WFLY-2137 Fix circular dependency between security subsystem, jacorb …

…and the transaction subsystem when JTS is enabled

security-manager/src/main/java/org/wildfly/extension/security/manager/SecurityManagerSubsystemAdd.java

@@ -65,6 +65,7 @@ class SecurityManagerSubsystemAdd extends AbstractAddStepHandler {
     static final SecurityManagerSubsystemAdd INSTANCE = new SecurityManagerSubsystemAdd();
 
     private SecurityManagerSubsystemAdd() {
+        super();
     }
 
     @Override

security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainAdd.java

@@ -69,7 +69,6 @@
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
 import javax.security.auth.login.Configuration;
-import javax.transaction.TransactionManager;
 
 import org.jboss.as.controller.AbstractAddStepHandler;
 import org.jboss.as.controller.OperationContext;
@@ -84,11 +83,8 @@
 import org.jboss.as.security.service.SecurityManagementService;
 import org.jboss.dmr.ModelNode;
 import org.jboss.dmr.Property;
-import org.jboss.msc.inject.InjectionException;
-import org.jboss.msc.inject.Injector;
 import org.jboss.msc.service.ServiceBuilder;
 import org.jboss.msc.service.ServiceController;
-import org.jboss.msc.service.ServiceName;
 import org.jboss.msc.service.ServiceTarget;
 import org.jboss.security.ISecurityManagement;
 import org.jboss.security.JBossJSSESecurityDomain;
@@ -111,7 +107,6 @@
 import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
 import org.jboss.security.mapping.MappingType;
 import org.jboss.security.mapping.config.MappingModuleEntry;
-import org.jboss.security.plugins.TransactionManagerLocator;
 import org.wildfly.clustering.infinispan.spi.service.CacheContainerServiceName;
 
 /**
@@ -160,23 +155,12 @@ public void launchServices(OperationContext context, String securityDomain, Mode
         final SecurityDomainService securityDomainService = new SecurityDomainService(securityDomain,
                 applicationPolicy, jsseSecurityDomain, cacheType);
         final ServiceTarget target = context.getServiceTarget();
-        // some login modules may require the TransactionManager
-        final Injector<TransactionManager> transactionManagerInjector = new Injector<TransactionManager>() {
-            public void inject(final TransactionManager value) throws InjectionException {
-                TransactionManagerLocator.setTransactionManager(value);
-            }
-
-            public void uninject() {
-            }
-        };
         ServiceBuilder<SecurityDomainContext> builder = target
                 .addService(SecurityDomainService.SERVICE_NAME.append(securityDomain), securityDomainService)
                 .addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class,
                         securityDomainService.getSecurityManagementInjector())
                 .addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class,
-                        securityDomainService.getConfigurationInjector())
-                .addDependency(ServiceBuilder.DependencyType.OPTIONAL, ServiceName.JBOSS.append("txn", "TransactionManager"), TransactionManager.class,
-                        transactionManagerInjector);
+                        securityDomainService.getConfigurationInjector());
 
         if ("infinispan".equals(cacheType)) {
             builder.addDependency(CacheContainerServiceName.CACHE_CONTAINER.getServiceName(CACHE_CONTAINER_NAME),

security/subsystem/src/main/java/org/jboss/as/security/SecuritySubsystemRootResourceDefinition.java

@@ -22,6 +22,7 @@
 package org.jboss.as.security;
 
 import javax.security.auth.login.Configuration;
+import javax.transaction.TransactionManager;
 
 import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
 import org.jboss.as.controller.OperationContext;
@@ -35,6 +36,7 @@
 import org.jboss.as.controller.SimpleResourceDefinition;
 import org.jboss.as.controller.access.constraint.SensitivityClassification;
 import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
+import org.jboss.as.controller.capability.RuntimeCapability;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
 import org.jboss.as.naming.ServiceBasedNamingStore;
 import org.jboss.as.naming.deployment.ContextNames;
@@ -54,9 +56,12 @@
 import org.jboss.as.server.Services;
 import org.jboss.as.server.deployment.Phase;
 import org.jboss.as.server.moduleservice.ServiceModuleLoader;
+import org.jboss.as.txn.subsystem.TransactionSubsystemRootResourceDefinition;
 import org.jboss.dmr.ModelNode;
 import org.jboss.dmr.ModelType;
+import org.jboss.msc.service.Service;
 import org.jboss.msc.service.ServiceController;
+import org.jboss.msc.service.ServiceName;
 import org.jboss.msc.service.ServiceTarget;
 import org.jboss.security.ISecurityManagement;
 import org.jboss.security.SecurityContextAssociation;
@@ -75,6 +80,8 @@
  */
 public class SecuritySubsystemRootResourceDefinition extends SimpleResourceDefinition {
 
+    static final RuntimeCapability<?> SECURITY_SUBSYSTEM = RuntimeCapability.Builder.of("org.wildfly.security").build();
+
     static final SensitiveTargetAccessConstraintDefinition MISC_SECURITY_SENSITIVITY = new SensitiveTargetAccessConstraintDefinition(
             new SensitivityClassification(SecurityExtension.SUBSYSTEM_NAME, "misc-security", false, true, true));
 
@@ -87,10 +94,12 @@ public class SecuritySubsystemRootResourceDefinition extends SimpleResourceDefin
 
     private SecuritySubsystemRootResourceDefinition() {
         super(SecurityExtension.PATH_SUBSYSTEM,
-                SecurityExtension.getResourceDescriptionResolver(SecurityExtension.SUBSYSTEM_NAME), NewSecuritySubsystemAdd.INSTANCE, ReloadRequiredRemoveStepHandler.INSTANCE);
+                SecurityExtension.getResourceDescriptionResolver(SecurityExtension.SUBSYSTEM_NAME), NewSecuritySubsystemAdd.INSTANCE, new ReloadRequiredRemoveStepHandler(SECURITY_SUBSYSTEM));
         setDeprecated(SecurityExtension.DEPRECATED_SINCE);
     }
 
+
+
     public void registerAttributes(final ManagementResourceRegistration resourceRegistration) {
          resourceRegistration.registerReadWriteAttribute(DEEP_COPY_SUBJECT_MODE, null, new ReloadRequiredWriteAttributeHandler(DEEP_COPY_SUBJECT_MODE));
     }
@@ -119,6 +128,9 @@ static class NewSecuritySubsystemAdd extends AbstractBoottimeAddStepHandler {
 
         public static final OperationStepHandler INSTANCE = new NewSecuritySubsystemAdd();
 
+        NewSecuritySubsystemAdd() {
+            super(SECURITY_SUBSYSTEM);
+        }
 
         @Override
         protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
@@ -171,6 +183,17 @@ protected void performBoottime(OperationContext context, ModelNode operation, Mo
             target.addService(JaasConfigurationService.SERVICE_NAME, jaasConfigurationService)
                 .setInitialMode(ServiceController.Mode.ACTIVE).install();
 
+            //setup the transaction manager locator
+
+            if(context.hasOptionalCapability(TransactionSubsystemRootResourceDefinition.TRANSACTION_CAPABILITY.getName(), SECURITY_SUBSYSTEM.getName(), null)) {
+                TransactionManagerLocatorService service = new TransactionManagerLocatorService();
+                target.addService(TransactionManagerLocatorService.SERVICE_NAME, service)
+                        .addDependency( ServiceName.JBOSS.append("txn", "TransactionManager"), TransactionManager.class, service.getTransactionManagerInjectedValue())
+                .install();
+            } else {
+                target.addService(TransactionManagerLocatorService.SERVICE_NAME, Service.NULL).install();
+            }
+
             //add Simple Security Manager Service
             final SimpleSecurityManagerService simpleSecurityManagerService = new SimpleSecurityManagerService();
 

security/subsystem/src/main/java/org/jboss/as/security/TransactionManagerLocatorService.java

@@ -0,0 +1,45 @@
+package org.jboss.as.security;
+
+import org.jboss.msc.service.Service;
+import org.jboss.msc.service.ServiceName;
+import org.jboss.msc.service.StartContext;
+import org.jboss.msc.service.StartException;
+import org.jboss.msc.service.StopContext;
+import org.jboss.msc.value.InjectedValue;
+import org.jboss.security.plugins.TransactionManagerLocator;
+
+import javax.transaction.TransactionManager;
+
+/**
+ * Service that initializes the TransactionManagerLocator.
+ *
+ * Note that even if the transaction manager is not present this service will still be installed,
+ * so services can depend on it without needing to do a check for the capability.
+ *
+ * @author Stuart Douglas
+ */
+public class TransactionManagerLocatorService implements Service<Void> {
+
+    public static ServiceName SERVICE_NAME = SecurityExtension.JBOSS_SECURITY.append("transaction-manager-locator");
+
+    private final InjectedValue<TransactionManager> transactionManagerInjectedValue = new InjectedValue<>();
+
+    @Override
+    public void start(StartContext startContext) throws StartException {
+        TransactionManagerLocator.setTransactionManager(transactionManagerInjectedValue.getValue());
+    }
+
+    @Override
+    public void stop(StopContext stopContext) {
+        TransactionManagerLocator.setTransactionManager(null);
+    }
+
+    @Override
+    public Void getValue() throws IllegalStateException, IllegalArgumentException {
+        return null;
+    }
+
+    public InjectedValue<TransactionManager> getTransactionManagerInjectedValue() {
+        return transactionManagerInjectedValue;
+    }
+}

transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemAdd.java

@@ -105,9 +105,18 @@ class TransactionSubsystemAdd extends AbstractBoottimeAddStepHandler {
     static final TransactionSubsystemAdd INSTANCE = new TransactionSubsystemAdd();
 
     private TransactionSubsystemAdd() {
-        //
+        super(TransactionSubsystemRootResourceDefinition.TRANSACTION_CAPABILITY);
     }
 
+    @Override
+    protected void recordCapabilitiesAndRequirements(OperationContext context, ModelNode operation, Resource resource) throws OperationFailedException {
+        super.recordCapabilitiesAndRequirements(context, operation, resource);
+        if(resource.getModel().hasDefined(CommonAttributes.JTS)) {
+            if(resource.getModel().get(CommonAttributes.JTS).asBoolean()) {
+                context.registerCapability(TransactionSubsystemRootResourceDefinition.TRANSACTION_JTS_CAPABILITY, CommonAttributes.JTS);
+            }
+        }
+    }
 
     @Override
     protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {

transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRemove.java

@@ -22,8 +22,12 @@
 
 package org.jboss.as.txn.subsystem;
 
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
 import org.jboss.as.controller.PathElement;
 import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
+import org.jboss.as.controller.registry.Resource;
+import org.jboss.dmr.ModelNode;
 
 /**
  * Removes the transaction subsystem root resource.
@@ -34,6 +38,20 @@ class TransactionSubsystemRemove extends ReloadRequiredRemoveStepHandler {
 
     static final TransactionSubsystemRemove INSTANCE = new TransactionSubsystemRemove();
 
+    public TransactionSubsystemRemove() {
+        super(TransactionSubsystemRootResourceDefinition.TRANSACTION_CAPABILITY);
+    }
+
+    @Override
+    protected void recordCapabilitiesAndRequirements(OperationContext context, ModelNode operation, Resource resource) throws OperationFailedException {
+        super.recordCapabilitiesAndRequirements(context, operation, resource);
+        if(resource.getModel().hasDefined(CommonAttributes.JTS)) {
+            if(resource.getModel().get(CommonAttributes.JTS).asBoolean()) {
+                context.deregisterCapability(TransactionSubsystemRootResourceDefinition.TRANSACTION_JTS_CAPABILITY.getName());
+            }
+        }
+    }
+
     /**
      * Suppresses removal of the log-store=log-store child, as that remove op handler is a no-op.
      */

transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRootResourceDefinition.java

@@ -39,6 +39,7 @@
 import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
 import org.jboss.as.controller.SimpleResourceDefinition;
 import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
+import org.jboss.as.controller.capability.RuntimeCapability;
 import org.jboss.as.controller.client.helpers.MeasurementUnit;
 import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
 import org.jboss.as.controller.operations.validation.IntRangeValidator;
@@ -60,6 +61,12 @@
  */
 public class TransactionSubsystemRootResourceDefinition extends SimpleResourceDefinition {
 
+    public static final RuntimeCapability<Void> TRANSACTION_CAPABILITY = RuntimeCapability.Builder.of("org.wildfly.transactions")
+            .build();
+
+    public static final RuntimeCapability<Void> TRANSACTION_JTS_CAPABILITY = RuntimeCapability.Builder.of("org.wildfly.transactions.jts")
+            .build();
+
     //recovery environment
     public static final SimpleAttributeDefinition BINDING = new SimpleAttributeDefinitionBuilder(CommonAttributes.BINDING, ModelType.STRING, false)
             .setValidator(new StringLengthValidator(1))