diff --git a/core-feature-pack/common/pom.xml b/core-feature-pack/common/pom.xml
index e669b53d874..9c2eac5259e 100644
--- a/core-feature-pack/common/pom.xml
+++ b/core-feature-pack/common/pom.xml
@@ -322,6 +322,10 @@
org.wildfly.securitywildfly-elytron-digest
+
+ org.wildfly.security
+ wildfly-elytron-dynamic-ssl
+ org.wildfly.securitywildfly-elytron-encryption
diff --git a/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron/main/module.xml b/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron/main/module.xml
index ca5460e0811..d8613aa11c7 100644
--- a/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron/main/module.xml
+++ b/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron/main/module.xml
@@ -34,6 +34,7 @@
+
diff --git a/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml b/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml
index 792b2bd42fa..8753b51d7e9 100644
--- a/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml
+++ b/core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml
@@ -34,6 +34,7 @@
+
diff --git a/elytron/pom.xml b/elytron/pom.xml
index 98b814db7b3..8832725e19d 100644
--- a/elytron/pom.xml
+++ b/elytron/pom.xml
@@ -64,6 +64,11 @@
wildfly-elytron-auth
+
+ org.wildfly.security
+ wildfly-elytron-dynamic-ssl
+
+
org.wildfly.securitywildfly-elytron-realm-jdbc
@@ -344,6 +349,13 @@
wildfly-openssl-windows-x86_64test
+
+
+ org.jmockit
+ jmockit
+ test
+
+
@@ -366,6 +378,7 @@
custom-policies.xmljacc-with-providers.xmllegacy*.xml
+ elytron-subsystem-community*.xmlsrc/main/resources/schema/wildfly-elytron_18_0.xsd
@@ -390,7 +403,7 @@
maven-surefire-pluginfalse
- ${surefire.jacoco.args} ${modular.jdk.args} -Dorg.wildfly.extension.elytron.restore-default-ssl-context=true -Dauthconfigprovider.factory=org.wildfly.security.auth.jaspi.ElytronAuthConfigFactory
+ -javaagent:${settings.localRepository}/org/jmockit/jmockit/${version.org.jmockit}/jmockit-${version.org.jmockit}.jar ${surefire.jacoco.args} ${modular.jdk.args} -Dorg.wildfly.extension.elytron.restore-default-ssl-context=true -Dauthconfigprovider.factory=org.wildfly.security.auth.jaspi.ElytronAuthConfigFactory
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/AuthenticationClientDefinitions.java b/elytron/src/main/java/org/wildfly/extension/elytron/AuthenticationClientDefinitions.java
index 7e602ea4d9f..0a2868ce658 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/AuthenticationClientDefinitions.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/AuthenticationClientDefinitions.java
@@ -15,6 +15,7 @@
import static org.wildfly.extension.elytron.Capabilities.SECURITY_DOMAIN_CAPABILITY;
import static org.wildfly.extension.elytron.Capabilities.SECURITY_FACTORY_CREDENTIAL_CAPABILITY;
import static org.wildfly.extension.elytron.Capabilities.SSL_CONTEXT_CAPABILITY;
+import static org.wildfly.extension.elytron.ElytronDefinition.commonRequirements;
import static org.wildfly.extension.elytron._private.ElytronSubsystemMessages.ROOT_LOGGER;
import java.util.HashMap;
@@ -42,6 +43,8 @@
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceBuilder;
+import org.jboss.msc.service.ServiceController;
+import org.jboss.msc.service.ServiceTarget;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron.TrivialService.ValueSupplier;
@@ -491,6 +494,17 @@ protected ValueSupplier getValueSupplier(ServiceBuilder finalContext.apply(parentSupplier.get());
}
+ @Override
+ protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException {
+ commonRequirements(installService(context, model)).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
+ }
+
+ ServiceBuilder installService(OperationContext context, ModelNode model) throws OperationFailedException {
+ ServiceTarget serviceTarget = context.getCapabilityServiceTarget();
+ ServiceBuilder> serviceBuilder = context.getCapabilityServiceTarget().addCapability(AUTHENTICATION_CONTEXT_RUNTIME_CAPABILITY);
+ TrivialService authenticationContextTrivialService = new TrivialService(getValueSupplier((ServiceBuilder) serviceBuilder, context, model));
+ return serviceTarget.addService(AUTHENTICATION_CONTEXT_RUNTIME_CAPABILITY.getCapabilityServiceName(context.getCurrentAddressValue()), authenticationContextTrivialService);
+ }
};
return new TrivialResourceDefinition(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT, add, attributes,
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDefinition.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDefinition.java
index a21c73958f2..8d74e3c5cb4 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDefinition.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDefinition.java
@@ -294,6 +294,7 @@ public void registerChildren(ManagementResourceRegistration resourceRegistration
resourceRegistration.registerSubModel(SSLDefinitions.getServerSNISSLContextDefinition());
resourceRegistration.registerSubModel(new CertificateAuthorityDefinition());
resourceRegistration.registerSubModel(new CertificateAuthorityAccountDefinition());
+ resourceRegistration.registerSubModel(SSLDefinitions.getDynamicClientSSLContextDefinition());
// Credential Store Block
resourceRegistration.registerSubModel(new CredentialStoreResourceDefinition());
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDescriptionConstants.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDescriptionConstants.java
index 87b2310f58d..87fd07f4ae6 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDescriptionConstants.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronDescriptionConstants.java
@@ -173,6 +173,8 @@ interface ElytronDescriptionConstants {
String DISTINGUISHED_NAME = "distinguished-name";
String DISTRIBUTED_REALM = "distributed-realm";
String DOMAIN_NAMES = "domain-names";
+ String DYNAMIC_CLIENT_SSL_CONTEXT = "dynamic-client-ssl-context";
+ String DYNAMIC_CLIENT_SSL_CONTEXTS = "dynamic-client-ssl-contexts";
String ELYTRON_SECURITY = "elytron-security";
String ENABLE_CONNECTION_POOLING = "enable-connection-pooling";
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronExtension.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronExtension.java
index 9d996fed2e5..2ce9cd075e1 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronExtension.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronExtension.java
@@ -7,9 +7,11 @@
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+import java.util.EnumSet;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
+import org.jboss.as.controller.PersistentResourceXMLDescriptionWriter;
import org.jboss.as.controller.extension.ExpressionResolverExtension;
import org.jboss.as.controller.Extension;
import org.jboss.as.controller.ExtensionContext;
@@ -37,28 +39,8 @@
public class ElytronExtension implements Extension {
/**
- * The name spaces used for the {@code subsystem} element
+ * The current name space used for the {@code subsystem} element
*/
- static final String NAMESPACE_1_0 = "urn:wildfly:elytron:1.0";
- static final String NAMESPACE_1_1 = "urn:wildfly:elytron:1.1";
- static final String NAMESPACE_1_2 = "urn:wildfly:elytron:1.2";
- static final String NAMESPACE_2_0 = "urn:wildfly:elytron:2.0";
- static final String NAMESPACE_3_0 = "urn:wildfly:elytron:3.0";
- static final String NAMESPACE_4_0 = "urn:wildfly:elytron:4.0";
- static final String NAMESPACE_5_0 = "urn:wildfly:elytron:5.0";
- static final String NAMESPACE_6_0 = "urn:wildfly:elytron:6.0";
- static final String NAMESPACE_7_0 = "urn:wildfly:elytron:7.0";
- static final String NAMESPACE_8_0 = "urn:wildfly:elytron:8.0";
- static final String NAMESPACE_9_0 = "urn:wildfly:elytron:9.0";
- static final String NAMESPACE_10_0 = "urn:wildfly:elytron:10.0";
- static final String NAMESPACE_11_0 = "urn:wildfly:elytron:11.0";
- static final String NAMESPACE_12_0 = "urn:wildfly:elytron:12.0";
- static final String NAMESPACE_13_0 = "urn:wildfly:elytron:13.0";
- static final String NAMESPACE_14_0 = "urn:wildfly:elytron:14.0";
- static final String NAMESPACE_15_0 = "urn:wildfly:elytron:15.0";
- static final String NAMESPACE_15_1 = "urn:wildfly:elytron:15.1";
- static final String NAMESPACE_16_0 = "urn:wildfly:elytron:16.0";
- static final String NAMESPACE_17_0 = "urn:wildfly:elytron:17.0";
static final String NAMESPACE_18_0 = "urn:wildfly:elytron:18.0";
static final String CURRENT_NAMESPACE = NAMESPACE_18_0;
@@ -124,27 +106,7 @@ static boolean isServerOrHostController(ImmutableManagementResourceRegistration
@Override
public void initializeParsers(ExtensionParsingContext context) {
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_1_0, () -> new ElytronSubsystemParser1_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_1_1, () -> new ElytronSubsystemParser1_1());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_1_2, () -> new ElytronSubsystemParser1_2());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_2_0, () -> new ElytronSubsystemParser2_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_3_0, () -> new ElytronSubsystemParser3_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_4_0, () -> new ElytronSubsystemParser4_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_5_0, () -> new ElytronSubsystemParser5_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_6_0, () -> new ElytronSubsystemParser6_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_7_0, () -> new ElytronSubsystemParser7_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_8_0, () -> new ElytronSubsystemParser8_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_9_0, () -> new ElytronSubsystemParser9_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_10_0, () -> new ElytronSubsystemParser10_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_11_0, () -> new ElytronSubsystemParser11_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_12_0, () -> new ElytronSubsystemParser12_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_13_0, () -> new ElytronSubsystemParser13_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_14_0, () -> new ElytronSubsystemParser14_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_15_0, () -> new ElytronSubsystemParser15_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_15_1, () -> new ElytronSubsystemParser15_1());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_16_0, () -> new ElytronSubsystemParser16_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_17_0, () -> new ElytronSubsystemParser17_0());
- context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_18_0, () -> new ElytronSubsystemParser18_0());
+ context.setSubsystemXmlMappings(SUBSYSTEM_NAME, EnumSet.allOf(ElytronSubsystemSchema.class));
}
@Override
@@ -157,7 +119,7 @@ public void initialize(ExtensionContext context) {
AtomicReference resolverRef = new AtomicReference<>();
final ManagementResourceRegistration registration = subsystemRegistration.registerSubsystemModel(new ElytronDefinition(resolverRef));
registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
- subsystemRegistration.registerXMLElementWriter(() -> new ElytronSubsystemParser18_0());
+ subsystemRegistration.registerXMLElementWriter(new PersistentResourceXMLDescriptionWriter(ElytronSubsystemSchema.CURRENT.get(context.getStability())));
context.registerExpressionResolverExtension(resolverRef::get, ExpressionResolverResourceDefinition.INITIAL_PATTERN, false);
}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser10_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser10_0.java
deleted file mode 100644
index 13ab9c2b9b6..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser10_0.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAIN;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAINS;
-
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- * @since 12.0
- */
-public class ElytronSubsystemParser10_0 extends ElytronSubsystemParser9_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_10_0;
- }
-
- final PersistentResourceXMLDescription domainParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
- .setXmlWrapperElement(SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.DEFAULT_REALM)
- .addAttribute(DomainDefinition.PERMISSION_MAPPER)
- .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
- .addAttribute(DomainDefinition.REALM_MAPPER)
- .addAttribute(DomainDefinition.ROLE_MAPPER)
- .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
- .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
- .addAttribute(DomainDefinition.REALMS)
- .addAttribute(DomainDefinition.EVIDENCE_DECODER)
- .addAttribute(DomainDefinition.ROLE_DECODER) // new
- .build();
-
- @Override
- PersistentResourceXMLDescription getDomainParser() {
- return domainParser;
- }
-
- @Override
- protected PersistentResourceXMLDescription getMapperParser() {
- return new MapperParser(MapperParser.Version.VERSION_10_0).getParser();
- }
-
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser11_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser11_0.java
deleted file mode 100644
index aac0c50b055..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser11_0.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- * @since 13.0
- */
-public class ElytronSubsystemParser11_0 extends ElytronSubsystemParser10_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_11_0;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_11_0;
- }
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser12_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser12_0.java
deleted file mode 100644
index a89dd41c46c..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser12_0.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Darran Lofthouse
- * @since 14.0
- */
-public class ElytronSubsystemParser12_0 extends ElytronSubsystemParser11_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_12_0;
- }
-
- @Override
- protected PersistentResourceXMLDescription getMapperParser() {
- return new MapperParser(MapperParser.Version.VERSION_12_0).getParser();
- }
-
-
- PersistentResourceXMLDescription getTlsParser() {
- return new TlsParser().tlsParser_12_0;
- }
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser13_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser13_0.java
deleted file mode 100644
index f13da69928f..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser13_0.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.ENCRYPTION;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.EXPRESSION;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.EXPRESSION_RESOLVER;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_PROPERTY;
-
-import org.jboss.as.controller.AttributeMarshallers;
-import org.jboss.as.controller.AttributeParsers;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Darran Lofthouse
- * @since 15.0
- */
-public class ElytronSubsystemParser13_0 extends ElytronSubsystemParser12_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_13_0;
- }
-
- @Override
- PersistentResourceXMLDescription getCredentialStoresParser() {
- return new CredentialStoreParser().getCredentialStoresParser_13().build();
- }
-
- // New
- PersistentResourceXMLDescription getExpressionResolverParser() {
- return PersistentResourceXMLDescription.builder(
- PathElement.pathElement(EXPRESSION, ENCRYPTION))
- .setXmlElementName(EXPRESSION_RESOLVER)
- .addAttribute(ExpressionResolverResourceDefinition.RESOLVERS)
- .addAttribute(ExpressionResolverResourceDefinition.DEFAULT_RESOLVER)
- .addAttribute(ExpressionResolverResourceDefinition.PREFIX)
- .build();
- }
-
- public PersistentResourceXMLDescription getParserDescription() {
- return PersistentResourceXMLDescription.builder(ElytronExtension.SUBSYSTEM_PATH, getNameSpace())
- .addAttribute(ElytronDefinition.DEFAULT_AUTHENTICATION_CONTEXT)
- .addAttribute(ElytronDefinition.INITIAL_PROVIDERS)
- .addAttribute(ElytronDefinition.FINAL_PROVIDERS)
- .addAttribute(ElytronDefinition.DISALLOWED_PROVIDERS)
- .addAttribute(ElytronDefinition.SECURITY_PROPERTIES, new AttributeParsers.PropertiesParser(null, SECURITY_PROPERTY, true), new AttributeMarshallers.PropertiesAttributeMarshaller(null, SECURITY_PROPERTY, true))
- .addAttribute(ElytronDefinition.REGISTER_JASPI_FACTORY)
- .addAttribute(ElytronDefinition.DEFAULT_SSL_CONTEXT)
- .addChild(getAuthenticationClientParser())
- .addChild(getProviderParser())
- .addChild(getAuditLoggingParser())
- .addChild(getDomainParser())
- .addChild(getRealmParser())
- .addChild(getCredentialSecurityFactoryParser())
- .addChild(getMapperParser())
- .addChild(getPermissionSetParser())
- .addChild(getHttpParser())
- .addChild(getSaslParser())
- .addChild(getTlsParser())
- .addChild(getCredentialStoresParser())
- .addChild(getExpressionResolverParser()) // New
- .addChild(getDirContextParser())
- .addChild(getPolicyParser())
- .addChild(jaspiConfigurationParser)
- .build();
- }
-
-
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser14_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser14_0.java
deleted file mode 100644
index 687acfa7334..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser14_0.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Darran Lofthouse
- * @since 16.0
- */
-public class ElytronSubsystemParser14_0 extends ElytronSubsystemParser13_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_14_0;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_14_0;
- }
-
- PersistentResourceXMLDescription getTlsParser() {
- return new TlsParser().tlsParser_14_0;
- }
-
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser15_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser15_0.java
deleted file mode 100644
index fa66d8d96f8..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser15_0.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- * @since 17.0
- */
-public class ElytronSubsystemParser15_0 extends ElytronSubsystemParser14_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_15_0;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_15_0;
- }
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser15_1.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser15_1.java
deleted file mode 100644
index d7daf06b9a8..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser15_1.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- */
-public class ElytronSubsystemParser15_1 extends ElytronSubsystemParser15_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_15_1;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_15_1;
- }
-
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser16_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser16_0.java
deleted file mode 100644
index ac1ee9e4e11..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser16_0.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- */
-public class ElytronSubsystemParser16_0 extends ElytronSubsystemParser15_1 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_16_0;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_16;
- }
-
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser17_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser17_0.java
deleted file mode 100644
index 178349971b1..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser17_0.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.jboss.as.controller.PersistentResourceXMLDescription.decorator;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAIN;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.VIRTUAL_SECURITY_DOMAIN;
-
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- */
-public class ElytronSubsystemParser17_0 extends ElytronSubsystemParser16_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_17_0;
- }
-
- final PersistentResourceXMLDescription securityDomainParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
- .addAttribute(DomainDefinition.DEFAULT_REALM)
- .addAttribute(DomainDefinition.PERMISSION_MAPPER)
- .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
- .addAttribute(DomainDefinition.REALM_MAPPER)
- .addAttribute(DomainDefinition.ROLE_MAPPER)
- .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.TRUSTED_VIRTUAL_SECURITY_DOMAINS) // new
- .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
- .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
- .addAttribute(DomainDefinition.REALMS)
- .addAttribute(DomainDefinition.EVIDENCE_DECODER)
- .addAttribute(DomainDefinition.ROLE_DECODER)
- .build();
-
- final PersistentResourceXMLDescription virtualSecurityDomainParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(VIRTUAL_SECURITY_DOMAIN))
- .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
- .addAttribute(VirtualDomainDefinition.OUTFLOW_SECURITY_DOMAINS)
- .addAttribute(VirtualDomainDefinition.AUTH_METHOD)
- .build();
-
- final PersistentResourceXMLDescription domainParser = decorator(ElytronDescriptionConstants.SECURITY_DOMAINS)
- .addChild(securityDomainParser)
- .addChild(virtualSecurityDomainParser)
- .build();
-
- @Override
- PersistentResourceXMLDescription getDomainParser() {
- return domainParser;
- }
-
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser18_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser18_0.java
deleted file mode 100644
index a16a8891ddc..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser18_0.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- */
-public class ElytronSubsystemParser18_0 extends ElytronSubsystemParser17_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_18_0;
- }
-
- @Override
- PersistentResourceXMLDescription getAuditLoggingParser() {
- return new AuditLoggingParser().parser18_0;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_18;
- }
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_0.java
deleted file mode 100644
index 21ffaac834c..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_0.java
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.jboss.as.controller.PersistentResourceXMLDescription.builder;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.DIR_CONTEXTS;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JACC_POLICY;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.POLICY;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAIN;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAINS;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_PROPERTY;
-
-import org.jboss.as.controller.AttributeMarshallers;
-import org.jboss.as.controller.AttributeParsers;
-import org.jboss.as.controller.ObjectListAttributeDefinition;
-import org.jboss.as.controller.ObjectTypeAttributeDefinition;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-import org.jboss.as.controller.PersistentResourceXMLParser;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml
- *
- * @author Darran Lofthouse *
- * @author Tomaz Cerar
- */
-class ElytronSubsystemParser1_0 extends PersistentResourceXMLParser {
-
- final PersistentResourceXMLDescription domainParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
- .setXmlWrapperElement(SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.DEFAULT_REALM)
- .addAttribute(DomainDefinition.PERMISSION_MAPPER)
- .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
- .addAttribute(DomainDefinition.REALM_MAPPER)
- .addAttribute(DomainDefinition.ROLE_MAPPER)
- .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
- .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
- .addAttribute(DomainDefinition.REALMS)
- .build();
-
- final PersistentResourceXMLDescription dirContextParser = PersistentResourceXMLDescription.decorator(DIR_CONTEXTS)
- .addChild(builder(PathElement.pathElement(ElytronDescriptionConstants.DIR_CONTEXT))
- .addAttributes(DirContextDefinition.ATTRIBUTES))
- .build();
-
-
- private static class JaccPolicyDefinition {
- static ObjectTypeAttributeDefinition POLICY = new ObjectTypeAttributeDefinition.Builder(JACC_POLICY, PolicyDefinitions.RESOURCE_NAME, PolicyDefinitions.JaccPolicyDefinition.POLICY_PROVIDER, PolicyDefinitions.JaccPolicyDefinition.CONFIGURATION_FACTORY, PolicyDefinitions.JaccPolicyDefinition.MODULE).build();
- static final ObjectListAttributeDefinition POLICIES = new ObjectListAttributeDefinition.Builder(JACC_POLICY, POLICY)
- .setMinSize(1)
- .setRequired(false)
- .build();
- }
-
- private static class CustomPolicyDefinition {
- static ObjectTypeAttributeDefinition POLICY = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.CUSTOM_POLICY, PolicyDefinitions.RESOURCE_NAME, PolicyDefinitions.CustomPolicyDefinition.CLASS_NAME, PolicyDefinitions.CustomPolicyDefinition.MODULE).build();
- static final ObjectListAttributeDefinition POLICIES = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.CUSTOM_POLICY, POLICY)
- .setRequired(false)
- .build();
- }
-
- private final PersistentResourceXMLDescription policyParser = builder(PathElement.pathElement(POLICY))
- .setNameAttributeName(PolicyDefinitions.DEFAULT_POLICY.getName())
- .addAttribute(PolicyDefinitions.DEFAULT_POLICY)
- .addAttribute(JaccPolicyDefinition.POLICIES, AttributeParsers.UNWRAPPED_OBJECT_LIST_PARSER, AttributeMarshallers.OBJECT_LIST_UNWRAPPED)
- .addAttribute(CustomPolicyDefinition.POLICIES, AttributeParsers.UNWRAPPED_OBJECT_LIST_PARSER, AttributeMarshallers.OBJECT_LIST_UNWRAPPED)
- .build();
-
- PersistentResourceXMLDescription getMapperParser() {
- return new MapperParser(MapperParser.Version.VERSION_1_0).getParser();
- }
-
- PersistentResourceXMLDescription getCredentialStoresParser() {
- return new CredentialStoreParser().getCredentialStoresParser().build();
- }
-
- PersistentResourceXMLDescription getDomainParser() {
- return domainParser;
- }
-
- PersistentResourceXMLDescription getDirContextParser() {
- return dirContextParser;
- }
-
- PersistentResourceXMLDescription getPolicyParser() {
- return policyParser;
- }
-
- PersistentResourceXMLDescription getHttpParser() {
- return new HttpParser().parser;
- }
-
- PersistentResourceXMLDescription getSaslParser() {
- return new SaslParser().parser;
- }
-
- PersistentResourceXMLDescription getTlsParser() {
- return new TlsParser().tlsParser;
- }
-
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser;
- }
-
- PersistentResourceXMLDescription getAuthenticationClientParser() {
- return new AuthenticationClientParser().parser;
- }
-
- PersistentResourceXMLDescription getAuditLoggingParser() {
- return new AuditLoggingParser().parser;
- }
-
- PersistentResourceXMLDescription getProviderParser() {
- return new ProviderParser().parser;
- }
-
- PersistentResourceXMLDescription getCredentialSecurityFactoryParser() {
- return new CredentialSecurityFactoryParser().parser;
- }
-
-
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_1_0;
- }
-
- @Override
- public PersistentResourceXMLDescription getParserDescription() {
- return PersistentResourceXMLDescription.builder(ElytronExtension.SUBSYSTEM_PATH, getNameSpace())
- .addAttribute(ElytronDefinition.DEFAULT_AUTHENTICATION_CONTEXT)
- .addAttribute(ElytronDefinition.INITIAL_PROVIDERS)
- .addAttribute(ElytronDefinition.FINAL_PROVIDERS)
- .addAttribute(ElytronDefinition.DISALLOWED_PROVIDERS)
- .addAttribute(ElytronDefinition.SECURITY_PROPERTIES, new AttributeParsers.PropertiesParser(null, SECURITY_PROPERTY, true), new AttributeMarshallers.PropertiesAttributeMarshaller(null, SECURITY_PROPERTY, true))
- .addChild(getAuthenticationClientParser())
- .addChild(getAuditLoggingParser())
- .addChild(getProviderParser())
- .addChild(getDomainParser())
- .addChild(getRealmParser())
- .addChild(getMapperParser())
- .addChild(getTlsParser())
- .addChild(getDirContextParser())
- .addChild(getCredentialStoresParser())
- .addChild(getSaslParser())
- .addChild(getHttpParser())
- .addChild(getPolicyParser())
- .addChild(getCredentialSecurityFactoryParser())
- .build();
- }
-
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_1.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_1.java
deleted file mode 100644
index ec61b9e5eab..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_1.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml
- *
- * @author Darran Lofthouse *
- * @author Tomaz Cerar
- */
-class ElytronSubsystemParser1_1 extends ElytronSubsystemParser1_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_1_1;
- }
-
- protected PersistentResourceXMLDescription getMapperParser() {
- return new MapperParser(MapperParser.Version.VERSION_1_1).getParser();
- }
-
-
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_2.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_2.java
deleted file mode 100644
index 19238ac6b2e..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser1_2.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.POLICY;
-
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml
- *
- * @author Darran Lofthouse *
- * @author Tomaz Cerar
- */
-class ElytronSubsystemParser1_2 extends ElytronSubsystemParser1_1 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_1_2;
- }
-
- @Override
- PersistentResourceXMLDescription getPolicyParser() {
- return PersistentResourceXMLDescription.builder(PathElement.pathElement(POLICY))
- .addAttribute(PolicyDefinitions.JaccPolicyDefinition.POLICY)
- .addAttribute(PolicyDefinitions.CustomPolicyDefinition.POLICY)
- .build();
- }
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser2_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser2_0.java
deleted file mode 100644
index dfd53b64570..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser2_0.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_PROPERTY;
-
-import org.jboss.as.controller.AttributeMarshallers;
-import org.jboss.as.controller.AttributeParsers;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml
- *
- * @author Darran Lofthouse *
- * @author Tomaz Cerar
- * @since 4.0
- */
-class ElytronSubsystemParser2_0 extends ElytronSubsystemParser1_2 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_2_0;
- }
- //at this point definition below is not really needed as it is the same as for 1.1, but it is here as place holder when subsystem parser evolves.
- @Override
- public PersistentResourceXMLDescription getParserDescription() {
- return PersistentResourceXMLDescription.builder(ElytronExtension.SUBSYSTEM_PATH, getNameSpace())
- .addAttribute(ElytronDefinition.DEFAULT_AUTHENTICATION_CONTEXT)
- .addAttribute(ElytronDefinition.INITIAL_PROVIDERS)
- .addAttribute(ElytronDefinition.FINAL_PROVIDERS)
- .addAttribute(ElytronDefinition.DISALLOWED_PROVIDERS)
- .addAttribute(ElytronDefinition.SECURITY_PROPERTIES, new AttributeParsers.PropertiesParser(null, SECURITY_PROPERTY, true), new AttributeMarshallers.PropertiesAttributeMarshaller(null, SECURITY_PROPERTY, true))
- .addChild(getAuthenticationClientParser())
- .addChild(getProviderParser())
- .addChild(getAuditLoggingParser())
- .addChild(getDomainParser())
- .addChild(getRealmParser())
- .addChild(getCredentialSecurityFactoryParser())
- .addChild(getMapperParser())
- .addChild(getHttpParser())
- .addChild(getSaslParser())
- .addChild(getTlsParser())
- .addChild(getCredentialStoresParser())
- .addChild(getDirContextParser())
- .addChild(getPolicyParser())
- .build();
- }
-
-
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser3_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser3_0.java
deleted file mode 100644
index 06b47d44cbe..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser3_0.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.PERMISSION_SETS;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_PROPERTY;
-import static org.wildfly.extension.elytron.PermissionMapperDefinitions.PERMISSIONS;
-
-import org.jboss.as.controller.AttributeMarshallers;
-import org.jboss.as.controller.AttributeParsers;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- * @since 5.0
- */
-class ElytronSubsystemParser3_0 extends ElytronSubsystemParser2_0 {
-
- final PersistentResourceXMLDescription permissionSetParser = PersistentResourceXMLDescription.builder(PermissionSetDefinition.getPermissionSet().getPathElement())
- .setXmlWrapperElement(PERMISSION_SETS)
- .addAttribute(PERMISSIONS)
- .build();
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_3_0;
- }
-
- @Override
- public PersistentResourceXMLDescription getParserDescription() {
- return PersistentResourceXMLDescription.builder(ElytronExtension.SUBSYSTEM_PATH, getNameSpace())
- .addAttribute(ElytronDefinition.DEFAULT_AUTHENTICATION_CONTEXT)
- .addAttribute(ElytronDefinition.INITIAL_PROVIDERS)
- .addAttribute(ElytronDefinition.FINAL_PROVIDERS)
- .addAttribute(ElytronDefinition.DISALLOWED_PROVIDERS)
- .addAttribute(ElytronDefinition.SECURITY_PROPERTIES, new AttributeParsers.PropertiesParser(null, SECURITY_PROPERTY, true), new AttributeMarshallers.PropertiesAttributeMarshaller(null, SECURITY_PROPERTY, true))
- .addChild(getAuthenticationClientParser())
- .addChild(getProviderParser())
- .addChild(getAuditLoggingParser())
- .addChild(getDomainParser())
- .addChild(getRealmParser())
- .addChild(getCredentialSecurityFactoryParser())
- .addChild(getMapperParser())
- .addChild(getPermissionSetParser()) // new
- .addChild(getHttpParser())
- .addChild(getSaslParser())
- .addChild(getTlsParser())
- .addChild(getCredentialStoresParser())
- .addChild(getDirContextParser())
- .addChild(getPolicyParser())
- .build();
- }
-
- protected PersistentResourceXMLDescription getMapperParser() {
- return new MapperParser(MapperParser.Version.VERSION_3_0).getParser();
- }
-
- PersistentResourceXMLDescription getPermissionSetParser() {
- return permissionSetParser;
- }
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser4_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser4_0.java
deleted file mode 100644
index 68d6dc0da6e..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser4_0.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Darran Lofthouse
- * @since 6.0
- */
-public class ElytronSubsystemParser4_0 extends ElytronSubsystemParser3_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_4_0;
- }
-
- @Override
- PersistentResourceXMLDescription getAuditLoggingParser() {
- return new AuditLoggingParser().parser4_0;
- }
-
- @Override
- protected PersistentResourceXMLDescription getMapperParser() {
- return new MapperParser(MapperParser.Version.VERSION_4_0).getParser();
- }
-
- @Override
- PersistentResourceXMLDescription getTlsParser() {
- return new TlsParser().tlsParser_4_0;
- }
-
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser5_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser5_0.java
deleted file mode 100644
index f8a68ef2d61..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser5_0.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JASPI;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JASPI_CONFIGURATION;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_PROPERTY;
-
-import org.jboss.as.controller.AttributeMarshallers;
-import org.jboss.as.controller.AttributeParsers;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Darran Lofthouse
- * @since 7.0
- */
-public class ElytronSubsystemParser5_0 extends ElytronSubsystemParser4_0 {
-
- final PersistentResourceXMLDescription jaspiConfigurationParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(JASPI_CONFIGURATION))
- .setXmlWrapperElement(JASPI)
- .addAttributes(JaspiDefinition.ATTRIBUTES)
- .build();
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_5_0;
- }
-
- public PersistentResourceXMLDescription getParserDescription() {
- return PersistentResourceXMLDescription.builder(ElytronExtension.SUBSYSTEM_PATH, getNameSpace())
- .addAttribute(ElytronDefinition.DEFAULT_AUTHENTICATION_CONTEXT)
- .addAttribute(ElytronDefinition.INITIAL_PROVIDERS)
- .addAttribute(ElytronDefinition.FINAL_PROVIDERS)
- .addAttribute(ElytronDefinition.DISALLOWED_PROVIDERS)
- .addAttribute(ElytronDefinition.SECURITY_PROPERTIES, new AttributeParsers.PropertiesParser(null, SECURITY_PROPERTY, true), new AttributeMarshallers.PropertiesAttributeMarshaller(null, SECURITY_PROPERTY, true))
- .addAttribute(ElytronDefinition.REGISTER_JASPI_FACTORY)
- .addAttribute(ElytronDefinition.DEFAULT_SSL_CONTEXT)
- .addChild(getAuthenticationClientParser())
- .addChild(getProviderParser())
- .addChild(getAuditLoggingParser())
- .addChild(getDomainParser())
- .addChild(getRealmParser())
- .addChild(getCredentialSecurityFactoryParser())
- .addChild(getMapperParser())
- .addChild(getPermissionSetParser())
- .addChild(getHttpParser())
- .addChild(getSaslParser())
- .addChild(getTlsParser())
- .addChild(getCredentialStoresParser())
- .addChild(getDirContextParser())
- .addChild(getPolicyParser())
- .addChild(jaspiConfigurationParser) // new
- .build();
- }
-
- @Override
- PersistentResourceXMLDescription getAuditLoggingParser() {
- return new AuditLoggingParser().parser5_0;
- }
-
- @Override
- PersistentResourceXMLDescription getTlsParser() {
- return new TlsParser().tlsParser_5_0;
- }
-
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser6_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser6_0.java
deleted file mode 100644
index 34092221d48..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser6_0.java
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Darran Lofthouse
- * @since 8.0
- */
-public class ElytronSubsystemParser6_0 extends ElytronSubsystemParser5_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_6_0;
- }
-
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser7_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser7_0.java
deleted file mode 100644
index 9c5ea644265..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser7_0.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Darran Lofthouse
- * @since 9.0
- */
-public class ElytronSubsystemParser7_0 extends ElytronSubsystemParser6_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_7_0;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_7_0;
- }
-
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser8_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser8_0.java
deleted file mode 100644
index 91958ff7066..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser8_0.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAIN;
-import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAINS;
-
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- * @since 10.0
- */
-public class ElytronSubsystemParser8_0 extends ElytronSubsystemParser7_0 {
-
- final PersistentResourceXMLDescription domainParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
- .setXmlWrapperElement(SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.DEFAULT_REALM)
- .addAttribute(DomainDefinition.PERMISSION_MAPPER)
- .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
- .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
- .addAttribute(DomainDefinition.REALM_MAPPER)
- .addAttribute(DomainDefinition.ROLE_MAPPER)
- .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
- .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
- .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
- .addAttribute(DomainDefinition.REALMS)
- .addAttribute(DomainDefinition.EVIDENCE_DECODER) // new
- .build();
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_8_0;
- }
-
- @Override
- PersistentResourceXMLDescription getRealmParser() {
- return new RealmParser().realmParser_8_0;
- }
-
- PersistentResourceXMLDescription getTlsParser() {
- return new TlsParser().tlsParser_8_0;
- }
-
- @Override
- protected PersistentResourceXMLDescription getMapperParser() {
- return new MapperParser(MapperParser.Version.VERSION_8_0).getParser();
- }
-
-
- @Override
- PersistentResourceXMLDescription getDomainParser() {
- return domainParser;
- }
-
- @Override
- PersistentResourceXMLDescription getAuditLoggingParser() {
- return new AuditLoggingParser().parser8_0;
- }
-}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser9_0.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser9_0.java
deleted file mode 100644
index 1cc109255b9..00000000000
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser9_0.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import org.jboss.as.controller.PersistentResourceXMLDescription;
-
-/**
- * The subsystem parser, which uses stax to read and write to and from xml.
- *
- * @author Farah Juma
- * @since 11.0
- */
-public class ElytronSubsystemParser9_0 extends ElytronSubsystemParser8_0 {
-
- @Override
- String getNameSpace() {
- return ElytronExtension.NAMESPACE_9_0;
- }
-
-
- @Override
- PersistentResourceXMLDescription getAuthenticationClientParser() {
- return new AuthenticationClientParser().parser_9_0;
- }
-
-
- PersistentResourceXMLDescription getTlsParser() {
- return new TlsParser().tlsParser_9_0;
- }
-
-}
-
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemSchema.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemSchema.java
new file mode 100644
index 00000000000..bf7e1f567dc
--- /dev/null
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemSchema.java
@@ -0,0 +1,291 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.wildfly.extension.elytron;
+
+import org.jboss.as.controller.AttributeMarshallers;
+import org.jboss.as.controller.AttributeParsers;
+import org.jboss.as.controller.Feature;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.PersistentResourceXMLDescription;
+import org.jboss.as.controller.PersistentSubsystemSchema;
+import org.jboss.as.controller.SubsystemSchema;
+import org.jboss.as.controller.xml.VersionedNamespace;
+import org.jboss.as.version.Stability;
+import org.jboss.staxmapper.IntVersion;
+
+import java.util.EnumSet;
+import java.util.Map;
+
+import static org.jboss.as.controller.PersistentResourceXMLDescription.builder;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.DIR_CONTEXTS;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.ENCRYPTION;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.EXPRESSION;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.EXPRESSION_RESOLVER;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.PERMISSION_SETS;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_PROPERTY;
+import static org.wildfly.extension.elytron.PermissionMapperDefinitions.PERMISSIONS;
+import static org.wildfly.extension.elytron.SSLDefinitions.getDynamicClientSSLContextDefinition;
+
+/**
+ * Enumeration of elytron subsystem schema versions.
+ */
+public enum ElytronSubsystemSchema implements PersistentSubsystemSchema {
+ VERSION_1_0(1),
+ VERSION_1_1(1, 1),
+ VERSION_1_2(1, 2),
+ VERSION_2_0(2),
+ VERSION_3_0(3),
+ VERSION_4_0(4),
+ VERSION_5_0(5),
+ VERSION_6_0(6),
+ VERSION_7_0(7),
+ VERSION_8_0(8),
+ VERSION_9_0(9),
+ VERSION_10_0(10),
+ VERSION_11_0(11),
+ VERSION_12_0(12),
+ VERSION_13_0(13),
+ VERSION_14_0(14),
+ VERSION_15_0(15),
+ VERSION_15_1(15, 1),
+ VERSION_16_0(16),
+ VERSION_17_0(17),
+ VERSION_18_0(18),
+ VERSION_18_0_COMMUNITY(18, Stability.COMMUNITY),
+ ;
+ static final Map CURRENT = Feature.map(EnumSet.of(VERSION_18_0, VERSION_18_0_COMMUNITY));
+
+ private final VersionedNamespace namespace;
+
+ ElytronSubsystemSchema(int major) {
+ this.namespace = SubsystemSchema.createSubsystemURN(ElytronExtension.SUBSYSTEM_NAME, new IntVersion(major));
+ }
+
+ ElytronSubsystemSchema(int major, int minor) {
+ this.namespace = SubsystemSchema.createSubsystemURN(ElytronExtension.SUBSYSTEM_NAME, new IntVersion(major, minor));
+ }
+
+ ElytronSubsystemSchema(int major, Stability stability) {
+ this.namespace = SubsystemSchema.createSubsystemURN(ElytronExtension.SUBSYSTEM_NAME, stability, new IntVersion(major));
+ }
+
+ @Override
+ public VersionedNamespace getNamespace() {
+ return this.namespace;
+ }
+
+ @Override
+ public PersistentResourceXMLDescription getXMLDescription() {
+ PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder = builder(ElytronExtension.SUBSYSTEM_PATH, this.getNamespace());
+ if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addAttribute(ElytronDefinition.DEFAULT_AUTHENTICATION_CONTEXT)
+ .addAttribute(ElytronDefinition.INITIAL_PROVIDERS)
+ .addAttribute(ElytronDefinition.FINAL_PROVIDERS)
+ .addAttribute(ElytronDefinition.DISALLOWED_PROVIDERS)
+ .addAttribute(ElytronDefinition.SECURITY_PROPERTIES, new AttributeParsers.PropertiesParser(null, SECURITY_PROPERTY, true), new AttributeMarshallers.PropertiesAttributeMarshaller(null, SECURITY_PROPERTY, true));
+ }
+
+ if (this.since(ElytronSubsystemSchema.VERSION_5_0)) {
+ builder.addAttribute(ElytronDefinition.REGISTER_JASPI_FACTORY)
+ .addAttribute(ElytronDefinition.DEFAULT_SSL_CONTEXT);
+ }
+
+ addAuthenticationClientParser(builder);
+ addProviderParser(builder);
+ addAuditLoggingParser(builder);
+ addSecurityDomainParser(builder);
+ addRealmParser(builder);
+ addCredentialSecurityFactoryParser(builder);
+ addMapperParser(builder);
+ addPermissionSetParser(builder);
+ addHttpParser(builder);
+ addSaslParser(builder);
+ addTlsParser(builder);
+ addCredentialStoreParser(builder);
+ addExpressionResolverParser(builder);
+ addDirContextParser(builder);
+ addPolicyParser(builder);
+ addJaspiConfigurationParser(builder);
+
+ return builder.build();
+ }
+
+ private void addJaspiConfigurationParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_5_0)) {
+ builder.addChild(new JaspiConfigurationParser().jaspiConfigurationParser_5_0);
+ }
+ }
+
+ private void addDirContextParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(PersistentResourceXMLDescription.decorator(DIR_CONTEXTS)
+ .addChild(builder(PathElement.pathElement(ElytronDescriptionConstants.DIR_CONTEXT))
+ .addAttributes(DirContextDefinition.ATTRIBUTES))
+ .build());
+ }
+ }
+
+ private void addExpressionResolverParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_13_0)) {
+ builder.addChild(PersistentResourceXMLDescription.builder(
+ PathElement.pathElement(EXPRESSION, ENCRYPTION))
+ .setXmlElementName(EXPRESSION_RESOLVER)
+ .addAttribute(ExpressionResolverResourceDefinition.RESOLVERS)
+ .addAttribute(ExpressionResolverResourceDefinition.DEFAULT_RESOLVER)
+ .addAttribute(ExpressionResolverResourceDefinition.PREFIX)
+ .build());
+ }
+ }
+
+ private void addSaslParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(new SaslParser().parser);
+ }
+ }
+
+ private void addHttpParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(new HttpParser().parser);
+ }
+ }
+
+ private void addPermissionSetParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_3_0)) {
+ builder.addChild(PersistentResourceXMLDescription.builder(PermissionSetDefinition.getPermissionSet().getPathElement())
+ .setXmlWrapperElement(PERMISSION_SETS)
+ .addAttribute(PERMISSIONS)
+ .build());
+ }
+ }
+
+ private void addCredentialSecurityFactoryParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(new CredentialSecurityFactoryParser().parser);
+ }
+ }
+
+ private void addProviderParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(new ProviderParser().parser);
+ }
+ }
+
+ private void addPolicyParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ PolicyParser policyParser = new PolicyParser();
+ if (this.since(ElytronSubsystemSchema.VERSION_1_2)) {
+ builder.addChild(policyParser.parser_1_2);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(policyParser.parser_1_0);
+ }
+ }
+
+ private void addCredentialStoreParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ CredentialStoreParser credentialStoreParser = new CredentialStoreParser();
+ if (this.since(ElytronSubsystemSchema.VERSION_13_0)) {
+ builder.addChild(credentialStoreParser.getCredentialStoresParser_13().build());
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(credentialStoreParser.getCredentialStoresParser().build());
+ }
+ }
+
+ private void addTlsParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ TlsParser tlsParser = new TlsParser();
+ if (this.since(ElytronSubsystemSchema.VERSION_18_0_COMMUNITY) && this.enables(getDynamicClientSSLContextDefinition())) {
+ builder.addChild(tlsParser.tlsParserCommunity_18_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_14_0)) {
+ builder.addChild(tlsParser.tlsParser_14_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_12_0)) {
+ builder.addChild(tlsParser.tlsParser_12_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_9_0)) {
+ builder.addChild(tlsParser.tlsParser_9_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_8_0)) {
+ builder.addChild(tlsParser.tlsParser_8_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_5_0)) {
+ builder.addChild(tlsParser.tlsParser_5_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_4_0)) {
+ builder.addChild(tlsParser.tlsParser_4_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(tlsParser.tlsParser_1_0);
+ }
+ }
+
+ private void addMapperParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ if (this.since(ElytronSubsystemSchema.VERSION_12_0)) {
+ builder.addChild(new MapperParser(MapperParser.Version.VERSION_12_0).getParser());
+ } else if (this.since(ElytronSubsystemSchema.VERSION_10_0)) {
+ builder.addChild(new MapperParser(MapperParser.Version.VERSION_10_0).getParser());
+ } else if (this.since(ElytronSubsystemSchema.VERSION_8_0)) {
+ builder.addChild(new MapperParser(MapperParser.Version.VERSION_8_0).getParser());
+ } else if (this.since(ElytronSubsystemSchema.VERSION_4_0)) {
+ builder.addChild(new MapperParser(MapperParser.Version.VERSION_4_0).getParser());
+ } else if (this.since(ElytronSubsystemSchema.VERSION_3_0)) {
+ builder.addChild(new MapperParser(MapperParser.Version.VERSION_3_0).getParser());
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_1)) {
+ builder.addChild(new MapperParser(MapperParser.Version.VERSION_1_1).getParser());
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(new MapperParser(MapperParser.Version.VERSION_1_0).getParser());
+ }
+ }
+
+ private void addRealmParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ RealmParser realmParser = new RealmParser();
+ if (this.since(ElytronSubsystemSchema.VERSION_18_0)) {
+ builder.addChild(realmParser.realmParser_18);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_16_0)) {
+ builder.addChild(realmParser.realmParser_16);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_15_1)) {
+ builder.addChild(realmParser.realmParser_15_1);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_15_0)) {
+ builder.addChild(realmParser.realmParser_15_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_14_0)) {
+ builder.addChild(realmParser.realmParser_14_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_11_0)) {
+ builder.addChild(realmParser.realmParser_11_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_8_0)) {
+ builder.addChild(realmParser.realmParser_8_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_7_0)) {
+ builder.addChild(realmParser.realmParser_7_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(realmParser.realmParser);
+ }
+ }
+
+ private void addSecurityDomainParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ SecurityDomainParser securityDomainParser = new SecurityDomainParser();
+ if (this.since(ElytronSubsystemSchema.VERSION_17_0)) {
+ builder.addChild(securityDomainParser.parser_17_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_10_0)) {
+ builder.addChild(securityDomainParser.parser_10_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_8_0)) {
+ builder.addChild(securityDomainParser.parser_8_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(securityDomainParser.parser_1_0);
+ }
+ }
+
+ private void addAuditLoggingParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ AuditLoggingParser auditLoggingParser = new AuditLoggingParser();
+ if (this.since(ElytronSubsystemSchema.VERSION_18_0)) {
+ builder.addChild(auditLoggingParser.parser18_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_8_0)) {
+ builder.addChild(auditLoggingParser.parser8_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_5_0)) {
+ builder.addChild(auditLoggingParser.parser5_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_4_0)) {
+ builder.addChild(auditLoggingParser.parser4_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(auditLoggingParser.parser);
+ }
+ }
+
+ private void addAuthenticationClientParser(PersistentResourceXMLDescription.PersistentResourceXMLBuilder builder) {
+ AuthenticationClientParser authenticationClientParser = new AuthenticationClientParser();
+ if (this.since(ElytronSubsystemSchema.VERSION_9_0)) {
+ builder.addChild(authenticationClientParser.parser_9_0);
+ } else if (this.since(ElytronSubsystemSchema.VERSION_1_0)) {
+ builder.addChild(authenticationClientParser.parser);
+ }
+ }
+}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemTransformers.java b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemTransformers.java
index 1cb38056733..faa4b93f973 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemTransformers.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemTransformers.java
@@ -170,6 +170,8 @@ private static void from18(ChainedTransformationDescriptionBuilder chainedBuilde
.setDiscard(DiscardAttributeChecker.UNDEFINED, EMIT_EVENTS)
.addRejectCheck(new RejectAttributeChecker.SimpleRejectAttributeChecker(ModelNode.TRUE), IGNORE_UNAVAILABLE_REALMS)
.addRejectCheck(RejectAttributeChecker.DEFINED, EMIT_EVENTS);
+ builder.rejectChildResource(PathElement.pathElement(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXTS));
+ builder.rejectChildResource(PathElement.pathElement(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT));
}
private static void from17(ChainedTransformationDescriptionBuilder chainedBuilder) {
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/JaspiConfigurationParser.java b/elytron/src/main/java/org/wildfly/extension/elytron/JaspiConfigurationParser.java
new file mode 100644
index 00000000000..87a0545e187
--- /dev/null
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/JaspiConfigurationParser.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.extension.elytron;
+
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.PersistentResourceXMLDescription;
+
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JASPI;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JASPI_CONFIGURATION;
+
+class JaspiConfigurationParser {
+
+ final PersistentResourceXMLDescription jaspiConfigurationParser_5_0 = PersistentResourceXMLDescription.builder(PathElement.pathElement(JASPI_CONFIGURATION))
+ .setXmlWrapperElement(JASPI)
+ .addAttributes(JaspiDefinition.ATTRIBUTES)
+ .build();
+}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/PolicyParser.java b/elytron/src/main/java/org/wildfly/extension/elytron/PolicyParser.java
new file mode 100644
index 00000000000..f7ff03815f3
--- /dev/null
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/PolicyParser.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.extension.elytron;
+
+import org.jboss.as.controller.AttributeMarshallers;
+import org.jboss.as.controller.AttributeParsers;
+import org.jboss.as.controller.ObjectListAttributeDefinition;
+import org.jboss.as.controller.ObjectTypeAttributeDefinition;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.PersistentResourceXMLDescription;
+
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JACC_POLICY;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.POLICY;
+
+class PolicyParser {
+
+ PersistentResourceXMLDescription parser_1_0 = PersistentResourceXMLDescription.builder(PathElement.pathElement(POLICY))
+ .setNameAttributeName(PolicyDefinitions.DEFAULT_POLICY.getName())
+ .addAttribute(PolicyDefinitions.DEFAULT_POLICY)
+ .addAttribute(JaccPolicyDefinition.POLICIES, AttributeParsers.UNWRAPPED_OBJECT_LIST_PARSER, AttributeMarshallers.OBJECT_LIST_UNWRAPPED)
+ .addAttribute(CustomPolicyDefinition.POLICIES, AttributeParsers.UNWRAPPED_OBJECT_LIST_PARSER, AttributeMarshallers.OBJECT_LIST_UNWRAPPED)
+ .build();
+
+ PersistentResourceXMLDescription parser_1_2 = PersistentResourceXMLDescription.builder(PathElement.pathElement(POLICY))
+ .addAttribute(PolicyDefinitions.JaccPolicyDefinition.POLICY)
+ .addAttribute(PolicyDefinitions.CustomPolicyDefinition.POLICY)
+ .build();
+
+ private static class JaccPolicyDefinition {
+ static ObjectTypeAttributeDefinition POLICY = new ObjectTypeAttributeDefinition.Builder(JACC_POLICY, PolicyDefinitions.RESOURCE_NAME, PolicyDefinitions.JaccPolicyDefinition.POLICY_PROVIDER, PolicyDefinitions.JaccPolicyDefinition.CONFIGURATION_FACTORY, PolicyDefinitions.JaccPolicyDefinition.MODULE).build();
+ static final ObjectListAttributeDefinition POLICIES = new ObjectListAttributeDefinition.Builder(JACC_POLICY, POLICY)
+ .setMinSize(1)
+ .setRequired(false)
+ .build();
+ }
+
+ private static class CustomPolicyDefinition {
+ static ObjectTypeAttributeDefinition POLICY = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.CUSTOM_POLICY, PolicyDefinitions.RESOURCE_NAME, PolicyDefinitions.CustomPolicyDefinition.CLASS_NAME, PolicyDefinitions.CustomPolicyDefinition.MODULE).build();
+ static final ObjectListAttributeDefinition POLICIES = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.CUSTOM_POLICY, POLICY)
+ .setRequired(false)
+ .build();
+ }
+}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/SSLContextResource.java b/elytron/src/main/java/org/wildfly/extension/elytron/SSLContextResource.java
index c9e5f8ad4ab..b83d88e23c7 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/SSLContextResource.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/SSLContextResource.java
@@ -21,6 +21,7 @@
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceController.State;
import org.wildfly.common.iteration.ByteIterator;
+import org.wildfly.security.auth.client.ActiveSessionsSSLContext;
/**
* A {@link Resource} to represent a server-ssl-context/client-ssl-context, the majority is actually model
@@ -129,6 +130,9 @@ public Resource clone() {
*/
private boolean hasActiveSessions() {
final SSLContext sslContext = getSSLContext(sslContextServiceController);
+ if (sslContext instanceof ActiveSessionsSSLContext) {
+ return ((ActiveSessionsSSLContext) sslContext).hasActiveSessions();
+ }
if (sslContext == null) return false;
SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
return sslSessionContext.getIds().hasMoreElements();
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java b/elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
index 2a0615ecf7f..e46fbfc91da 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
@@ -8,6 +8,7 @@
import static org.jboss.as.controller.capability.RuntimeCapability.buildDynamicCapabilityName;
import static org.jboss.as.controller.security.CredentialReference.handleCredentialReferenceUpdate;
import static org.jboss.as.controller.security.CredentialReference.rollbackCredentialStoreUpdate;
+import static org.wildfly.extension.elytron.Capabilities.AUTHENTICATION_CONTEXT_CAPABILITY;
import static org.wildfly.extension.elytron.Capabilities.KEY_MANAGER_CAPABILITY;
import static org.wildfly.extension.elytron.Capabilities.KEY_MANAGER_RUNTIME_CAPABILITY;
import static org.wildfly.extension.elytron.Capabilities.KEY_STORE_CAPABILITY;
@@ -56,6 +57,7 @@
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.BooleanSupplier;
+import java.util.function.Supplier;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
@@ -98,6 +100,7 @@
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.controller.services.path.PathManagerService;
+import org.jboss.as.version.Stability;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceBuilder;
@@ -112,12 +115,16 @@
import org.wildfly.extension.elytron.TrivialService.ValueSupplier;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
+import org.wildfly.security.auth.client.AuthenticationContext;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContextImpl;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismConfigurationSelector;
import org.wildfly.security.auth.server.RealmMapper;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContext;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContextException;
import org.wildfly.security.keystore.AliasFilter;
import org.wildfly.security.keystore.FilteringKeyStore;
import org.wildfly.security.password.interfaces.ClearPassword;
@@ -147,6 +154,13 @@ class SSLDefinitions {
.setRestartAllServices()
.build();
+ static final SimpleAttributeDefinition AUTHENTICATION_CONTEXT_ATTRIBUTE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT, ModelType.STRING, false)
+ .setMinSize(1)
+ .setRequired(true)
+ .setCapabilityReference(AUTHENTICATION_CONTEXT_CAPABILITY, SSL_CONTEXT_CAPABILITY)
+ .setRestartAllServices()
+ .build();
+
static final SimpleAttributeDefinition PROVIDER_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PROVIDER_NAME, ModelType.STRING, true)
.setAllowExpression(true)
.setMinSize(1)
@@ -1208,11 +1222,17 @@ public X509Certificate[] getAcceptedIssuers() {
}
private static ResourceDefinition createSSLContextDefinition(String pathKey, boolean server, AbstractAddStepHandler addHandler, AttributeDefinition[] attributes, boolean serverOrHostController) {
+ return createSSLContextDefinition(pathKey, server, addHandler, attributes, serverOrHostController, Stability.DEFAULT);
+ }
+
+ private static ResourceDefinition createSSLContextDefinition(String pathKey, boolean server, AbstractAddStepHandler addHandler, AttributeDefinition[] attributes, boolean serverOrHostController, Stability stability) {
+
Builder builder = TrivialResourceDefinition.builder()
.setPathKey(pathKey)
.setAddHandler(addHandler)
.setAttributes(attributes)
- .setRuntimeCapabilities(SSL_CONTEXT_RUNTIME_CAPABILITY);
+ .setRuntimeCapabilities(SSL_CONTEXT_RUNTIME_CAPABILITY)
+ .setStability(stability);
if (serverOrHostController) {
builder.addReadOnlyAttribute(ACTIVE_SESSION_COUNT, new SSLContextRuntimeHandler() {
@@ -1511,6 +1531,42 @@ protected void installedForResource(ServiceController serviceControl
return createSSLContextDefinition(ElytronDescriptionConstants.CLIENT_SSL_CONTEXT, false, add, attributes, serverOrHostController);
}
+ static ResourceDefinition getDynamicClientSSLContextDefinition() {
+
+ AttributeDefinition[] attributes = new AttributeDefinition[]{AUTHENTICATION_CONTEXT_ATTRIBUTE};
+ AbstractAddStepHandler add = new TrivialAddHandler(SSLContext.class, attributes, SSL_CONTEXT_RUNTIME_CAPABILITY) {
+ @Override
+ protected ValueSupplier getValueSupplier(ServiceBuilder serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
+ final String authenticationContextName = AUTHENTICATION_CONTEXT_ATTRIBUTE.resolveModelAttribute(context, model).asString();
+ String authenticationContextCapability = buildDynamicCapabilityName(AUTHENTICATION_CONTEXT_CAPABILITY, authenticationContextName);
+ ServiceName acServiceName = context.getCapabilityServiceName(authenticationContextCapability, AuthenticationContext.class);
+ Supplier authenticationContextSupplier = serviceBuilder.requires(acServiceName);
+
+ return () -> {
+ try {
+ return new DynamicSSLContext(new DynamicSSLContextImpl(authenticationContextSupplier.get()));
+ } catch (DynamicSSLContextException | GeneralSecurityException e) {
+ throw new RuntimeException(e);
+ }
+ };
+ }
+
+ @Override
+ protected Resource createResource(OperationContext context) {
+ SSLContextResource resource = new SSLContextResource(Resource.Factory.create(), false);
+ context.addResource(PathAddress.EMPTY_ADDRESS, resource);
+ return resource;
+ }
+
+ @Override
+ protected void installedForResource(ServiceController serviceController, Resource resource) {
+ ((SSLContextResource) resource).setSSLContextServiceController(serviceController);
+ }
+ };
+
+ return createSSLContextDefinition(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, false, add, attributes, false, Stability.COMMUNITY);
+ }
+
private static Provider[] filterProviders(Provider[] all, String provider) {
if (provider == null || all == null) return all;
List list = new ArrayList<>();
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/SecurityDomainParser.java b/elytron/src/main/java/org/wildfly/extension/elytron/SecurityDomainParser.java
new file mode 100644
index 00000000000..a1672c261f9
--- /dev/null
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/SecurityDomainParser.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.extension.elytron;
+
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.PersistentResourceXMLDescription;
+
+import static org.jboss.as.controller.PersistentResourceXMLDescription.decorator;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAIN;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SECURITY_DOMAINS;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.VIRTUAL_SECURITY_DOMAIN;
+
+class SecurityDomainParser {
+
+
+ final PersistentResourceXMLDescription securityDomainParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
+ .addAttribute(DomainDefinition.DEFAULT_REALM)
+ .addAttribute(DomainDefinition.PERMISSION_MAPPER)
+ .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
+ .addAttribute(DomainDefinition.REALM_MAPPER)
+ .addAttribute(DomainDefinition.ROLE_MAPPER)
+ .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.TRUSTED_VIRTUAL_SECURITY_DOMAINS) // new
+ .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
+ .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
+ .addAttribute(DomainDefinition.REALMS)
+ .addAttribute(DomainDefinition.EVIDENCE_DECODER)
+ .addAttribute(DomainDefinition.ROLE_DECODER)
+ .build();
+
+ final PersistentResourceXMLDescription virtualSecurityDomainParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(VIRTUAL_SECURITY_DOMAIN))
+ .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
+ .addAttribute(VirtualDomainDefinition.OUTFLOW_SECURITY_DOMAINS)
+ .addAttribute(VirtualDomainDefinition.AUTH_METHOD)
+ .build();
+
+ final PersistentResourceXMLDescription parser_17_0 = decorator(ElytronDescriptionConstants.SECURITY_DOMAINS)
+ .addChild(securityDomainParser)
+ .addChild(virtualSecurityDomainParser)
+ .build();
+
+ final PersistentResourceXMLDescription parser_10_0 = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
+ .setXmlWrapperElement(SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.DEFAULT_REALM)
+ .addAttribute(DomainDefinition.PERMISSION_MAPPER)
+ .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
+ .addAttribute(DomainDefinition.REALM_MAPPER)
+ .addAttribute(DomainDefinition.ROLE_MAPPER)
+ .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
+ .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
+ .addAttribute(DomainDefinition.REALMS)
+ .addAttribute(DomainDefinition.EVIDENCE_DECODER)
+ .addAttribute(DomainDefinition.ROLE_DECODER) // new
+ .build();
+
+ final PersistentResourceXMLDescription parser_8_0 = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
+ .setXmlWrapperElement(SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.DEFAULT_REALM)
+ .addAttribute(DomainDefinition.PERMISSION_MAPPER)
+ .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
+ .addAttribute(DomainDefinition.REALM_MAPPER)
+ .addAttribute(DomainDefinition.ROLE_MAPPER)
+ .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
+ .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
+ .addAttribute(DomainDefinition.REALMS)
+ .addAttribute(DomainDefinition.EVIDENCE_DECODER) // new
+ .build();
+
+ final PersistentResourceXMLDescription parser_1_0 = PersistentResourceXMLDescription.builder(PathElement.pathElement(SECURITY_DOMAIN))
+ .setXmlWrapperElement(SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.DEFAULT_REALM)
+ .addAttribute(DomainDefinition.PERMISSION_MAPPER)
+ .addAttribute(DomainDefinition.PRE_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.POST_REALM_PRINCIPAL_TRANSFORMER)
+ .addAttribute(DomainDefinition.PRINCIPAL_DECODER)
+ .addAttribute(DomainDefinition.REALM_MAPPER)
+ .addAttribute(DomainDefinition.ROLE_MAPPER)
+ .addAttribute(DomainDefinition.TRUSTED_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.OUTFLOW_ANONYMOUS)
+ .addAttribute(DomainDefinition.OUTFLOW_SECURITY_DOMAINS)
+ .addAttribute(DomainDefinition.SECURITY_EVENT_LISTENER)
+ .addAttribute(DomainDefinition.REALMS)
+ .build();
+}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/TlsParser.java b/elytron/src/main/java/org/wildfly/extension/elytron/TlsParser.java
index 341ab4de3ce..cd8592d815e 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/TlsParser.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/TlsParser.java
@@ -13,6 +13,8 @@
import static org.wildfly.extension.elytron.ElytronDescriptionConstants.CERTIFICATE_AUTHORITY_ACCOUNTS;
import static org.wildfly.extension.elytron.ElytronDescriptionConstants.CLIENT_SSL_CONTEXT;
import static org.wildfly.extension.elytron.ElytronDescriptionConstants.CLIENT_SSL_CONTEXTS;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXTS;
import static org.wildfly.extension.elytron.ElytronDescriptionConstants.FILTERING_KEY_STORE;
import static org.wildfly.extension.elytron.ElytronDescriptionConstants.HOST;
import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SNI_MAPPING;
@@ -195,6 +197,10 @@ class TlsParser {
.addAttribute(SSLDefinitions.PROVIDERS)
.addAttribute(SSLDefinitions.PROVIDER_NAME);
+ private PersistentResourceXMLBuilder dynamicClientSslContextParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(DYNAMIC_CLIENT_SSL_CONTEXT))
+ .setXmlWrapperElement(DYNAMIC_CLIENT_SSL_CONTEXTS)
+ .addAttribute(SSLDefinitions.AUTHENTICATION_CONTEXT_ATTRIBUTE);
+
private PersistentResourceXMLBuilder certificateAuthorityParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(CERTIFICATE_AUTHORITY))
.setXmlWrapperElement(CERTIFICATE_AUTHORITIES)
.addAttribute(CertificateAuthorityDefinition.URL)
@@ -250,7 +256,7 @@ public void marshallSingleElement(AttributeDefinition attribute, ModelNode mappi
});
// 1_0 to 3_0
- final PersistentResourceXMLDescription tlsParser = decorator(TLS)
+ final PersistentResourceXMLDescription tlsParser_1_0 = decorator(TLS)
.addChild(decorator(KEY_STORES)
.addChild(keyStoreParser)
.addChild(ldapKeyStoreParser)
@@ -349,4 +355,20 @@ public void marshallSingleElement(AttributeDefinition attribute, ModelNode mappi
.addChild(certificateAuthorityAccountParser)
.addChild(serverSslSniContextParser)
.build();
+
+ final PersistentResourceXMLDescription tlsParserCommunity_18_0 = decorator(TLS)
+ .addChild(decorator(KEY_STORES)
+ .addChild(keyStoreParser)
+ .addChild(ldapKeyStoreParser)
+ .addChild(filteringKeyStoreParser)
+ )
+ .addChild(keyManagerParser_12_0)
+ .addChild(trustManagerParser_14_0)
+ .addChild(serverSslContextParser_9_0)
+ .addChild(clientSslContextParser_9_0)
+ .addChild(certificateAuthorityParser)
+ .addChild(certificateAuthorityAccountParser)
+ .addChild(serverSslSniContextParser)
+ .addChild(dynamicClientSslContextParser) // new
+ .build();
}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/TrivialResourceDefinition.java b/elytron/src/main/java/org/wildfly/extension/elytron/TrivialResourceDefinition.java
index 533ad118376..9fbe0d781ba 100644
--- a/elytron/src/main/java/org/wildfly/extension/elytron/TrivialResourceDefinition.java
+++ b/elytron/src/main/java/org/wildfly/extension/elytron/TrivialResourceDefinition.java
@@ -18,11 +18,13 @@
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ResourceDefinition;
+import org.jboss.as.controller.ResourceRegistration;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
+import org.jboss.as.version.Stability;
/**
* A trivial {@link ResourceDefinition}
@@ -38,8 +40,8 @@ final class TrivialResourceDefinition extends SimpleResourceDefinition {
private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AbstractRemoveStepHandler remove, AttributeDefinition[] attributes,
Map readOnlyAttributes, Map operations, List children,
- RuntimeCapability>[] runtimeCapabilities) {
- super(new Parameters(PathElement.pathElement(pathKey),
+ RuntimeCapability>[] runtimeCapabilities, Stability stability) {
+ super(new Parameters(ResourceRegistration.of(PathElement.pathElement(pathKey), stability),
resourceDescriptionResolver)
.setAddHandler(add)
.setRemoveHandler(remove)
@@ -54,11 +56,11 @@ private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver re
}
TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability> ... runtimeCapabilities) {
- this(pathKey, resourceDescriptionResolver, add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities);
+ this(pathKey, resourceDescriptionResolver, add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
}
TrivialResourceDefinition(String pathKey, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability> ... runtimeCapabilities) {
- this(pathKey, ElytronExtension.getResourceDescriptionResolver(pathKey), add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities);
+ this(pathKey, ElytronExtension.getResourceDescriptionResolver(pathKey), add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
}
@Override
@@ -116,6 +118,7 @@ static class Builder {
private Map operations;
private RuntimeCapability>[] runtimeCapabilities;
private List children;
+ private Stability stability = Stability.DEFAULT;
Builder() {}
@@ -173,6 +176,11 @@ Builder setRuntimeCapabilities(RuntimeCapability> ... runtimeCapabilities) {
return this;
}
+ Builder setStability(Stability stability) {
+ this.stability = stability;
+ return this;
+ }
+
Builder addChild(ResourceDefinition child) {
if (children == null) {
children = new ArrayList<>();
@@ -187,7 +195,7 @@ ResourceDefinition build() {
ResourceDescriptionResolver resourceDescriptionResolver = this.resourceDescriptionResolver != null ? this.resourceDescriptionResolver : ElytronExtension.getResourceDescriptionResolver(pathKey);
return new TrivialResourceDefinition(pathKey, resourceDescriptionResolver, addHandler,
removeHandler != null ? removeHandler : new TrivialCapabilityServiceRemoveHandler(addHandler, runtimeCapabilities),
- attributes, readOnlyAttributes, operations, children, runtimeCapabilities);
+ attributes, readOnlyAttributes, operations, children, runtimeCapabilities, stability);
}
}
diff --git a/elytron/src/main/resources/org/wildfly/extension/elytron/LocalDescriptions.properties b/elytron/src/main/resources/org/wildfly/extension/elytron/LocalDescriptions.properties
index 64fa0e45c51..36d6297c7e5 100644
--- a/elytron/src/main/resources/org/wildfly/extension/elytron/LocalDescriptions.properties
+++ b/elytron/src/main/resources/org/wildfly/extension/elytron/LocalDescriptions.properties
@@ -1439,10 +1439,17 @@ elytron.client-ssl-context.ssl-session.peer-certificates.version=The certificate
# Operations
elytron.client-ssl-context.ssl-session.invalidate=Invalidate the SSLSession (Note: This does not terminate current connections, only prevents future connections from joining or resuming this session).
+elytron.dynamic-client-ssl-context=A Dynamic SSL context for use on the client side of a connection. It makes it possible to choose the SSL context to use based on the peer's host and port information
+# operations
+elytron.dynamic-client-ssl-context.add=Add the Dynamic Client SSL context definition.
+elytron.dynamic-client-ssl-context.remove=Remove the Dynamic Client SSL context definition.
+#Attributes
+elytron.dynamic-client-ssl-context.authentication-context=The authentication context that will be queried for SSL context based on peer information.
+
elytron.server-ssl-context=An SSLContext for use on the server side of a connection.
# operations
-elytron.server-ssl-context.add=Add the SSLContext definition.
-elytron.server-ssl-context.remove=Remove the SSLContext definition.
+elytron.server-ssl-context.add=Add the SSL context definition.
+elytron.server-ssl-context.remove=Remove the SSL context definition.
#Attributes
elytron.server-ssl-context.security-domain=The security domain to use for authentication during SSL session establishment.
elytron.server-ssl-context.cipher-suite-filter=The filter to apply to specify the enabled cipher suites for TLSv1.2 and below.
diff --git a/elytron/src/main/resources/schema/wildfly-elytron_community_18_0.xsd b/elytron/src/main/resources/schema/wildfly-elytron_community_18_0.xsd
new file mode 100644
index 00000000000..3b7daeb7ff9
--- /dev/null
+++ b/elytron/src/main/resources/schema/wildfly-elytron_community_18_0.xsd
@@ -0,0 +1,6441 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Reference to the default authentication context to be associated with all deployments.
+
+
+
+
+
+
+ Reference to a capability providing a Provider[] which will be registered globally ahead of all existing Provider registrations.
+
+
+
+
+
+
+ Reference to a capability providing a Provider[] which will be registered globally after all existing Provider registrations.
+
+
+
+
+
+
+ A list of providers that are disallowed, and will be removed from the providers list.
+
+
+
+
+
+
+ Should the WildFly Elytron AuthConfigFactory implementation be automatically registered.
+
+
+
+
+
+
+ Reference to an SSLContext which should be globally registered as the default.
+
+
+
+
+
+
+
+
+
+
+ Type to contain a list of security properties to be set.
+
+
+
+
+
+
+
+
+
+
+ Representation of a key/value property pair.
+
+
+
+
+
+ The key for this property.
+
+
+
+
+
+
+ The value for this property.
+
+
+
+
+
+
+
+
+
+
+
+ Definition of a Web Services configuration.
+
+
+
+
+
+ HTTP mechanism web services client will use when connecting to the server.
+
+
+
+
+
+
+ WS-security method web services client will use when connecting to the server.
+
+
+
+
+
+
+
+
+ Container for the authentication client definitions.
+
+
+
+
+
+
+
+
+
+
+
+ Authentication configuration definition.
+
+
+
+
+
+
+ An ordered list of properties to be used to configure all of the providers.
+
+
+
+
+
+
+
+
+
+
+
+ Credential to be used by the configuration.
+
+
+
+
+
+
+ Web Services client configuration definition.
+
+
+
+
+
+
+
+ The unique name for the authentication-configuration, note names used for authentication-configurations must be unique across the whole context.
+
+
+
+
+
+
+ Reference to a previously defined authentication configuration to extend.
+
+
+
+
+
+
+ Enables anonymous authentication.
+
+
+
+
+
+
+ The name to use for authentication.
+
+
+
+
+
+
+ The name to use for authorization.
+
+
+
+
+
+
+ The name of the host to use.
+
+
+
+
+
+
+ The protocol to use.
+
+
+
+
+
+
+ The port to use.
+
+
+
+
+
+
+ The realm to use.
+
+
+
+
+
+
+ Reference to a security domain to use for a forwarded identity.
+
+
+
+
+
+
+
+ The type of identity forwarding to use when security-domain is specified. The value "authenticaiton" forwards
+ the identity of the currently authenticated user, including credentials. The value "authorization" forwards
+ the underlying authorization identity, which allows for a different identity to be used for authentication.
+
+
+
+
+
+
+
+
+
+
+
+ The SASL mechanism selector string. Allows to specify allowed/forbidden SASL mechanisms.
+
+
+
+
+
+
+ Reference to a kerberos security factory used to obtain a GSS kerberos credential.
+
+
+
+
+
+
+
+
+ Authentication context definition.
+
+
+
+
+
+
+ An ordered list of match-rules to be defined on this authentication context.
+
+
+
+
+
+
+ Match based on abstract type.
+
+
+
+
+
+
+ Match based on abstract type authority.
+
+
+
+
+
+
+ Match based on host.
+
+
+
+
+
+
+ Match based on local security domain.
+
+
+
+
+
+
+ Match based on no user.
+
+
+
+
+
+
+ Match based on path.
+
+
+
+
+
+
+ Match based on port.
+
+
+
+
+
+
+ Match based on protocol.
+
+
+
+
+
+
+ Match based on urn.
+
+
+
+
+
+
+ Match based on user.
+
+
+
+
+
+
+ The AuthenticationConfiguration to use with this match.
+
+
+
+
+
+
+ The SSLContext to use with this match.
+
+
+
+
+
+
+
+
+
+ The unique name for the authentication-context, note names used for authentication-contexts must be unique across the whole context.
+
+
+
+
+
+
+ Reference to a previously defined authentication context to extend.
+
+ match-rules defined here are added after the rules of the parent.
+
+
+
+
+
+
+
+
+
+
+ Container of Provider configuration.
+
+
+
+
+
+
+
+
+
+
+
+ A PrincipalDecoder definition that is actually an aggregation of other PrincipalDecoders.
+
+
+
+
+
+
+
+
+ The name to use to represent this provider loader in the management model.
+
+
+
+
+
+
+
+
+ A reference to a Provider[] resource.
+
+
+
+
+
+
+
+
+ Definition of a single provider loader.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name to use to represent this provider loader in the management model.
+
+
+
+
+
+
+ The name of the module to use to load the providers.
+
+ If this is not specified the ClassLoader used to load the service will be used instead.
+
+
+
+
+
+
+ The fully qualified class names of the providers to load.
+
+ If this attribute is not specified then service loader based discovery will be used instead.
+
+
+
+
+
+
+ The path to the configuration to use to initialise the provider.
+
+
+
+
+
+
+ A reference to a previously defined path that the path of the configuration is
+ relative to.
+
+
+
+
+
+
+ Argument to pass into the constructor as the Provider is instantiated.
+
+ Can only be used where the class names to load are specified.
+
+
+
+
+
+
+
+
+
+
+ Container for the security domain definitions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The format type.
+
+
+
+
+
+
+
+
+
+
+
+ The syslog transport method type.
+
+
+
+
+
+
+
+
+
+
+
+
+ Base type for all audit log types.
+
+
+
+
+
+ The unique name for the audit log.
+
+
+
+
+
+
+
+
+ A security event listener definition that is actually an aggregation of other security event listeners.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A reference to a security event listener.
+
+
+
+
+
+
+
+
+ An audit log definition for persisting an audit log to a local file.
+
+
+
+
+
+
+
+ The path to write the audit log to.
+
+
+
+
+
+
+ A reference to a previously defined path that the path of the audit log is
+ relative to.
+
+
+
+
+
+
+ Whether every event should be immediately synchronised to disk.
+
+
+
+
+
+
+ Whether every event should be immediately flushed to output stream.
+ When not specified, "synchronized" value is used.
+
+
+
+
+
+
+ The format to use to log the event.
+
+
+
+
+
+
+ The file encoding to use.
+
+
+
+
+
+
+
+
+
+
+ An audit log definition for persisting an audit log to a local file rotating the log after a time period
+ derived from the given suffix string, which should be in a format understood by java.time.format.DateTimeFormatter.
+
+
+
+
+
+
+
+ The suffix string in a format which can be understood by java.time.format.DateTimeFormatter.
+ The period of the rotation is automatically calculated based on the suffix.
+
+
+
+
+
+
+
+
+
+
+ An audit log definition for persisting an audit log to a local file rotating the log after the
+ size of the file grows beyond a certain point and keeping a fixed number of backups.
+
+
+
+
+
+
+
+ The maximum number of files to backup when rotating.
+
+
+
+
+
+
+ Whether the file should be rotated before the a new file is set.
+
+
+
+
+
+
+ The log file size the file should rotate at.
+
+
+
+
+
+
+ Format of date used as suffix of log file names in java.time.format.DateTimeFormatter.
+ The suffix does not play a role in determining when the file should be rotated.
+
+
+
+
+
+
+
+
+
+
+ An audit log definition for persisting an audit log to a local file.
+
+
+
+
+
+
+
+ Address of the server to send syslog messages to.
+
+
+
+
+
+
+ The port number the remote syslog server is listening on.
+
+
+
+
+
+
+ The transport to use to communicate with the syslog server.
+
+
+
+
+
+
+ The format to use to log the event.
+
+
+
+
+
+
+ The host name to send within all events sent to the syslog server.
+
+
+
+
+
+
+ The name of ssl-context used to secure connection to the syslog server.
+ Applies only when SSL_TCP transport is used.
+
+
+
+
+
+
+ The RFC format to be used for formatting the log entry, default value of RFC5424.
+
+
+
+
+
+
+ The maximum amount of failed reconnect attempts that should be made for sending messages to a syslog server before the endpoint is closed, default value of 0 (no reconnect attempts).
+
+
+
+
+
+
+
+
+
+
+ A security event listener definition for a custom security event listener implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the security event listener implementation.
+
+ Note: If configuration is supplied the listener MUST implement a void initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Container for the security domain definitions.
+
+
+
+
+
+
+
+
+
+
+
+ Complex type for the definition of a single security domain.
+
+
+
+
+
+
+
+
+
+ Which of the listed realms should be the default?
+
+
+
+
+
+
+ Reference to the PrincipalTransformer to be applied before the realm is selected.
+
+
+
+
+
+
+ Reference to the PrincipalTransformer to be applied after the realm is selected.
+
+
+
+
+
+
+ Reference to the PrincipalDecoder to be used by this domain.
+
+
+
+
+
+
+ Reference to an EvidenceDecoder to be used by the domain.
+
+
+
+
+
+
+ Reference to a RoleDecoder to be used by the domain.
+
+
+
+
+
+
+ Reference to a RealmMapper to be used by this security domain.
+
+
+
+
+
+
+ Reference to a RoleMapper to be used by the domain.
+
+
+
+
+
+
+ Reference to the PermissionMapper to be used by the domain.
+
+
+
+
+
+
+ A list of references to security domains that are trusted by this security domain.
+
+
+
+
+
+
+ A list of references to virtual security domains that are trusted by this security domain.
+
+
+
+
+
+
+ Where automatic outflow to a security domain is configured, if outflowing
+ the current identity is not authorized should the
+ anonymous identity of that domain be used instead?
+
+ Outflowing an identity replaces any previously
+ established identity for the outflow domain for the
+ ongoing call, outflowing anonymous has the effect of
+ clearing the identity.
+
+
+
+
+
+
+ A list of references to security domains that any identity established for this
+ domain should automatically outflow to.
+
+
+
+
+
+
+ Reference to a security event listener to be notified of security events
+ emitted from this domain.
+
+
+
+
+
+
+
+
+ A reference to a security realm.
+
+
+
+
+
+
+ The PrincipalTransformer to be associated with this realm.
+
+
+
+
+
+
+ The RoleDecoder to be associated with this realm.
+
+
+
+
+
+
+ The RoleMapper to be associated with this realm.
+
+
+
+
+
+
+
+
+ Container for the security realm definitions.
+
+
+
+
+
+
+
+ Custom realm definitions can implement either the SecurityRealm interface or the ModifiableSecurityRealm interface.
+
+ Regardless of which interface is implemented management operations will not be exposed to manage the realm. However other
+ services that depend on the realm will still be able to perform a type check and cast to gain access to the modification API.
+
+
+
+
+
+
+ Custom realm configured as being modifiable will be expected to implement the ModifiableSecurityRealm interface.
+
+ By configuring a realm as being modifiable management operations will be made available to manipulate the realm.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Base type for all realm definitions.
+
+
+
+
+
+ The unique name for the realm, note names used for realms must be unique across the whole context.
+
+
+
+
+
+
+
+
+ A realm definition that is an aggregation of two realms, one for the authentication steps
+ and one for loading the identity for the authorization steps.
+
+
+
+
+
+
+
+ The name of the realm to use for the authentication steps (obtaining or validating credentials).
+
+
+
+
+
+
+ The name of the realm to use for the authorization steps (loading of the identity).
+
+ Exactly one of 'authorization-realm' and 'authorization-realms' must be specified.
+
+
+
+
+
+
+ A list of security realms that should be used for the authorizations steps resulting in an
+ aggregation of attributes if the identity is contained in multiple realms.
+
+ Exactly one of 'authorization-realm' and 'authorization-realms' must be specified.
+
+
+
+
+
+
+ A principal transformer to be applied after the authentication steps but before the authorization
+ steps.
+
+
+
+
+
+
+
+
+
+
+ A realm definition that enables caching to another security realm. Caching strategy is LRU (Least Recently Used) where least accessed entries are discarded when maximum number of entries is reached.
+
+
+
+
+
+
+
+ A reference to a cacheable security realm.
+
+
+
+
+
+
+ The maximum number of entries to keep in the cache.
+
+
+
+
+
+
+ The time in milliseconds that an item can stay in the cache.
+
+
+
+
+
+
+
+
+
+
+ Realm definition for a custom realm implementation.
+
+ Generally subsystems that provide security realms should make them available
+ using the capabilities and requirements features of the application
+ server, this custom mechanism is provided for truly isolated realm implementations.
+
+
+
+
+
+
+
+
+ The configuration to apply to the SecurityRealm implementation.
+
+ Note: If configuration is supplied the realm MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A realm definition for authentication and authorization of identities distributed between multiple realms.
+
+
+
+
+
+
+
+ A list of security realms that should be used for authentication until one succeeds.
+ At least one realm must be specified.
+
+
+
+
+
+
+ Whether subsequent realms should be checked after an unavailable realm is reached.
+ If set to false or not set, when the unavailable realm is reached org.wildfly.security.auth.server.RealmUnavailableException is thrown and the search stops.
+
+
+
+
+
+
+ Whether a SecurityEvent signifying realm unavailability should be emitted.
+
+
+
+
+
+
+
+
+
+
+ A realm definition which wraps one realm and delegates to another in case the first is unavailable.
+
+
+
+
+
+
+
+ The name of the realm to use as a default.
+
+
+
+
+
+
+ The name of the realm to use in case the default realm is unavailable.
+
+
+
+
+
+
+ Whenever security events should be emitted when failover takes place.
+
+
+
+
+
+
+
+
+
+
+ Realm definition for a realm which contains a single pre-defined identity.
+
+
+
+
+
+
+
+ The name of the identity available from the security realm.
+
+
+
+
+
+
+ The name of the attribute associated with this identity.
+
+
+
+
+
+
+ The values associated with the identity attributes.
+
+
+
+
+
+
+
+
+
+
+ A security realm definition backed by database using JDBC.
+
+
+
+
+
+
+
+
+
+
+ The character set to use when converting the password string
+ to a byte array.
+
+
+
+
+
+
+
+
+
+
+ A realm definition which uses JAAS Login Context to verify user's credentials.
+
+
+
+
+
+
+
+
+ The location of the file with JAAS Login Context configuration.
+
+
+
+
+
+
+
+ The name of the entry defined in JAAS configuration file that should be used.
+
+
+
+
+
+
+ The module with custom login module classes and optional custom callback handler class.
+
+
+
+
+
+
+ The class name of the callback handler to pass to JAAS Login Context.
+
+
+
+
+
+
+
+
+
+
+ The authentication query used to authenticate users based on specific key types.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The SQL statement used to obtain the keys(as table columns) for a specific user and map them accordingly with their type.
+
+
+
+
+
+
+ The name of the datasource used to connect to the database.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The configuration used to map a specific column in a table as an identity attribute.
+
+
+
+
+
+ The column index from a query that representing the mapped attribute.
+
+
+
+
+
+
+
+
+
+
+
+ The name of the identity attribute mapped from a column returned from a SQL query.
+
+
+
+
+
+
+
+
+ A key mapper that maps a column returned from a SQL query to a Clear Password key type.
+
+
+
+
+
+ The column index from an authentication query that represents the user's password.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A key mapper that maps a column returned from a SQL query to a Bcrypt key type.
+
+
+
+
+
+ The column index from an authentication query that represents the user's password.
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the password's salt, if supported.
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the password's iteration count, if supported.
+
+
+
+
+
+
+
+
+
+
+
+ The encoding of the password hash.
+
+
+
+
+
+
+
+
+
+
+
+
+ The encoding of the password salt.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A key mapper that maps a column returned from a SQL query to a Salted Simple Digest key type.
+
+
+
+
+
+ The encryption algorithm name to use.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the user's password.
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the password's salt, if supported.
+
+
+
+
+
+
+
+
+
+
+
+ The encoding of the password hash.
+
+
+
+
+
+
+
+
+
+
+
+
+ The encoding of the password salt.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A key mapper that maps a column returned from a SQL query to a Simple Digest key type.
+
+
+
+
+
+ The encryption algorithm name to use.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the user's password.
+
+
+
+
+
+
+
+
+
+
+
+ The encoding of the password hash.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A key mapper that maps a column returned from a SQL query to a Scram key type.
+
+
+
+
+
+ The encryption algorithm name to use.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the user's password.
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the password's salt, if supported.
+
+
+
+
+
+
+
+
+
+
+
+ The column index from an authentication query that represents the password's iteration count, if supported.
+
+
+
+
+
+
+
+
+
+
+
+ The encoding of the password hash.
+
+
+
+
+
+
+
+
+
+
+
+
+ The encoding of the password salt.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A key mapper that maps a column returned from a SQL query to a Modular Crypt key type.
+
+
+
+
+
+ The column index from an authentication query that represents the user password in Modular Crypt Format.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Reference to the KeyStore to be used by this realm.
+
+
+
+
+
+
+
+
+
+
+ Realm definition for a realm backed by a properties file.
+
+
+
+
+
+
+
+
+ The location of the properties file containing the users and their passwords.
+ The file should contain realm name declaration.
+
+
+
+
+
+
+
+
+ Are the passwords in properties file stored in plain text or pre-hashed?
+ (Pre-hashed form: HEX( MD5( username ":" realm ":" password ) ) )
+
+
+
+
+
+
+ The realm name to use for digested passwords if one is not discovered in the properties file.
+
+
+
+
+
+
+
+
+
+
+ The location of the properties file containing the users and their groups.
+
+
+
+
+
+
+
+ The name of the attribute in the returned AuthorizationIdentity that should contain the group membership information for the identity.
+
+
+
+
+
+
+ The string format for the password in the properties file if they are not
+ stored in plain text.
+
+
+
+
+
+
+
+
+
+
+
+
+ The character set to use when converting the password string
+ to a byte array.
+
+
+
+
+
+
+
+
+
+
+
+
+ A security realm definition backed by LDAP.
+
+
+
+
+
+
+
+
+
+
+ The name of dir-context used to connect to the LDAP server.
+
+
+
+
+
+
+ Should this realm instance support verification of credentials by directly connecting to LDAP as the account being authenticated?
+
+
+
+
+
+
+ Should direct verification in this realm to allow login attempt with blank password?
+
+
+
+
+
+
+ The string format for the password in the properties file if they are not
+ stored in plain text.
+
+
+
+
+
+
+
+
+
+
+
+
+ The character set to use when converting the password string
+ to a byte array.
+
+
+
+
+
+
+
+
+
+
+
+ A simple security realm definition backed by the filesystem.
+
+
+
+
+
+
+
+
+ The location of the file to use to handle the security realm.
+
+
+
+
+
+
+
+ The number of levels of directory hashing to apply
+
+
+
+
+
+
+ Whether the identity names should be stored encoded (Base32) in file names.
+
+
+
+
+
+
+ The string format for the password in the properties file if they are not
+ stored in plain text.
+
+
+
+
+
+
+
+
+
+
+
+
+ The character set to use when converting the password string
+ to a byte array.
+
+
+
+
+
+
+ A reference to the credential store that contains the secret key used to encrypt and decrypt the filesystem-realm.
+
+
+
+
+
+
+ An alias to the secret key used to encrypt and decrypt the filesystem-realm.
+
+
+
+
+
+
+ A reference to the key store that contains the key pair to perform filesystem integrity checks.
+
+
+
+
+
+
+ The alias within the key-store that identifies the PrivateKeyEntry to use to perform filesystem integrity checks
+
+
+
+
+
+
+
+
+
+
+
+ Realm definition for a token realm where authentication and authorization are handled by
+ a given token validator.
+
+
+
+
+
+
+
+
+
+
+
+ The name of the claim that should be used to obtain the principal's name. Defaults to 'username'.
+
+
+
+
+
+
+
+
+
+
+ A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.
+
+
+
+
+
+
+
+
+ The JWK kid. Tokens with the same kid will use this public key for signature verification.
+
+
+
+
+
+
+ RSA public key in PEM format.
+
+
+
+
+
+
+
+
+
+ A list of strings representing the issuers supported by this configuration. During validation JWT tokens must have an "iss" claim that contains one of the values defined here.
+
+
+
+
+
+
+ A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an "aud" claim that contains one of the values defined here.
+
+
+
+
+
+
+ A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.
+
+
+
+
+
+
+ A key store from where the certificate with a public key should be loaded from.
+
+
+
+
+
+
+ The name of the certificate with a public key to load from the key store.
+
+
+
+
+
+
+ A predefined client-ssl-context that will be used to connect to the jwks endpoint specified in the jku token claim. This configuration is mandatory if you want to use remote keys with jku.
+
+
+
+
+
+
+ A policy that defines how host names should be verified when using HTTPS for fetching jwks.
+
+
+
+
+
+
+
+
+ A token validator to be used in conjunction with a token-based realm that handles OAuth2 Access Tokens and validate them based on RFC-7662 (OAuth2 Token Introspection).
+
+
+
+
+
+ The identifier of a client registered within the OAuth2 Authorization Server that will be used to authenticate this server in order to validate bearer tokens arriving to this server.
+
+
+
+
+
+
+ The secret of the client identified by the given client-id.
+
+
+
+
+
+
+ An URL pointing to a RFC-7662 OAuth2 Token Introspection compatible endpoint.
+
+
+
+
+
+
+ A predefined client-ssl-context that will be used to connect to the token introspection endpoint when using SSL/TLS. This configuration is mandatory if the given token introspection url is using SSL/TLS.
+
+
+
+
+
+
+ A policy that defines how host names should be verified when using HTTPS. Allowed values: "ANY".
+
+
+
+
+
+
+
+
+ The configuration options that define how to connect to the LDAP server.
+
+
+
+
+
+
+
+
+
+
+ The configuration options that define how to connect to the LDAP server.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The credential reference to credential store or clear text (password)
+ to use to authenticate and connect to the LDAP server.
+ Can be omitted if authentication-level is "none" (anonymous).
+
+
+
+
+
+
+
+ Name of the connection. Allows to refer the DirContext.
+
+
+
+
+
+
+ The connection url.
+
+
+
+
+
+
+ The authentication level (security level/authentication mechanism) to use.
+ Corresponds to SECURITY_AUTHENTICATION ("java.naming.security.authentication") environment property.
+ Allowed values: "none", "simple", sasl_mech, where sasl_mech is a space-separated list of SASL mechanism names.
+
+
+
+
+
+
+ The principal to authenticate and connect to the LDAP server.
+ Can be omitted if authentication-level is "none" (anonymous).
+
+
+
+
+
+
+ Indicates if connection pooling is enabled.
+
+
+
+
+
+
+ If LDAP referrals should be followed.
+ Corresponds to REFERRAL ("java.naming.referral") environment property.
+ Allowed values: "ignore", "follow", "throw".
+
+
+
+
+
+
+ The name of ssl-context used to secure connection to the LDAP server.
+
+
+
+
+
+
+ The name of authentication-context used to secure connection and to authenticate to the LDAP server.
+
+
+
+
+
+
+ The timeout for connecting to the LDAP server in milliseconds.
+
+
+
+
+
+
+ The read timeout for an LDAP operation in milliseconds.
+
+
+
+
+
+
+ Name of module that will be used to load custom context.
+
+
+
+
+
+
+
+
+ The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.
+
+
+
+
+
+
+ The attribute mappings defined for this resource.
+
+
+
+
+
+
+ The user password credential mapping defined for this resource.
+
+
+
+
+
+
+ The user password credential mapping defined for this resource.
+
+
+
+
+
+
+ The X509 user certificate credential mapping defined for this resource.
+
+
+
+
+
+
+ The attributes of newly created identities. Required for modifiability.
+
+
+
+
+
+
+
+ The RDN part of the principal's DN to be used to obtain the principal's name from an LDAP entry.
+
+
+
+
+
+
+ The base DN to be used when executing queries.
+
+
+
+
+
+
+ Indicates if queries are recursive.
+
+
+
+
+
+
+ The LDAP filter for getting identity by name.
+ The string "{0}" will be replaced by searched identity name and the "rdn_identifier" will be the value of the attribute "rdn-identifier".
+
+
+
+
+
+
+ The LDAP filter for iterating over identities of the realm. Optional, but required for modifiability.
+
+
+
+
+
+
+ The DN of parent of newly created identities. Optional, but required for modifiability.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The configuration used to map a specific LDAP attribute as an identity attribute.
+
+
+
+
+
+ The name of the LDAP attribute to map to an identity attribute.
+ If not defined, DN of the whole entry is used as value.
+
+
+
+
+
+
+ The name of the identity attribute mapped from a specific LDAP attribute.
+ If not provided, the name of the attribute is the same as define in 'from'.
+ If the 'from' is not defined too, value 'dn' is used.
+
+
+
+
+
+
+ The name of LDAP attribute containing DN of entry to obtain value from.
+
+
+
+
+
+
+ The filter to use to obtain the values for a specific attribute.
+ String "{0}" will be replaced by username, "{1}" by user identity DN.
+
+
+
+
+
+
+ The name of the context where the filter should be performed.
+
+
+
+
+
+
+ Indicates if attribute LDAP search queries are recursive.
+
+
+
+
+
+
+ Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)
+
+
+
+
+
+
+ Determine LDAP attribute of role entry which will be substitute for "{0}" in filter-name when searching roles of role.
+ Used only when role-recursion is set.
+
+
+
+
+
+
+ The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.
+
+
+
+
+
+
+
+
+ The configuration used to map a specific LDAP attribute (userPassword usually) as an identity password credential.
+
+
+
+
+
+ The name of the LDAP attribute to map to an identity user password credential.
+
+
+
+
+
+
+ If the password credential is writable.
+
+
+
+
+
+
+ If the password credential is verifiable.
+
+
+
+
+
+
+
+
+ The configuration allowing to use the LDAP as storage of one time password (OTP) credentials.
+
+
+
+
+
+ The name of the LDAP attribute to map to an OTP credential algorithm.
+
+
+
+
+
+
+ The name of the LDAP attribute to map to a Base64 encoded OTP credential hash.
+
+
+
+
+
+
+ The name of the LDAP attribute to map to an OTP credential seed.
+
+
+
+
+
+
+ The name of the LDAP attribute to map to an OTP credential sequence number.
+
+
+
+
+
+
+
+
+ The configuration allowing to use LDAP as storage of X509 credentials.
+ X509 credential is user certificate or information allowing to identify it.
+ (serial number, subject DN, digest of certificate)
+ At least one *-from attribute should be specified. This definition will be ignored otherwise.
+ If more *-from attributes is defined, user certificate must match all defined criteria.
+
+
+
+
+
+ The name of the LDAP attribute to map to a user certificate digest.
+ If not defined, certificate digest will not be checked.
+
+
+
+
+
+
+ The digest algorithm (hash function) used to compute digest of the user certificate.
+ Will be used only if digest-from have been defined.
+
+
+
+
+
+
+ The name of the LDAP attribute to map to an encoded user certificate.
+ If not defined, encoded certificate will not be checked.
+
+
+
+
+
+
+ The name of the LDAP attribute to map to a serial number of user certificate.
+ If not defined, serial number will not be checked.
+
+
+
+
+
+
+ The name of the LDAP attribute to map to a subject DN of user certificate.
+ If not defined, subject DN will not be checked.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Attribute of newly created LDAP identity.
+
+
+
+
+
+ The name of the LDAP attribute.
+
+
+
+
+
+
+ The value(s) of LDAP attribute delimited by space.
+
+
+
+
+
+
+
+
+ A container type to hold SecurityFactory definitions to obtain Credential instances.
+
+
+
+
+
+
+
+
+
+
+
+ Base type for all SecurityFactory definitions which return a Credential.
+
+
+
+
+
+ The unique name for the SecurityFactory, note names used for SecurityFactories must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+ Generic definition for a custom credential SecurityFactory implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the SecurityFactory implementation.
+
+ Note: If configuration is supplied the SecurityFactory MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The Krb5LoginModule additional option.
+
+
+
+
+
+
+ The key of the option.
+
+
+
+
+
+
+ The value of the option.
+
+
+
+
+
+
+
+
+
+ The principal represented by the KeyTab
+
+
+
+
+
+
+ The path to the KeyTab to use to obtain the credential.
+
+
+
+
+
+
+ The name of another previously named path, or of one of the standard paths provided by the system.
+ If 'relative-to' is provided, the value of the 'path' attribute is treated as relative
+ to the path specified by this attribute.
+
+
+
+
+
+
+ How much lifetime (in seconds) should a cached credential have remaining before it is recreated.
+
+
+
+
+
+
+ How much lifetime (in seconds) should be requested for newly created credentials.
+
+
+
+
+
+
+ Amount of seconds before new try to obtain server credential should be done if it has failed last time.
+ Allows to prevent long waiting to unavailable KDC on every authentication.
+
+
+
+
+
+
+ If this for use server side or client side?
+
+
+
+
+
+
+ Should the KerberosTicket also be obtained and associated with the credential.
+
+ This is required to be true where credentials are delegated to the server.
+
+
+
+
+
+
+ Should the JAAS step of obtaining the credential have debug logging enabled.
+
+
+
+
+
+
+ Should generated GSS credentials be wrapped to prevent improper disposal or not?
+
+
+
+
+
+
+ Is the keytab file with adequate principal required to exist at the time the service starts?
+
+
+
+
+
+
+ The mechanism names the credential should be usable with.
+ Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.
+
+
+
+
+
+
+ The mechanism OIDs the credential should be usable with.
+ Will be used together with OIDs derived from names from mechanism-names attribute.
+
+
+
+
+
+
+
+
+
+
+
+
+ A general container type to hold the various name rewriter and mapper definitions
+ as used within the subsystem.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Base type for all PermissionMapper definitions.
+
+
+
+
+
+ The unique name for the PermissionMapper, note names used for PermissionMappers must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+ Generic definition for a custom PermissionMapper implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the PermissionMapper implementation.
+
+ Note: If configuration is supplied the PermissionMapper MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A PermissionMapper definition for a PermissionMapper that performs a logical operation using two referenced PermissionMappers.
+
+
+
+
+
+
+
+ The logical operation to perform using the two referenced PermissionMappers.
+
+
+
+
+
+
+ Reference to the PermissionMapper to use to the left of the operation.
+
+
+
+
+
+
+ Reference to the PermissionMapper to use to the right of the operation.
+
+
+
+
+
+
+
+
+
+
+ The supported set of logical operations.
+ "and" assigns permissions which was assigned by both mappers
+ "or" assigns permissions which was assigned by at least one of mappers
+ "xor" assigns permissions which was assigned by exactly one of mappers
+ "unless" assigns permissions which was assigned by left mapper but not by right mapper
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A simple permission mapper that maps from defined principal and role names to predefined permissions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of the principal.
+
+
+
+
+
+
+
+
+
+
+ The name of the role.
+
+
+
+
+
+
+
+
+
+ Deprecated. Use a reference to a 'permission-set' instead.
+
+
+
+
+
+ The fully qualified class name of the permission.
+
+
+
+
+
+
+ The module to use to load the permission class.
+
+
+
+
+
+
+ The target-name to pass to the constructor of the permission.
+
+
+
+
+
+
+ The action to pass to the constructor of the permission.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A RoleMapper definition that always returns a pre-defined set of permissions.
+
+
+
+
+
+
+
+
+
+ Deprecated. Use a reference to a 'permission-set' instead.
+
+
+
+
+
+ The fully qualified class name of the permission.
+
+
+
+
+
+
+ The module to use to load the permission class.
+
+
+
+
+
+
+ The target-name to pass to the constructor of the permission.
+
+
+
+
+
+
+ The action to pass to the constructor of the permission.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A reference to a permission set.
+
+
+
+
+
+
+
+
+ How multiple matching permission mappings will be combined.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Base type for all PrincipalDecoder definitions.
+
+
+
+
+
+ The unique name for the PrincipalDecoder, note names used for PrincipalDecoders must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+ Generic definition for a custom PrincipalDecoder implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the PrincipalDecoder implementation.
+
+ Note: If configuration is supplied the PrincipalDecoder MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A PrincipalDecoder definition that is actually an aggregation of other PrincipalDecoders.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A reference to a PrincipalDecoder
+
+
+
+
+
+
+
+
+ A PrincipalDecoder definition that is actually a concatenation of other PrincipalDecoders.
+
+
+
+
+
+
+
+
+
+
+ The string to use to join the results of the other PrincipalDecoders.
+
+
+
+
+
+
+
+
+
+
+ A PrincipalDecoder that always returns the same constant.
+
+
+
+
+
+
+
+ The constant value that will always be returned by this PrincipalDecoder.
+
+
+
+
+
+
+
+
+
+
+ A PrincipalDecoder definition based on a X500 attribute.
+
+
+
+
+
+
+
+ The oid of the attribute to map.
+
+
+
+
+
+
+ The oid of the attribute to map.
+
+
+
+
+
+
+
+
+ The joining string.
+
+
+
+
+
+
+ The 0-based starting occurrence of the attribute to map.
+
+
+
+
+
+
+ The maximum number of occurrences of the attribute to map.
+
+
+
+
+
+
+ When set to true, the attribute values will be processed and returned in reverse order.
+
+
+
+
+
+
+ If the Principal is not already an X500Principal should conversion be attempted?
+
+
+
+
+
+
+ The OIDs of the attributes that must be present in the principal.
+
+
+
+
+
+
+ The attribute names of the attributes that must be present in the principal.
+
+
+
+
+
+
+
+
+
+
+ Base type for all PrincipalTransformer definitions.
+
+
+
+
+
+ The unique name for the PrincipalTransformer, note names used for PrincipalTransformer must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+ A PrincipalTransformer definition using regular expressions and Matcher based
+ replacement.
+
+
+
+
+
+
+
+ The regular expression to use for this PrincipalTransformer.
+
+
+
+
+
+
+ The replacement string for this PrincipalTransformer.
+
+
+
+
+
+
+ Should all occurrences be replaced or just the first?
+
+
+
+
+
+
+
+
+
+
+ A PrincipalTransformer that instead of rewriting the name validates that it is
+ correct according to the supplied regular expression.
+
+
+
+
+
+
+
+ The regular expression to use for this PrincipalTransformer.
+
+
+
+
+
+
+ If set to true, the name must match the given pattern to make validation successful.
+ If set to false, the name must not match the given pattern to make validation successful.
+
+
+
+
+
+
+
+
+
+
+ A PrincipalTransformer that always returns the same constant.
+
+
+
+
+
+
+
+ The constant value that will always be returned by this PrincipalTransformer.
+
+
+
+
+
+
+
+
+
+
+ Generic definition for a custom PrincipalTransformer implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the PrincipalTransformer implementation.
+
+ Note: If configuration is supplied the PrincipalTransformer MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A PrincipalTransformer aggregating more PrincipalTransformers - original principal is tried to be transformed
+ by individual transformers in given order until some of them return non-null principal - that is returned.
+
+ Typically can be used with chained principal transformers beginning with validating principal
+ transformer - to transform principals in different forms differently.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A PrincipalTransformer definition that is actually a chain of other PrincipalTransformers.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A PrincipalTransformer that adjusts a principal to upper or lower case.
+
+
+
+
+
+
+
+ If set to true, principal is adjusted to upper case. If set to false, principal is adjusted
+ to lower case.
+
+
+
+
+
+
+
+
+
+
+ A reference to a PrincipalTransformer.
+
+
+
+
+
+
+
+
+ Base type for all RealmMapper definitions.
+
+
+
+
+
+ The unique name for the RealmMapper, note names used for RealmMappers must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+ Generic definition for a custom RealmMapper implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the RealmMapper implementation.
+
+ Note: If configuration is supplied the RealmMapper MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A RealmMapper that always returns the same constant.
+
+
+
+
+
+
+
+ The constant value that will always be returned by this RealmMapper.
+
+
+
+
+
+
+
+
+
+
+ A simple RealmMapper definition that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a
+ match then the delegate RealmMapper is used instead.
+
+
+
+
+
+
+
+ The regular expression which must contain at least one capture group to extract the realm from the name.
+ If the regular expression matches more than one capture group, the first capture group is used.
+
+
+
+
+
+
+ The RealmMapper to delegate to if the pattern does not match. If no delegate is specified then the default realm on
+ the domain will be used instead.
+
+
+
+
+
+
+
+
+
+
+ A RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.
+
+
+
+
+
+
+
+
+
+
+ The realm name to map from.
+
+
+
+
+
+
+ The realm name to map to.
+
+
+
+
+
+
+
+
+
+ The regular expression which must contain at least one capture group to extract the realm from the name.
+ If the regular expression matches more than one capture group, the first capture group is used.
+
+
+
+
+
+
+ The RealmMapper to delegate to if the pattern does not match. If no delegate is specified then the default realm on
+ the domain will be used instead.
+ If the username does not match the pattern and a delegate realm-mapper is present, the result of delegate-realm-mapper is mapped via the realm-map.
+
+
+
+
+
+
+
+
+
+
+ Base type for all RoleDecoder definitions.
+
+
+
+
+
+ The unique name for the RoleDecoder, note names used for RoleDecoders must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+ Generic definition for a custom RoleDecoder implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the RoleDecoder implementation.
+
+ Note: If configuration is supplied the RoleDecoder MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A RoleDecoder definition that maps a single attribute to roles.
+
+
+
+
+
+
+
+ The attribute to take from the identity and map directly to roles.
+
+
+
+
+
+
+
+
+
+
+ A RoleDecoder definition that maps roles based on the IP address of a remote client.
+
+
+
+
+
+
+
+ The IP address to match.
+
+ Exactly one of 'source-address' and 'pattern' must be specified.
+
+
+
+
+
+
+ A regular expression that specifies the IP address to match.
+
+ Exactly one of 'source-address' and 'pattern' must be specified.
+
+
+
+
+
+
+ The list of roles to assign if the IP address of the remote client matches.
+
+
+
+
+
+
+
+
+
+
+ A RoleDecoder definition that is actually an aggregation of other RoleDecoders.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A reference to a RoleDecoder.
+
+
+
+
+
+ The name of the referenced RoleDecoder.
+
+
+
+
+
+
+
+
+ Base type for all RoleMapper definitions.
+
+
+
+
+
+ The unique name for the RoleMapper, note names used for RoleMappers must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+ A RoleMapper definition that adds a specified prefix to every role.
+
+
+
+
+
+
+
+ The prefix to add to each role.
+
+
+
+
+
+
+
+
+
+
+ A RoleMapper definition that adds a specified suffix to every role.
+
+
+
+
+
+
+
+ The suffix to add to each role.
+
+
+
+
+
+
+
+
+
+
+ A RoleMapper definition that is actually an aggregation of other RoleMappers.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Generic definition for a custom RoleMapper implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the RoleMapper implementation.
+
+ Note: If configuration is supplied the RoleMapper MUST implement initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A RoleMapper definition that always returns a pre-defined set of roles.
+
+
+
+
+
+
+
+
+
+
+ The role to be returned by the RoleMapper.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The supported set of logical operations.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A RoleMapper definition for a RoleMapper that performs a logical operation using two refereced RoleMappers.
+
+
+
+
+
+
+
+ The logicial operation to perform using the two referenced RoleMappers.
+
+ Allowed values: "and", "minus", "or", "xor".
+
+
+
+
+
+
+ Reference to the RoleMapper to use to the left of the operation.
+
+ If not set the identity role mapper will be used instead.
+
+
+
+
+
+
+ Reference to the RoleMapper to use to the right of the operation.
+
+ If not set the identity role mapper will be used instead.
+
+
+
+
+
+
+
+
+
+
+ A RoleMapper implementation that uses the configured mapping of role names.
+
+
+
+
+
+
+
+
+
+
+ The role name to map from.
+
+
+
+
+
+
+ Space separated list of roles to map to.
+
+
+
+
+
+
+
+
+
+ When set to 'true' the mapped roles will retain all roles, that have defined mappings.
+
+
+
+
+
+
+ When set to 'true' the mapped roles will retain all roles, that have no defined mappings.
+
+
+
+
+
+
+
+
+
+
+ A RoleMapper definition that uses pattern to find matching roles and then replaces these roles with replacement pattern.
+ Role matches the pattern in given pattern can be found in any substring of the role name.
+
+
+
+
+
+
+
+ The pattern used for matching. Can capture groups.
+
+
+
+
+
+
+ The replacement string. Can make use of captured groups.
+
+
+
+
+
+
+ If true, keep roles that did not match the provided pattern.
+
+
+
+
+
+
+ If true, replace all occurrences of pattern and not only the first one.
+
+
+
+
+
+
+
+
+
+
+ A reference to a RoleMapper
+
+
+
+
+
+ The name of the referenced RoleMapper.
+
+
+
+
+
+
+
+
+ An EvidenceDecoder that derives the principal associated with the given evidence from the subject from
+ the first certificate in the certificate chain.
+
+
+
+
+
+
+
+
+
+
+ An EvidenceDecoder that derives the principal associated with the given evidence from an X.509 subject
+ alternative name from the first certificate in the given evidence.
+
+
+
+
+
+
+
+ The subject alternative name type to decode from the given evidence.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The 0-based occurrence of the subject alternative name to map. This attribute is optional and only
+ used when there is more than one subject alternative name of the given alt-name-type
+
+
+
+
+
+
+
+
+
+
+ An EvidenceDecoder definition that is an aggregation of other EvidenceDecoders.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Generic definition for a custom EvidenceDecoder implementation.
+
+
+
+
+
+
+
+
+ The configuration to apply to the EvidenceDecoder implementation.
+
+ Note: If configuration is supplied the EvidenceDecoder MUST implement the initialize(Map<String, String>) method.
+
+
+
+
+
+
+
+
+
+
+
+
+ A reference to an EvidenceDecoder
+
+
+
+
+
+
+
+
+ Base type for all EvidenceDecoder definitions.
+
+
+
+
+
+ The unique name for the EvidenceDecoder, note names used for EvidenceDecoder must be unique
+ across the whole context.
+
+
+
+
+
+
+
+
+
+
+ Wrapper type to contain the configuration of the authentication mechanisms.
+
+
+
+
+
+
+ An ordered list of mechanism configurations, at the time of authentication the mechanism name,
+ host name, and protocol as specified by the mechanism will be compared against this list
+ for a first match.
+
+ To configure a default configuration provide a definition with no mechanism-name, host-name, or
+ protocol and place it at the end of the list. Any definitions after a default definition will
+ never match.
+
+
+
+
+
+
+
+
+
+ Definition of configuration to be used by authentication mechanisms.
+
+
+
+
+
+
+
+
+ This configuration will only apply where a mechanism with the name specified is used.
+
+ If this attribute is omitted then this will match any mechanism name.
+
+
+
+
+
+
+ This configuration will only apply when the host name specified is provided by the mechanism.
+
+ If this attribute is omitted then this will match any host name.
+
+
+
+
+
+
+ This configuration will only apply when the protocol specified is provided by the mechanism.
+
+ If this attributed is omitted then this will match any protocol.
+
+
+
+
+
+
+ A principal transformer to apply before the realm is selected.
+
+
+
+
+
+
+ A principal transformer to apply after the realm is selected.
+
+
+
+
+
+
+ A final principal transformer to apply for this mechanism realm.
+
+
+
+
+
+
+ Reference to a RealmMapper to be used by this mechanism.
+
+
+
+
+
+
+ A reference to the security factory to obtain the credential for this mechanism.
+
+
+
+
+
+
+
+
+
+ Definition of a realm name specific to the mechanism.
+
+ This is the realm name that a mechanism may present to the remote client being authenticated, if a mechanism
+ only supports a single realm then only the first will be used and the remainder ignored.
+
+ If a mechanism does not support realm names then the entire list will be ignored.
+
+
+
+
+
+ The name of the realm.
+
+
+
+
+
+
+ A principal transformer to apply before the realm is selected.
+
+
+
+
+
+
+ A principal transformer to apply after the realm is selected.
+
+
+
+
+
+
+ A final principal transformer to apply for this mechanism realm.
+
+
+
+
+
+
+ Reference to a RealmMapper to be used by this mechanism realm.
+
+
+
+
+
+
+
+
+ Container for the permission set definitions.
+
+
+
+
+
+
+
+
+
+
+ Definition of a permission set.
+
+
+
+
+
+
+
+
+ The fully qualified class name of the permission.
+
+
+
+
+
+
+ The module to use to load the permission class.
+
+
+
+
+
+
+ The target-name to pass to the constructor of the permission.
+
+
+
+
+
+
+ The action to pass to the constructor of the permission.
+
+
+
+
+
+
+
+
+
+ The unique name for the permission set, note names used for permission sets must be unique across the whole context.
+
+
+
+
+
+
+
+
+
+
+ Complex type definition to hold the various HTTP definitions within the subsystem.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Complex type for the definition of the server side HTTP authentication policy.
+
+
+
+
+
+
+
+
+
+ The security-domain referenced by this resource.
+
+
+
+
+
+
+ The http-server-mechanism-factory referenced by this resource.
+
+
+
+
+
+
+
+
+ Base type for all http server factory definitions.
+
+
+
+
+
+ The unique name for the http server factory, note names used for http server factories must be unique across the whole context.
+
+
+
+
+
+
+
+
+ A HTTP server factory definition that is actually an aggregation of other HTTP server factories.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A HTTP server factory definition that wraps another HTTP server factory and applies the specified configuration and filtering.
+
+
+
+
+
+
+
+
+ Filters to be applied to the available mechanisms by name.
+
+
+
+
+
+
+
+
+
+ A regular expression that filters mechanism names using a regular expression pattern.
+
+
+
+
+
+
+ When set to true all mechanisms are disabled unless enabled by matching one of the defined filters.
+
+ When set to false all mechanisms are enabled unless disabled by matching one of the defined filters.
+
+
+
+
+
+
+
+
+
+
+
+ Additional properties that should be passed to the factory for HTTP mechanism detection and creation.
+
+
+
+
+
+
+
+
+
+
+
+
+ Reference to the HTTP server factory to be wrapped by this configuration.
+
+
+
+
+
+
+
+
+
+
+ A HTTP server factory definition that searches an array of Provider instances for all available HTTP server factories.
+
+
+
+
+
+
+
+ Reference to the Provider[] capability to obtain the array of Providers to use.
+
+ If not specified the system registered Providers are used instead.
+
+
+
+
+
+
+
+
+
+
+ A HTTP server factory definition that uses a ServiceLoader to search for HTTP server factory implementations.
+
+
+
+
+
+
+
+ The name of the module to use.
+
+ If this is not specified the ClassLoader used to load the service will be used instead.
+
+
+
+
+
+
+
+
+
+
+ A reference to a HTTP server mechanism factory.
+
+
+
+
+
+
+
+
+
+
+ Complex type definition type to hold the various SASL definitions within the subsystem.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The SASL authentication policy for the server side.
+
+
+
+
+
+
+
+
+
+ The security-domain referenced by this resource.
+
+
+
+
+
+
+ The sasl-server-factory referenced by this resource.
+
+
+
+
+
+
+
+
+ Base type for all sasl server factory definitions.
+
+
+
+
+
+ The unique name for the sasl server factory, note names used for sasl server factories must be unique across the whole context.
+
+
+
+
+
+
+
+
+ A SASL server factory definition that is actually an aggregation of other SASL server factories.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A SaslServerFactory definition that wraps another SaslServerFactory and applies the specified configuration and filtering.
+
+
+
+
+
+
+
+
+ Filters to be applied to the available mechanisms by name.
+
+
+
+
+
+
+
+
+
+ When set to true all mechanisms are disabled unless enabled by matching one of the defined filters.
+ When set to false all mechanisms are enabled unless disabled by matching one of the defined filters.
+
+
+
+
+
+
+ A regular expression filter that filters mechanism names using a regular expression pattern.
+
+
+
+
+
+
+ A predefined filter to filter mechanisms.
+
+
+
+
+
+
+
+
+
+
+
+ Additional properties that should be passed to the factory for SASL mechanism detection and creation.
+
+
+
+
+
+
+
+
+
+
+
+
+ Reference to the SaslServerFactory to be wrapped by this configuration.
+
+
+
+
+
+
+ Override the protocol specified when creating a SASL mechanism.
+
+
+
+
+
+
+ Override the server name specified when creating a SASL mechanism.
+
+
+
+
+
+
+
+
+
+
+ The supported set of predefined filters.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A SaslServerFactory definition that wraps another SaslServerFactory and enables filtering of mechanisms based on the mechanism name and Provider name and version.
+
+ Any mechanisms loaded by factories not located using a Provider will not be filtered by this definition.
+
+
+
+
+
+
+
+
+ Filters to be applied to the available mechanisms by name.
+
+
+
+
+
+
+
+
+
+ This configuration will only apply where a mechanism with the name specified is used.
+
+ If this attribute is omitted then this will match any mechanism name.
+
+
+
+
+
+
+ The name of the provider to match against.
+
+
+
+
+
+
+ Version to compare against the version reported by the provider.
+
+
+
+
+
+
+ When set to 'less-than' a Provider will match against the filter if the Provider's version is less-than the version specified here.
+
+ Setting to 'greater-than' has the opposite effect.
+
+ Has no effect if a provider-version has not been specified in the filter.
+
+
+
+
+
+
+
+
+
+
+
+
+ Reference to the SaslServerFactory to be wrapped by this configuration.
+
+
+
+
+
+
+ When set to true all provider loaded mechanisms are disabled unless macthed by one of the filters defined here.
+
+ When set to false all provider loaded mechanisms are enabled unless matched.
+
+ Any mechanisms from a factory not loaded by a Provider are unaffected.
+
+
+
+
+
+
+
+
+
+
+ The type of equality check to use in a comparison.
+
+
+
+
+
+
+
+
+
+
+
+ A SaslServerFactory definition that searches an array of Provider instances for all available SaslServerFactories.
+
+
+
+
+
+
+
+ Reference to the Provider[] capability to obtain the array of Providers to use.
+
+ If not specified the system registered Providers are used instead.
+
+
+
+
+
+
+
+
+
+
+ A SaslServerFactory definition that uses a ServiceLoader to search for SaslServerFactory implementations.
+
+
+
+
+
+
+
+ The name of the module to use.
+
+ If this is not specified the ClassLoader used to load the service will be used instead.
+
+
+
+
+
+
+
+
+
+
+ A reference to a SaslServerFactory
+
+
+
+
+
+
+
+
+
+
+ Complex type to contain the definitions of the various components needed
+ for SSL, the end result being that these components can be combined together to
+ create a fully defined SSLContext.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Container for KeyManager definitions.
+
+
+
+
+
+
+
+
+
+
+ Definition of a single KeyManager.
+
+
+
+
+
+
+ Credential to be used by the underlying KeyManager when accessing the entries in the underlying KeyStore.
+
+
+
+
+
+
+
+ The unique name of this KeyManager.
+
+
+
+
+
+
+ The algorithm name to use to initialise the KeyManagerFactory.
+
+
+
+
+
+
+ Reference to the KeyStore to use with the KeyManager.
+
+
+
+
+
+
+ A filter to apply to the aliases provided by KeyStore to choose key to use from keys in KeyStore.
+
+ Can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
+
+
+
+
+
+
+ The name of the provider to use to
+ instantiate the KeyManagerFactory, if the provider is not
+ specified then the first provider found that can
+ create an instance of the specified 'type' will be
+ used.
+
+
+
+
+
+
+ The name of the providers defined within the subsystem to obtain the Providers
+ to search for the one that can create the required KeyManagerFactory type.
+
+ If this is not specified then the global list of Providers is used instead.
+
+
+
+
+
+
+ If this attribute is set and if the file that backs the KeyStore does not exist, then
+ a self-signed certificate will be generated on first use and it will be persisted to
+ the file that backs the KeyStore. The value of this attribute will be used for the
+ Common Name value in the self-signed certificate.
+
+ The use of this attribute is intended for testing purposes only. This attribute is not
+ intended for production use.
+
+
+
+
+
+
+
+
+ Container for TrustManager definitions.
+
+
+
+
+
+
+
+
+
+
+ Definition of a single TrustManager.
+
+
+
+
+
+
+
+
+
+
+ The unique name of this TrustManager.
+
+
+
+
+
+
+ The algorithm name to use to initialise the TrustManagerFactory.
+
+
+
+
+
+
+ Reference to the KeyStore to use with the TrustManager.
+
+
+
+
+
+
+ A filter to apply to the aliases provided by KeyStore.
+
+ Can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
+
+
+
+
+
+
+ The name of the provider to use to
+ instantiate the TrustManagerFactory, if the provider is not
+ specified then the first provider found that can
+ create an instance of the specified 'type' will be
+ used.
+
+
+
+
+
+
+ The name of the providers defined within the subsystem to obtain the Providers
+ to search for the one that can create the required TrustManagerFactory type.
+
+ If this is not specified then the global list of Providers is used instead.
+
+
+
+
+
+
+ The maximum number of non-self-issued intermediate certificates that may exist in a certification path for OCSP and CRL checks. If neither OCSP and CRL is configured, this attribute has no effect.
+
+
+
+
+
+
+ Check revocation status only of leaf certificates.
+
+
+
+
+
+
+ Accept certificate if revocation status is unknown.
+
+
+
+
+
+
+
+
+ Enables certificate revocation list checks to a trust manager.
+
+
+
+
+
+ The path to the configuration to use to initialise the provider.
+
+
+
+
+
+
+ The base path of the certificate revocation list file.
+
+
+
+
+
+
+ The maximum number of non-self-issued intermediate certificates that may exist in a certification path.
+
+
+
+
+
+
+
+
+ The presence of this element enables checking the peer's certificate against multiple certificate revocation lists.
+
+
+
+
+
+
+
+
+
+
+ The presence of this element enables checking the peer's certificate against a certificate revocation list.
+
+
+
+
+
+ Path to the certificate revocation list.
+
+
+
+
+
+
+ The base path of the certificate revocation list file.
+
+
+
+
+
+
+
+
+ Enables online certificate status protocol checks to a trust manager.
+
+
+
+
+
+ OCSP responder URI to override those extracted from certificate.
+
+
+
+
+
+
+ Prefer certificate revocation list revocation over OCSP if certificate-revocation-list is defined.
+
+
+
+
+
+
+ The alias for OCSP Responder certificate. Keep undefined to use the issuer of certificate being validated.
+
+
+
+
+
+
+ The keystore for responder-certificate. Keep undefined to use trust-manager keystore. Requires responder-certificate to be defined.
+
+
+
+
+
+
+
+
+ Container for Server SNI SSLContext definitions.
+
+
+
+
+
+
+
+
+
+
+ Definitions of a single server side SNI SSLContext.
+
+
+
+
+
+
+
+
+ The unique name of this Server side SNI SSLContext.
+
+
+
+
+
+
+ The SSLContext to use if SNI is not in use
+
+
+
+
+
+
+
+
+ Definitions of a single server side SNI SSLContext.
+
+
+
+
+
+
+ The host name that this element matches. If it begins with a '*' it is considered a wildcard match.
+
+
+
+
+
+
+ The SSLContext to use if the name matches.
+
+
+
+
+
+
+
+
+ Container for Server SSLContext definitions.
+
+
+
+
+
+
+
+
+
+
+ Definitions of a single server side SSLContext.
+
+
+
+
+
+ The unique name of this Server side SSLContext.
+
+
+
+
+
+
+ Reference to the SecurityDomain to use for authentication during SSL session establishment.
+
+
+
+
+
+
+ The filter to be applied to the cipher suites made available by this SSLContext.
+
+
+
+
+
+
+ The filter to be applied to the TLSv1.3 cipher suites made available by this SSLContext.
+
+
+
+
+
+
+ List of protocols supported by this SSLContext.
+
+
+
+
+
+
+ To request (but not to require) a client certificate on SSL handshake.
+ If a security domain is referenced and supports X509 evidence, this will be set to true automatically.
+ Ignored when need-client-auth is set.
+
+
+
+
+
+
+ To require a client certificate on SSL handshake.
+ Connection without trusted client certificate (see trust-manager) will be rejected.
+
+
+
+
+
+
+ Rejecting of the client certificate by the security domain will not prevent the connection.
+ Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain.
+ Has an effect only when the security domain is set.
+ This does not bypass the underlying trust manager check - see need-client-auth to allow connection without client certificate.
+
+
+
+
+
+
+ Configure the SSLContext to honor local cipher suites preference.
+
+
+
+
+
+
+ The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.
+
+
+
+
+
+
+ The timeout for SSL sessions, in seconds. The default value -1 means use the JVM default value. Value zero means there is no limit.
+
+
+
+
+
+
+ Should the resulting SSLEngine, SSLSocketFactory, and SSLSocket instances returned by this SSLContext
+ be wrapped to prevent further configuration changes.
+
+ Note: The WildFly HTTP2 support requires raw access to these objects so if HTTP2 is being used this
+ should be set to false.
+
+
+
+
+
+
+ Reference to the KeyManager to be used by this SSLContext.
+
+
+
+
+
+
+ Reference to the TrustManager to be used by this SSLContext.
+
+
+
+
+
+
+ A principal transformer to apply before the realm is selected.
+
+
+
+
+
+
+ A principal transformer to apply after the realm is selected.
+
+
+
+
+
+
+ A final principal transformer to apply for this mechanism realm.
+
+
+
+
+
+
+ Reference to a RealmMapper to be used by this mechanism.
+
+
+
+
+
+
+ The name of the provider to use.
+ If not specified, all providers from providers will be passed to the SSLContext.
+
+
+
+
+
+
+ The name of the providers to obtain the Provider[] to use to load the SSLContext.
+
+
+
+
+
+
+
+
+ Container for client SSLContext definitions.
+
+
+
+
+
+
+
+
+
+
+ Definitions of a single client side SSLContext.
+
+
+
+
+
+ The unique name of this client side SSLContext.
+
+
+
+
+
+
+ The filter to be applied to the cipher suites made available by this SSLContext.
+
+
+
+
+
+
+ The filter to be applied to the TLSv1.3 cipher suites made available by this SSLContext.
+
+
+
+
+
+
+ List of protocols supported by this SSLContext.
+
+
+
+
+
+
+ Reference to the KeyManager to be used by this SSLContext.
+
+
+
+
+
+
+ Reference to the TrustManagers to be used by this SSLContext.
+
+
+
+
+
+
+ The name of the provider to use.
+ If not specified, all providers from providers will be passed to the SSLContext.
+
+
+
+
+
+
+ The name of the providers to obtain the Provider[] to use to load the SSLContext.
+
+
+
+
+
+
+
+
+ Container for the KeyStore definitions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ keystore implementation details
+
+
+
+
+
+ The KeyStore type, e.g. jks, pkcs#12.
+
+
+
+
+
+
+ The name of the provider to use to
+ instantiate the KeyStore, if the provider is not
+ specified then the first provider found that can
+ create an instance of the specified 'type' will be
+ used.
+
+
+
+
+
+
+ The name of the providers defined within the subsystem to obtain the Providers
+ to search for the one that can create the required KeyStore type.
+
+ If this is not specified then the global list of Providers is used instead.
+
+
+
+
+
+
+
+
+
+ An individual names KeyStore definition.
+
+
+
+
+
+
+ The credential reference to credential store or clear text (password)
+ to use to initialize or load the KeyStore.
+
+
+
+
+
+
+ Implementation details
+
+
+
+
+
+
+ The location of the file to use to initialise the KeyStore instance.
+
+
+
+
+
+
+
+
+ A filter to apply to the aliases made available by this KeyStore.
+
+ Can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
+
+
+
+
+
+
+
+
+ An individual names LdapKeyStore definition.
+
+
+
+
+
+
+ Configuration for item creation. Define how will look LDAP entry of newly created keystore item.
+
+
+
+
+
+
+
+ Attribute of newly created entry. At least objectClass attribute and required
+ attributes (which are not part of keystore item) should be defined here.
+
+
+
+
+
+
+ The LDAP attribute name.
+
+
+
+
+
+
+ The default value(s) of LDAP attribute delimited by space.
+
+
+
+
+
+
+
+
+
+ The LDAP path, where will be newly created keystore items created.
+
+
+
+
+
+
+ The LDAP attribute name, which will be part of new entry path.
+ Into value of this attribute will be passed alias of the keystore item.
+ (Can be independent on alias-attribute - alias is used here only as initial entry name,
+ as it is only identification of item, which keystore has.)
+
+
+
+
+
+
+
+
+ Search LDAP configuration
+
+
+
+
+
+
+ The LDAP path, where will be keystore items searched.
+
+
+
+
+
+
+ If the search in search-path should be recursive.
+
+
+
+
+
+
+ The time limit for LDAP search in milliseconds.
+
+
+
+
+
+
+ The LDAP filter, which will be used to obtain keystore item by alias.
+ The string "{0}" will be replaced by the searched alias and the "alias_attribute" value will be the value of the attribute "alias-attribute".
+
+
+
+
+
+
+ The LDAP filter, which will be used to obtain keystore item by certificate.
+ The string "{0}" will be replaced by searched encoded certificate and the "certificate_attribute" will be the value of the attribute "certificate-attribute".
+
+
+
+
+
+
+ The LDAP filter, which will be used to obtain keystore item by certificate.
+ The "alias_attribute" will be the value of the attribute "alias-attribute".
+
+
+
+
+
+
+
+
+ Mapping of keystore item parts to LDAP attributes.
+
+
+
+
+
+
+ The LDAP attribute, where is item alias expected.
+
+
+
+
+
+
+ The LDAP attribute, where is encoded certificate expected.
+
+
+
+
+
+
+ The type of certificate. Used for decoding of byte array from certificate-attribute.
+ For possible certificate types see Java documentation of CertificateFactory.
+
+
+
+
+
+
+ The LDAP attribute, where is encoded certificate expected.
+
+
+
+
+
+
+ The encoding of CertPath, which is used to store certificate chain into certificate-chain-attribute.
+ For possible chain encodings see Java documentation of CertPath.
+
+
+
+
+
+
+
+ The LDAP attribute, where is encoded key expected.
+
+
+
+
+
+
+ The type of key. Used for decoding of byte array from key-attribute.
+ For possible KeyStore types see Java documentation of KeyStore.
+
+
+
+
+
+
+
+
+
+ The name of ldap-key-store used to referencing it.
+
+
+
+
+
+
+ The name of dir-context used to connect to the LDAP server.
+
+
+
+
+
+
+
+
+ An individual names filtering KeyStore definition.
+
+
+
+
+
+
+ The name of key-store, which will be used as source of data.
+
+
+
+
+
+
+ A filter to apply to the aliases made available by this KeyStore.
+
+ Can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
+
+
+
+
+
+
+
+
+ Container for certificate authority account definitions.
+
+
+
+
+
+
+
+
+
+
+ Definition of a single certificate authority account.
+
+
+
+
+
+
+
+
+ The unique name of this certificate authority account.
+
+
+
+
+
+
+ The reference to certificate authority to use.
+
+
+
+
+
+
+ A list of URLs that the certificate authority can contact about any issues related to this account.
+
+
+
+
+
+
+
+
+ Container for certificate authority definitions.
+
+
+
+
+
+
+
+
+
+
+ Definition of a single certificate authority.
+
+
+
+
+
+ The unique name of this certificate authority.
+
+
+
+
+
+
+ URL of the certificate authority.
+
+
+
+
+
+
+ URL of the certificate authority to use in pre-production.
+
+
+
+
+
+
+
+
+ Definition of a certificate authority account key.
+
+
+
+
+
+
+ Credential to be used when accessing the certificate authority account key.
+
+
+
+
+
+
+
+ Reference to the KeyStore that contains the certificate authority account key.
+
+
+
+
+
+
+ The alias of the certificate authority account key in the KeyStore.
+
+
+
+
+
+
+
+
+
+
+ Complex type to contain the definitions of the credential stores.
+
+
+
+
+
+
+
+
+
+
+
+ An individual credential store definition.
+
+
+
+
+
+
+ Map of credentials store implementation specific properties.
+
+
+
+
+
+
+
+
+
+
+
+ Credential to be used by as protection parameter for the Credential Store.
+
+
+
+
+
+
+
+
+ The credential store type, e.g. KeyStoreCredentialStore.
+
+
+
+
+
+
+ The name of the provider to use to instantiate the CredentialStoreSpi.
+ If the provider is not specified then the first provider found that can
+ create an instance of the specified 'type' will be used.
+
+
+
+
+
+
+ The name of the providers defined within the subsystem to obtain the Providers
+ to search for the one that can create the required CredentialStore type.
+ If this is not specified then the global list of Providers is used instead.
+
+
+
+
+
+
+ The name of the providers defined within the subsystem to obtain the Providers
+ to search for the one that can create the required JCA objects within credential store.
+ This is valid only for key-store based CredentialStore.
+ If this is not specified then the global list of Providers is used instead.
+
+
+
+
+
+
+ A reference to a previously defined path that the file name is
+ relative to.
+
+
+
+
+
+
+ File name of credential store storage.
+
+ Deprecated: Use "path" attribute instead.
+
+
+
+
+
+
+ File name of credential store storage.
+
+
+
+
+
+
+ Specifies whether credential store is modifiable.
+
+
+
+
+
+
+ Specifies whether credential store should create storage when it doesn't exist.
+
+
+
+
+
+
+
+
+ A simple credential store which stores SecretKeyCredential instances in a properties file.
+
+ This credential store does not encrypt the stored keys, the purpose of this credential store is
+ to provide initial access to keys used to protect other configuration values.
+
+
+
+
+
+ The unique name of this credential store definition.
+
+
+
+
+
+
+ A reference to a previously defined path that the file name is
+ relative to.
+
+
+
+
+
+
+ The path to the credential store file.
+
+
+
+
+
+
+ Specifies whether credential store should create storage when it doesn't exist.
+
+
+
+
+
+
+ If an entry with the default-alias does not exist should one be dynamically added using the
+ configured key-size?
+
+
+
+
+
+
+ The default key size when generating secret keys.
+
+
+
+
+
+
+ The default alias to use if dynamically adding an entry.
+
+
+
+
+
+
+
+
+
+
+ An expression resolver backed by a list of sub-expression resolvers which can be used to decrypt encrypted expressions.
+
+
+
+
+
+
+
+
+ The default resolver to use for expressions which do not specify the name of the resolver.
+
+
+
+
+
+
+ The prefix for expressions that should be resolved using this expression resolver.
+
+
+
+
+
+
+
+
+ Definition of a single expression resolver.
+
+
+
+
+
+ The unique name of this expression resolver.
+
+
+
+
+
+
+ Reference to the credential store which contains the secret key to be used by this resolver.
+
+
+
+
+
+
+ The alias of the secret key contained within the credential store.
+
+
+
+
+
+
+
+
+
+
+ Minimal attributes required to specify the location to a file.
+
+
+
+
+
+ A reference to a previously defined path that the file name is
+ relative to.
+
+
+
+
+
+
+ The remaining path to the file referenced.
+
+
+
+
+
+
+
+
+ Minimal attributes required to specify the location to a file.
+
+
+
+
+
+ A reference to a previously defined path that the file name is
+ relative to.
+
+
+
+
+
+
+ The remaining path to the file referenced.
+
+
+
+
+
+
+
+
+ A reference to a file.
+
+
+
+
+
+
+
+ It is possible that a KeyStore definition can be created to a
+ non-existent file and the file be automatically created when the store is saved, however
+ no error will be reported where the file does not exist to begin with.
+
+ If the intent is that the store will always exist in advance set
+ this to 'true' so that an error will be reported if the file is missing.
+
+
+
+
+
+
+
+
+
+ The attributes required for a custom component.
+
+
+
+
+
+ The module to use to load the custom component.
+
+
+
+
+
+
+ The fully qualified class name of the custom component implementation to
+ load.
+
+ The specified class must have a public no-args constructor.
+
+
+
+
+
+
+
+
+ The optional configuration for a custom component.
+
+
+
+
+
+
+
+
+
+ A list of String.
+
+
+
+
+
+
+
+ A definition that sets up a policy provider.
+
+
+
+
+
+
+
+
+
+ The name of the policy provider definition.
+
+
+
+
+
+
+
+
+ A policy provider definition that sets up JACC and related services.
+
+
+
+
+
+ The name of a java.security.Policy implementation referencing a policy provider.
+
+
+
+
+
+
+ The name of a javax.security.jacc.PolicyConfigurationFactory implementation referencing a policy configuration factory provider.
+
+
+
+
+
+
+ The name of the module to load the provider from.
+
+
+
+
+
+
+
+
+ A custom policy provider definition.
+
+
+
+
+
+ The name of a java.security.Policy implementation referencing a policy provider.
+
+
+
+
+
+
+ The name of the module to load the provider from.
+
+
+
+
+
+
+
+
+ JASPI Configurations.
+
+
+
+
+
+
+
+
+
+
+ An individual JASPI configuration.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of this JASPI configuration.
+
+
+
+
+
+
+ The layer this configuration should be associated with.
+
+ If set to '*' this configuration will be associated with all layers and resolved according the the
+ resolution rules defined within the JSR-196 specification.
+
+
+
+
+
+
+ The application context this configuration should be associated with.
+
+ If set to '*' this configuration will be associated with all application contexts and resolved according the the
+ resolution rules defined within the JSR-196 specification.
+
+
+
+
+
+
+ Descrption for this JASPI configuration.
+
+
+
+
+
+
+
+
+
+
+ Configuration options to be passed into the ServerAuthModule during initialisation.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fully qualified class name of the class implementing the ServerAuthModule interface.
+
+
+
+
+
+
+ The name of the module to use to load the ServerAuthModule.
+
+
+
+
+
+
+ The control flag to control how the response from this module is interpreted.
+
+
+
+
+
+
+
+
+ The control flag for JASPI modules.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Allowed key sizes.
+
+
+
+
+
+
+
+
+
+
+
+
+ A host name verification policy.
+
+
+
+
+
+
+
+
+
+
+
+ Complex type for the definition of a single virtual security domain.
+
+
+
+
+
+
+ Where automatic outflow to a security domain is configured, if outflowing
+ the current identity is not authorized should the
+ anonymous identity of that domain be used instead?
+
+ Outflowing an identity replaces any previously
+ established identity for the outflow domain for the
+ ongoing call, outflowing anonymous has the effect of
+ clearing the identity.
+
+
+
+
+
+
+ A list of references to security domains that any identity established for this
+ virtual domain should automatically outflow to.
+
+
+
+
+
+
+ The authentication mechanism that will be used with the virtual security domain.
+ Allowed values: 'OIDC', 'MP-JWT'.
+ The default value is 'OIDC'.
+
+
+
+
+
+
+
+
+
+ Container for client dynamic SSL context definitions.
+
+
+
+
+
+
+
+
+
+
+ Definitions of a single client side dynamic SSL context. This context chooses SSL context based on peer's host and port information.
+
+
+
+
+
+ The unique name of this client side dynamic SSL context.
+
+
+
+
+
+
+ The authentication context that will be used to query for rules when deciding which ssl context to use when connecting to a peer.
+
+
+
+
+
+
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/DefaultStabilityTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/DefaultStabilityTestCase.java
new file mode 100644
index 00000000000..fcad0e6e8a1
--- /dev/null
+++ b/elytron/src/test/java/org/wildfly/extension/elytron/DefaultStabilityTestCase.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.wildfly.extension.elytron;
+
+import org.jboss.as.controller.client.helpers.ClientConstants;
+import org.jboss.as.subsystem.test.AbstractSubsystemTest;
+import org.jboss.as.subsystem.test.KernelServices;
+import org.jboss.as.version.Stability;
+import org.jboss.dmr.ModelNode;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME;
+
+public class DefaultStabilityTestCase extends AbstractSubsystemTest {
+
+ private static final String DYNAMIC_SSL_CLIENT_CONTEXT_NAME = "dcsc";
+ private static final String SUBSYSTEM = "subsystem";
+ private static final String ELYTRON = "elytron";
+
+ public DefaultStabilityTestCase() {
+ super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension(), Stability.DEFAULT);
+ }
+
+ private static KernelServices services = null;
+
+ @Before
+ public void initServices() throws Exception {
+ TestEnvironment testEnvironment = new TestEnvironment(Stability.DEFAULT);
+ services = super.createKernelServicesBuilder(testEnvironment).setSubsystemXmlResource("authentication-client.xml").build();
+ if (!services.isSuccessfulBoot()) {
+ if (services.getBootError() != null) {
+ Assert.fail(services.getBootError().toString());
+ }
+ Assert.fail("Failed to boot, no reason provided");
+ }
+ }
+
+ @Test
+ public void testAddDynamicClientSSLContextFailsInDefaultStability() {
+ ModelNode operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.ADD);
+ operation.get(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT).set("ac");
+ ModelNode response = services.executeOperation(operation);
+
+ if (!response.get(OUTCOME).asString().equals(FAILED)) {
+ Assert.fail(response.toJSONString(false));
+ }
+
+ if (!response.get("failure-description").asString().contains("No resource definition is registered for address")) {
+ Assert.fail(response.toJSONString(false));
+ }
+ }
+}
\ No newline at end of file
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/DynamicSSLContextTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/DynamicSSLContextTestCase.java
new file mode 100644
index 00000000000..ce6c6f380c8
--- /dev/null
+++ b/elytron/src/test/java/org/wildfly/extension/elytron/DynamicSSLContextTestCase.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.wildfly.extension.elytron;
+
+import org.jboss.as.controller.client.helpers.ClientConstants;
+import org.jboss.as.subsystem.test.AbstractSubsystemTest;
+import org.jboss.as.subsystem.test.KernelServices;
+import org.jboss.as.version.Stability;
+import org.jboss.dmr.ModelNode;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILURE_DESCRIPTION;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_REQUIRES_RELOAD;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RESPONSE_HEADERS;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class DynamicSSLContextTestCase extends AbstractSubsystemTest {
+
+ private static final String DYNAMIC_SSL_CLIENT_CONTEXT_NAME = "dcsc";
+ private static final String SUBSYSTEM = "subsystem";
+ private static final String ELYTRON = "elytron";
+
+ public DynamicSSLContextTestCase() {
+ super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension(), Stability.COMMUNITY);
+ }
+
+ private static KernelServices services = null;
+
+ @Before
+ public void initServices() throws Exception {
+ TestEnvironment testEnvironment = new TestEnvironment(Stability.COMMUNITY);
+ services = super.createKernelServicesBuilder(testEnvironment).setSubsystemXmlResource("authentication-client.xml").build();
+ if (!services.isSuccessfulBoot()) {
+ if (services.getBootError() != null) {
+ Assert.fail(services.getBootError().toString());
+ }
+ Assert.fail("Failed to boot, no reason provided");
+ }
+ }
+
+ @Test
+ public void testAddDynamicClientSSLContext() {
+ addDynamicSSLClientContext();
+ readDynamicSSLCientContextResource();
+ }
+
+ @Test
+ public void testRemoveDynamicClientSSLContext() {
+ addDynamicSSLClientContext();
+ ModelNode operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.REMOVE_OPERATION);
+ assertSuccess(services.executeOperation(operation));
+
+ operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.READ_RESOURCE_OPERATION);
+ assertFailed(services.executeOperation(operation));
+ }
+
+ @Test
+ public void testUpdateDynamicClientSSLContext() {
+ addDynamicSSLClientContext();
+ ModelNode operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.WRITE_ATTRIBUTE_OPERATION);
+ operation.get(ClientConstants.NAME).set(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT);
+ operation.get(ClientConstants.VALUE).set("base");
+ assertSuccess(services.executeOperation(operation));
+
+ operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.READ_RESOURCE_OPERATION);
+ ModelNode result = assertSuccess(services.executeOperation(operation)).get(ClientConstants.RESULT);
+ assertEquals("base", result.get(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT).asString());
+ }
+
+ @Test
+ public void testAddDynamicClientSSLContextWithoutACThrowsEx() {
+ ModelNode operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.ADD);
+
+ ModelNode result = services.executeOperation(operation);
+ assertFailed(result);
+ String failureDescription = result.get(FAILURE_DESCRIPTION).asString();
+ assertTrue(failureDescription.contains("'authentication-context' may not be null"));
+ }
+
+ @Test
+ public void testAddDynamicClientSSLContextAsDefaultSSLContext() {
+ addDynamicSSLClientContext();
+ ModelNode operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR).add(SUBSYSTEM, ELYTRON);
+ operation.get(ClientConstants.OP).set(ClientConstants.WRITE_ATTRIBUTE_OPERATION);
+ operation.get(ClientConstants.NAME).set(ElytronDescriptionConstants.DEFAULT_SSL_CONTEXT);
+ operation.get(ClientConstants.VALUE).set(DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ ModelNode result = assertSuccess(services.executeOperation(operation));
+ result.has(RESPONSE_HEADERS, OPERATION_REQUIRES_RELOAD);
+ operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR).add(SUBSYSTEM, ELYTRON);
+ operation.get(ClientConstants.OP).set(ClientConstants.READ_RESOURCE_OPERATION);
+ result = assertSuccess(services.executeOperation(operation)).get(ClientConstants.RESULT);
+ assertEquals(DYNAMIC_SSL_CLIENT_CONTEXT_NAME, result.get(ElytronDescriptionConstants.DEFAULT_SSL_CONTEXT).asString());
+ }
+
+ private ModelNode assertSuccess(ModelNode response) {
+ if (!response.get(OUTCOME).asString().equals(SUCCESS)) {
+ Assert.fail(response.toJSONString(false));
+ }
+ return response;
+ }
+
+ private ModelNode assertFailed(ModelNode response) {
+ if (!response.get(OUTCOME).asString().equals(FAILED)) {
+ Assert.fail(response.toJSONString(false));
+ }
+ return response;
+ }
+
+ private void addDynamicSSLClientContext() {
+ ModelNode operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.ADD);
+ operation.get(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT).set("ac");
+ assertSuccess(services.executeOperation(operation));
+ }
+
+ private void readDynamicSSLCientContextResource() {
+ ModelNode operation = new ModelNode();
+ operation.get(ClientConstants.OP_ADDR)
+ .add(SUBSYSTEM, ELYTRON).add(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, DYNAMIC_SSL_CLIENT_CONTEXT_NAME);
+ operation.get(ClientConstants.OP).set(ClientConstants.READ_RESOURCE_OPERATION);
+ ModelNode result = assertSuccess(services.executeOperation(operation)).get(ClientConstants.RESULT);
+ assertEquals("ac", result.get(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT).asString());
+ }
+}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronMixedStabilitySubsystemParsingTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronMixedStabilitySubsystemParsingTestCase.java
new file mode 100644
index 00000000000..98e833a83a7
--- /dev/null
+++ b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronMixedStabilitySubsystemParsingTestCase.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.wildfly.extension.elytron;
+
+import mockit.Mock;
+import org.jboss.as.model.test.ModelTestUtils;
+import org.jboss.as.subsystem.test.AbstractSubsystemSchemaTest;
+import org.jboss.as.subsystem.test.AbstractSubsystemTest;
+import org.jboss.as.version.Stability;
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+
+import mockit.MockUp;
+
+import java.io.IOException;
+import java.security.Security;
+import java.util.EnumSet;
+
+import static jakarta.security.auth.message.config.AuthConfigFactory.DEFAULT_FACTORY_SECURITY_PROPERTY;
+
+@RunWith(Parameterized.class)
+public class ElytronMixedStabilitySubsystemParsingTestCase extends AbstractSubsystemSchemaTest {
+
+ @BeforeClass
+ public static void transferSystemProperty() {
+ String value = System.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY);
+ if (value != null) {
+ String securityValue = Security.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY);
+ if (securityValue == null) {
+ Security.setProperty(DEFAULT_FACTORY_SECURITY_PROPERTY, value);
+ }
+ }
+
+ }
+
+ private static void mockReadResourceWithValidSubsystemTestFilePaths() {
+ Class> classToMock;
+ try {
+ classToMock = Class.forName("org.jboss.as.subsystem.test.AbstractSubsystemTest", true, AbstractSubsystemTest.class.getClassLoader());
+ } catch (ClassNotFoundException e) {
+ throw new NoClassDefFoundError(e.getMessage());
+ }
+ new MockUp<>(classToMock) {
+ @Mock
+ private String readResource(String name) throws IOException {
+ String namespaceUri = ElytronSubsystemSchema.CURRENT.get(Stability.DEFAULT).getNamespace().getUri();
+ String version = namespaceUri.substring(namespaceUri.lastIndexOf(':') + 1);
+ if (!name.contains(version + ".xml")) {
+ return ModelTestUtils.readResource(getClass(), name.replace("elytron", "legacy-elytron-subsystem"));
+ } else {
+ return ModelTestUtils.readResource(getClass(), name.replace("elytron", "elytron-subsystem"));
+ }
+ }
+ };
+ }
+
+ @BeforeClass
+ public static void updatePathsForSubsystemTestFiles() {
+ mockReadResourceWithValidSubsystemTestFilePaths();
+ }
+
+ @Parameters(name = "{0}")
+ public static Iterable parameters() {
+ return EnumSet.allOf(ElytronSubsystemSchema.class);
+ }
+
+ public ElytronMixedStabilitySubsystemParsingTestCase(ElytronSubsystemSchema schema) {
+ // mock the method that returns path to string for all except the current
+ super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension(), schema, ElytronSubsystemSchema.CURRENT.get(schema.getStability()));
+ }
+
+}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem100TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem100TestCase.java
deleted file mode 100644
index de77cbbb993..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem100TestCase.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem100TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem100TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-10.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
-}
-
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem10TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem10TestCase.java
deleted file mode 100644
index 3510c5fb980..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem10TestCase.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- * @author Tomaz Cerar
- */
-public class ElytronSubsystem10TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem10TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-1.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //super.compareXml(configId, original, marshalled);
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem110TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem110TestCase.java
deleted file mode 100644
index 36e4cb8c12e..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem110TestCase.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem110TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem110TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- public void testSchemaOfSubsystemTemplates() throws Exception {
- //
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-11.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
-}
-
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem11TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem11TestCase.java
deleted file mode 100644
index adc45577a20..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem11TestCase.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- * @author Tomaz Cerar
- */
-public class ElytronSubsystem11TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem11TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-1.1.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //super.compareXml(configId, original, marshalled);
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem12_0TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem12_0TestCase.java
deleted file mode 100644
index 0f558b1941d..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem12_0TestCase.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Darran Lofthouse
- */
-public class ElytronSubsystem12_0TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem12_0TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-12.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
-}
-
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem13_0TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem13_0TestCase.java
deleted file mode 100644
index 085d4701229..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem13_0TestCase.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-import org.jboss.as.controller.RunningMode;
-import org.jboss.as.subsystem.test.AdditionalInitialization;
-
-/**
- *
- * @author Darran Lofthouse
- */
-public class ElytronSubsystem13_0TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem13_0TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-13.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
- @Override
- protected AdditionalInitialization createAdditionalInitialization() {
- // Our use of the expression=encryption resource requires kernel capability setup that TestEnvironment provides
- return new TestEnvironment(RunningMode.ADMIN_ONLY);
- }
-
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem14_0TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem14_0TestCase.java
deleted file mode 100644
index 4fd95a700b9..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem14_0TestCase.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-import org.jboss.as.controller.RunningMode;
-import org.jboss.as.subsystem.test.AdditionalInitialization;
-
-/**
- *
- * @author Darran Lofthouse
- */
-public class ElytronSubsystem14_0TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem14_0TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-14.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
- @Override
- protected AdditionalInitialization createAdditionalInitialization() {
- // Our use of the expression=encryption resource requires kernel capability setup that TestEnvironment provides
- return new TestEnvironment(RunningMode.ADMIN_ONLY);
- }
-
-}
-
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem15_0TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem15_0TestCase.java
deleted file mode 100644
index f4958d925c2..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem15_0TestCase.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-import org.jboss.as.controller.RunningMode;
-import org.jboss.as.subsystem.test.AdditionalInitialization;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem15_0TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem15_0TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-15.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
- @Override
- protected AdditionalInitialization createAdditionalInitialization() {
- // Our use of the expression=encryption resource requires kernel capability setup that TestEnvironment provides
- return new TestEnvironment(RunningMode.ADMIN_ONLY);
- }
-
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem15_1TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem15_1TestCase.java
deleted file mode 100644
index 1c335839e22..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem15_1TestCase.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-import org.jboss.as.controller.RunningMode;
-import org.jboss.as.subsystem.test.AdditionalInitialization;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem15_1TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem15_1TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-15.1.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
- @Override
- protected AdditionalInitialization createAdditionalInitialization() {
- // Our use of the expression=encryption resource requires kernel capability setup that TestEnvironment provides
- return new TestEnvironment(RunningMode.ADMIN_ONLY);
- }
-
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem16_0TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem16_0TestCase.java
deleted file mode 100644
index ab4f87f7d80..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem16_0TestCase.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-import org.jboss.as.controller.RunningMode;
-import org.jboss.as.subsystem.test.AdditionalInitialization;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem16_0TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem16_0TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-16.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
- @Override
- protected AdditionalInitialization createAdditionalInitialization() {
- // Our use of the expression=encryption resource requires kernel capability setup that TestEnvironment provides
- return new TestEnvironment(RunningMode.ADMIN_ONLY);
- }
-
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem17_0TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem17_0TestCase.java
deleted file mode 100644
index 43c9b2edaed..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem17_0TestCase.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-import org.jboss.as.controller.RunningMode;
-import org.jboss.as.subsystem.test.AdditionalInitialization;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem17_0TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem17_0TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-17.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-
- @Override
- protected AdditionalInitialization createAdditionalInitialization() {
- // Our use of the expression=encryption resource requires kernel capability setup that TestEnvironment provides
- return new TestEnvironment(RunningMode.ADMIN_ONLY);
- }
-
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem18_0TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem18_0TestCase.java
deleted file mode 100644
index b1c8306960e..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem18_0TestCase.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-import org.jboss.as.controller.RunningMode;
-import org.jboss.as.subsystem.test.AdditionalInitialization;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem18_0TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem18_0TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("elytron-subsystem-18.0.xml");
- }
-
- @Override
- protected AdditionalInitialization createAdditionalInitialization() {
- // Our use of the expression=encryption resource requires kernel capability setup that TestEnvironment provides
- return new TestEnvironment(RunningMode.ADMIN_ONLY);
- }
-
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem1_2TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem1_2TestCase.java
deleted file mode 100644
index 8197827f621..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem1_2TestCase.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- * Tests of use of the wildfly-elytron_1_2.xsd.
- *
- * @author Brian Stansberry
- */
-public class ElytronSubsystem1_2TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem1_2TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-1.2.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //super.compareXml(configId, original, marshalled);
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem20TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem20TestCase.java
deleted file mode 100644
index 2258defc9a2..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem20TestCase.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- * @author Tomaz Cerar
- */
-public class ElytronSubsystem20TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem20TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- public void testSchemaOfSubsystemTemplates() throws Exception {
- //
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-2.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem30TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem30TestCase.java
deleted file mode 100644
index b41f7d2104f..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem30TestCase.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- * @author Farah Juma
- */
-public class ElytronSubsystem30TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem30TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-3.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem40TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem40TestCase.java
deleted file mode 100644
index 1fc8ab9ffd2..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem40TestCase.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Darran Lofthouse
- */
-public class ElytronSubsystem40TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem40TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-4.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem50TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem50TestCase.java
deleted file mode 100644
index b678da9d919..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem50TestCase.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Darran Lofthouse
- */
-public class ElytronSubsystem50TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem50TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-5.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem60TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem60TestCase.java
deleted file mode 100644
index c64ba70d341..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem60TestCase.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Darran Lofthouse
- */
-public class ElytronSubsystem60TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem60TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-6.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem70TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem70TestCase.java
deleted file mode 100644
index ced64c4bde8..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem70TestCase.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Darran Lofthouse
- */
-public class ElytronSubsystem70TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem70TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-7.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem80TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem80TestCase.java
deleted file mode 100644
index cd5ea9e223e..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem80TestCase.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem80TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem80TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-8.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem90TestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem90TestCase.java
deleted file mode 100644
index a6b8f606390..00000000000
--- a/elytron/src/test/java/org/wildfly/extension/elytron/ElytronSubsystem90TestCase.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright The WildFly Authors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.wildfly.extension.elytron;
-
-import java.io.IOException;
-
-/**
- *
- * @author Farah Juma
- */
-public class ElytronSubsystem90TestCase extends AbstractElytronSubsystemBaseTest {
-
- public ElytronSubsystem90TestCase() {
- super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
- }
-
- @Override
- protected String getSubsystemXml() throws IOException {
- return readResource("legacy-elytron-subsystem-9.0.xml");
- }
-
- @Override
- protected void compareXml(String configId, String original, String marshalled) throws Exception {
- //
- }
-}
-
diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/TestEnvironment.java b/elytron/src/test/java/org/wildfly/extension/elytron/TestEnvironment.java
index a9f34fa6b2e..4b4f0264c73 100644
--- a/elytron/src/test/java/org/wildfly/extension/elytron/TestEnvironment.java
+++ b/elytron/src/test/java/org/wildfly/extension/elytron/TestEnvironment.java
@@ -28,6 +28,7 @@
import org.jboss.as.subsystem.test.AdditionalInitialization;
import org.jboss.as.subsystem.test.ControllerInitializer;
import org.jboss.as.subsystem.test.KernelServices;
+import org.jboss.as.version.Stability;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.wildfly.security.x500.cert.BasicConstraintsExtension;
@@ -44,6 +45,8 @@ class TestEnvironment extends AdditionalInitialization {
private static final X500Principal ISSUER_DN = new X500Principal("O=Root Certificate Authority, EMAILADDRESS=elytron@wildfly.org, C=UK, ST=Elytron, CN=Elytron CA");
private static final X500Principal LOCALHOST_DN = new X500Principal("OU=Elytron, O=Elytron, C=CZ, ST=Elytron, CN=localhost");
+ private Stability stability;
+
private static KeyStore loadKeyStore() throws Exception{
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
@@ -117,11 +120,25 @@ public static void setUpKeyStores() throws Exception {
private final RunningMode runningMode;
TestEnvironment() {
- this(RunningMode.NORMAL);
+ this(RunningMode.NORMAL, Stability.DEFAULT);
}
TestEnvironment(RunningMode runningMode) {
+ this(runningMode, Stability.DEFAULT);
+ }
+
+ TestEnvironment(Stability stability) {
+ this(RunningMode.NORMAL, stability);
+ }
+
+ TestEnvironment(RunningMode runningMode, Stability stability) {
this.runningMode = runningMode;
+ this.stability = stability;
+ }
+
+ @Override
+ public Stability getStability() {
+ return stability;
}
@Override
diff --git a/elytron/src/test/resources/org/wildfly/extension/elytron/authentication-client.xml b/elytron/src/test/resources/org/wildfly/extension/elytron/authentication-client.xml
index 12308781830..54cfe836b00 100644
--- a/elytron/src/test/resources/org/wildfly/extension/elytron/authentication-client.xml
+++ b/elytron/src/test/resources/org/wildfly/extension/elytron/authentication-client.xml
@@ -44,6 +44,10 @@
+
+
+
+
@@ -53,4 +57,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-subsystem-community-18.0.xml b/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-subsystem-community-18.0.xml
new file mode 100644
index 00000000000..79811affd81
--- /dev/null
+++ b/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-subsystem-community-18.0.xml
@@ -0,0 +1,402 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 79d189f365c..f3674b80546 100644
--- a/pom.xml
+++ b/pom.xml
@@ -228,6 +228,7 @@
${version.org.jboss.xnio}5.8.13.10.0
+ 1.491.1.62.0.120.9.30
@@ -1790,6 +1791,11 @@
wildfly-elytron-digest${version.org.wildfly.security.elytron}
+
+ org.wildfly.security
+ wildfly-elytron-dynamic-ssl
+ ${version.org.wildfly.security.elytron}
+ org.wildfly.securitywildfly-elytron-encryption
diff --git a/server/src/main/java/org/jboss/as/server/ServerEnvironment.java b/server/src/main/java/org/jboss/as/server/ServerEnvironment.java
index 0d554e355fb..da07ab4e31e 100644
--- a/server/src/main/java/org/jboss/as/server/ServerEnvironment.java
+++ b/server/src/main/java/org/jboss/as/server/ServerEnvironment.java
@@ -499,7 +499,10 @@ public ServerEnvironment(final String hostControllerName, final Properties props
} else {
repository = null;
}
- serverConfigurationFile = standalone ? new ConfigurationFile(serverConfigurationDir, defaultServerConfig, serverConfig, configInteractionPolicy, repository != null, serverTempDir, configurationExtension) : null;
+
+ this.stability = getEnumProperty(props, ProcessEnvironment.STABILITY, productConfig.getDefaultStability());
+ final String translatedConfig = translateFileAlias(serverConfig, stability);
+ serverConfigurationFile = standalone ? new ConfigurationFile(serverConfigurationDir, defaultServerConfig, translatedConfig, configInteractionPolicy, repository != null, serverTempDir, configurationExtension) : null;
// Adds a system property to indicate whether or not the server configuration should be persisted
@SuppressWarnings("deprecation")
final String propertyKey = JBOSS_PERSIST_SERVER_CONFIG;
@@ -525,7 +528,6 @@ public ServerEnvironment(final String hostControllerName, final Properties props
this.domainConfigurationDir = null;
}
- this.stability = getEnumProperty(props, ProcessEnvironment.STABILITY, productConfig.getDefaultStability());
if (!productConfig.getStabilitySet().contains(this.stability)) {
throw ServerLogger.ROOT_LOGGER.unsupportedStability(this.stability, productConfig.getProductName());
}
@@ -1266,4 +1268,25 @@ private File[] getFilesFromProperty(final String name, final Properties props) {
ManagedAuditLogger createAuditLogger() {
return new ManagedAuditLoggerImpl(getProductConfig().resolveVersion(), true);
}
+
+ public static String translateFileAlias(String alias, Stability stability) {
+ if (!stability.enables(Stability.COMMUNITY) || alias == null) {
+ return alias;
+ }
+ switch (alias) {
+ case "full":
+ case "ha":
+ case "full-ha":
+ case "load-balancer":
+ case "microprofile":
+ case "microprofile-ha":
+ break;
+ case "fha": alias = "full-ha"; break;
+ case "lb": alias = "load-balancer"; break;
+ case "mp": alias = "microprofile"; break;
+ case "mpha": alias = "microprofile-ha"; break;
+ default: return alias;
+ }
+ return "standalone-" + alias + ".xml";
+ }
}
diff --git a/server/src/test/java/org/jboss/as/server/ServerEnvironmentTestCase.java b/server/src/test/java/org/jboss/as/server/ServerEnvironmentTestCase.java
index ca4ba96f06b..bba0dcee36b 100644
--- a/server/src/test/java/org/jboss/as/server/ServerEnvironmentTestCase.java
+++ b/server/src/test/java/org/jboss/as/server/ServerEnvironmentTestCase.java
@@ -91,4 +91,42 @@ public void testUUIDLifeCycle() throws IOException {
assertThat(uuids.get(0), is(not(uuid)));
Files.delete(uuidPath);
}
+
+ @Test
+ public void testAliasFunctionality() throws IOException {
+ Properties props = new Properties();
+ Path standaloneDir = homeDir.resolve("standalone");
+ Files.createDirectories(standaloneDir.resolve("configuration"));
+ Files.createFile(standaloneDir.resolve("configuration").resolve("standalone.xml"));
+ Files.createFile(standaloneDir.resolve("configuration").resolve("standalone-load-balancer.xml"));
+ Files.createFile(standaloneDir.resolve("configuration").resolve("custom.xml"));
+ props.put(HOME_DIR, homeDir.toAbsolutePath().toString());
+
+ // default stability = COMMUNITY
+ ProductConfig productConfig = ProductConfig.fromFilesystemSlot(null, "", props);
+
+ ServerEnvironment serverEnvironment = createServerEnvironment(props, null, productConfig);
+ assertThat(serverEnvironment.getServerConfigurationFile().getBootFile().getName(), is("standalone.xml"));
+
+ serverEnvironment = createServerEnvironment(props, "lb", productConfig);
+ assertThat(serverEnvironment.getServerConfigurationFile().getBootFile().getName(), is("standalone-load-balancer.xml"));
+
+ serverEnvironment = createServerEnvironment(props, "custom.xml", productConfig);
+ assertThat(serverEnvironment.getServerConfigurationFile().getBootFile().getName(), is("custom.xml"));
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testAliasNotWorkingInDefaultStability() {
+ Properties props = new Properties();
+ props.put(HOME_DIR, homeDir.toAbsolutePath().toString());
+
+ // default stability = DEFAULT
+ ProductConfig productConfig = new ProductConfig(null, null, null);
+ createServerEnvironment(props, "lb", productConfig);
+ }
+
+ private ServerEnvironment createServerEnvironment(Properties props, String serverConfig, ProductConfig productConfig) {
+ return new ServerEnvironment(null, props, System.getenv(), serverConfig,
+ ConfigurationFile.InteractionPolicy.READ_ONLY, ServerEnvironment.LaunchType.STANDALONE, RunningMode.NORMAL, productConfig, false);
+ }
}
diff --git a/testbom/pom.xml b/testbom/pom.xml
index 27589b8a7f7..9adc7894bb3 100644
--- a/testbom/pom.xml
+++ b/testbom/pom.xml
@@ -281,6 +281,12 @@
${version.org.mockito}test
+
+ org.jmockit
+ jmockit
+ ${version.org.jmockit}
+ test
+ org.syslog4j