From 1d9984a1c307762b21ef1aba1c2a949526af28ac Mon Sep 17 00:00:00 2001
From: Jim Ma <ema@redhat.com>
Date: Sun, 18 Sep 2016 17:39:52 +0800
Subject: [PATCH] [JBWS-4048] Elytron integration

* Add Elytron configuration
* Fix realm configuration
* Fix wsse jaas security tests
* Add elytron test configuration
* Elytron requires add some special comment in property file
* Fix more test failures for elytron integration
* Correct elytron configuration
* Fix JAASJBossWSDigestRealm
* Fix elytron configuration groovy for tests
---
 modules/testsuite/cxf-tests/pom.xml           |  88 +++++
 .../src/test/etc/jbossws-users.properties     |   4 +-
 .../WEB-INF/ws-digest-users.properties        |   2 +
 .../cxf/httpauth/WEB-INF/ws-users.properties  |   1 +
 .../policy/jaas/auth/WEB-INF/jboss-web.xml    |   2 +-
 .../jbws-testsuite-default-elytron.groovy     | 350 ++++++++++++++++++
 .../scripts/jbws-testsuite-default.groovy     |  27 +-
 modules/testsuite/shared-tests/pom.xml        |  70 ++++
 .../src/test/etc/jbossws-users.properties     |   4 +-
 .../handlerauth/jbossws-users.properties      |   2 +
 .../securityDomain/jbossws-users.properties   |   2 +
 ...ws-testsuite-shared-default-elytron.groovy | 141 +++++++
 12 files changed, 688 insertions(+), 5 deletions(-)
 create mode 100644 modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-digest-users.properties
 create mode 100644 modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default-elytron.groovy
 create mode 100644 modules/testsuite/shared-tests/src/test/scripts/jbws-testsuite-shared-default-elytron.groovy

diff --git a/modules/testsuite/cxf-tests/pom.xml b/modules/testsuite/cxf-tests/pom.xml
index 4b981c554..2df8daa66 100644
--- a/modules/testsuite/cxf-tests/pom.xml
+++ b/modules/testsuite/cxf-tests/pom.xml
@@ -376,6 +376,94 @@
         </plugins>
       </build>
     </profile>
+    <profile>
+      <id>elytron</id>
+      <activation>
+        <property>
+          <name>elytron</name>
+        </property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.codehaus.gmaven</groupId>
+            <artifactId>gmaven-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>elytron-testsuite-default</id>
+                <phase>pre-integration-test</phase>
+                <goals>
+                  <goal>execute</goal>
+                </goals>
+                <configuration>
+                  <source>${basedir}/src/test/scripts/jbws-testsuite-default-elytron.groovy</source>
+                  <properties>
+                    <inputFile>${jboss.home}/standalone/configuration/standalone-elytron.xml</inputFile>
+                    <outputFile>${jboss.home}/standalone/configuration/jbws-testsuite-default.xml</outputFile>
+                    <serverLog>jbws-testsuite-default.log</serverLog>
+                    <usersPropFile>${project.build.directory}/test-classes/jbossws-users.properties</usersPropFile>
+                    <rolesPropFile>${project.build.directory}/test-classes/jbossws-roles.properties</rolesPropFile>
+                    <keystorePath>${project.build.directory}/test-classes/test.keystore</keystorePath>
+                    <testResourcesDir>${project.build.directory}/test-resources</testResourcesDir>
+                  </properties>
+                </configuration>
+              </execution>
+              <!--execution>
+                <id>testsuite-ssl-mutual-auth</id>
+                <phase>pre-integration-test</phase>
+                <goals>
+                  <goal>execute</goal>
+                </goals>
+                <configuration>
+                  <source>${basedir}/src/test/scripts/jbws-testsuite-ssl-mutual-auth-elytron.groovy</source>
+                  <properties>
+                    <inputFile>${jboss.home}/standalone/configuration/standalone-elytron.xml</inputFile>
+                    <outputFile>${jboss.home}/standalone/configuration/jbws-testsuite-ssl-mutual-auth.xml</outputFile>
+                    <serverLog>jbws-testsuite-ssl-mutual-auth.log</serverLog>
+                    <keystorePath>${project.build.directory}/test-classes/test.keystore</keystorePath>
+                    <truststorePath>${project.build.directory}/test-classes/test.truststore</truststorePath>
+                  </properties>
+                </configuration>
+              </execution>
+              <execution>
+                <id>testsuite-default-config-tests</id>
+                <phase>pre-integration-test</phase>
+                <goals>
+                  <goal>execute</goal>
+                </goals>
+                <configuration>
+                  <source>${basedir}/src/test/scripts/jbws-testsuite-default-config-tests-elytron.groovy</source>
+                  <properties>
+                    <inputFile>${jboss.home}/standalone/configuration/standalone-elytron.xml</inputFile>
+                    <outputFile>${jboss.home}/standalone/configuration/jbws-testsuite-default-config-tests.xml</outputFile>
+                    <serverLog>jbws-testsuite-default-config-tests.log</serverLog>
+                  </properties>
+                </configuration>
+              </execution>
+              <execution>
+                <id>testsuite-jms</id>
+                <phase>pre-integration-test</phase>
+                <goals>
+                  <goal>execute</goal>
+                </goals>
+                <configuration>
+                  <source>${basedir}/src/test/scripts/jbws-testsuite-jms-${jbossws.integration.target}.groovy</source>
+                  <properties>
+                    <inputFile>${jboss.home}/standalone/configuration/standalone-full.xml</inputFile>
+                    <outputFile>${jboss.home}/standalone/configuration/jbws-testsuite-jms-${jbossws.integration.target}.xml</outputFile>
+                    <serverLog>jbws-testsuite-jms.log</serverLog>
+                    <srcUsersProperties>${project.build.directory}/test-classes/jbws-application-users.properties</srcUsersProperties>
+                    <destUsersProperties>${jboss.home}/standalone/configuration/jbws-application-users.properties</destUsersProperties>
+                    <srcRolesProperties>${project.build.directory}/test-classes/jbws-application-roles.properties</srcRolesProperties>
+                    <destRolesProperties>${jboss.home}/standalone/configuration/jbws-application-roles.properties</destRolesProperties>
+                  </properties>
+                </configuration>
+              </execution-->
+            </executions>
+          </plugin>
+         </plugins>
+        </build>
+       </profile>
 
   </profiles>
   
diff --git a/modules/testsuite/cxf-tests/src/test/etc/jbossws-users.properties b/modules/testsuite/cxf-tests/src/test/etc/jbossws-users.properties
index 1f3533572..bf690840c 100644
--- a/modules/testsuite/cxf-tests/src/test/etc/jbossws-users.properties
+++ b/modules/testsuite/cxf-tests/src/test/etc/jbossws-users.properties
@@ -1,2 +1,4 @@
 # A sample users.properties file for use with the UsersRolesLoginModule
-kermit=thefrog
\ No newline at end of file
+#Elytron requires this
+#$REALM_NAME=JBOSSWS$ This line is used by the add-user utility to identify the realm name already used in this file.
+kermit=thefrog
diff --git a/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-digest-users.properties b/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-digest-users.properties
new file mode 100644
index 000000000..c3284a233
--- /dev/null
+++ b/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-digest-users.properties
@@ -0,0 +1,2 @@
+#$REALM_NAME=ws-digest-domain$ This line is used by the add-user utility to identify the realm name already used in this file.
+jbossws=148f15e82b7877e306261fff94a6ee16
diff --git a/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-users.properties b/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-users.properties
index 019cb36f3..5af6e013c 100644
--- a/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-users.properties
+++ b/modules/testsuite/cxf-tests/src/test/resources/jaxws/cxf/httpauth/WEB-INF/ws-users.properties
@@ -1 +1,2 @@
+#$REALM_NAME=ws-basic-domain$ This line is used by the add-user utility to identify the realm name already used in this file.
 jbossws=jbossws
diff --git a/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaas/auth/WEB-INF/jboss-web.xml b/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaas/auth/WEB-INF/jboss-web.xml
index 6b1986017..c6520023b 100644
--- a/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaas/auth/WEB-INF/jboss-web.xml
+++ b/modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/jaas/auth/WEB-INF/jboss-web.xml
@@ -3,5 +3,5 @@
 <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
 
 <jboss-web>
-   <security-domain>java:/jaas/JBossWS</security-domain>
+   <security-domain>java:/jaas/JAASJBossWS</security-domain>
 </jboss-web>
diff --git a/modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default-elytron.groovy b/modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default-elytron.groovy
new file mode 100644
index 000000000..92cd0180b
--- /dev/null
+++ b/modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default-elytron.groovy
@@ -0,0 +1,350 @@
+def root = new XmlParser().parse(project.properties['inputFile'])
+
+/**
+ * Fix logging: optionally remove CONSOLE handler and set a specific log file
+ *
+ */
+
+def logHandlers = root.profile.subsystem.'root-logger'.handlers[0]
+def consoleHandler = logHandlers.find{it.@name == 'CONSOLE'}
+if (!project.properties['enableServerLoggingToConsole']) logHandlers.remove(consoleHandler)
+def file = root.profile.subsystem.'periodic-rotating-file-handler'.file[0]
+file.attributes()['path'] = project.properties['serverLog']
+
+/**
+ * Add a security-domain block like this:
+ *
+ *        <subsystem xmlns="urn:wildfly:elytron:1.0">
+ *           <security-domains>
+ *                <security-domain name="JBossWS" default-realm="JBossWS" permission-mapper="login-permission-mapper" role-mapper="combined-role-mapper">
+ *                   <realm name="JBossWS" role-decoder="groups-to-roles"/>
+ *               </security-domain>
+  *                <security-domain name="ws-basic-domain" default-realm="ws-basic-domain" permission-mapper="login-permission-mapper" role-mapper="combined-role-mapper">
+ *                   <realm name="ws-basic-domain" role-decoder="groups-to-roles"/>
+ *               </security-domain>
+ *           </security-domains>
+ * 
+ *
+ */
+
+def securityDomains = root.profile.subsystem.'security-domains'[0]
+def securityDomain = securityDomains.appendNode('security-domain', ['name':'JBossWS','default-realm':'JBossWS','permission-mapper':'default-permission-mapper'])
+def realm = securityDomain.appendNode('realm',['name':'JBossWS','role-decoder':'groups-to-roles'])
+
+def basicsecurityDomain = securityDomains.appendNode('security-domain', ['name':'ws-basic-domain','default-realm':'ws-basic-domain','permission-mapper':'default-permission-mapper'])
+def basicrealm = basicsecurityDomain.appendNode('realm',['name':'ws-basic-domain','role-decoder':'groups-to-roles'])
+
+
+def digestDomain = securityDomains.appendNode('security-domain', ['name':'ws-digest-domain','default-realm':'ws-digest-domain','permission-mapper':'default-permission-mapper'])
+def digestRefRealm = digestDomain.appendNode('realm',['name':'ws-digest-domain','role-decoder':'groups-to-roles'])
+
+
+def legacyDomain = securityDomains.appendNode('security-domain', ['name':'JAASJBossWS','default-realm':'JAASJBossWSRealm','permission-mapper':'default-permission-mapper'])
+def jaasJBossWSRealm = legacyDomain.appendNode('realm',['name':'JAASJBossWSRealm'])
+
+def legacyDigestDomain = securityDomains.appendNode('security-domain', ['name':'JBossWSDigest','default-realm':'JAASJBossWSDigestRealm','permission-mapper':'default-permission-mapper'])
+def jaasJBossWDigestRealm = legacyDigestDomain.appendNode('realm',['name':'JAASJBossWSDigestRealm'])
+
+
+
+/**
+ *            <security-realms>
+ *               <properties-realm name="JBossWS">
+ *                   <users-properties path="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-users.properties"/>
+ *                   <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
+ *               </properties-realm>
+ *               <properties-realm name="ws-basic-domain">
+ *                   <users-properties path="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/ws-users.properties"/>
+ *                   <groups-properties path="application-roles.properties"/>
+ *               </properties-realm>
+ *            </security-realms>
+ *
+ *
+ */
+def securityRealms = root.profile.subsystem.'security-realms'[0]
+def propertiesRealm = securityRealms.appendNode('properties-realm', ['name':'JBossWS', 'plain-text':'true'])
+def usersProperties = propertiesRealm.appendNode('users-properties',['path':project.properties['usersPropFile']])
+def groupsProperties = propertiesRealm.appendNode('groups-properties',['path':project.properties['rolesPropFile']])
+
+
+def basicPropertiesRealm = securityRealms.appendNode('properties-realm', ['name':'ws-basic-domain','plain-text':'true'])
+def basicUsersProperties = basicPropertiesRealm.appendNode('users-properties',['path': project.properties['testResourcesDir'] + '/jaxws/cxf/httpauth/WEB-INF/ws-users.properties'])
+def basicGroupsProperties = basicPropertiesRealm.appendNode('groups-properties',['path': project.properties['testResourcesDir'] + '/jaxws/cxf/httpauth/WEB-INF/ws-roles.properties'])
+
+
+def digestRealm = securityRealms.appendNode('properties-realm', ['name':'ws-digest-domain'])
+def digestUserProperties = digestRealm.appendNode('users-properties',['path': project.properties['testResourcesDir'] + '/jaxws/cxf/httpauth/WEB-INF/ws-digest-users.properties'])
+def digestGroupsProperties = digestRealm.appendNode('groups-properties',['path': project.properties['testResourcesDir'] + '/jaxws/cxf/httpauth/WEB-INF/ws-roles.properties'])
+
+
+
+
+/**
+ *             <http>
+ *               <http-authentication-factory name="JBossWS" http-server-mechanism-factory="global" security-domain="JBossWS">
+ *                   <mechanism-configuration>
+ *                       <mechanism mechanism-name="BASIC">
+ *                           <mechanism-realm realm-name="JBossWS Realm"/>
+ *                       </mechanism>
+ *                   </mechanism-configuration>
+ *               </http-authentication-factory>
+ *               <http-authentication-factory name="ws-basic-domain" http-server-mechanism-factory="global" security-domain="ws-basic-domain">
+ *                   <mechanism-configuration>
+ *                       <mechanism mechanism-name="BASIC">
+ *                           <mechanism-realm realm-name="ws-basic-domain"/>
+ *                       </mechanism>
+ *                   </mechanism-configuration>
+ *               </http-authentication-factory>
+ *
+ *
+ */
+
+def httpAuthen = root.profile.subsystem.'http'[0]
+def httpAuthenticationFactory = httpAuthen.appendNode('http-authentication-factory', ['name':'JBossWS','http-server-mechanism-factory':'global', 'security-domain':'JBossWS'])
+def mechanismConfiguration = httpAuthenticationFactory.appendNode('mechanism-configuration')
+def mechanism = mechanismConfiguration.appendNode('mechanism',['mechanism-name':'BASIC'])
+def mechanismRealm=mechanism.appendNode('mechanism-realm',['realm-name':'JBossWS'])
+
+
+def basicHttpAuthenticationFactory = httpAuthen.appendNode('http-authentication-factory', ['name':'ws-basic-domain','http-server-mechanism-factory':'global', 'security-domain':'ws-basic-domain'])
+def basicMechanismConfiguration = basicHttpAuthenticationFactory.appendNode('mechanism-configuration')
+def basicMechanism = basicMechanismConfiguration.appendNode('mechanism',['mechanism-name':'BASIC'])
+def basicmechanismRealm = basicMechanism.appendNode('mechanism-realm',['realm-name':'ws-basic-domain'])
+
+
+
+def digestHttpAuthenticationFactory = httpAuthen.appendNode('http-authentication-factory', ['name':'ws-digest-domain','http-server-mechanism-factory':'global', 'security-domain':'ws-digest-domain'])
+def digestMechanismConfiguration = digestHttpAuthenticationFactory.appendNode('mechanism-configuration')
+def digestMechanism = digestMechanismConfiguration.appendNode('mechanism',['mechanism-name':'DIGEST'])
+def digestMechanismRealm = digestMechanism.appendNode('mechanism-realm',['realm-name':'ws-digest-domain'])
+
+
+
+
+/**
+ *           <application-security-domains>
+ *               <application-security-domain name="JBossWS" http-authentication-factory="JBossWS"/>
+ *               <application-security-domain name="ws-basic-domain" http-authentication-factory="JBossWS"/>
+ 
+ *           </application-security-domains>
+ */
+//add this to ejb
+def ejbSecurityDomains = root.profile.subsystem.'application-security-domains'[0]
+def ejbSecurityDomain1 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'JBossWS','security-domain':'JBossWS'])
+def ejbSecurityDomain2 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'JAASJBossWS','security-domain':'JAASJBossWS'])
+def ejbSecurityDomain3 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'ws-basic-domain','security-domain':'ws-basic-domain'])
+def ejbSecurityDomain4 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'JBossWSDigest','security-domain':'JBossWSDigest'])
+
+//add to undertow
+def appSecurityDomains = root.profile.subsystem.'application-security-domains'[1]
+def appSecurityDomain = appSecurityDomains.appendNode('application-security-domain', ['name':'JBossWS','http-authentication-factory':'JBossWS'])
+def basicAppSecurityDomain = appSecurityDomains.appendNode('application-security-domain', ['name':'ws-basic-domain','http-authentication-factory':'ws-basic-domain'])
+def digestAppSecurityDomain = appSecurityDomains.appendNode('application-security-domain', ['name':'ws-digest-domain','http-authentication-factory':'ws-digest-domain'])
+
+
+//Add jaas picketbox security domain
+securityDomains = root.profile.subsystem.'security-domains'[1]
+/**
+ * Add a security-domain block like this:
+ *
+ * <security-domain name="JAASJBossWS" cache-type="default">
+ *   <authentication>
+ *     <login-module code="UsersRoles" flag="required">
+ *       <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-users.properties"/>
+ *       <module-option name="unauthenticatedIdentity" value="anonymous"/>
+ *       <module-option name="rolesProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-roles.properties"/>
+ *     </login-module>
+ *   </authentication>
+ * </security-domain>
+ *
+ */
+
+securityDomain = securityDomains.appendNode('security-domain', ['name':'JAASJBossWS','cache-type':'default'])
+authentication = securityDomain.appendNode('authentication')
+loginModule = authentication.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
+loginModule.appendNode('module-option', ['name':'unauthenticatedIdentity','value':'anonymous'])
+loginModule.appendNode('module-option', ['name':'usersProperties','value':project.properties['usersPropFile']])
+loginModule.appendNode('module-option', ['name':'rolesProperties','value':project.properties['rolesPropFile']])
+
+/**
+ * Add a security-domain block like this:
+ *
+ * <security-domain name="JBossWS-trust-sts" cache-type="default">
+ *   <authentication>
+ *     <login-module code="UsersRoles" flag="required">
+ *       <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF/jbossws-users.properties"/>
+ *       <module-option name="unauthenticatedIdentity" value="anonymous"/>
+ *       <module-option name="rolesProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-resources/jaxws/samples/wsse/policy/trust/WEB-INF/jbossws-roles.properties"/>
+ *     </login-module>
+ *   </authentication>
+ * </security-domain>
+ *
+ */
+
+def securityDomainSts = securityDomains.appendNode('security-domain', ['name':'JBossWS-trust-sts','cache-type':'default'])
+def authenticationSts = securityDomainSts.appendNode('authentication')
+def loginModuleSts = authenticationSts.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
+loginModuleSts.appendNode('module-option', ['name':'unauthenticatedIdentity','value':'anonymous'])
+loginModuleSts.appendNode('module-option', ['name':'usersProperties','value':project.properties['testResourcesDir'] + '/jaxws/samples/wsse/policy/trust/WEB-INF/jbossws-users.properties'])
+loginModuleSts.appendNode('module-option', ['name':'rolesProperties','value':project.properties['testResourcesDir'] + '/jaxws/samples/wsse/policy/trust/WEB-INF/jbossws-roles.properties'])
+
+
+/**
+ * Add a security-domain block like this:
+ *
+ * <security-domain name="JBossWSDigest" cache-type="default">
+ *   <authentication>
+ *     <login-module code="UsersRoles" flag="required">
+ *       <module-option name="hashUserPassword" value="false"/>
+ *       <module-option name="hashCharset" value="UTF-8"/>
+ *       <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-resources/jaxws/samples/wsse/policy/jaas/digest/WEB-INF/jbossws-users.properties"/>
+ *       <module-option name="hashAlgorithm" value="SHA"/>
+ *       <module-option name="unauthenticatedIdentity" value="anonymous"/>
+ *       <module-option name="hashEncoding" value="BASE64"/>
+ *       <module-option name="rolesProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-resources/jaxws/samples/wsse/policy/jaas/digest/WEB-INF/jbossws-roles.properties"/>
+ *       <module-option name="storeDigestCallback" value="org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallback"/>
+ *       <module-option name="hashStorePassword" value="true"/>
+ *     </login-module>
+ *   </authentication>
+ * </security-domain>
+ *
+ */
+
+def securityDomainDigest = securityDomains.appendNode('security-domain', ['name':'JBossWSDigest','cache-type':'default'])
+def authenticationDigest = securityDomainDigest.appendNode('authentication')
+def loginModuleDigest = authenticationDigest.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
+loginModuleDigest.appendNode('module-option', ['name':'hashUserPassword','value':'false'])
+loginModuleDigest.appendNode('module-option', ['name':'hashCharset','value':'UTF-8'])
+loginModuleDigest.appendNode('module-option', ['name':'hashAlgorithm','value':'SHA'])
+loginModuleDigest.appendNode('module-option', ['name':'hashEncoding','value':'BASE64'])
+loginModuleDigest.appendNode('module-option', ['name':'storeDigestCallback','value':'org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallback'])
+loginModuleDigest.appendNode('module-option', ['name':'hashStorePassword','value':'true'])
+loginModuleDigest.appendNode('module-option', ['name':'unauthenticatedIdentity','value':'anonymous'])
+loginModuleDigest.appendNode('module-option', ['name':'usersProperties','value':project.properties['testResourcesDir'] + '/jaxws/samples/wsse/policy/jaas/digest/WEB-INF/jbossws-users.properties'])
+loginModuleDigest.appendNode('module-option', ['name':'rolesProperties','value':project.properties['testResourcesDir'] + '/jaxws/samples/wsse/policy/jaas/digest/WEB-INF/jbossws-roles.properties'])
+
+/**
+ * Add a security-domain block like this:
+ *
+ * <security-domain name="ws-digest-domain" cache-type="default">
+ *   <authentication>
+ *     <login-module code="UsersRoles" flag="required">
+ *       <module-option name="hashUserPassword" value="false"/>
+ *       <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-resources/jaxws/cxf/httpauth/WEB-INF/ws-users.properties"/>
+ *       <module-option name="hashAlgorithm" value="MD5"/>
+ *       <module-option name="hashEncoding" value="RFC2617"/>
+ *       <module-option name="rolesProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-resources/jaxws/cxf/httpauth/WEB-INF/ws-roles.properties"/>
+ *       <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>
+ *       <module-option name="hashStorePassword" value="true"/>
+ *     </login-module>
+ *   </authentication>
+ * </security-domain>
+ *
+ */
+
+def securityDomainDigestAuth = securityDomains.appendNode('security-domain', ['name':'ws-digest-domain','cache-type':'default'])
+def authenticationDigestAuth = securityDomainDigestAuth.appendNode('authentication')
+def loginModuleDigestAuth = authenticationDigestAuth.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
+loginModuleDigestAuth.appendNode('module-option', ['name':'hashUserPassword','value':'false'])
+loginModuleDigestAuth.appendNode('module-option', ['name':'usersProperties','value':project.properties['testResourcesDir'] + '/jaxws/cxf/httpauth/WEB-INF/ws-users.properties'])
+loginModuleDigestAuth.appendNode('module-option', ['name':'hashAlgorithm','value':'MD5'])
+loginModuleDigestAuth.appendNode('module-option', ['name':'hashEncoding','value':'RFC2617'])
+loginModuleDigestAuth.appendNode('module-option', ['name':'rolesProperties','value':project.properties['testResourcesDir'] + '/jaxws/cxf/httpauth/WEB-INF/ws-roles.properties'])
+loginModuleDigestAuth.appendNode('module-option', ['name':'storeDigestCallback','value':'org.jboss.security.auth.callback.RFC2617Digest'])
+loginModuleDigestAuth.appendNode('module-option', ['name':'hashStorePassword','value':'true'])
+
+
+/**
+ * Add two security-domain blocks for JASPI tests as below:
+ *
+ * <security-domain name="jaspi">
+ *   <authentication-jaspi>
+ *     <login-module-stack name="jaas-lm-stack">
+ *       <login-module code="UsersRoles" flag="required">
+ *         <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-users.properties"/>
+ *         <module-option name="rolesProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-roles.properties"/>
+ *       </login-module>
+ *     </login-module-stack>
+ *     <auth-module code="org.jboss.wsf.stack.cxf.jaspi.module.UsernameTokenServerAuthModule" login-module-stack-ref="jaas-lm-stack"/>
+ *   </authentication-jaspi>
+ * </security-domain>
+ * <security-domain name="clientJaspi">
+ *   <authentication-jaspi>
+ *     <login-module-stack name="jaas-lm-stack">
+ *       <login-module code="UsersRoles" flag="required">
+ *         <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-users.properties"/>
+ *         <module-option name="rolesProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-roles.properties"/>
+ *       </login-module>
+ *     </login-module-stack>
+ *   <auth-module code="org.jboss.wsf.stack.cxf.jaspi.client.module.SOAPClientAuthModule" login-module-stack-ref="jaas-lm-stack"/>
+ * </authentication-jaspi>
+ */
+ 
+def securityDomainJaspi = securityDomains.appendNode('security-domain', ['name':'jaspi'])
+def authenticationJaspi = securityDomainJaspi.appendNode('authentication-jaspi')
+def loginModuleStack = authenticationJaspi.appendNode('login-module-stack', ['name':'jaas-lm-stack'])
+def loginModuleJaspi = loginModuleStack.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
+loginModuleJaspi.appendNode('module-option', ['name':'usersProperties','value':project.properties['usersPropFile']])
+loginModuleJaspi.appendNode('module-option', ['name':'rolesProperties','value':project.properties['rolesPropFile']])
+authenticationJaspi.appendNode('auth-module', ['code':'org.jboss.wsf.stack.cxf.jaspi.module.UsernameTokenServerAuthModule','login-module-stack-ref':'jaas-lm-stack'])
+
+def securityDomainJaspiClient = securityDomains.appendNode('security-domain', ['name':'clientJaspi'])
+def authenticationJaspiClient = securityDomainJaspiClient.appendNode('authentication-jaspi')
+def loginModuleStackClient = authenticationJaspiClient.appendNode('login-module-stack', ['name':'jaas-lm-stack'])
+def loginModuleJaspiClient = loginModuleStackClient.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
+loginModuleJaspiClient.appendNode('module-option', ['name':'usersProperties','value':project.properties['usersPropFile']])
+loginModuleJaspiClient.appendNode('module-option', ['name':'rolesProperties','value':project.properties['rolesPropFile']])
+authenticationJaspiClient.appendNode('auth-module', ['code':'org.jboss.wsf.stack.cxf.jaspi.client.module.SOAPClientAuthModule','login-module-stack-ref':'jaas-lm-stack'])
+
+
+
+def jbossDomainSecurity3_0 = securityDomains.parent()
+elytronIntegration = jbossDomainSecurity3_0.appendNode('elytron-integration')
+elytronRealms = elytronIntegration.appendNode('security-realms')
+elytronRealms.appendNode('elytron-realm', ['name':'JAASJBossWSRealm','legacy-jaas-config':'JAASJBossWS'])
+elytronRealms.appendNode('elytron-realm', ['name':'JAASJBossWSDigestRealm','legacy-jaas-config':'JBossWSDigest'])
+
+
+/**
+ * Add a https connector like this:
+ *
+ * <security-realm name="jbws-test-https-realm">
+ *    <server-identities>
+ *        <ssl>
+ *             <keystore path="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/test.keystore" keystore-password="changeit" alias="tomcat"/>
+ *        </ssl>
+ *    </server-identities>
+ * </security-realm>
+ *
+ */
+
+def rootsecurityRealms = root.management.'security-realms'[0]
+def rootsecurityRealm = rootsecurityRealms.appendNode('security-realm', ['name':'jbws-test-https-realm'])
+def serverIdentities = rootsecurityRealm.appendNode('server-identities')
+def ssl = serverIdentities.appendNode('ssl')
+ssl.appendNode('keystore', ['path':project.properties['keystorePath'],'keystore-password':'changeit','alias':'tomcat'])
+
+def server = root.profile.subsystem.server[0]
+def curHttpsListener = server.'https-listener'[0]
+if (curHttpsListener != null) server.remove(curHttpsListener)
+server.appendNode('https-listener', ['name':'jbws-test-https-listener','socket-binding':'https','security-realm':'jbws-test-https-realm'])
+
+
+/**
+ *
+ * Add a system property for JBWS-3628 testcase
+ */
+root.children().add(1, new Node(null, 'system-properties', null)) //add system-properties node after the extensions
+def systemProperties = root.'system-properties'[0]
+systemProperties.appendNode('property', ['name':'org.jboss.wsf.test.JBWS3628TestCase.policy','value':'WS-Addressing_policy'])
+
+
+/**
+ * Save the configuration to a new file
+ */
+
+def writer = new StringWriter()
+writer.println('<?xml version="1.0" encoding="UTF-8"?>')
+new XmlNodePrinter(new PrintWriter(writer)).print(root)
+def f = new File(project.properties['outputFile'])
+f.write(writer.toString())
diff --git a/modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default.groovy b/modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default.groovy
index da7c7581b..c7555ebcb 100644
--- a/modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default.groovy
+++ b/modules/testsuite/cxf-tests/src/test/scripts/jbws-testsuite-default.groovy
@@ -13,7 +13,7 @@ file.attributes()['path'] = project.properties['serverLog']
 /**
  * Add a security-domain block like this:
  *
- * <security-domain name="JBossWS" cache-type="default">
+ * <security-domain name="JAASJBossWS" cache-type="default">
  *   <authentication>
  *     <login-module code="UsersRoles" flag="required">
  *       <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-users.properties"/>
@@ -26,13 +26,36 @@ file.attributes()['path'] = project.properties['serverLog']
  */
 
 def securityDomains = root.profile.subsystem.'security-domains'[0]
-def securityDomain = securityDomains.appendNode('security-domain', ['name':'JBossWS','cache-type':'default'])
+def securityDomain = securityDomains.appendNode('security-domain', ['name':'JAASJBossWS','cache-type':'default'])
 def authentication = securityDomain.appendNode('authentication')
 def loginModule = authentication.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
 loginModule.appendNode('module-option', ['name':'unauthenticatedIdentity','value':'anonymous'])
 loginModule.appendNode('module-option', ['name':'usersProperties','value':project.properties['usersPropFile']])
 loginModule.appendNode('module-option', ['name':'rolesProperties','value':project.properties['rolesPropFile']])
 
+
+/**
+ * Add a security-domain block like this:
+ *
+ * <security-domain name="JBossWS" cache-type="default">
+ *   <authentication>
+ *     <login-module code="UsersRoles" flag="required">
+ *       <module-option name="usersProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-users.properties"/>
+ *       <module-option name="unauthenticatedIdentity" value="anonymous"/>
+ *       <module-option name="rolesProperties" value="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/jbossws-roles.properties"/>
+ *     </login-module>
+ *   </authentication>
+ * </security-domain>
+ *
+ */
+
+def jbsecurityDomain = securityDomains.appendNode('security-domain', ['name':'JBossWS','cache-type':'default'])
+def jbauthentication = jbsecurityDomain.appendNode('authentication')
+def jbloginModule = jbauthentication.appendNode('login-module', ['code':'UsersRoles','flag':'required'])
+jbloginModule.appendNode('module-option', ['name':'unauthenticatedIdentity','value':'anonymous'])
+jbloginModule.appendNode('module-option', ['name':'usersProperties','value':project.properties['usersPropFile']])
+jbloginModule.appendNode('module-option', ['name':'rolesProperties','value':project.properties['rolesPropFile']])
+
 /**
  * Add a security-domain block like this:
  *
diff --git a/modules/testsuite/shared-tests/pom.xml b/modules/testsuite/shared-tests/pom.xml
index e5d97f275..5559aa5ad 100644
--- a/modules/testsuite/shared-tests/pom.xml
+++ b/modules/testsuite/shared-tests/pom.xml
@@ -272,6 +272,76 @@
           </build>
       </profile>
 
+
+    <profile>
+      <id>elytron</id>
+      <activation>
+        <property>
+          <name>elytron</name>
+        </property>
+      </activation>
+      <build>
+        <plugins>
+           <plugin>
+                <groupId>org.codehaus.gmaven</groupId>
+                <artifactId>gmaven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>testsuite-default</id>
+                        <phase>pre-integration-test</phase>
+                        <goals>
+                            <goal>execute</goal>
+                        </goals>
+                        <configuration>
+                            <source>${basedir}/src/test/scripts/jbws-testsuite-shared-default-elytron.groovy</source>
+                            <properties>
+                                <inputFile>${jboss.home}/standalone/configuration/standalone-elytron.xml</inputFile>
+                                <outputFile>${jboss.home}/standalone/configuration/jbws-testsuite-shared-default.xml</outputFile>
+                                <serverLog>jbws-testsuite-shared-default.log</serverLog>
+                                <usersPropFile>${project.build.directory}/test-classes/jbossws-users.properties</usersPropFile>
+                                <rolesPropFile>${project.build.directory}/test-classes/jbossws-roles.properties</rolesPropFile>
+                                <keystorePath>${project.build.directory}/test-classes/test.keystore</keystorePath>
+                                <testResourcesDir>${project.build.directory}/test-resources</testResourcesDir>
+                            </properties>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>testsuite-default-config-tests</id>
+                        <phase>pre-integration-test</phase>
+                        <goals>
+                            <goal>execute</goal>
+                        </goals>
+                        <configuration>
+                            <source>${basedir}/src/test/scripts/jbws-testsuite-shared-default-config-tests.groovy</source>
+                            <properties>
+                                <inputFile>${jboss.home}/standalone/configuration/standalone.xml</inputFile>
+                                <outputFile>${jboss.home}/standalone/configuration/jbws-testsuite-shared-default-config-tests.xml</outputFile>
+                                <serverLog>jbws-testsuite-shared-default-config-tests.log</serverLog>
+                            </properties>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>testsuite-address-rewrite</id>
+                        <phase>pre-integration-test</phase>
+                        <goals>
+                            <goal>execute</goal>
+                        </goals>
+                        <configuration>
+                            <source>${basedir}/src/test/scripts/jbws-testsuite-shared-address-rewrite.groovy</source>
+                            <properties>
+                                <inputFile>${jboss.home}/standalone/configuration/standalone.xml</inputFile>
+                                <outputFile>${jboss.home}/standalone/configuration/jbws-testsuite-shared-address-rewrite.xml</outputFile>
+                                <serverLog>jbws-testsuite-shared-address-rewrite.log</serverLog>
+                                <keystorePath>${project.build.directory}/test-classes/test.keystore</keystorePath>
+                            </properties>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+        </plugins>
+      </build>
+    </profile>
   </profiles>
 
 </project>
diff --git a/modules/testsuite/shared-tests/src/test/etc/jbossws-users.properties b/modules/testsuite/shared-tests/src/test/etc/jbossws-users.properties
index 1f3533572..bf690840c 100644
--- a/modules/testsuite/shared-tests/src/test/etc/jbossws-users.properties
+++ b/modules/testsuite/shared-tests/src/test/etc/jbossws-users.properties
@@ -1,2 +1,4 @@
 # A sample users.properties file for use with the UsersRolesLoginModule
-kermit=thefrog
\ No newline at end of file
+#Elytron requires this
+#$REALM_NAME=JBOSSWS$ This line is used by the add-user utility to identify the realm name already used in this file.
+kermit=thefrog
diff --git a/modules/testsuite/shared-tests/src/test/resources/jaxws/handlerauth/jbossws-users.properties b/modules/testsuite/shared-tests/src/test/resources/jaxws/handlerauth/jbossws-users.properties
index 05c8fa690..9877b6859 100644
--- a/modules/testsuite/shared-tests/src/test/resources/jaxws/handlerauth/jbossws-users.properties
+++ b/modules/testsuite/shared-tests/src/test/resources/jaxws/handlerauth/jbossws-users.properties
@@ -1,3 +1,5 @@
 # A sample users.properties file for use with the UsersRolesLoginModule
+#Elytron requires this
+#$REALM_NAME=handlerauth-security-domain$ This line is used by the add-user utility to identify the realm name already used in this file.
 John=foo
 Bob=bar
\ No newline at end of file
diff --git a/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jbossws-users.properties b/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jbossws-users.properties
index 6167d2dd8..ca37e9de1 100644
--- a/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jbossws-users.properties
+++ b/modules/testsuite/shared-tests/src/test/resources/jaxws/samples/securityDomain/jbossws-users.properties
@@ -1,4 +1,6 @@
 # A sample users.properties file for use with the UsersRolesLoginModule
+#Elytron requires this
+#$REALM_NAME=JBossWSSecurityDomainTest$ This line is used by the add-user utility to identify the realm name already used in this file.
 bob=foo
 john=bar
 kate=theprincess
\ No newline at end of file
diff --git a/modules/testsuite/shared-tests/src/test/scripts/jbws-testsuite-shared-default-elytron.groovy b/modules/testsuite/shared-tests/src/test/scripts/jbws-testsuite-shared-default-elytron.groovy
new file mode 100644
index 000000000..c5d12cfe9
--- /dev/null
+++ b/modules/testsuite/shared-tests/src/test/scripts/jbws-testsuite-shared-default-elytron.groovy
@@ -0,0 +1,141 @@
+def root = new XmlParser().parse(project.properties['inputFile'])
+
+/**
+ * Fix logging: optionally remove CONSOLE handler and set a specific log file
+ *
+ */
+def logHandlers = root.profile.subsystem.'root-logger'.handlers[0]
+def consoleHandler = logHandlers.find{it.@name == 'CONSOLE'}
+if (!project.properties['enableServerLoggingToConsole']) logHandlers.remove(consoleHandler)
+def file = root.profile.subsystem.'periodic-rotating-file-handler'.file[0]
+file.attributes()['path'] = project.properties['serverLog']
+
+
+/**
+  Elytron security domian
+**/
+def securityDomains = root.profile.subsystem.'security-domains'[0]
+def securityDomain = securityDomains.appendNode('security-domain', ['name':'JBossWS','default-realm':'JBossWS','permission-mapper':'default-permission-mapper'])
+def realm = securityDomain.appendNode('realm',['name':'JBossWS','role-decoder':'groups-to-roles'])
+
+def securityDomain2 = securityDomains.appendNode('security-domain', ['name':'handlerauth-security-domain','default-realm':'handlerauth-security-domain','permission-mapper':'default-permission-mapper'])
+def realm2 = securityDomain2.appendNode('realm',['name':'handlerauth-security-domain','role-decoder':'groups-to-roles'])
+
+def securityDomain3 = securityDomains.appendNode('security-domain', ['name':'JBossWSSecurityDomainPermitAllTest','default-realm':'JBossWSSecurityDomainPermitAllTest','permission-mapper':'default-permission-mapper'])
+def realm3 = securityDomain3.appendNode('realm',['name':'JBossWSSecurityDomainPermitAllTest','role-decoder':'groups-to-roles'])
+
+def securityDomain4 = securityDomains.appendNode('security-domain', ['name':'JBossWSSecurityDomainTest','default-realm':'JBossWSSecurityDomainTest','permission-mapper':'default-permission-mapper'])
+def realm4 = securityDomain4.appendNode('realm',['name':'JBossWSSecurityDomainTest','role-decoder':'groups-to-roles'])
+
+
+
+/**
+  Elytron security realm
+**/
+
+def securityRealms = root.profile.subsystem.'security-realms'[0]
+def propertiesRealm = securityRealms.appendNode('properties-realm', ['name':'JBossWS', 'plain-text':'true'])
+def usersProperties = propertiesRealm.appendNode('users-properties',['path':project.properties['usersPropFile']])
+def groupsProperties = propertiesRealm.appendNode('groups-properties',['path':project.properties['rolesPropFile']])
+
+
+def propertiesRealm2 = securityRealms.appendNode('properties-realm', ['name':'handlerauth-security-domain', 'plain-text':'true'])
+def usersProperties2 = propertiesRealm2.appendNode('users-properties',['path':project.properties['testResourcesDir'] + '/jaxws/handlerauth/jbossws-users.properties'])
+def groupsProperties2 = propertiesRealm2.appendNode('groups-properties',['path':project.properties['testResourcesDir'] + '/jaxws/handlerauth/jbossws-roles.properties'])
+
+
+def propertiesRealm3 = securityRealms.appendNode('properties-realm', ['name':'JBossWSSecurityDomainPermitAllTest', 'plain-text':'true'])
+def usersProperties3 = propertiesRealm3.appendNode('users-properties',['path':project.properties['testResourcesDir'] + '/jaxws/samples/securityDomain/jbossws-users.properties'])
+def groupsProperties3 = propertiesRealm3.appendNode('groups-properties',['path':project.properties['testResourcesDir'] + '/jaxws/samples/securityDomain/jbossws-roles.properties'])
+
+def propertiesRealm4 = securityRealms.appendNode('properties-realm', ['name':'JBossWSSecurityDomainTest', 'plain-text':'true'])
+def usersProperties4 = propertiesRealm4.appendNode('users-properties',['path':project.properties['testResourcesDir'] + '/jaxws/samples/securityDomain/jbossws-users.properties'])
+def groupsProperties4 = propertiesRealm4.appendNode('groups-properties',['path':project.properties['testResourcesDir'] + '/jaxws/samples/securityDomain/jbossws-roles.properties'])
+
+
+
+/**
+  HttpAuthentication Factory
+**/
+
+def httpAuthen = root.profile.subsystem.'http'[0]
+
+def httpAuthenticationFactory = httpAuthen.appendNode('http-authentication-factory', ['name':'JBossWS','http-server-mechanism-factory':'global', 'security-domain':'JBossWS'])
+def mechanismConfiguration = httpAuthenticationFactory.appendNode('mechanism-configuration')
+def mechanism = mechanismConfiguration.appendNode('mechanism',['mechanism-name':'BASIC'])
+def mechanismRealm=mechanism.appendNode('mechanism-realm',['realm-name':'JBossWS'])
+
+
+def httpAuthenticationFactory2 = httpAuthen.appendNode('http-authentication-factory', ['name':'handlerauth-security-domain','http-server-mechanism-factory':'global', 'security-domain':'handlerauth-security-domain'])
+def mechanismConfiguration2 = httpAuthenticationFactory2.appendNode('mechanism-configuration')
+def mechanism2 = mechanismConfiguration2.appendNode('mechanism',['mechanism-name':'BASIC'])
+def mechanismRealm2=mechanism2.appendNode('mechanism-realm',['realm-name':'handlerauth-security-domain'])
+
+def httpAuthenticationFactory3 = httpAuthen.appendNode('http-authentication-factory', ['name':'JBossWSSecurityDomainPermitAllTest','http-server-mechanism-factory':'global', 'security-domain':'JBossWSSecurityDomainPermitAllTest'])
+def mechanismConfiguration3 = httpAuthenticationFactory3.appendNode('mechanism-configuration')
+def mechanism3 = mechanismConfiguration3.appendNode('mechanism',['mechanism-name':'BASIC'])
+def mechanismRealm3=mechanism3.appendNode('mechanism-realm',['realm-name':'JBossWSSecurityDomainPermitAllTest'])
+
+
+def httpAuthenticationFactory4 = httpAuthen.appendNode('http-authentication-factory', ['name':'JBossWSSecurityDomainTest','http-server-mechanism-factory':'global', 'security-domain':'JBossWSSecurityDomainTest'])
+def mechanismConfiguration4 = httpAuthenticationFactory4.appendNode('mechanism-configuration')
+def mechanism4 = mechanismConfiguration4.appendNode('mechanism',['mechanism-name':'BASIC'])
+def mechanismRealm4=mechanism4.appendNode('mechanism-realm',['realm-name':'JBossWSSecurityDomainTest'])
+
+
+/**
+  Ejb security domain
+**/
+
+//add this to ejb
+def ejbSecurityDomains = root.profile.subsystem.'application-security-domains'[0]
+def ejbSecurityDomain1 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'JBossWS','security-domain':'JBossWS'])
+def ejbSecurityDomain2 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'handlerauth-security-domain','security-domain':'handlerauth-security-domain'])
+def ejbSecurityDomain3 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'JBossWSSecurityDomainPermitAllTest','security-domain':'JBossWSSecurityDomainPermitAllTest'])
+def ejbSecurityDomain4 = ejbSecurityDomains.appendNode('application-security-domain', ['name':'JBossWSSecurityDomainTest','security-domain':'JBossWSSecurityDomainTest'])
+
+
+/**
+  Undertow security domain
+**/
+def appSecurityDomains = root.profile.subsystem.'application-security-domains'[1]
+def appSecurityDomain = appSecurityDomains.appendNode('application-security-domain', ['name':'JBossWS','http-authentication-factory':'JBossWS'])
+def basicAppSecurityDomain = appSecurityDomains.appendNode('application-security-domain', ['name':'handlerauth-security-domain','http-authentication-factory':'handlerauth-security-domain'])
+def basicAppSecurityDomain2 = appSecurityDomains.appendNode('application-security-domain', ['name':'JBossWSSecurityDomainPermitAllTest','http-authentication-factory':'JBossWSSecurityDomainPermitAllTest'])
+def basicAppSecurityDomain3 = appSecurityDomains.appendNode('application-security-domain', ['name':'JBossWSSecurityDomainTest','http-authentication-factory':'JBossWSSecurityDomainTest'])
+
+
+
+/**
+ * Add a https connector like this:
+ *
+ * <security-realm name="jbws-test-https-realm">
+ *    <server-identities>
+ *        <ssl>
+ *             <keystore path="/mnt/ssd/jbossws/stack/cxf/trunk/modules/testsuite/cxf-tests/target/test-classes/test.keystore" keystore-password="changeit" alias="tomcat"/>
+ *        </ssl>
+ *    </server-identities>
+ * </security-realm>
+ *
+ */
+
+def rootsecurityRealms = root.management.'security-realms'[0]
+def rootsecurityRealm = rootsecurityRealms.appendNode('security-realm', ['name':'jbws-test-https-realm'])
+def serverIdentities = rootsecurityRealm.appendNode('server-identities')
+def ssl = serverIdentities.appendNode('ssl')
+ssl.appendNode('keystore', ['path':project.properties['keystorePath'],'keystore-password':'changeit','alias':'tomcat'])
+
+def server = root.profile.subsystem.server[0]
+def curHttpsListener = server.'https-listener'[0]
+if (curHttpsListener != null) server.remove(curHttpsListener)
+server.appendNode('https-listener', ['name':'jbws-test-https-listener','socket-binding':'https','security-realm':'jbws-test-https-realm'])
+
+/**
+ * Save the configuration to a new file
+ */
+
+def writer = new StringWriter()
+writer.println('<?xml version="1.0" encoding="UTF-8"?>')
+new XmlNodePrinter(new PrintWriter(writer)).print(root)
+def f = new File(project.properties['outputFile'])
+f.write(writer.toString())