WFLY-8070 Passwords and credential-reference should be mutually exclu…

…sive

mail/src/main/java/org/jboss/as/mail/extension/MailServerDefinition.java

@@ -104,6 +104,7 @@ class MailServerDefinition extends PersistentResourceDefinition {
                     .setFlags(AttributeAccess.Flag.RESTART_ALL_SERVICES)
                     .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
                     .addAccessConstraint(MAIL_SERVER_SECURITY_DEF)
+                    .addAlternatives(MailSubsystemModel.PASSWORD)
                     .build();
 
     protected static final SimpleAttributeDefinition PASSWORD =
@@ -112,6 +113,7 @@ class MailServerDefinition extends PersistentResourceDefinition {
                     .setFlags(AttributeAccess.Flag.RESTART_ALL_SERVICES)
                     .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
                     .addAccessConstraint(MAIL_SERVER_SECURITY_DEF)
+                    .setAlternatives(CredentialReference.CREDENTIAL_REFERENCE)
                     .build();
 
     protected static final PropertiesAttributeDefinition PROPERTIES = new PropertiesAttributeDefinition.Builder(ModelDescriptionConstants.PROPERTIES, true)

mail/src/test/java/org/jboss/as/mail/extension/MailSubsystem21TestCase.java

@@ -31,8 +31,10 @@
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.WRITE_ATTRIBUTE_OPERATION;
 
 import java.io.IOException;
+import java.net.InetAddress;
 import java.util.Properties;
 
+import javax.mail.PasswordAuthentication;
 import javax.mail.Session;
 
 import org.jboss.as.controller.OperationFailedException;
@@ -110,6 +112,9 @@ public void testRuntime() throws Exception {
         Assert.assertNotNull("smtp host should be set", properties.getProperty("mail.smtp.host"));
         Assert.assertNotNull("pop3 host should be set", properties.getProperty("mail.pop3.host"));
         Assert.assertNotNull("imap host should be set", properties.getProperty("mail.imap.host"));
+        PasswordAuthentication auth = session.requestPasswordAuthentication(InetAddress.getLocalHost(), 25, "smtp", "", "");
+        Assert.assertEquals("nobody", auth.getUserName());
+        Assert.assertEquals("pass", auth.getPassword());
 
         ServiceController<?> defaultMailService = mainServices.getContainer().getService(MailSessionAdd.MAIL_SESSION_SERVICE_NAME.append("default2"));
         session = (Session) defaultMailService.getValue();

mail/src/test/resources/org/jboss/as/mail/extension/subsystem_2_1.xml

@@ -28,7 +28,7 @@
             <credential-reference clear-text="pass"/>
         </smtp-server>
         <pop3-server outbound-socket-binding-ref="mail-pop3"/>
-        <imap-server outbound-socket-binding-ref="mail-imap" username="${exp.name:nobody}" password="${exp.password:pass}">
+        <imap-server outbound-socket-binding-ref="mail-imap" username="${exp.name:nobody}">
             <credential-reference clear-text="different-pass"/>
         </imap-server>
     </mail-session>

messaging-activemq/src/main/java/org/wildfly/extension/messaging/activemq/BridgeDefinition.java

@@ -27,6 +27,7 @@
 import static org.jboss.dmr.ModelType.BOOLEAN;
 import static org.jboss.dmr.ModelType.INT;
 import static org.jboss.dmr.ModelType.STRING;
+import static org.wildfly.extension.messaging.activemq.CommonAttributes.PASSWORD;
 import static org.wildfly.extension.messaging.activemq.MessagingExtension.MESSAGING_SECURITY_SENSITIVE_TARGET;
 import static org.wildfly.extension.messaging.activemq.CommonAttributes.STATIC_CONNECTORS;
 
@@ -92,13 +93,13 @@ public class BridgeDefinition extends PersistentResourceDefinition {
             .setRestartAllServices()
             .build();
 
-    public static final SimpleAttributeDefinition PASSWORD = create("password", STRING)
-            .setAllowNull(true)
+    public static final SimpleAttributeDefinition PASSWORD = create("password", STRING, true)
             .setAllowExpression(true)
             .setDefaultValue(new ModelNode().set(ActiveMQDefaultConfiguration.getDefaultClusterPassword()))
             .setRestartAllServices()
             .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
             .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
+            .setAlternatives(CredentialReference.CREDENTIAL_REFERENCE)
             .build();
 
     public static final SimpleAttributeDefinition USER = create("user", STRING)
@@ -116,6 +117,7 @@ public class BridgeDefinition extends PersistentResourceDefinition {
                     .setRestartAllServices()
                     .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
                     .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
+                    .setAlternatives(PASSWORD.getName())
                     .build();
 
     public static final SimpleAttributeDefinition USE_DUPLICATE_DETECTION = create("use-duplicate-detection", BOOLEAN)

messaging-activemq/src/main/java/org/wildfly/extension/messaging/activemq/ServerDefinition.java

@@ -74,15 +74,15 @@
  */
 public class ServerDefinition extends PersistentResourceDefinition {
 
-    public static final SimpleAttributeDefinition CLUSTER_PASSWORD = create("cluster-password", ModelType.STRING)
+    public static final SimpleAttributeDefinition CLUSTER_PASSWORD = create("cluster-password", ModelType.STRING, true)
             .setAttributeGroup("cluster")
             .setXmlName("password")
             .setDefaultValue(new ModelNode(ActiveMQDefaultConfiguration.getDefaultClusterPassword()))
-            .setAllowNull(true)
             .setAllowExpression(true)
             .setRestartAllServices()
             .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
             .addAccessConstraint(MessagingExtension.MESSAGING_SECURITY_SENSITIVE_TARGET)
+            .setAlternatives("cluster-" + CredentialReference.CREDENTIAL_REFERENCE)
             .build();
 
     public static final ObjectTypeAttributeDefinition CREDENTIAL_REFERENCE =
@@ -92,6 +92,7 @@ public class ServerDefinition extends PersistentResourceDefinition {
                     .setRestartAllServices()
                     .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
                     .addAccessConstraint(MessagingExtension.MESSAGING_SECURITY_SENSITIVE_TARGET)
+                    .setAlternatives(CLUSTER_PASSWORD.getName())
                     .build();
 
     public static final SimpleAttributeDefinition CLUSTER_USER = create("cluster-user", ModelType.STRING)

messaging-activemq/src/main/java/org/wildfly/extension/messaging/activemq/jms/bridge/JMSBridgeDefinition.java

@@ -65,6 +65,8 @@ public class JMSBridgeDefinition extends PersistentResourceDefinition {
 
     public static final String PAUSE = "pause";
     public static final String RESUME = "resume";
+    private static final String SOURCE_CREDENTIAL_REFERENCE_NAME = "source-" + CredentialReference.CREDENTIAL_REFERENCE;
+    private static final String TARGET_CREDENTIAL_REFERENCE_NAME = "target-" + CredentialReference.CREDENTIAL_REFERENCE;
 
     public static final SimpleAttributeDefinition MODULE = create("module", STRING)
             .setAllowNull(true)
@@ -89,21 +91,22 @@ public class JMSBridgeDefinition extends PersistentResourceDefinition {
             .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
             .build();
 
-    public static final SimpleAttributeDefinition SOURCE_PASSWORD = create("source-password", STRING)
+    public static final SimpleAttributeDefinition SOURCE_PASSWORD = create("source-password", STRING, true)
             .setAttributeGroup(SOURCE)
             .setXmlName(PASSWORD)
-            .setAllowNull(true)
             .setAllowExpression(true)
             .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
             .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
+            .setAlternatives(SOURCE_CREDENTIAL_REFERENCE_NAME)
             .build();
 
     public static final ObjectTypeAttributeDefinition SOURCE_CREDENTIAL_REFERENCE =
-            CredentialReference.getAttributeBuilder("source-" + CredentialReference.CREDENTIAL_REFERENCE, CredentialReference.CREDENTIAL_REFERENCE, true)
+            CredentialReference.getAttributeBuilder(SOURCE_CREDENTIAL_REFERENCE_NAME, CredentialReference.CREDENTIAL_REFERENCE, true)
                     .setAttributeGroup(SOURCE)
                     .setCapabilityReference(CredentialReference.CREDENTIAL_STORE_CAPABILITY)
                     .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
                     .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
+                    .setAlternatives(SOURCE_PASSWORD.getName())
                     .build();
 
     public static final PropertiesAttributeDefinition SOURCE_CONTEXT = new PropertiesAttributeDefinition.Builder("source-context", true)
@@ -132,21 +135,22 @@ public class JMSBridgeDefinition extends PersistentResourceDefinition {
             .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
             .build();
 
-    public static final SimpleAttributeDefinition TARGET_PASSWORD = create("target-password", STRING)
+    public static final SimpleAttributeDefinition TARGET_PASSWORD = create("target-password", STRING, true)
             .setAttributeGroup(TARGET)
             .setXmlName(PASSWORD)
-            .setAllowNull(true)
             .setAllowExpression(true)
             .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
             .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
+            .setAlternatives(TARGET_CREDENTIAL_REFERENCE_NAME)
             .build();
 
     public static final ObjectTypeAttributeDefinition TARGET_CREDENTIAL_REFERENCE =
-            CredentialReference.getAttributeBuilder("target-" + CredentialReference.CREDENTIAL_REFERENCE, CredentialReference.CREDENTIAL_REFERENCE, true)
+            CredentialReference.getAttributeBuilder(TARGET_CREDENTIAL_REFERENCE_NAME, CredentialReference.CREDENTIAL_REFERENCE, true)
                     .setAttributeGroup(TARGET)
                     .setCapabilityReference(CredentialReference.CREDENTIAL_STORE_CAPABILITY)
                     .addAccessConstraint(SensitiveTargetAccessConstraintDefinition.CREDENTIAL)
                     .addAccessConstraint(MESSAGING_SECURITY_SENSITIVE_TARGET)
+                    .setAlternatives(TARGET_PASSWORD.getName())
                     .build();
 
     public static final PropertiesAttributeDefinition TARGET_CONTEXT = new PropertiesAttributeDefinition.Builder("target-context", true)

messaging-activemq/src/test/resources/org/wildfly/extension/messaging/activemq/subsystem_1_1_reject_transform.xml

@@ -4,7 +4,7 @@
     <server name="default">
 
         <security elytron-domain="elytronDomain"/>
-        <cluster user="testuser" password="pass">
+        <cluster user="testuser">
             <credential-reference store="cs1" alias="testuser"/>
         </cluster>
         <journal datasource="fooDS"
@@ -21,13 +21,20 @@
                             static-connectors="in-vm netty" />
 
         <bridge name="bridge1"
+                queue-name="${queue.name:coreQueueA}"
+                forwarding-address="${forwarding.address:forwardingaddress1}"
+                producer-window-size="${producer.windows.size:5678}"
+                static-connectors="in-vm netty"
+                user="${user:Brian}">
+            <credential-reference clear-text="secret1"/>
+        </bridge>
+        <bridge name="bridge2"
                 queue-name="${queue.name:coreQueueA}"
                 forwarding-address="${forwarding.address:forwardingaddress1}"
                 producer-window-size="${producer.windows.size:5678}"
                 static-connectors="in-vm netty"
                 user="${user:Brian}"
                 password="${password:secret}">
-            <credential-reference clear-text="secret1"/>
         </bridge>
         <pooled-connection-factory name="hornetq-ra-local"
                                    transaction="local"