jboss-openshift · rcernich · Aug 7, 2017 · Jul 26, 2017
@@ -72,7 +72,20 @@ function configure_authentication() {
 }
 
 function add_realm_domain_mapping() {
-  local realm="<security-realm name=\"$SECDOMAIN_NAME\"><authentication><jaas name=\"$SECDOMAIN_NAME\"/></authentication></security-realm>"  
+  local realm="<security-realm name=\"$SECDOMAIN_NAME\"><authentication><jaas name=\"$SECDOMAIN_NAME\"/></authentication>"
+
+  if [ -n "${HTTPS_PASSWORD}" -a -n "${HTTPS_KEYSTORE_DIR}" -a -n "${HTTPS_KEYSTORE}" ]; then
+
+    if [ -n "$HTTPS_KEYSTORE_TYPE" ]; then
+      keystore_provider="provider=\"${HTTPS_KEYSTORE_TYPE}\""
+    fi
+    ssl="<server-identities>\n\
+                    <ssl>\n\
+                        <keystore ${keystore_provider} path=\"${HTTPS_KEYSTORE_DIR}/${HTTPS_KEYSTORE}\" keystore-password=\"${HTTPS_PASSWORD}\"/>\n\
+                    </ssl>\n\
+                </server-identities>"
+  fi
+  realm="$realm $ssl</security-realm>"  
 
   sed -i "s|<!-- ##DATAGRID_REALM## -->|${realm}|" "${CONFIG_FILE}" 
 }
@@ -590,18 +590,23 @@ function configure_infinispan_endpoint() {
           fi
 
           if [ -n "${HTTPS_NAME}" -a -n "${HTTPS_PASSWORD}" -a -n "${HTTPS_KEYSTORE_DIR}" -a -n "${HTTPS_KEYSTORE}" ] ; then
-            encryption="<encryption $rest_security_realm />"
+            if [ -n "$REST_SECURITY_DOMAIN" ]; then
+              encryption="<encryption security-realm=\"$REST_SECURITY_DOMAIN\" />"      
+            else
+              encryption="<encryption security-realm=\"ApplicationRealm\" />"
+            fi
+
             rest="\
                 <rest-connector name=\"rest-ssl\" socket-binding=\"rest-ssl\" cache-container=\"clustered\"> \
                    $rest_authentication \
                    $encryption \
                 </rest-connector>"
-          else
-            rest="$rest \
-              <rest-connector name=\"rest\" socket-binding=\"rest\" cache-container=\"clustered\"> \
-                 $rest_authentication \
-              </rest-connector>"
           fi
+
+          rest="$rest \
+            <rest-connector name=\"rest\" socket-binding=\"rest\" cache-container=\"clustered\"> \
+               $rest_authentication \
+            </rest-connector>"
         ;;
       esac
     done

@@ -38,7 +38,8 @@ Feature: Openshift JDG REST tests
       | HTTPS_PASSWORD                               | mykeystorepass                         |
       | HTTPS_KEYSTORE_DIR                           | /etc/datagrid-secret-volume            |
       | HTTPS_KEYSTORE                               | keystore.jks                           |
-    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ApplicationRealm on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ApplicationRealm on XPath //*[local-name()='rest-connector'][@name='rest-ssl']/*[local-name()='encryption']/@security-realm
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value rest on XPath //*[local-name()='rest-connector'][@name='rest']/@socket-binding    
 
   @jboss-datagrid-7/datagrid71-openshift
   Scenario: Should create endpoint with encryption and specified security domain
@@ -50,7 +51,7 @@ Feature: Openshift JDG REST tests
       | HTTPS_KEYSTORE_DIR                           | /etc/datagrid-secret-volume            | 
       | HTTPS_KEYSTORE                               | keystore.jks                           |
       | REST_SECURITY_DOMAIN                         | ManagementRealm                        |
-Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ApplicationRealm on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm
+Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value ManagementRealm on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm
 
   @jboss-datagrid-7/datagrid71-openshift
   Scenario: Should create security realm that maps to security domain
@@ -59,6 +60,12 @@ Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml sho
       | INFINISPAN_CONNECTORS                        | rest                                   |
       | USERNAME                                     | tombrady                               |
       | PASSWORD                                     | sixrings                               |
+      | HTTPS_NAME                                   | jboss                                  |
+      | HTTPS_PASSWORD                               | mykeystorepass                         |
+      | HTTPS_KEYSTORE_DIR                           | /etc/datagrid-secret-volume            |
+      | HTTPS_KEYSTORE                               | keystore.jks                           |
     Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jdg-openshift on XPath //*[local-name()='security-realms']/*[local-name()='security-realm']/@name
     Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jdg-openshift on XPath //*[local-name()='security-realms']/*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='authentication']/*[local-name()='jaas']/@name
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='security-realms']/*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@keystore-password
+    Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jdg-openshift on XPath //*[local-name()='rest-connector']/*[local-name()='encryption']/@security-realm