/
RegexRoleMapperTestCase.java
148 lines (127 loc) · 6.67 KB
/
RegexRoleMapperTestCase.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package org.wildfly.extension.elytron;
import org.jboss.as.controller.client.helpers.ClientConstants;
import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
import org.jboss.as.subsystem.test.KernelServices;
import org.jboss.dmr.ModelNode;
import org.jboss.msc.service.ServiceName;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.authz.Roles;
import java.io.IOException;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME;
public class RegexRoleMapperTestCase extends AbstractSubsystemBaseTest {
private KernelServices services = null;
public RegexRoleMapperTestCase() {
super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
}
@Override
protected String getSubsystemXml() throws IOException {
return readResource("role-mappers-test.xml");
}
private void init(String... domainsToActivate) throws Exception {
services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("role-mappers-test.xml").build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestDomain5");
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestDomain6");
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestDomain7");
}
@Test
public void testMappedRoleMapper() throws Exception {
init("TestDomain5");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain5");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user2");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertEquals("user2", identity.getPrincipal().getName());
}
@Test
public void testMappedRoleMapper2() throws Exception {
init("TestDomain6");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain6");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user3");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertFalse(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-admin-123"));
Assert.assertFalse(roles.contains("aa-user-aa"));
Assert.assertEquals("user3", identity.getPrincipal().getName());
}
@Test
public void testMappedRoleMapper3() throws Exception {
init("TestDomain7");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain7");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user3");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("user"));
Assert.assertTrue(roles.contains("joe"));
Assert.assertFalse(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-admin-123"));
Assert.assertFalse(roles.contains("aa-user-aa"));
Assert.assertEquals("user3", identity.getPrincipal().getName());
}
@Test
public void testAddRegexRoleMapperWillFailWithInvalidRegexAttribute() {
ModelNode operation = new ModelNode();
operation.get(ClientConstants.OP_ADDR).add("subsystem", "elytron").add("regex-role-mapper", "my-regex-role-mapper");
operation.get(ClientConstants.OP).set(ClientConstants.ADD);
operation.get(ElytronDescriptionConstants.REGEX).set("*-admin");
operation.get(ElytronDescriptionConstants.REPLACEMENT).set("$1");
ModelNode response = services.executeOperation(operation);
// operation will fail because regex is not valid (starts with asterisk)
if (! response.get(OUTCOME).asString().equals(FAILED)) {
Assert.fail(response.toJSONString(false));
}
}
@Before
public void init() throws Exception {
String subsystemXml;
if (JdkUtils.isIbmJdk()) {
subsystemXml = "tls-ibm.xml";
} else {
subsystemXml = JdkUtils.getJavaSpecVersion() <= 12 ? "tls-sun.xml" : "tls-oracle13plus.xml";
}
services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource(subsystemXml).build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
}
}