Merge pull request #268 from rareddy/TEIID-3013-8.7.x

TEIID-3013: adding relam support for teiid security domain
teiid · Jun 24, 2014 · d377021 · d377021
2 parents 193b21b + d517046
commit d377021
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 11 deletions.
diff --git a/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli b/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli
@@ -47,7 +47,7 @@
 
 /profile=ha/subsystem=security/security-domain=teiid-security:add(cache-type=default)
 /profile=ha/subsystem=security/security-domain=teiid-security/authentication=classic:add()
-/profile=ha/subsystem=security/security-domain=teiid-security/authentication=classic/login-module=teiid:add(code=org.jboss.security.auth.spi.UsersRolesLoginModule, flag=required, module-options={usersProperties="${jboss.domain.config.dir}/teiid-security-users.properties", rolesProperties="${jboss.domain.config.dir}/teiid-security-roles.properties"}) 
+/profile=ha/subsystem=security/security-domain=teiid-security/authentication=classic/login-module=RelamDirect:add(code=RealmDirect, flag=sufficient, module-options=[("password-stacking"=>"useFirstPass")]) 
 /profile=ha/subsystem=threads/unbounded-queue-thread-pool=teiid-async:add(max-threads=4)
 
 /profile=full-ha/subsystem=security/security-domain=teiid-security:add(cache-type=default)

diff --git a/build/kits/jboss-as7/bin/scripts/teiid-standalone-mode-install.cli b/build/kits/jboss-as7/bin/scripts/teiid-standalone-mode-install.cli
@@ -20,7 +20,8 @@
 /subsystem=infinispan/cache-container=teiid-cache/local-cache=preparedplan/eviction=EVICTION:add(max-entries=512, strategy=LIRS)
 
 /subsystem=security/security-domain=teiid-security:add(cache-type=default)
-/subsystem=security/security-domain=teiid-security/authentication=classic:add(login-modules=[{"code"=>"org.jboss.security.auth.spi.UsersRolesLoginModule", "flag"=>"required", "module-options"=>[("usersProperties"=>"${jboss.server.config.dir}/teiid-security-users.properties"), ("rolesProperties"=>"${jboss.server.config.dir}/teiid-security-roles.properties")]}]) 
+/subsystem=security/security-domain=teiid-security/authentication=classic:add()
+/subsystem=security/security-domain=teiid-security/authentication=classic/login-module=RelamDirect:add(code=RealmDirect, flag=sufficient, module-options=[("password-stacking"=>"useFirstPass")])
 /subsystem=threads/unbounded-queue-thread-pool=teiid-async:add(max-threads=4)
 
 /subsystem=teiid:add(async-thread-pool=teiid-async, resultset-cache-infinispan-container=teiid-cache, preparedplan-cache-infinispan-container=teiid-cache, policy-decider-module=org.jboss.teiid)

diff --git a/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml b/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml
@@ -339,9 +339,8 @@
                 </security-domain>
                 <security-domain name="teiid-security" cache-type="default">
                     <authentication>
-                        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
-                            <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>
-                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>
+                        <login-module code="RealmDirect" flag="sufficient">
+                           <module-option name="password-stacking" value="useFirstPass"/>
                         </login-module>
                     </authentication>
                 </security-domain>                

diff --git a/build/kits/jboss-as7/standalone/configuration/teiid-security-roles.properties b/build/kits/jboss-as7/standalone/configuration/teiid-security-roles.properties
diff --git a/build/kits/jboss-as7/standalone/configuration/teiid-security-users.properties b/build/kits/jboss-as7/standalone/configuration/teiid-security-users.properties
diff --git a/test-integration/common/pom.xml b/test-integration/common/pom.xml
@@ -182,6 +182,25 @@
                                     </resources>
                                 </configuration>
                             </execution>
+                            <execution>
+                                <id>copy-resources2</id>
+                                <phase>process-test-classes</phase>
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <configuration>
+                                    <outputDirectory>${project.build.directory}/${jbossas-test-version}/standalone/configuration</outputDirectory>
+                                    <resources>
+                                        <resource>
+                                            <directory>src/test/resources/arquillian/credentials</directory>
+                                            <includes>
+                                            <include>*.properties</include>
+                                            </includes>
+                                            <filtering>true</filtering>
+                                        </resource>
+                                    </resources>
+                                </configuration>
+                            </execution>                            
                         </executions>
                     </plugin>                    
                     <plugin>

diff --git a/...integration/common/src/test/resources/arquillian/credentials/application-roles.properties b/...integration/common/src/test/resources/arquillian/credentials/application-roles.properties
@@ -0,0 +1,23 @@
+#
+# Properties declaration of users roles for the realm 'ApplicationRealm'.
+#
+# This includes the following protocols: remote ejb, remote jndi, web, remote jms
+#
+# Users can be added to this properties file at any time, updates after the server has started
+# will be automatically detected.
+#
+# The format of this file is as follows: -
+# username=role1,role2,role3
+#
+# A utility script is provided which can be executed from the bin folder to add the users: -
+# - Linux
+#  bin/add-user.sh
+#
+# - Windows
+#  bin\add-user.bat
+#
+# The following illustrates how an admin user could be defined.
+#
+#admin=PowerUser,BillingAdmin,
+#guest=guest
+user=odata
diff --git a/...integration/common/src/test/resources/arquillian/credentials/application-users.properties b/...integration/common/src/test/resources/arquillian/credentials/application-users.properties
@@ -0,0 +1,24 @@
+#
+# Properties declaration of users for the realm 'ApplicationRealm' which is the default realm
+# for application services on a new AS 7.1 installation.
+#
+# This includes the following protocols: remote ejb, remote jndi, web, remote jms
+#
+# Users can be added to this properties file at any time, updates after the server has started
+# will be automatically detected.
+#
+# The format of this realm is as follows: -
+# username=HEX( MD5( username ':' realm ':' password))
+#
+# A utility script is provided which can be executed from the bin folder to add the users: -
+# - Linux
+#  bin/add-user.sh
+#
+# - Windows
+#  bin\add-user.bat
+#
+# The following illustrates how an admin user could be defined, this
+# is for illustration only and does not correspond to a usable password.
+#
+#admin=2a0923285184943425d1f53ddd58ec7a
+user=c5568adea472163dfc00c19c6348a665