron-enabled"},
    "rolled-back" => true
}

  was:
If elytron-enabled is set to false,we cannot use the other alternatives:

/profile=full/subsystem=datasources/xa-data-source=H2XADS:add(driver-name=h2,
jndi-name="java:/H2XADS",user-name=sa,password=sa)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=password)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=user-name)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=elytron-enabled,value=false)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)

The last command fails with:

/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)
{
    "outcome" => "failed",
    "failure-description" => {"domain-failure-description" =>
"WFLYCTL0105: user-name is invalid in combination with
elytron-enabled"},
    "rolled-back" => true
}



> Fix Elytron Enabled attributes at DataSources subsystem
> -------------------------------------------------------
>
>                 Key: WFLY-8091
>                 URL: https://issues.jboss.org/browse/WFLY-8091
>             Project: WildFly
>          Issue Type: Bug
>          Components: JCA
>            Reporter: Flavia Rainone
>            Assignee: Flavia Rainone
>
> This Jira is for all ELYTRON_ENABLED attributes defined in datasources subsystem.
> The attribute definition has two bugs: 
> - alternatives defined:
> The alternative prevents the user from setting an ELYTRON_ENABLED attribute to false and using one of the alternative attributes, such as SECURITY_DOMAIN because the model will be considered invalid. (see more details below)
> The correct is using alternatives at the AUTHENTICATION_CONTEXT attributes instead and doing an extra validation at AbstractDataSourceAdd/XaDataSourceAdd.
> - marshalling of the attribute, we need to follow the same standard as other boolean attributes in the module, the attribute must be marshalled as a <elytron-enabled>true</elytron-enabled> instead of <elytron-enabled/>, which is the current form being used now
> More details on the alternatives bug:
> If elytron-enabled is set to false,we cannot use the other alternatives:
> /profile=full/subsystem=datasources/xa-data-source=H2XADS:add(driver-name=h2,
> jndi-name="java:/H2XADS",user-name=sa,password=sa)
> /profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=password)
> /profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=user-name)
> /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=elytron-enabled,value=false)
> /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)
> The last command fails with:
> /profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)
> {
>     "outcome" => "failed",
>     "failure-description" => {"domain-failure-description" =>
> "WFLYCTL0105: user-name is invalid in combination with
> elytron-enabled"},
>     "rolled-back" => true
> }



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list