Making PicketBox Optional

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Making PicketBox Optional

Darran Lofthouse
Previously we have worked to eliminate all mandatory module dependencies on the org.jboss.as.security module - this means that this module is not only provisioned by Galleon if we are provisioning a layer which includes the subsystem.

The next target we need to tackle is the org.picketbox module, this step will involve some work within each of the affected components.  We need to reach the point that all other module dependencies on this one are also optional so it is only provisioned when the legacy security subsystem is provisioned.

At the top level this is being tracked under:

For the individual subsystems I have split out a set of tasks so they can be tackled individually:
 - security-api / security-integration - https://issues.redhat.com/browse/WFLY-14845

I have left these unassigned by default so we can see when they have been picked up.

Some of these may be more complicated than others so the most urgent task is to identify where we think we are going to run into problems so we can define a solution.

Some solutions could include:
 - Moving utility code to WildFly Elytron or some other common project.
 - Forking utility code to a private implementation in the project that needs it.
 - For anything affecting deployments using capabilities to check if legacy security is present.
 - Any optional use of legacy security should be disabled from Java 13 and later.
 - Other solutions to be developed.

This specific task is not about changing the default configuration to move on from legacy security.  Once this step is complete we will be ready to start adjusting the default configuration to eliminate legacy security.

Regards,
Darran Lofthouse.



_______________________________________________
wildfly-dev mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
Reply | Threaded
Open this post in threaded view
|

Re: Making PicketBox Optional

Brian Stansberry
Thanks, Darran.

If anyone has any questions about what's necessary to allow a dependency on the org.picketbox module to be marked as optional, I encourage you to ask here, as other people are likely to have a similar question.

On Thu, Jun 3, 2021 at 2:51 AM Darran Lofthouse <[hidden email]> wrote:
Previously we have worked to eliminate all mandatory module dependencies on the org.jboss.as.security module - this means that this module is not only provisioned by Galleon if we are provisioning a layer which includes the subsystem.

The next target we need to tackle is the org.picketbox module, this step will involve some work within each of the affected components.  We need to reach the point that all other module dependencies on this one are also optional so it is only provisioned when the legacy security subsystem is provisioned.

At the top level this is being tracked under:

For the individual subsystems I have split out a set of tasks so they can be tackled individually:
 - security-api / security-integration - https://issues.redhat.com/browse/WFLY-14845

I have left these unassigned by default so we can see when they have been picked up.

Some of these may be more complicated than others so the most urgent task is to identify where we think we are going to run into problems so we can define a solution.

Some solutions could include:
 - Moving utility code to WildFly Elytron or some other common project.
 - Forking utility code to a private implementation in the project that needs it.
 - For anything affecting deployments using capabilities to check if legacy security is present.
 - Any optional use of legacy security should be disabled from Java 13 and later.
 - Other solutions to be developed.

This specific task is not about changing the default configuration to move on from legacy security.  Once this step is complete we will be ready to start adjusting the default configuration to eliminate legacy security.

Regards,
Darran Lofthouse.


_______________________________________________
wildfly-dev mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s


--
Brian Stansberry
Principal Architect, Red Hat JBoss EAP
He/Him/His

_______________________________________________
wildfly-dev mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s