@Override
  public void execute(OperationContext context, ModelNode operation)
      throws OperationFailedException {
    ModelNode model = context.createResource(PathAddress.EMPTY_ADDRESS).getModel();
    SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES.validateAndSet(operation, model);

    // Add a step validating that we have the correct authentication and authorization child
    // resources
    ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation);
    context.addStep(
        validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL);
    validationOp = AuthorizationValidatingHandler.createOperation(operation);
    context.addStep(
        validationOp, AuthorizationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL);

    context.addStep(
        new OperationStepHandler() {
          @Override
          public void execute(OperationContext context, ModelNode operation)
              throws OperationFailedException {
            // Install another RUNTIME handler to actually install the services. This will run after
            // the
            // RUNTIME handler for any child resources. Doing this will ensure that child resource
            // handlers don't
            // see the installed services and can just ignore doing any RUNTIME stage work
            context.addStep(ServiceInstallStepHandler.INSTANCE, OperationContext.Stage.RUNTIME);
            context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
          }
        },
        OperationContext.Stage.RUNTIME);

    context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
  }
  @Override
  protected void updateModel(OperationContext context, ModelNode operation)
      throws OperationFailedException {
    context.removeResource(PathAddress.EMPTY_ADDRESS);

    if (validateAuthentication && !context.isBooting()) {
      ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation);
      context.addStep(
          validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL);
    } // else we know the SecurityRealmAddHandler is part of this overall set of ops and it added
    // AuthenticationValidatingHandler
    if (validateRbac) {
      RbacSanityCheckOperation.addOperation(context);
    }
  }