[jboss-jira] [JBoss JIRA] (WFCORE-3310) mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute

Brian Stansberry (JIRA) issues at jboss.org
Thu Sep 21 09:39:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-3310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466906#comment-13466906 ] 

Brian Stansberry commented on WFCORE-3310:
------------------------------------------

[~dlofthouse] So the attributes in question are not handled in any way but are just silently ignored? And the fix would be to reject them?  In the rest of this post I'l assume that's what we're talking about.

If that's the case, this is Minor or even Optional. Only reason it might be Major is if in .Final or .GA docs we showed some attributes like this, thus leading users to create configs that don't work as documented.

I think it's perfectly reasonable for a component lead to say they don't want to spend resources dealing with a Minor or Optional bug, particularly in code that will shortly become legacy. "Dealing with" to include discussing and doing code review, neither of which is free.

OTOH I have no problem with fixing it and possibly "breaking" people who are using invalid configs.

We shouldn't fix it in a micro/patch release unless we have a critical end user demand that requires it. We don't make possibly breaking changes in patch releases just because we have a JIRA on file.

So it's a question of resources. We don't have resources to chase everything like this so I think it's fine to just say no.

> mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-3310
>                 URL: https://issues.jboss.org/browse/WFCORE-3310
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 3.0.3.Final
>            Reporter: Ondrej Lukas
>            Assignee: Ilia Vassilev
>
> Based on wildfly-elytron XSD mechanism-configuration element of http-authentication-factory or sasl-authentication-factory should not contain any attribute. However when some attribute is added for this element in standalone.xml then it does not fail during server start. In correct behavior Validation error should be thrown during starting server.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list