Tomaz Cerar ctomc

## common ssl example.xml
   <subsystem xmlns="urn:jboss:domain:security:2.0">
       <security-domains>
           <security-domain name="other" cache-type="default" >
           ...
           </security-domain>
       </security-domains>
      <keystores>
        <store-definitions>
            <store-defintion name="web-certs" type="jks" path="/path/to/some.jks"/>
            <store-defintion name="kerberos-certs" type="keytab" path="/path/to/krb5.keytab"/>

## gist:4678429
    static void registerTransformers(final TransformersSubRegistration registration, final TransformersSubRegistration loggingProfileReg,
                                     final PathElement handlerPath, final AttributeDefinition[] additionalAttributes, final String... additionalOperations) {
        final ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createInstance(handlerPath)
                .addRawOperationTransformationOverride(ADD, LoggingOperationTransformer.INSTANCE)
                .addRawOperationTransformationOverride(WRITE_ATTRIBUTE_OPERATION, LoggingOperationTransformer.INSTANCE)
                .addRawOperationTransformationOverride(UPDATE_OPERATION_NAME, LoggingOperationTransformer.INSTANCE)
                .getAttributeBuilder().addRejectCheck(RejectAttributeChecker.SIMPLE_EXPRESSIONS, DEFAULT_ATTRIBUTES)
                .addRejectCheck(RejectAttributeChecker.SIMPLE_EXPRESSIONS, LEGACY_ATTRIBUTES)
                .addRejectCheck(RejectAttributeCh

## gist:4663307
transformer:

DiscardUndefinedAttributesTransformer discarder = new DiscardUndefinedAttributesTransformer(AbstractKeyGeneratorResourceDefinition.JNDI_NAME);
        builder.addChildResource(CmpSubsystemModel.UUID_KEY_GENERATOR_PATH).setCustomResourceTransformer(discarder)
                .addOperationTransformationOverride(ModelDescriptionConstants.ADD).setCustomOperationTransformer(discarder)
                .inheritResourceAttributeDefinitions()
                .end()
                .addOperationTransformationOverride(ModelDescriptionConstants.WRITE_ATTRIBUTE_OPERATION).setCustomOperationTransformer(discarder.getWriteAttributeTransformer())
                .inheritResourceAttributeDefinitions()
                .end()

## gist:4320163
  static class JASPIAuthenticationModulesAttributeWriter implements OperationStepHandler {
        @Override
        public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
            OperationStepHandler addHandler = context.getResourceRegistration().getSubModel(PathAddress.EMPTY_ADDRESS.append(AUTH_MODULE)).getOperationHandler(PathAddress.EMPTY_ADDRESS, "add");
            for (ModelNode module : operation.get(VALUE).asList()) {
                ModelNode addModuleOp = module.clone();
                String code = addModuleOp.get(CODE).asString();
                PathElement relativePath = PathElement.pathElement(AUTH_MODULE, code);
                PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR)).append(relativePath);
                boolean exists = context.readResource(PathAddress.EMPTY_ADDRESS).hasChild(relativePath);

## gist:4136081
if (con instanceof HttpsURLConnection) {
                log.info("setting non validating ssl socket factory");
                HttpsURLConnection ssl = (HttpsURLConnection) con;
                TrustAllSecurityManager.setAllTrustingValidators(ssl);
            }


public class TrustAllSecurityManager {
    private static final Logger log = LoggerFactory.getLogger(TrustAllSecurityManager.class);

## ds-compare
All the changes below look like they are ware wrong in legacy version
====== Comparing core models ======
====== Resource root address: [] - Current version: 1.4.0; legacy version: 1.4.0 =======
--- Problems for relative address to root ["deployment" => "*","subdeployment" => "*","subsystem" => "datasources","data-source" => "*"]:
Different 'expressions-allowed' for attribute 'enabled'. Current: false; legacy: true
Different 'default' for attribute 'enabled'. Current: true; legacy: false
--this attribute should be resource-only (by @maeste) but that breaks tests and operations

Different 'nillable' for attribute 'exception-sorter-properties'. Current: true; legacy: false
Different 'nillable' for attribute 'reauth-plugin-properties'. Current: true; legacy: false

## gist:3783892
These are all with Report on differences in the model when the management versions are different? y/[n]: y

>>>>>DOMAIN

====== Comparing core models ======
====== Resource root address: [] - Current version: 1.4.0; legacy version: 1.2.0 =======
--- Problems for relative address to root []:
Missing attributes in current: []; missing in legacy [launch-type]
<<ok
Different 'nillable' for attribute 'local-host-name'. Current: true; legacy: false
	<subsystem xmlns="urn:jboss:domain:security:2.0">
	<security-domains>
	<security-domain name="other" cache-type="default" >
	...
	</security-domain>
	</security-domains>
	<keystores>
	<store-definitions>
	<store-defintion name="web-certs" type="jks" path="/path/to/some.jks"/>
	<store-defintion name="kerberos-certs" type="keytab" path="/path/to/krb5.keytab"/>
	static void registerTransformers(final TransformersSubRegistration registration, final TransformersSubRegistration loggingProfileReg,
	final PathElement handlerPath, final AttributeDefinition[] additionalAttributes, final String... additionalOperations) {
	final ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createInstance(handlerPath)
	.addRawOperationTransformationOverride(ADD, LoggingOperationTransformer.INSTANCE)
	.addRawOperationTransformationOverride(WRITE_ATTRIBUTE_OPERATION, LoggingOperationTransformer.INSTANCE)
	.addRawOperationTransformationOverride(UPDATE_OPERATION_NAME, LoggingOperationTransformer.INSTANCE)
	.getAttributeBuilder().addRejectCheck(RejectAttributeChecker.SIMPLE_EXPRESSIONS, DEFAULT_ATTRIBUTES)
	.addRejectCheck(RejectAttributeChecker.SIMPLE_EXPRESSIONS, LEGACY_ATTRIBUTES)
	.addRejectCheck(RejectAttributeCh
	transformer:

	DiscardUndefinedAttributesTransformer discarder = new DiscardUndefinedAttributesTransformer(AbstractKeyGeneratorResourceDefinition.JNDI_NAME);
	builder.addChildResource(CmpSubsystemModel.UUID_KEY_GENERATOR_PATH).setCustomResourceTransformer(discarder)
	.addOperationTransformationOverride(ModelDescriptionConstants.ADD).setCustomOperationTransformer(discarder)
	.inheritResourceAttributeDefinitions()
	.end()
	.addOperationTransformationOverride(ModelDescriptionConstants.WRITE_ATTRIBUTE_OPERATION).setCustomOperationTransformer(discarder.getWriteAttributeTransformer())
	.inheritResourceAttributeDefinitions()
	.end()
	static class JASPIAuthenticationModulesAttributeWriter implements OperationStepHandler {
	@Override
	public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
	OperationStepHandler addHandler = context.getResourceRegistration().getSubModel(PathAddress.EMPTY_ADDRESS.append(AUTH_MODULE)).getOperationHandler(PathAddress.EMPTY_ADDRESS, "add");
	for (ModelNode module : operation.get(VALUE).asList()) {
	ModelNode addModuleOp = module.clone();
	String code = addModuleOp.get(CODE).asString();
	PathElement relativePath = PathElement.pathElement(AUTH_MODULE, code);
	PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR)).append(relativePath);
	boolean exists = context.readResource(PathAddress.EMPTY_ADDRESS).hasChild(relativePath);
	if (con instanceof HttpsURLConnection) {
	log.info("setting non validating ssl socket factory");
	HttpsURLConnection ssl = (HttpsURLConnection) con;
	TrustAllSecurityManager.setAllTrustingValidators(ssl);
	}


	public class TrustAllSecurityManager {
	private static final Logger log = LoggerFactory.getLogger(TrustAllSecurityManager.class);
	All the changes below look like they are ware wrong in legacy version
	====== Comparing core models ======
	====== Resource root address: [] - Current version: 1.4.0; legacy version: 1.4.0 =======
	--- Problems for relative address to root ["deployment" => "","subdeployment" => "","subsystem" => "datasources","data-source" => "*"]:
	Different 'expressions-allowed' for attribute 'enabled'. Current: false; legacy: true
	Different 'default' for attribute 'enabled'. Current: true; legacy: false
	--this attribute should be resource-only (by @maeste) but that breaks tests and operations

	Different 'nillable' for attribute 'exception-sorter-properties'. Current: true; legacy: false
	Different 'nillable' for attribute 'reauth-plugin-properties'. Current: true; legacy: false
	These are all with Report on differences in the model when the management versions are different? y/[n]: y

	>>>>>DOMAIN

	====== Comparing core models ======
	====== Resource root address: [] - Current version: 1.4.0; legacy version: 1.2.0 =======
	--- Problems for relative address to root []:
	Missing attributes in current: []; missing in legacy [launch-type]
	<<ok
	Different 'nillable' for attribute 'local-host-name'. Current: true; legacy: false