Clean-up access controller tests

(merge main -> ce/main 116094)

[git-p4: depot-paths = "//dev/coherence-ce/main/": change = 116117]

Author: thegridman

prj/coherence-core-components/src/main/java/com/tangosol/coherence/component/net/Security.java

@@ -15,6 +15,8 @@
 import com.tangosol.internal.net.security.DefaultSecurityDependencies;
 import com.tangosol.internal.net.security.DefaultStandardDependencies;
 import com.tangosol.internal.net.security.LegacyXmlStandardHelper;
+import com.tangosol.net.CacheFactory;
+import com.tangosol.net.ClusterDependencies;
 import com.tangosol.net.ClusterPermission;
 import com.tangosol.net.security.Authorizer;
 import com.tangosol.net.security.DefaultIdentityAsserter;
@@ -280,11 +282,12 @@ public static synchronized void configureSecurity()
             deps = new DefaultStandardDependencies();
 
             // internal call equivalent to "CacheFactory.getSecurityConfig();"
-            XmlElement xmlConfig = Coherence.getServiceConfig("$Security");
+            XmlElement          xmlConfig   = Coherence.getServiceConfig("$Security");
+            ClusterDependencies depsCluster = CacheFactory.getCluster().getDependencies();
             if (xmlConfig != null)
                 {
                 // load the security dependencies given the xml config 
-                deps = LegacyXmlStandardHelper.fromXml(xmlConfig, deps);
+                deps = LegacyXmlStandardHelper.fromXml(xmlConfig, deps, depsCluster);
 
                 if (deps.isEnabled())
                     {

prj/coherence-core/src/main/java/com/tangosol/coherence/config/builder/InstanceBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates.
+ * Copyright (c) 2000, 2025, Oracle and/or its affiliates.
  *
  * Licensed under the Universal Permissive License v 1.0 as shown at
  * https://oss.oracle.com/licenses/upl.
@@ -64,7 +64,7 @@ public class InstanceBuilder<T>
      */
     public InstanceBuilder()
         {
-        m_exprClassName             = new LiteralExpression<String>("undefined");
+        m_exprClassName             = new LiteralExpression<>(UNDEFINED_CLASS_NAME);
         m_listConstructorParameters = new ResolvableParameterList();
         }
 
@@ -76,7 +76,7 @@ public InstanceBuilder()
      */
     public InstanceBuilder(Class<?> clzToRealize, Object... aConstructorParameters)
         {
-        m_exprClassName             = new LiteralExpression<String>(clzToRealize.getName());
+        m_exprClassName             = new LiteralExpression<>(clzToRealize.getName());
         m_listConstructorParameters = new SimpleParameterList(aConstructorParameters);
         }
 
@@ -100,7 +100,7 @@ public InstanceBuilder(Expression<String> exprClassName, Object... aConstructorP
      */
     public InstanceBuilder(String sClassName, Object... aConstructorParameters)
         {
-        m_exprClassName             = new LiteralExpression<String>(sClassName);
+        m_exprClassName             = new LiteralExpression<>(sClassName);
         m_listConstructorParameters = new SimpleParameterList(aConstructorParameters);
         }
 
@@ -117,6 +117,18 @@ public Expression<String> getClassName()
         return m_exprClassName;
         }
 
+    /**
+     * Return true if the class name is undefined.
+     *
+     * @return  true if the class name is undefined
+     */
+    public boolean isUndefined()
+        {
+        return m_exprClassName == null ||
+                (m_exprClassName instanceof LiteralExpression
+                        && UNDEFINED_CLASS_NAME.equals(m_exprClassName.evaluate(null)));
+        }
+
     /**
      * Sets the {@link Expression} that when evaluated will produce the name of the class to realize.
      *
@@ -275,8 +287,8 @@ public String toString()
     @Override
     public void readExternal(DataInput in) throws IOException
         {
-        m_exprClassName             = (Expression<String>) ExternalizableHelper.readObject(in, null);
-        m_listConstructorParameters = (ParameterList) ExternalizableHelper.readObject(in, null);
+        m_exprClassName             = ExternalizableHelper.readObject(in, null);
+        m_listConstructorParameters = ExternalizableHelper.readObject(in, null);
         }
 
     /**
@@ -297,8 +309,8 @@ public void writeExternal(DataOutput out) throws IOException
     @Override
     public void readExternal(PofReader reader) throws IOException
         {
-        m_exprClassName             = (Expression<String>) reader.readObject(0);
-        m_listConstructorParameters = (ParameterList) reader.readObject(1);
+        m_exprClassName             = reader.readObject(0);
+        m_listConstructorParameters = reader.readObject(1);
         }
 
     /**
@@ -311,6 +323,13 @@ public void writeExternal(PofWriter writer) throws IOException
         writer.writeObject(1, m_listConstructorParameters);
         }
 
+    // ----- constants ------------------------------------------------------
+
+    /**
+     * The value of the class name expression if no class name has been set.
+     */
+    public static final String UNDEFINED_CLASS_NAME = "undefined";
+
     // ----- data members ---------------------------------------------------
 
     /**

prj/coherence-core/src/main/java/com/tangosol/internal/net/security/LegacyXmlStandardHelper.java

@@ -1,23 +1,28 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates.
+ * Copyright (c) 2000, 2025, Oracle and/or its affiliates.
  *
  * Licensed under the Universal Permissive License v 1.0 as shown at
- * http://oss.oracle.com/licenses/upl.
+ * https://oss.oracle.com/licenses/upl.
  */
 package com.tangosol.internal.net.security;
 
+import com.oracle.coherence.common.base.Logger;
+
 import com.tangosol.coherence.config.ParameterMacroExpressionParser;
 
+import com.tangosol.coherence.config.builder.InstanceBuilder;
 import com.tangosol.coherence.config.builder.ParameterizedBuilder;
+import com.tangosol.coherence.config.builder.ParameterizedBuilderRegistry;
 
 import com.tangosol.coherence.config.xml.OperationalConfigNamespaceHandler;
 
+import com.tangosol.coherence.config.xml.processor.InstanceProcessor;
 import com.tangosol.coherence.config.xml.processor.PasswordProviderBuilderProcessor;
 
 import com.tangosol.config.xml.DefaultProcessingContext;
 import com.tangosol.config.xml.DocumentProcessor;
 
-import com.tangosol.net.CacheFactory;
+import com.tangosol.net.ClusterDependencies;
 import com.tangosol.net.PasswordProvider;
 
 import com.tangosol.net.security.AccessController;
@@ -36,40 +41,40 @@
 /**
  * LegacyXmlStandardHelper parses the {@code <security-config>} XML to
  * populate the DefaultStandardDependencies.
- *
+ * <p>
  * NOTE: This code will eventually be replaced by CODI.
  *
  * @author der  2011.12.01
  * @since Coherence 12.1.2
  */
-@SuppressWarnings("deprecation")
 public class LegacyXmlStandardHelper
     {
     /**
      * Populate the DefaultStandardDependencies object from the XML
      * configuration.
      *
-     * @param xml   the <{@code <security-config>} XML element
-     * @param deps  the DefaultStandardDependencies to be populated
+     * @param xml          the <{@code <security-config>} XML element
+     * @param deps         the DefaultStandardDependencies to be populated
+     * @param depsCluster  the cluster dependencies
      *
      * @return the DefaultStandardDependencies object that was passed in.
      */
-    public static DefaultStandardDependencies fromXml(XmlElement xml, DefaultStandardDependencies deps)
+    public static DefaultStandardDependencies fromXml(XmlElement xml, DefaultStandardDependencies deps,
+            ClusterDependencies depsCluster)
         {
         LegacyXmlSecurityHelper.fromXml(xml, deps);
 
         if (deps.isEnabled())
             {
-            XmlElement xmlAC   = xml.getSafeElement("access-controller");
-            XmlElement xmlCH   = xml.getSafeElement("callback-handler");
-
-            AccessController controller = (AccessController) newInstance(xmlAC);
+            XmlElement       xmlAC      = xml.getSafeElement("access-controller");
+            AccessController controller = newAccessController(xmlAC, depsCluster);
             if (controller == null)
                 {
-                throw new RuntimeException(
-                    "The 'access-controller' configuration element must be specified");
+                throw new RuntimeException("The 'access-controller' configuration element must be specified");
                 }
-            CallbackHandler handler     = (CallbackHandler)  newInstance(xmlCH);
+
+            XmlElement      xmlCH   = xml.getSafeElement("callback-handler");
+            CallbackHandler handler = newCallbackHandler(xmlCH, depsCluster);
 
             deps.setAccessController(controller);
             deps.setCallbackHandler(handler);
@@ -82,68 +87,99 @@ public static DefaultStandardDependencies fromXml(XmlElement xml, DefaultStandar
     // ----- helpers --------------------------------------------------
 
     /**
-     * Instantiate the callbackHandler and accessController objects
+     * Instantiate the {@link AccessController} instance
      *
-     * @param xmlConfig  the xml configuration for accessController or
-     * callbackHandler object
+     * @param xmlConfig    the XML configuration for {@link AccessController}
+     * @param depsCluster  the cluster dependencies
      */
-    private static Object newInstance(XmlElement xmlConfig)
+    private static AccessController newAccessController(XmlElement xmlConfig, ClusterDependencies depsCluster)
         {
         String sClass = xmlConfig.getSafeElement("class-name").getString();
 
-        if (sClass.length() > 0)
+        if (sClass.isEmpty())
             {
-            XmlElement       xmlParams      = xmlConfig.getSafeElement("init-params");
-            Object[]         aoParam        = XmlHelper.parseInitParams(xmlParams);
-            XmlElement       xmlPwdProvider = xmlConfig.getElement("password-provider");
+            return null;
+            }
+
+        XmlElement xmlParams      = xmlConfig.getSafeElement("init-params");
+        Object[]   aoParam        = XmlHelper.parseInitParams(xmlParams);
+        XmlElement xmlPwdProvider = xmlConfig.getElement("password-provider");
 
-            try
+        try
+            {
+            if (xmlPwdProvider != null)
                 {
-                if (xmlPwdProvider != null)
-                    {
-                    OperationalConfigNamespaceHandler nsHandler    = new OperationalConfigNamespaceHandler();
-                    DocumentProcessor.Dependencies    dependencies =
-                            new DocumentProcessor.DefaultDependencies(nsHandler)
-                                    .setExpressionParser(new ParameterMacroExpressionParser());
-                    DefaultProcessingContext          ctx          = new DefaultProcessingContext(dependencies, null);
-                    ctx.ensureNamespaceHandler("", nsHandler);
+                ParameterizedBuilderRegistry      registry     = depsCluster.getBuilderRegistry();
+                OperationalConfigNamespaceHandler nsHandler    = new OperationalConfigNamespaceHandler();
+                DocumentProcessor.Dependencies    dependencies = new DocumentProcessor.DefaultDependencies(nsHandler)
+                                                                        .setExpressionParser(new ParameterMacroExpressionParser());
+                DefaultProcessingContext          ctx          = new DefaultProcessingContext(dependencies, null);
 
-                    ParameterizedBuilder<PasswordProvider> bldr        = new PasswordProviderBuilderProcessor().process(ctx, xmlPwdProvider);
-                    PasswordProvider                       pwdProvider = bldr.realize(null, null, null);
+                ctx.ensureNamespaceHandler("", nsHandler);
+                ctx.addCookie(ParameterizedBuilderRegistry.class, registry);
 
-                    int len = aoParam.length;
+                ParameterizedBuilder<PasswordProvider> bldr        = new PasswordProviderBuilderProcessor().process(ctx, xmlPwdProvider);
+                PasswordProvider                       pwdProvider = bldr.realize(null, null, null);
 
-                    if (len < 4)
-                        {
-                        aoParam      = Arrays.copyOf(aoParam, len + 1);
-                        aoParam[len] = pwdProvider;
-                        }
-                    else
+                int len = aoParam.length;
+                if (len < 4)
+                    {
+                    aoParam      = Arrays.copyOf(aoParam, len + 1);
+                    aoParam[len] = pwdProvider;
+                    }
+                else
+                    {
+                    if (aoParam[3] instanceof String)
                         {
-                        if (aoParam[3] instanceof String)
+                        String password = (String) aoParam[3];
+                        if (!password.isEmpty())
                             {
-                            String password = (String) aoParam[3];
-                            if (!password.isEmpty())
-                                {
-                                CacheFactory.log("Both a password parameter and a PasswordProvider are configured for the AccessController. The PasswordProvider will be used.", Base.LOG_WARN);
-                                }
+                            Logger.warn("Both a password parameter and a PasswordProvider are configured for the AccessController. The PasswordProvider will be used.");
                             }
-
-                        aoParam[3] = pwdProvider;
                         }
-                    }
 
-                Class clz = ExternalizableHelper.loadClass(sClass, null, null);
-                return ClassHelper.newInstance(clz, aoParam);
-                }
-            catch (Exception e)
-                {
-                throw Base.ensureRuntimeException(e);
+                    aoParam[3] = pwdProvider;
+                    }
                 }
+
+            Class<?> clz = ExternalizableHelper.loadClass(sClass, null, null);
+            return (AccessController) ClassHelper.newInstance(clz, aoParam);
             }
-        else
+        catch (Exception e)
+            {
+            throw Base.ensureRuntimeException(e);
+            }
+        }
+
+    /**
+     * Instantiate the {@link CallbackHandler} instance
+     *
+     * @param xmlConfig    the XML configuration for {@link AccessController}
+     * @param depsCluster  the cluster dependencies
+     */
+    private static CallbackHandler newCallbackHandler(XmlElement xmlConfig, ClusterDependencies depsCluster)
+        {
+        ParameterizedBuilderRegistry      registry     = depsCluster.getBuilderRegistry();
+        OperationalConfigNamespaceHandler nsHandler    = new OperationalConfigNamespaceHandler();
+        DocumentProcessor.Dependencies    dependencies = new DocumentProcessor.DefaultDependencies(nsHandler)
+                                                                .setExpressionParser(new ParameterMacroExpressionParser());
+        DefaultProcessingContext          ctx          = new DefaultProcessingContext(dependencies, null);
+
+        ctx.ensureNamespaceHandler("", nsHandler);
+        ctx.addCookie(ParameterizedBuilderRegistry.class, registry);
+
+        InstanceProcessor processor = new InstanceProcessor();
+        ParameterizedBuilder<Object> builder = processor.process(ctx, xmlConfig);
+
+        if (builder == null)
             {
             return null;
             }
+        if (builder instanceof InstanceBuilder<Object> && ((InstanceBuilder<Object>) builder).isUndefined())
+            {
+            return null;
+            }
+
+        return (CallbackHandler) builder.realize(null, null, null);
         }
     }

prj/coherence-core/src/main/resources/coherence-operational-config.xsd

@@ -1485,8 +1485,7 @@
         </xsd:annotation>
         <xsd:complexType>
             <xsd:sequence>
-                <xsd:element ref="class-name" minOccurs="0" />
-                <xsd:element ref="init-params" minOccurs="0" />
+                <xsd:group ref="instance" />
                 <xsd:element ref="password-provider" minOccurs="0" />
             </xsd:sequence>
         </xsd:complexType>
@@ -1506,8 +1505,7 @@
         </xsd:annotation>
         <xsd:complexType>
             <xsd:sequence>
-                <xsd:element ref="class-name" minOccurs="0" />
-                <xsd:element ref="init-params" minOccurs="0" />
+                <xsd:group ref="instance" />
             </xsd:sequence>
         </xsd:complexType>
     </xsd:element>

prj/coherence-core/src/main/resources/tangosol-coherence.xml

@@ -965,17 +965,20 @@ to find specific notes on changes suggested for production use.
         <ssl>
           <protocol>TLS</protocol>
           <identity-manager>
+            <algorithm>${coherence.security.keystore.algorithm ${coherence.security.algorithm}}</algorithm>
             <key-store>
               <url system-property="coherence.security.keystore">file:keystore.jks</url>
               <password system-property="coherence.security.password"/>
+              <type>${coherence.security.keystore.type}</type>
             </key-store>
             <password>${coherence.security.key.password ${coherence.security.password}}</password>
           </identity-manager>
           <trust-manager>
-            <algorithm system-property="coherence.security.algorithm">PeerX509</algorithm>
+            <algorithm>${coherence.security.truststore.algorithm ${coherence.security.algorithm PeerX509}}</algorithm>
             <key-store>
               <url>${coherence.security.truststore ${coherence.security.keystore file:keystore.jks}}</url>
               <password>${coherence.security.truststore.password ${coherence.security.password}}</password>
+              <type>${coherence.security.truststore.type ${coherence.security.keystore.type}}</type>
             </key-store>
           </trust-manager>
           <protocol-versions usage="black-list">