[WFLY-5599] Elytron integration as a resource

security/subsystem/src/main/java/org/jboss/as/security/Attribute.java

@@ -38,7 +38,6 @@ public enum Attribute {
     AUTHENTICATION_MANAGER_CLASS_NAME("authentication-manager-class-name"),
     AUTHORIZATION_MANAGER_CLASS_NAME("authorization-manager-class-name"),
     CACHE_TYPE("cache-type"),
-    EXPORT_ELYTRON_REALM("export-elytron-realm"),
     CIPHER_SUITES("cipher-suites"),
     CLIENT_ALIAS("client-alias"),
     CLIENT_AUTH("client-auth"),
@@ -71,7 +70,8 @@ public enum Attribute {
     TRUSTSTORE_TYPE("truststore-type"),
     TRUSTSTORE_URL("truststore-url"),
     TYPE("type"),
-    VALUE("value");
+    VALUE("value"),
+    LEGACY_DOMAIN_NAME("legacy-domain-name");
 
     private final String name;
 

security/subsystem/src/main/java/org/jboss/as/security/Constants.java

@@ -117,5 +117,7 @@ public interface Constants {
     String LIST_CACHED_PRINCIPALS = "list-cached-principals";
     String FLUSH_CACHE = "flush-cache";
     String PRINCIPAL_ARGUMENT = "principal";
-    String EXPORT_ELYTRON_REALM = "export-elytron-realm";
+    String ELYTRON_INTEGRATION = "elytron-integration";
+    String ELYTRON_REALM = "elytron-realm";
+    String LEGACY_DOMAIN_NAME = "legacy-domain-name";
 }

security/subsystem/src/main/java/org/jboss/as/security/Element.java

@@ -59,7 +59,9 @@ enum Element {
     SUBJECT_FACTORY("subject-factory"),
     TRUST_MODULE("trust-module"),
     VAULT("vault"),
-    VAULT_OPTION("vault-option");
+    VAULT_OPTION("vault-option"),
+    ELYTRON_INTEGRATION("elytron-integration"),
+    ElYTRON_REALM("elytron-realm");
 
     private final String name;
 

security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainAdd.java

@@ -79,15 +79,13 @@
 import org.jboss.as.controller.registry.Resource;
 import org.jboss.as.security.logging.SecurityLogger;
 import org.jboss.as.security.plugins.SecurityDomainContext;
-import org.jboss.as.security.realm.DomainContextRealmService;
 import org.jboss.as.security.service.JaasConfigurationService;
 import org.jboss.as.security.service.SecurityDomainService;
 import org.jboss.as.security.service.SecurityManagementService;
 import org.jboss.dmr.ModelNode;
 import org.jboss.dmr.Property;
 import org.jboss.msc.service.ServiceBuilder;
 import org.jboss.msc.service.ServiceController;
-import org.jboss.msc.service.ServiceName;
 import org.jboss.msc.service.ServiceTarget;
 import org.jboss.security.ISecurityManagement;
 import org.jboss.security.JBossJSSESecurityDomain;
@@ -111,7 +109,6 @@
 import org.jboss.security.mapping.MappingType;
 import org.jboss.security.mapping.config.MappingModuleEntry;
 import org.wildfly.clustering.infinispan.spi.service.CacheContainerServiceName;
-import org.wildfly.security.auth.server.SecurityRealm;
 
 /**
  * Add a security domain configuration.
@@ -140,16 +137,6 @@ protected void populateModel(ModelNode operation, ModelNode model) throws Operat
         }
     }
 
-    @Override
-    protected void recordCapabilitiesAndRequirements(final OperationContext context, final ModelNode operation, final Resource resource) throws OperationFailedException {
-        super.recordCapabilitiesAndRequirements(context, operation, resource);
-        // register the security realm capabality if the export-elytron-realm attribute has been set.
-        ModelNode elytronRealm = SecurityDomainResourceDefinition.EXPORT_ELYTRON_REALM.resolveModelAttribute(context, resource.getModel());
-        if (elytronRealm.isDefined()) {
-            context.registerCapability(Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.fromBaseCapability(elytronRealm.asString()), null);
-        }
-    }
-
     @Override
     protected void performRuntime(OperationContext context, ModelNode operation, final ModelNode model) {
         PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR));
@@ -187,15 +174,6 @@ public void launchServices(OperationContext context, String securityDomain, Mode
                     Object.class, securityDomainService.getCacheManagerInjector());
         }
         builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
-
-        final ModelNode elytronRealm = SecurityDomainResourceDefinition.EXPORT_ELYTRON_REALM.resolveModelAttribute(context, model);
-        if (elytronRealm.isDefined()) {
-            final ServiceName realmServiceName = context.getCapabilityServiceName(Capabilities.SECURITY_REALM_CAPABILITY, elytronRealm.asString(), SecurityRealm.class);
-            final DomainContextRealmService domainContextRealmService = new DomainContextRealmService();
-            target.addService(realmServiceName, domainContextRealmService)
-                    .addDependency(SecurityDomainService.SERVICE_NAME.append(securityDomain), SecurityDomainContext.class, domainContextRealmService.getSecurityDomainContextInjector())
-                    .setInitialMode(ServiceController.Mode.ACTIVE).install();
-        }
     }
 
     private ApplicationPolicy createApplicationPolicy(OperationContext context, String securityDomain, final ModelNode model)

security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainReloadAddHandler.java

@@ -46,15 +46,4 @@ protected void recreateParentService(OperationContext context, PathAddress paren
     protected ServiceName getParentServiceName(PathAddress parentAddress) {
         return SecurityDomainResourceDefinition.getSecurityDomainServiceName(parentAddress);
     }
-
-    @Override
-    protected void removeServices(final OperationContext context, final ServiceName parentService, final ModelNode parentModel) throws OperationFailedException {
-        super.removeServices(context, parentService, parentModel);
-        // make sure the security realm service is also removed.
-        ModelNode elytronRealm = SecurityDomainResourceDefinition.EXPORT_ELYTRON_REALM.resolveModelAttribute(context, parentModel);
-        if (elytronRealm.isDefined()) {
-            ServiceName serviceName = Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.getCapabilityServiceName(elytronRealm.asString());
-            context.removeService(serviceName);
-        }
-    }
 }

security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainReloadRemoveHandler.java

@@ -47,15 +47,4 @@ protected void recreateParentService(OperationContext context, PathAddress paren
     protected ServiceName getParentServiceName(PathAddress parentAddress) {
         return SecurityDomainResourceDefinition.getSecurityDomainServiceName(parentAddress);
     }
-
-    @Override
-    protected void removeServices(final OperationContext context, final ServiceName parentService, final ModelNode parentModel) throws OperationFailedException {
-        super.removeServices(context, parentService, parentModel);
-        // make sure the security realm service is also removed.
-        ModelNode elytronRealm = SecurityDomainResourceDefinition.EXPORT_ELYTRON_REALM.resolveModelAttribute(context, parentModel);
-        if (elytronRealm.isDefined()) {
-            ServiceName serviceName = Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.getCapabilityServiceName(elytronRealm.asString());
-            context.removeService(serviceName);
-        }
-    }
 }

security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainReloadWriteHandler.java

@@ -48,15 +48,4 @@ protected void recreateParentService(OperationContext context, PathAddress paren
     protected ServiceName getParentServiceName(PathAddress parentAddress) {
         return SecurityDomainResourceDefinition.getSecurityDomainServiceName(parentAddress);
     }
-
-    @Override
-    protected void removeServices(final OperationContext context, final ServiceName parentService, final ModelNode parentModel) throws OperationFailedException {
-        super.removeServices(context, parentService, parentModel);
-        // make sure the security realm service is also removed.
-        ModelNode elytronRealm = SecurityDomainResourceDefinition.EXPORT_ELYTRON_REALM.resolveModelAttribute(context, parentModel);
-        if (elytronRealm.isDefined()) {
-            ServiceName serviceName = Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.getCapabilityServiceName(elytronRealm.asString());
-            context.removeService(serviceName);
-        }
-    }
 }

security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainResourceDefinition.java

@@ -34,7 +34,7 @@
 import org.jboss.as.controller.OperationContext;
 import org.jboss.as.controller.OperationFailedException;
 import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
+import org.jboss.as.controller.ServiceRemoveStepHandler;
 import org.jboss.as.controller.SimpleAttributeDefinition;
 import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
 import org.jboss.as.controller.SimpleOperationDefinition;
@@ -45,7 +45,6 @@
 import org.jboss.as.controller.access.management.ApplicationTypeAccessConstraintDefinition;
 import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
 import org.jboss.as.controller.operations.common.Util;
-import org.jboss.as.controller.operations.validation.StringLengthValidator;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
 import org.jboss.as.controller.registry.OperationEntry;
 import org.jboss.as.security.logging.SecurityLogger;
@@ -69,20 +68,15 @@ class SecurityDomainResourceDefinition extends SimpleResourceDefinition {
             .setAllowedValues("default", "infinispan")
             .build();
 
-    public static final SimpleAttributeDefinition EXPORT_ELYTRON_REALM = new SimpleAttributeDefinitionBuilder(Constants.EXPORT_ELYTRON_REALM, ModelType.STRING, true)
-            .setAllowExpression(false)
-            .setValidator(new StringLengthValidator(1, true))
-            .build();
-
-    public static final AttributeDefinition[] ATTRIBUTES = new AttributeDefinition[] {CACHE_TYPE, EXPORT_ELYTRON_REALM};
+    public static final AttributeDefinition[] ATTRIBUTES = new AttributeDefinition[] {CACHE_TYPE};
 
     private final boolean registerRuntimeOnly;
     private final List<AccessConstraintDefinition> accessConstraints;
 
     SecurityDomainResourceDefinition(boolean registerRuntimeOnly) {
         super(SecurityExtension.SECURITY_DOMAIN_PATH,
                 SecurityExtension.getResourceDescriptionResolver(Constants.SECURITY_DOMAIN), SecurityDomainAdd.INSTANCE,
-                new SecurityDomainRemove(SecurityDomainService.SERVICE_NAME, SecurityDomainAdd.INSTANCE));
+                new ServiceRemoveStepHandler(SecurityDomainService.SERVICE_NAME, SecurityDomainAdd.INSTANCE));
         this.registerRuntimeOnly = registerRuntimeOnly;
         ApplicationTypeConfig atc = new ApplicationTypeConfig(SecurityExtension.SUBSYSTEM_NAME, Constants.SECURITY_DOMAIN);
         AccessConstraintDefinition acd = new ApplicationTypeAccessConstraintDefinition(atc);
@@ -93,7 +87,6 @@ class SecurityDomainResourceDefinition extends SimpleResourceDefinition {
     @Override
     public void registerAttributes(final ManagementResourceRegistration resourceRegistration) {
         resourceRegistration.registerReadWriteAttribute(CACHE_TYPE, null, new SecurityDomainReloadWriteHandler());
-        resourceRegistration.registerReadWriteAttribute(EXPORT_ELYTRON_REALM, null, new ReloadRequiredWriteAttributeHandler());
     }
 
     @Override