diff --git a/security-manager/src/main/java/org/wildfly/extension/security/manager/SecurityManagerSubsystemAdd.java b/security-manager/src/main/java/org/wildfly/extension/security/manager/SecurityManagerSubsystemAdd.java index c85bcb3555d8..7777fdb95d7e 100644 --- a/security-manager/src/main/java/org/wildfly/extension/security/manager/SecurityManagerSubsystemAdd.java +++ b/security-manager/src/main/java/org/wildfly/extension/security/manager/SecurityManagerSubsystemAdd.java @@ -65,6 +65,7 @@ class SecurityManagerSubsystemAdd extends AbstractAddStepHandler { static final SecurityManagerSubsystemAdd INSTANCE = new SecurityManagerSubsystemAdd(); private SecurityManagerSubsystemAdd() { + super(); } @Override diff --git a/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainAdd.java b/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainAdd.java index c269a19480f7..3140facfc005 100644 --- a/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainAdd.java +++ b/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainAdd.java @@ -69,7 +69,6 @@ import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag; import javax.security.auth.login.Configuration; -import javax.transaction.TransactionManager; import org.jboss.as.controller.AbstractAddStepHandler; import org.jboss.as.controller.OperationContext; @@ -84,11 +83,8 @@ import org.jboss.as.security.service.SecurityManagementService; import org.jboss.dmr.ModelNode; import org.jboss.dmr.Property; -import org.jboss.msc.inject.InjectionException; -import org.jboss.msc.inject.Injector; import org.jboss.msc.service.ServiceBuilder; import org.jboss.msc.service.ServiceController; -import org.jboss.msc.service.ServiceName; import org.jboss.msc.service.ServiceTarget; import org.jboss.security.ISecurityManagement; import org.jboss.security.JBossJSSESecurityDomain; @@ -111,7 +107,6 @@ import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry; import org.jboss.security.mapping.MappingType; import org.jboss.security.mapping.config.MappingModuleEntry; -import org.jboss.security.plugins.TransactionManagerLocator; import org.wildfly.clustering.infinispan.spi.service.CacheContainerServiceName; /** @@ -160,23 +155,12 @@ public void launchServices(OperationContext context, String securityDomain, Mode final SecurityDomainService securityDomainService = new SecurityDomainService(securityDomain, applicationPolicy, jsseSecurityDomain, cacheType); final ServiceTarget target = context.getServiceTarget(); - // some login modules may require the TransactionManager - final Injector transactionManagerInjector = new Injector() { - public void inject(final TransactionManager value) throws InjectionException { - TransactionManagerLocator.setTransactionManager(value); - } - - public void uninject() { - } - }; ServiceBuilder builder = target .addService(SecurityDomainService.SERVICE_NAME.append(securityDomain), securityDomainService) .addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class, securityDomainService.getSecurityManagementInjector()) .addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class, - securityDomainService.getConfigurationInjector()) - .addDependency(ServiceBuilder.DependencyType.OPTIONAL, ServiceName.JBOSS.append("txn", "TransactionManager"), TransactionManager.class, - transactionManagerInjector); + securityDomainService.getConfigurationInjector()); if ("infinispan".equals(cacheType)) { builder.addDependency(CacheContainerServiceName.CACHE_CONTAINER.getServiceName(CACHE_CONTAINER_NAME), diff --git a/security/subsystem/src/main/java/org/jboss/as/security/SecuritySubsystemRootResourceDefinition.java b/security/subsystem/src/main/java/org/jboss/as/security/SecuritySubsystemRootResourceDefinition.java index e25b2e5a5a44..13b2ef1ece77 100644 --- a/security/subsystem/src/main/java/org/jboss/as/security/SecuritySubsystemRootResourceDefinition.java +++ b/security/subsystem/src/main/java/org/jboss/as/security/SecuritySubsystemRootResourceDefinition.java @@ -22,6 +22,7 @@ package org.jboss.as.security; import javax.security.auth.login.Configuration; +import javax.transaction.TransactionManager; import org.jboss.as.controller.AbstractBoottimeAddStepHandler; import org.jboss.as.controller.OperationContext; @@ -35,6 +36,7 @@ import org.jboss.as.controller.SimpleResourceDefinition; import org.jboss.as.controller.access.constraint.SensitivityClassification; import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition; +import org.jboss.as.controller.capability.RuntimeCapability; import org.jboss.as.controller.registry.ManagementResourceRegistration; import org.jboss.as.naming.ServiceBasedNamingStore; import org.jboss.as.naming.deployment.ContextNames; @@ -54,9 +56,12 @@ import org.jboss.as.server.Services; import org.jboss.as.server.deployment.Phase; import org.jboss.as.server.moduleservice.ServiceModuleLoader; +import org.jboss.as.txn.subsystem.TransactionSubsystemRootResourceDefinition; import org.jboss.dmr.ModelNode; import org.jboss.dmr.ModelType; +import org.jboss.msc.service.Service; import org.jboss.msc.service.ServiceController; +import org.jboss.msc.service.ServiceName; import org.jboss.msc.service.ServiceTarget; import org.jboss.security.ISecurityManagement; import org.jboss.security.SecurityContextAssociation; @@ -75,6 +80,8 @@ */ public class SecuritySubsystemRootResourceDefinition extends SimpleResourceDefinition { + static final RuntimeCapability SECURITY_SUBSYSTEM = RuntimeCapability.Builder.of("org.wildfly.security").build(); + static final SensitiveTargetAccessConstraintDefinition MISC_SECURITY_SENSITIVITY = new SensitiveTargetAccessConstraintDefinition( new SensitivityClassification(SecurityExtension.SUBSYSTEM_NAME, "misc-security", false, true, true)); @@ -87,10 +94,12 @@ public class SecuritySubsystemRootResourceDefinition extends SimpleResourceDefin private SecuritySubsystemRootResourceDefinition() { super(SecurityExtension.PATH_SUBSYSTEM, - SecurityExtension.getResourceDescriptionResolver(SecurityExtension.SUBSYSTEM_NAME), NewSecuritySubsystemAdd.INSTANCE, ReloadRequiredRemoveStepHandler.INSTANCE); + SecurityExtension.getResourceDescriptionResolver(SecurityExtension.SUBSYSTEM_NAME), NewSecuritySubsystemAdd.INSTANCE, new ReloadRequiredRemoveStepHandler(SECURITY_SUBSYSTEM)); setDeprecated(SecurityExtension.DEPRECATED_SINCE); } + + public void registerAttributes(final ManagementResourceRegistration resourceRegistration) { resourceRegistration.registerReadWriteAttribute(DEEP_COPY_SUBJECT_MODE, null, new ReloadRequiredWriteAttributeHandler(DEEP_COPY_SUBJECT_MODE)); } @@ -119,6 +128,9 @@ static class NewSecuritySubsystemAdd extends AbstractBoottimeAddStepHandler { public static final OperationStepHandler INSTANCE = new NewSecuritySubsystemAdd(); + NewSecuritySubsystemAdd() { + super(SECURITY_SUBSYSTEM); + } @Override protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException { @@ -171,6 +183,17 @@ protected void performBoottime(OperationContext context, ModelNode operation, Mo target.addService(JaasConfigurationService.SERVICE_NAME, jaasConfigurationService) .setInitialMode(ServiceController.Mode.ACTIVE).install(); + //setup the transaction manager locator + + if(context.hasOptionalCapability(TransactionSubsystemRootResourceDefinition.TRANSACTION_CAPABILITY.getName(), SECURITY_SUBSYSTEM.getName(), null)) { + TransactionManagerLocatorService service = new TransactionManagerLocatorService(); + target.addService(TransactionManagerLocatorService.SERVICE_NAME, service) + .addDependency( ServiceName.JBOSS.append("txn", "TransactionManager"), TransactionManager.class, service.getTransactionManagerInjectedValue()) + .install(); + } else { + target.addService(TransactionManagerLocatorService.SERVICE_NAME, Service.NULL).install(); + } + //add Simple Security Manager Service final SimpleSecurityManagerService simpleSecurityManagerService = new SimpleSecurityManagerService(); diff --git a/security/subsystem/src/main/java/org/jboss/as/security/TransactionManagerLocatorService.java b/security/subsystem/src/main/java/org/jboss/as/security/TransactionManagerLocatorService.java new file mode 100644 index 000000000000..12addfb94658 --- /dev/null +++ b/security/subsystem/src/main/java/org/jboss/as/security/TransactionManagerLocatorService.java @@ -0,0 +1,45 @@ +package org.jboss.as.security; + +import org.jboss.msc.service.Service; +import org.jboss.msc.service.ServiceName; +import org.jboss.msc.service.StartContext; +import org.jboss.msc.service.StartException; +import org.jboss.msc.service.StopContext; +import org.jboss.msc.value.InjectedValue; +import org.jboss.security.plugins.TransactionManagerLocator; + +import javax.transaction.TransactionManager; + +/** + * Service that initializes the TransactionManagerLocator. + * + * Note that even if the transaction manager is not present this service will still be installed, + * so services can depend on it without needing to do a check for the capability. + * + * @author Stuart Douglas + */ +public class TransactionManagerLocatorService implements Service { + + public static ServiceName SERVICE_NAME = SecurityExtension.JBOSS_SECURITY.append("transaction-manager-locator"); + + private final InjectedValue transactionManagerInjectedValue = new InjectedValue<>(); + + @Override + public void start(StartContext startContext) throws StartException { + TransactionManagerLocator.setTransactionManager(transactionManagerInjectedValue.getValue()); + } + + @Override + public void stop(StopContext stopContext) { + TransactionManagerLocator.setTransactionManager(null); + } + + @Override + public Void getValue() throws IllegalStateException, IllegalArgumentException { + return null; + } + + public InjectedValue getTransactionManagerInjectedValue() { + return transactionManagerInjectedValue; + } +} diff --git a/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemAdd.java b/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemAdd.java index d2c134e430c7..d11e27baa8f5 100644 --- a/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemAdd.java +++ b/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemAdd.java @@ -105,9 +105,18 @@ class TransactionSubsystemAdd extends AbstractBoottimeAddStepHandler { static final TransactionSubsystemAdd INSTANCE = new TransactionSubsystemAdd(); private TransactionSubsystemAdd() { - // + super(TransactionSubsystemRootResourceDefinition.TRANSACTION_CAPABILITY); } + @Override + protected void recordCapabilitiesAndRequirements(OperationContext context, ModelNode operation, Resource resource) throws OperationFailedException { + super.recordCapabilitiesAndRequirements(context, operation, resource); + if(resource.getModel().hasDefined(CommonAttributes.JTS)) { + if(resource.getModel().get(CommonAttributes.JTS).asBoolean()) { + context.registerCapability(TransactionSubsystemRootResourceDefinition.TRANSACTION_JTS_CAPABILITY, CommonAttributes.JTS); + } + } + } @Override protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException { diff --git a/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRemove.java b/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRemove.java index 0327aa4ad622..cd94b79901a4 100644 --- a/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRemove.java +++ b/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRemove.java @@ -22,8 +22,12 @@ package org.jboss.as.txn.subsystem; +import org.jboss.as.controller.OperationContext; +import org.jboss.as.controller.OperationFailedException; import org.jboss.as.controller.PathElement; import org.jboss.as.controller.ReloadRequiredRemoveStepHandler; +import org.jboss.as.controller.registry.Resource; +import org.jboss.dmr.ModelNode; /** * Removes the transaction subsystem root resource. @@ -34,6 +38,20 @@ class TransactionSubsystemRemove extends ReloadRequiredRemoveStepHandler { static final TransactionSubsystemRemove INSTANCE = new TransactionSubsystemRemove(); + public TransactionSubsystemRemove() { + super(TransactionSubsystemRootResourceDefinition.TRANSACTION_CAPABILITY); + } + + @Override + protected void recordCapabilitiesAndRequirements(OperationContext context, ModelNode operation, Resource resource) throws OperationFailedException { + super.recordCapabilitiesAndRequirements(context, operation, resource); + if(resource.getModel().hasDefined(CommonAttributes.JTS)) { + if(resource.getModel().get(CommonAttributes.JTS).asBoolean()) { + context.deregisterCapability(TransactionSubsystemRootResourceDefinition.TRANSACTION_JTS_CAPABILITY.getName()); + } + } + } + /** * Suppresses removal of the log-store=log-store child, as that remove op handler is a no-op. */ diff --git a/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRootResourceDefinition.java b/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRootResourceDefinition.java index 015646988e77..808de5997b2d 100644 --- a/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRootResourceDefinition.java +++ b/transactions/src/main/java/org/jboss/as/txn/subsystem/TransactionSubsystemRootResourceDefinition.java @@ -39,6 +39,7 @@ import org.jboss.as.controller.SimpleAttributeDefinitionBuilder; import org.jboss.as.controller.SimpleResourceDefinition; import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition; +import org.jboss.as.controller.capability.RuntimeCapability; import org.jboss.as.controller.client.helpers.MeasurementUnit; import org.jboss.as.controller.descriptions.ModelDescriptionConstants; import org.jboss.as.controller.operations.validation.IntRangeValidator; @@ -60,6 +61,12 @@ */ public class TransactionSubsystemRootResourceDefinition extends SimpleResourceDefinition { + public static final RuntimeCapability TRANSACTION_CAPABILITY = RuntimeCapability.Builder.of("org.wildfly.transactions") + .build(); + + public static final RuntimeCapability TRANSACTION_JTS_CAPABILITY = RuntimeCapability.Builder.of("org.wildfly.transactions.jts") + .build(); + //recovery environment public static final SimpleAttributeDefinition BINDING = new SimpleAttributeDefinitionBuilder(CommonAttributes.BINDING, ModelType.STRING, false) .setValidator(new StringLengthValidator(1))