Time to remove *-elytron.xml Configurations

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Time to remove *-elytron.xml Configurations

Darran Lofthouse
I think it is now time to start removing the *-elytron.xml
configurations from the feature packs, these were added so we could
start to get Elytron enabled in isolation.  As more and more is
integrated it makes less sense to keep the isolation, and if anything it
is starting to make things harder such as testing.

The default configuration I have planned is for components to be updated
to reference Elytron and for the Elytron configuration to be closely
aligned with the existing default configuration, i.e. Digest
authentication, backed by properties file and local authentication.

We did think if we should enable stronger authentication immediately but
that will break the existing clients already out there, if we do this in
stages the clients should have had a chance to be updated to Elytron so
when we do switch to stronger authentication by default the clients will
be ready.

So step 1, I will move the Elytron extension and subsystem definition(s)
into the existing configurations we ship and remove the *-elytron.xml
definitions.

We will then incrementally update resources that reference security
services to reference Elytron capabilities.

Regards,
Darran Lofthouse.

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Time to remove *-elytron.xml Configurations

Scott Marlow
After we have completely switched to Elytron, will there be
*-legacy.xml files for switching back to Picketbox?

On Fri, Dec 9, 2016 at 6:27 AM, Darran Lofthouse
<[hidden email]> wrote:

> I think it is now time to start removing the *-elytron.xml
> configurations from the feature packs, these were added so we could
> start to get Elytron enabled in isolation.  As more and more is
> integrated it makes less sense to keep the isolation, and if anything it
> is starting to make things harder such as testing.
>
> The default configuration I have planned is for components to be updated
> to reference Elytron and for the Elytron configuration to be closely
> aligned with the existing default configuration, i.e. Digest
> authentication, backed by properties file and local authentication.
>
> We did think if we should enable stronger authentication immediately but
> that will break the existing clients already out there, if we do this in
> stages the clients should have had a chance to be updated to Elytron so
> when we do switch to stronger authentication by default the clients will
> be ready.
>
> So step 1, I will move the Elytron extension and subsystem definition(s)
> into the existing configurations we ship and remove the *-elytron.xml
> definitions.
>
> We will then incrementally update resources that reference security
> services to reference Elytron capabilities.
>
> Regards,
> Darran Lofthouse.
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Time to remove *-elytron.xml Configurations

Darran Lofthouse
On 09/12/16 16:34, Scott Marlow wrote:
> After we have completely switched to Elytron, will there be
> *-legacy.xml files for switching back to Picketbox?

I do not expect so.

For anyone who identifies a need to use the PicketBox based security I
think our best option is to provide the management ops to add it back.
For anyone else already using PicketBox I would expect them to bring
their old configuration to WildFly 11 and so will be unaffected by this
discussion.

> On Fri, Dec 9, 2016 at 6:27 AM, Darran Lofthouse
> <[hidden email]> wrote:
>> I think it is now time to start removing the *-elytron.xml
>> configurations from the feature packs, these were added so we could
>> start to get Elytron enabled in isolation.  As more and more is
>> integrated it makes less sense to keep the isolation, and if anything it
>> is starting to make things harder such as testing.
>>
>> The default configuration I have planned is for components to be updated
>> to reference Elytron and for the Elytron configuration to be closely
>> aligned with the existing default configuration, i.e. Digest
>> authentication, backed by properties file and local authentication.
>>
>> We did think if we should enable stronger authentication immediately but
>> that will break the existing clients already out there, if we do this in
>> stages the clients should have had a chance to be updated to Elytron so
>> when we do switch to stronger authentication by default the clients will
>> be ready.
>>
>> So step 1, I will move the Elytron extension and subsystem definition(s)
>> into the existing configurations we ship and remove the *-elytron.xml
>> definitions.
>>
>> We will then incrementally update resources that reference security
>> services to reference Elytron capabilities.
>>
>> Regards,
>> Darran Lofthouse.
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Loading...