[WFLY-17566] Deprecate legacy security attributes in resource adapter subsystem #16557
Conversation
github-actions
bot
added
the
deps-ok
| } else if (key.equals("ironjacamar.security.domain")) { | ||
| securitySettingDomain = value; | ||
| SUBSYSTEM_RA_LOGGER.legacySecurityNotSupported(); |
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. I don't think throwing OFE from here is correct; some other exception type is needed.
| @@ -186,13 +182,13 @@ public void start(org.jboss.msc.service.StartContext context) throws org.jboss.m | |||
| Security security = null; | |||
| if (securitySetting != null) { | |||
| if ("".equals(securitySetting)) { | |||
| security = new SecurityImpl(null, null, false, false); | |||
| SUBSYSTEM_RA_LOGGER.legacySecurityNotSupported(); | |||
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. I don't think throwing OFE from here is correct; some other exception type is needed.
| } else if ("application".equals(securitySetting)) { | ||
| security = new SecurityImpl(null, null, true, false); | ||
| SUBSYSTEM_RA_LOGGER.legacySecurityNotSupported(); |
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. I don't think throwing OFE from here is correct; some other exception type is needed.
| } else if (securityDomain == null || securityDomain.trim().equals("")) { | ||
| return null; | ||
| if(securityDomain != null){ | ||
| ConnectorLogger.SUBSYSTEM_RA_LOGGER.legacySecurityNotSupported(); |
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. I don't think throwing OFE from here is correct; some other exception type is needed.
| } else { | ||
| return new PicketBoxSubjectFactory(subjectFactory.getValue()); | ||
| if (securityDomain != null) { | ||
| DS_DEPLOYER_LOGGER.legacySecurityNotSupported(); |
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. I don't think throwing OFE from here is correct; some other exception type is needed.
| @@ -181,13 +180,14 @@ static ModifiableDataSource from(final OperationContext operationContext, final | |||
|
|
|||
|
|
|||
| final String securityDomain = ModelNodeUtil.getResolvedStringIfSetOrGetDefault(operationContext, dataSourceNode, SECURITY_DOMAIN); | |||
| final boolean elytronEnabled = ModelNodeUtil.getBooleanIfSetOrGetDefault(operationContext, dataSourceNode, ELYTRON_ENABLED); | |||
| if (securityDomain != null) { | |||
| ConnectorLogger.DS_DEPLOYER_LOGGER.legacySecurityNotSupported(); | |||
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. Here an OFE is ok.
| @@ -282,13 +282,14 @@ static ModifiableXaDataSource xaFrom(final OperationContext operationContext, fi | |||
| final String username = ModelNodeUtil.getResolvedStringIfSetOrGetDefault(operationContext, dataSourceNode, USERNAME); | |||
| final String password= ModelNodeUtil.getResolvedStringIfSetOrGetDefault(operationContext, dataSourceNode, PASSWORD); | |||
| final String securityDomain = ModelNodeUtil.getResolvedStringIfSetOrGetDefault(operationContext, dataSourceNode, SECURITY_DOMAIN); | |||
| final boolean elytronEnabled = ModelNodeUtil.getBooleanIfSetOrGetDefault(operationContext, dataSourceNode, ELYTRON_ENABLED); | |||
| if (securityDomain != null) { | |||
| ConnectorLogger.DS_DEPLOYER_LOGGER.legacySecurityNotSupported(); | |||
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. Here an OFE is ok.
| @@ -335,7 +336,9 @@ static ModifiableXaDataSource xaFrom(final OperationContext operationContext, fi | |||
| final String recoveryUsername = ModelNodeUtil.getResolvedStringIfSetOrGetDefault(operationContext, dataSourceNode, RECOVERY_USERNAME); | |||
| final String recoveryPassword = ModelNodeUtil.getResolvedStringIfSetOrGetDefault(operationContext, dataSourceNode, RECOVERY_PASSWORD); | |||
| final String recoverySecurityDomain = ModelNodeUtil.getResolvedStringIfSetOrGetDefault(operationContext, dataSourceNode, RECOVERY_SECURITY_DOMAIN); | |||
| final boolean recoveryElytronEnabled = ModelNodeUtil.getBooleanIfSetOrGetDefault(operationContext, dataSourceNode, RECOVERY_ELYTRON_ENABLED); | |||
| if(recoverySecurityDomain != null){ | |||
| ConnectorLogger.DS_DEPLOYER_LOGGER.legacySecurityNotSupported(); | |||
There was a problem hiding this comment.
This method produces an OperationFailedException but it is not thrown. Here an OFE is ok.
| OperationFailedException legacySecurityAttributeNotSupported(String attribute); | ||
|
|
||
| @Message(id = 132, value = "Legacy security is no longer supported. Please use Elytron configuration instead") | ||
| OperationFailedException legacySecurityNotSupported(); |
There was a problem hiding this comment.
If you change this to OperationFailedRuntimeException it could be thrown from both an OperationStepHandler and from other contexts (like an MSC Service start method) that can properly handle a RuntimeException.
There was a problem hiding this comment.
I decided to return a String and create exceptions, which match other exceptions thrown, in the code of those classes
|
@bstansberry no problems, I have fixed the problems mentioned above |
| } else if (securityDomain == null || securityDomain.trim().equals("")) { | ||
| return null; | ||
| if (securityDomain != null) { | ||
| throw new DeployException(ConnectorLogger.SUBSYSTEM_RA_LOGGER.legacySecurityNotSupported()); |
There was a problem hiding this comment.
@tadamski I suspect this causes test failures because securityMetadata.resolveSecurityDomain() is returning the name of the authentication context (e.g. RaOperationUtil passes that into CredentialImpl.)
|
@tadamski You've addressed the issues I saw, but that has resulted in test failures. I think my comment above is the reason for at least one. Some others may just mean some test deployments need updates to not reference legacy security. Others I don't know. |
connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/Constants.java
Show resolved
Hide resolved
connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/Constants.java
Show resolved
Hide resolved
connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/Constants.java
Show resolved
Hide resolved
tadamski
force-pushed
the
WFLY-17566_ra
branch
4 times, most recently
from
e3322b1
to
1c2d6ad
Compare
connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/RaOperationUtil.java
Show resolved
Hide resolved
https://issues.redhat.com/browse/WFLY-17566