[wildfly-dev] Subsystem Hierarchy
Darran Lofthouse
darran.lofthouse at jboss.com
Tue Sep 27 10:47:06 EDT 2016
I have received the following request regarding the hierarchy of the
Elytron subystem so just wanted to get some additional opinions: -
https://issues.jboss.org/browse/WFLY-7190
The Elytron subsystem is implemented by having a number of different
capabilities that are then chained together in the model to expose four
/ five capabilities that are then used across the application server to
access security related services.
https://github.com/wildfly-security-incubator/wildfly-capabilities/tree/elytron_integration/org/wildfly/security
The reason for following the capability approach along with a component
assembly approach to assembling the configuration is so that we are
ready for other subsystems to be added to the server potentially
providing their own implementations of these capabilities.
For our capabilities we have one or more resource definitions making it
possible to configure different implementations of the capabilities
whilst having the configuration fully described in the model unlike the
previous map approach for login modules.
So the general problem is how should an administrator be able to see the
resources by type.
Within the admin console Claudio it looking at a tabbed interface where
different tabs can contain different resources so that seems to be
reasonably covered.
Within the CLI however an administrator is just presented by all
resource types within the subsystem when they use tab completion.
One option could be for us to introduce an arbitrary layer in the
subsystem and group our resources, e.g.
/subsystem=elytron/component=name-rewriter/
/subsystem=elytron/component=security-realm/
But before taking that approach it feels as though this information is
already there and there are possibly some other alternatives we could
consider.
Firstly I wonder if some of the read-* operations could have an
opportunity to take into account capabilities of child resources to
offer a filtered view?
Another possible option could be CLI commands e.g. add-name-rewriter,
add-security-realm - not sure if that would be one way to give a better
user experience.
Anyway just some random thoughts for the moment but wanted to open this
up before jumping immediately to the artificial hierarchy solution.
Regards,
Darran Lofthouse.
More information about the wildfly-dev
mailing list