package org.wildfly.extension.undertow;

import io.undertow.server.session.SecureRandomSessionIdGenerator;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.LoginConfig;
import java.security.AccessController;
import java.security.Policy;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.BiFunction;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import org.jboss.as.clustering.controller.CapabilityServiceConfigurator;
import org.jboss.as.clustering.controller.SimpleCapabilityServiceConfigurator;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.CapabilityServiceTarget;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PersistentResourceDefinition;
import org.jboss.as.controller.ServiceRemoveStepHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.access.constraint.ApplicationTypeConfig;
import org.jboss.as.controller.access.constraint.SensitivityClassification;
import org.jboss.as.controller.access.management.AccessConstraintDefinition;
import org.jboss.as.controller.access.management.ApplicationTypeAccessConstraintDefinition;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.Resource;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.wildfly.clustering.service.ServiceConfigurator;
import org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager;
import org.wildfly.extension.undertow.SingleSignOnDefinition;
import org.wildfly.extension.undertow.security.jacc.JACCAuthorizationManager;
import org.wildfly.extension.undertow.security.sso.DistributableSecurityDomainSingleSignOnManagerServiceConfiguratorProvider;
import org.wildfly.security.auth.server.HttpAuthenticationFactory;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismConfigurationSelector;
import org.wildfly.security.auth.server.MechanismRealmConfiguration;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;
import org.wildfly.security.http.impl.ServerMechanismFactoryImpl;
import org.wildfly.security.http.util.FilterServerMechanismFactory;
import org.wildfly.security.http.util.sso.DefaultSingleSignOnManager;
import org.wildfly.security.http.util.sso.SingleSignOnServerMechanismFactory;
import org.wildfly.security.http.util.sso.SingleSignOnSessionFactory;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition.class */
public class ApplicationSecurityDomainDefinition extends PersistentResourceDefinition {
    private static Predicate<String> SERVLET_MECHANISM;
    static final RuntimeCapability<Void> APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY;
    static final RuntimeCapability<Void> APPLICATION_SECURITY_DOMAIN_KNOWN_DEPLOYMENTS_CAPABILITY;
    static final SimpleAttributeDefinition HTTP_AUTHENTICATION_FACTORY;
    static final SimpleAttributeDefinition OVERRIDE_DEPLOYMENT_CONFIG;
    static final SimpleAttributeDefinition SECURITY_DOMAIN;
    private static final StringListAttributeDefinition REFERENCING_DEPLOYMENTS;
    static final SimpleAttributeDefinition ENABLE_JACC;
    private static final AttributeDefinition[] ATTRIBUTES;
    static final ApplicationSecurityDomainDefinition INSTANCE;
    private static final Set<String> knownApplicationSecurityDomains;
    private static final OperationContext.AttachmentKey<KnownDeploymentsApi> KNOWN_DEPLOYMENTS_KEY;

    /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition$AddHandler.class */
    private static class AddHandler extends AbstractAddStepHandler {
        private AddHandler() {
            super(ApplicationSecurityDomainDefinition.ATTRIBUTES);
        }

        protected void populateModel(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.populateModel(operationContext, modelNode, resource);
            ApplicationSecurityDomainDefinition.knownApplicationSecurityDomains.add(operationContext.getCurrentAddressValue());
        }

        protected void recordCapabilitiesAndRequirements(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.recordCapabilitiesAndRequirements(operationContext, modelNode, resource);
            KnownDeploymentsApi knownDeploymentsApi = new KnownDeploymentsApi();
            operationContext.registerCapability(RuntimeCapability.Builder.of(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN_KNOWN_DEPLOYMENTS, true, knownDeploymentsApi).build().fromBaseCapability(operationContext.getCurrentAddressValue()));
            operationContext.attach(ApplicationSecurityDomainDefinition.KNOWN_DEPLOYMENTS_KEY, knownDeploymentsApi);
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            Function httpAuthenticationFactoryFunction;
            Supplier supplier;
            ModelNode model = resource.getModel();
            CapabilityServiceTarget capabilityServiceTarget = operationContext.getCapabilityServiceTarget();
            String asStringOrNull = ApplicationSecurityDomainDefinition.SECURITY_DOMAIN.resolveModelAttribute(operationContext, model).asStringOrNull();
            String asStringOrNull2 = ApplicationSecurityDomainDefinition.HTTP_AUTHENTICATION_FACTORY.resolveModelAttribute(operationContext, model).asStringOrNull();
            boolean asBoolean = ApplicationSecurityDomainDefinition.OVERRIDE_DEPLOYMENT_CONFIG.resolveModelAttribute(operationContext, model).asBoolean();
            boolean asBoolean2 = ApplicationSecurityDomainDefinition.ENABLE_JACC.resolveModelAttribute(operationContext, model).asBoolean();
            String currentAddressValue = operationContext.getCurrentAddressValue();
            ServiceName capabilityServiceName = ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName(operationContext.getCurrentAddress());
            ServiceBuilder initialMode = capabilityServiceTarget.addService(capabilityServiceName).setInitialMode(ServiceController.Mode.LAZY);
            if (asStringOrNull2 != null) {
                Supplier requires = initialMode.requires(operationContext.getCapabilityServiceName(Capabilities.REF_HTTP_AUTHENTICATION_FACTORY, HttpAuthenticationFactory.class, new String[]{asStringOrNull2}));
                httpAuthenticationFactoryFunction = str -> {
                    return (HttpAuthenticationFactory) requires.get();
                };
            } else {
                httpAuthenticationFactoryFunction = ApplicationSecurityDomainDefinition.toHttpAuthenticationFactoryFunction(initialMode.requires(operationContext.getCapabilityServiceName(Capabilities.REF_SECURITY_DOMAIN, SecurityDomain.class, new String[]{asStringOrNull})));
            }
            if (asBoolean2) {
                initialMode.requires(operationContext.getCapabilityServiceName(Capabilities.REF_JACC_POLICY, Policy.class));
            }
            if (resource.hasChild(UndertowExtension.PATH_SSO)) {
                ModelNode model2 = resource.getChild(UndertowExtension.PATH_SSO).getModel();
                String asString = SingleSignOnDefinition.Attribute.COOKIE_NAME.resolveModelAttribute(operationContext, model2).asString();
                String str2 = null;
                if (SingleSignOnDefinition.Attribute.DOMAIN.resolveModelAttribute(operationContext, model2).isDefined()) {
                    str2 = SingleSignOnDefinition.Attribute.DOMAIN.resolveModelAttribute(operationContext, model2).asString();
                }
                SingleSignOnServerMechanismFactory.SingleSignOnConfiguration singleSignOnConfiguration = new SingleSignOnServerMechanismFactory.SingleSignOnConfiguration(asString, str2, SingleSignOnDefinition.Attribute.PATH.resolveModelAttribute(operationContext, model2).asString(), SingleSignOnDefinition.Attribute.HTTP_ONLY.resolveModelAttribute(operationContext, model2).asBoolean(), SingleSignOnDefinition.Attribute.SECURE.resolveModelAttribute(operationContext, model2).asBoolean());
                ServiceName serviceName = new SingleSignOnManagerServiceNameProvider(currentAddressValue).getServiceName();
                SecureRandomSessionIdGenerator secureRandomSessionIdGenerator = new SecureRandomSessionIdGenerator();
                Optional<U> map = DistributableSecurityDomainSingleSignOnManagerServiceConfiguratorProvider.INSTANCE.map(distributableSecurityDomainSingleSignOnManagerServiceConfiguratorProvider -> {
                    return distributableSecurityDomainSingleSignOnManagerServiceConfiguratorProvider.getServiceConfigurator(serviceName, currentAddressValue, secureRandomSessionIdGenerator);
                });
                ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
                secureRandomSessionIdGenerator.getClass();
                ((CapabilityServiceConfigurator) map.orElse(new SimpleCapabilityServiceConfigurator(serviceName, new DefaultSingleSignOnManager(concurrentHashMap, secureRandomSessionIdGenerator::createSessionId)))).configure(operationContext).build(capabilityServiceTarget).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
                ServiceConfigurator configure = new SingleSignOnSessionFactoryServiceConfigurator(currentAddressValue).configure(operationContext, model2);
                configure.build(capabilityServiceTarget).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
                Supplier requires2 = initialMode.requires(configure.getServiceName());
                UnaryOperator unaryOperator = httpServerAuthenticationMechanismFactory -> {
                    return new SingleSignOnServerMechanismFactory(httpServerAuthenticationMechanismFactory, (SingleSignOnSessionFactory) requires2.get(), singleSignOnConfiguration);
                };
                supplier = () -> {
                    return unaryOperator;
                };
            } else {
                supplier = () -> {
                    return null;
                };
            }
            ApplicationSecurityDomainService applicationSecurityDomainService = new ApplicationSecurityDomainService(asBoolean, asBoolean2, httpAuthenticationFactoryFunction, supplier, initialMode.provides(new ServiceName[]{capabilityServiceName}));
            initialMode.setInstance(applicationSecurityDomainService);
            initialMode.install();
            ((KnownDeploymentsApi) operationContext.getAttachment(ApplicationSecurityDomainDefinition.KNOWN_DEPLOYMENTS_KEY)).setApplicationSecurityDomainService(applicationSecurityDomainService);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.class */
    public static class ApplicationSecurityDomainService implements Service, BiFunction<DeploymentInfo, Function<String, RunAsIdentityMetaData>, Registration> {
        private final Function<String, HttpAuthenticationFactory> factoryFunction;
        private final Supplier<UnaryOperator<HttpServerAuthenticationMechanismFactory>> singleSignOnTransformerSupplier;
        private final Consumer<BiFunction<DeploymentInfo, Function<String, RunAsIdentityMetaData>, Registration>> valueConsumer;
        private final boolean overrideDeploymentConfig;
        private final Set<RegistrationImpl> registrations;
        private final boolean enableJacc;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService$RegistrationImpl.class */
        public class RegistrationImpl implements Registration {
            final DeploymentInfo deploymentInfo;

            private RegistrationImpl(DeploymentInfo deploymentInfo) {
                this.deploymentInfo = deploymentInfo;
            }

            @Override // org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition.Registration
            public void cancel() {
                if (WildFlySecurityManager.isChecking()) {
                    AccessController.doPrivileged(() -> {
                        SecurityDomain.unregisterClassLoader(this.deploymentInfo.getClassLoader());
                        return null;
                    });
                } else {
                    SecurityDomain.unregisterClassLoader(this.deploymentInfo.getClassLoader());
                }
                synchronized (ApplicationSecurityDomainService.this.registrations) {
                    ApplicationSecurityDomainService.this.registrations.remove(this);
                }
            }
        }

        private ApplicationSecurityDomainService(boolean z, boolean z2, Function<String, HttpAuthenticationFactory> function, Supplier<UnaryOperator<HttpServerAuthenticationMechanismFactory>> supplier, Consumer<BiFunction<DeploymentInfo, Function<String, RunAsIdentityMetaData>, Registration>> consumer) {
            this.registrations = new HashSet();
            this.overrideDeploymentConfig = z;
            this.enableJacc = z2;
            this.factoryFunction = function;
            this.singleSignOnTransformerSupplier = supplier;
            this.valueConsumer = consumer;
        }

        public void start(StartContext startContext) throws StartException {
            this.valueConsumer.accept(this);
        }

        public void stop(StopContext stopContext) {
        }

        @Override // java.util.function.BiFunction
        public Registration apply(DeploymentInfo deploymentInfo, Function<String, RunAsIdentityMetaData> function) {
            AuthenticationManager.Builder runAsMapper = AuthenticationManager.builder().setHttpAuthenticationFactory(this.factoryFunction.apply(getRealmName(deploymentInfo))).setOverrideDeploymentConfig(this.overrideDeploymentConfig).setHttpAuthenticationFactoryTransformer(this.singleSignOnTransformerSupplier.get()).setRunAsMapper(function);
            if (this.enableJacc) {
                runAsMapper.setAuthorizationManager(JACCAuthorizationManager.INSTANCE);
            }
            runAsMapper.build().configure(deploymentInfo);
            RegistrationImpl registrationImpl = new RegistrationImpl(deploymentInfo);
            synchronized (this.registrations) {
                this.registrations.add(registrationImpl);
            }
            return registrationImpl;
        }

        private String getRealmName(DeploymentInfo deploymentInfo) {
            LoginConfig loginConfig = deploymentInfo.getLoginConfig();
            if (loginConfig != null) {
                return loginConfig.getRealmName();
            }
            return null;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public List<String> getDeployments() {
            ArrayList arrayList;
            synchronized (this.registrations) {
                arrayList = new ArrayList(this.registrations.size());
                Iterator<RegistrationImpl> it = this.registrations.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().deploymentInfo.getDeploymentName());
                }
            }
            return arrayList;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition$KnownDeploymentsApi.class */
    public static class KnownDeploymentsApi {
        private volatile ApplicationSecurityDomainService service;

        private KnownDeploymentsApi() {
        }

        List<String> getKnownDeployments() {
            return this.service != null ? this.service.getDeployments() : Collections.emptyList();
        }

        void setApplicationSecurityDomainService(ApplicationSecurityDomainService applicationSecurityDomainService) {
            this.service = applicationSecurityDomainService;
        }
    }

    /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition$ReferencingDeploymentsHandler.class */
    private static class ReferencingDeploymentsHandler implements OperationStepHandler {
        private ReferencingDeploymentsHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            if (operationContext.isDefaultRequiresRuntime()) {
                operationContext.addStep((operationContext2, modelNode2) -> {
                    KnownDeploymentsApi knownDeploymentsApi = (KnownDeploymentsApi) operationContext.getCapabilityRuntimeAPI(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN_KNOWN_DEPLOYMENTS, operationContext2.getCurrentAddressValue(), KnownDeploymentsApi.class);
                    ModelNode modelNode2 = new ModelNode();
                    Iterator<String> it = knownDeploymentsApi.getKnownDeployments().iterator();
                    while (it.hasNext()) {
                        modelNode2.add(it.next());
                    }
                    operationContext.getResult().set(modelNode2);
                }, OperationContext.Stage.RUNTIME);
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition$Registration.class */
    public interface Registration {
        void cancel();
    }

    /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition$RemoveHandler.class */
    private static class RemoveHandler extends ServiceRemoveStepHandler {
        protected RemoveHandler(AbstractAddStepHandler abstractAddStepHandler) {
            super(abstractAddStepHandler, new RuntimeCapability[]{ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY, ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_KNOWN_DEPLOYMENTS_CAPABILITY});
        }

        protected void performRemove(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            super.performRemove(operationContext, modelNode, modelNode2);
            ApplicationSecurityDomainDefinition.knownApplicationSecurityDomains.remove(operationContext.getCurrentAddressValue());
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) {
            super.performRuntime(operationContext, modelNode, modelNode2);
            if (operationContext.isResourceServiceRestartAllowed()) {
                String currentAddressValue = operationContext.getCurrentAddressValue();
                operationContext.removeService(new SingleSignOnManagerServiceNameProvider(currentAddressValue).getServiceName());
                operationContext.removeService(new SingleSignOnSessionFactoryServiceNameProvider(currentAddressValue).getServiceName());
            }
        }

        protected ServiceName serviceName(String str) {
            return ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(str).getCapabilityServiceName(BiFunction.class);
        }
    }

    private ApplicationSecurityDomainDefinition() {
        this(new PersistentResourceDefinition.Parameters(UndertowExtension.PATH_APPLICATION_SECURITY_DOMAIN, UndertowExtension.getResolver(Constants.APPLICATION_SECURITY_DOMAIN)).setCapabilities(new RuntimeCapability[]{APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY}).addAccessConstraints(new AccessConstraintDefinition[]{new SensitiveTargetAccessConstraintDefinition(new SensitivityClassification("undertow", Constants.APPLICATION_SECURITY_DOMAIN, false, false, false)), new ApplicationTypeAccessConstraintDefinition(new ApplicationTypeConfig("undertow", Constants.APPLICATION_SECURITY_DOMAIN))}), new AddHandler());
    }

    private ApplicationSecurityDomainDefinition(PersistentResourceDefinition.Parameters parameters, AbstractAddStepHandler abstractAddStepHandler) {
        super(parameters.setAddHandler(abstractAddStepHandler).setRemoveHandler(new RemoveHandler(abstractAddStepHandler)));
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        knownApplicationSecurityDomains.clear();
        super.registerAttributes(managementResourceRegistration);
        if (managementResourceRegistration.getProcessType().isServer()) {
            managementResourceRegistration.registerReadOnlyAttribute(REFERENCING_DEPLOYMENTS, new ReferencingDeploymentsHandler());
        }
    }

    protected List<? extends PersistentResourceDefinition> getChildren() {
        return Collections.singletonList(new ApplicationSecurityDomainSingleSignOnDefinition());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Function<String, HttpAuthenticationFactory> toHttpAuthenticationFactoryFunction(Supplier<SecurityDomain> supplier) {
        FilterServerMechanismFactory filterServerMechanismFactory = new FilterServerMechanismFactory(new ServerMechanismFactoryImpl(), SERVLET_MECHANISM);
        return str -> {
            return HttpAuthenticationFactory.builder().setFactory(filterServerMechanismFactory).setSecurityDomain((SecurityDomain) supplier.get()).setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(str == null ? MechanismConfiguration.EMPTY : MechanismConfiguration.builder().addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName(str).build()).build())).build();
        };
    }

    public Collection<AttributeDefinition> getAttributes() {
        return Arrays.asList(ATTRIBUTES);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Predicate<String> getKnownSecurityDomainPredicate() {
        Set<String> set = knownApplicationSecurityDomains;
        set.getClass();
        return (v1) -> {
            return r0.contains(v1);
        };
    }

    static {
        HashSet hashSet = new HashSet(4);
        hashSet.add("BASIC");
        hashSet.add("CLIENT_CERT");
        hashSet.add("DIGEST");
        hashSet.add("FORM");
        hashSet.getClass();
        SERVLET_MECHANISM = (v1) -> {
            return r0.contains(v1);
        };
        APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY = RuntimeCapability.Builder.of(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN, true, BiFunction.class).build();
        APPLICATION_SECURITY_DOMAIN_KNOWN_DEPLOYMENTS_CAPABILITY = RuntimeCapability.Builder.of(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN_KNOWN_DEPLOYMENTS, true).build();
        HTTP_AUTHENTICATION_FACTORY = new SimpleAttributeDefinitionBuilder(Constants.HTTP_AUTHENITCATION_FACTORY, ModelType.STRING, false).setMinSize(1).setRestartAllServices().setCapabilityReference(Capabilities.REF_HTTP_AUTHENTICATION_FACTORY).setAccessConstraints(new AccessConstraintDefinition[]{SensitiveTargetAccessConstraintDefinition.AUTHENTICATION_FACTORY_REF}).setAlternatives(new String[]{Constants.SECURITY_DOMAIN}).build();
        OVERRIDE_DEPLOYMENT_CONFIG = new SimpleAttributeDefinitionBuilder(Constants.OVERRIDE_DEPLOYMENT_CONFIG, ModelType.BOOLEAN, true).setDefaultValue(new ModelNode(false)).setRestartAllServices().setRequires(new String[]{Constants.HTTP_AUTHENITCATION_FACTORY}).build();
        SECURITY_DOMAIN = new SimpleAttributeDefinitionBuilder(Constants.SECURITY_DOMAIN, ModelType.STRING, false).setMinSize(1).setRestartAllServices().setCapabilityReference(Capabilities.REF_SECURITY_DOMAIN).setAccessConstraints(new AccessConstraintDefinition[]{SensitiveTargetAccessConstraintDefinition.ELYTRON_SECURITY_DOMAIN_REF}).setAlternatives(new String[]{Constants.HTTP_AUTHENITCATION_FACTORY}).build();
        REFERENCING_DEPLOYMENTS = new StringListAttributeDefinition.Builder(Constants.REFERENCING_DEPLOYMENTS).setStorageRuntime().build();
        ENABLE_JACC = new SimpleAttributeDefinitionBuilder(Constants.ENABLE_JACC, ModelType.BOOLEAN, true).setDefaultValue(new ModelNode(false)).setMinSize(1).setRestartAllServices().build();
        ATTRIBUTES = new AttributeDefinition[]{SECURITY_DOMAIN, HTTP_AUTHENTICATION_FACTORY, OVERRIDE_DEPLOYMENT_CONFIG, ENABLE_JACC};
        INSTANCE = new ApplicationSecurityDomainDefinition();
        knownApplicationSecurityDomains = Collections.synchronizedSet(new HashSet());
        KNOWN_DEPLOYMENTS_KEY = OperationContext.AttachmentKey.create(KnownDeploymentsApi.class);
    }
}
