[JBWS-4179] WS integration with WildFly Elytron - AuthenticationClien…

[Skyllarr]

…t for Authentication / SSL

JBWS-4179

Requires update to following repositories:
jbossws-spi : jbossws/jbossws-spi#5
jbossws-common: jbossws/jbossws-common#18
wildfly-elytron: wildfly-security/wildfly-elytron#1309

[jbliznak]

Duplicate depedency? Already at https://github.com/jbossws/jbossws-cxf/blob/master/modules/client/pom.xml#L37

[Skyllarr]

Fixed.

[jbliznak]

xercesImpl version is managed, not needed to specify it here, see https://github.com/jbossws/jbossws-cxf/blob/master/pom.xml#L773

[Skyllarr]

Fixed. Thanks!

[jbliznak]

What about this TODO? I guess client won't be used only as standalone application but can run at container environment so we need exception here, right?

[Skyllarr]

Fixed.

[jbliznak]

Please parametrize the version via property.

[Skyllarr]

fixed

[jbliznak]

Changes seem reasonable to me, lets wait for feedback from @jimma.
I would just appreciate if we could get rid of unnecessary whitespace changes.

[Skyllarr]

@jbliznak @jimma All test cases have been added now.

[Skyllarr]

Changes seem reasonable to me, lets wait for feedback from @jimma.
I would just appreciate if we could get rid of unnecessary whitespace changes.

@jbliznak Thanks! Unnecessary whitespace changes are now gone.

[jbliznak]

I found some minor issues, please review.
Also could you please add some javadoc for tests that these are meant for JBWS-4179 (at least for the whole new testcases)?

[jbliznak]

please replace with dynamically created path

[Skyllarr]

Fixed.

[jbliznak]

please replace with dynamically created path or relative path if possible

[Skyllarr]

Fixed.

[jbliznak]

please replace with dynamically created path or relative path if possible

[Skyllarr]

Fixed.

[jbliznak]

could we use other name for JAR, eg. 'jaxws-cxf-jbws4179-client.jar'? It is already used by other tests

[Skyllarr]

Fixed.

[jbliznak]

could we use own copy of that file here? so that we don't have to worry about future changes

[Skyllarr]

Fixed.

[jbliznak]

why these debug args here?

[Skyllarr]

Fixed.

[jbliznak]

could you please parametrize 13443 so that it takes port offset for tested container into account? Eg. https://github.com/jbossws/jbossws-cxf/blob/master/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/WSSecurityPolicyExamples23xTestCase.java#L68-L69

[Skyllarr]

Fixed.

[jimma]

@Skyllarr This is great stuff to have in jbossws. And thanks @jbliznak for review.
There might be something we can improve/refactor after the first look. Correct me if I missed thing.

• ClientConfig is extensible to put all information which Elytron client needs. We can put all information to ClientConfig's property. This possibly doesn't need ElytronClientConfig to store these infomation.
• Change SPI WildFlyClientConfigProvider to ClientCongProvider to make it more generic and in WFLY eltyron we create the implement class WildFlyClientConfigProvider to actually add security info to ClientConfig like :

public class WildFlyClientConfigProvider implmentens ClientConfigProvider {
        public void provides(ClientConfig config) {
           // add all Elytron client config to jbossws clientConfig object 
           config.setProperty("sslContext", context")
           ....
       }
} 
   

• We can name ElytronConduitSelector with another general name because it doesn't handle Elytron specific thing. It can retrieve info from ClientConfig and enforce them to CXF's conduit etc.

Your thoughts ?

[Skyllarr]

• ClientConfig is extensible to put all information which Elytron client needs. We can put all information to ClientConfig's property. This possibly doesn't need ElytronClientConfig to store these infomation.

@jimma Please correct me if I misunderstand. ClientConfig has only String properties: Map<String, String> properties and I need to store javax.net.ssl.SSLContext instance in the property. Do you mean to extend ClientConfig class so it can have properties of other type than String?So in that case it would be something like:

public class WildflyClientConfig extends ClientConfig {
   Map<String, Object> securityProperties; 
...
}

and then it could be:

public class WildFlyClientConfigProvider implmentens ClientConfigProvider {
        public void provides(**WildflyClientConfig** config) {
           // add all Elytron client config to jbossws clientConfig object 
          config.setSecurityProperty("sslContext", contextInstance)
           ....
       }
} 

Did I get that?

[jimma]

@Skyllarr I think you can add this field directly to ClientConfig like :

public SSLContext  getSslContext()
   {
      ...
   }
public void setSSLContext(SSLContext context) {
    ... 
}

And we directly pass this ClientConfig to WildFlyClientConfigProvider as you pasted above. And we can still create other ClientConfigProvider to add more properties to ClientConfig in the future. WDYT ?

[Skyllarr]

@jimma Alright now I think I know what you mean. Yes, it sounds nicer. I'll try it that way now. Thanks

[Skyllarr]

@jimma I have updated the PRs accordingly.

[Skyllarr]

@jbliznak I have added documentation to new test classes. @jimma please review

[Skyllarr]

some refactoring and nullcheck for nonexistent config file added

[Skyllarr]

rebased and unused import deleted

[Skyllarr]

@jimma please review

[jimma]

Should this line be removed ?

[Skyllarr]

@jimma yes i will remove