@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { String realmName = PathAddress.pathAddress(operation.require(ModelDescriptionConstants.OP_ADDR)).getLastElement().getValue(); if(!hasResource(context)) {//realm has been deleted, who cares :) return; } final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS); Set<String> children = resource.getChildrenNames(ModelDescriptionConstants.AUTHENTICATION); if (children.contains(KERBEROS)) { Resource kerberosIdentity = resource.getChild(PathElement.pathElement(SERVER_IDENTITY, KERBEROS)); if (kerberosIdentity == null || kerberosIdentity.getChildrenNames(KEYTAB).size() < 1) { throw DomainManagementLogger.ROOT_LOGGER.kerberosWithoutKeytab(realmName); } } /* * Truststore, Local, and Kerberos can be defined in addition to the username/password mechanism so exclude these from the * validation check. */ children.remove(ModelDescriptionConstants.TRUSTSTORE); children.remove(ModelDescriptionConstants.LOCAL); children.remove(KERBEROS); if (children.size() > 1) { Set<String> invalid = new HashSet<String>(children); invalid.remove(ModelDescriptionConstants.TRUSTSTORE); throw DomainManagementLogger.ROOT_LOGGER.multipleAuthenticationMechanismsDefined(realmName, invalid); } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { String realmName = PathAddress.pathAddress(operation.require(ModelDescriptionConstants.OP_ADDR)).getLastElement().getValue(); if(!hasResource(context)) {//realm has been deleted, who cares :) return; } final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS); Set<String> children = resource.getChildrenNames(ModelDescriptionConstants.AUTHENTICATION); if (children.contains(KERBEROS)) { Resource kerberosIdentity = resource.getChild(PathElement.pathElement(SERVER_IDENTITY, KERBEROS)); if (kerberosIdentity == null || kerberosIdentity.getChildrenNames(KEYTAB).size() < 1) { throw DomainManagementLogger.ROOT_LOGGER.kerberosWithoutKeytab(realmName); } } /* * Truststore, Local, and Kerberos can be defined in addition to the username/password mechanism so exclude these from the * validation check. */ children.remove(ModelDescriptionConstants.TRUSTSTORE); children.remove(ModelDescriptionConstants.LOCAL); children.remove(KERBEROS); if (children.size() > 1) { Set<String> invalid = new HashSet<String>(children); invalid.remove(ModelDescriptionConstants.TRUSTSTORE); throw DomainManagementLogger.ROOT_LOGGER.multipleAuthenticationMechanismsDefined(realmName, invalid); } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); }