/
RegexRoleMapperTestCase.java
120 lines (103 loc) · 5.29 KB
/
RegexRoleMapperTestCase.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package org.wildfly.extension.elytron;
import org.jboss.as.controller.client.helpers.ClientConstants;
import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
import org.jboss.as.subsystem.test.KernelServices;
import org.jboss.dmr.ModelNode;
import org.jboss.msc.service.ServiceName;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.authz.Roles;
import java.io.IOException;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME;
public class RegexRoleMapperTestCase extends AbstractSubsystemBaseTest {
private KernelServices services = null;
public RegexRoleMapperTestCase() {
super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension());
}
@Override
protected String getSubsystemXml() throws IOException {
return readResource("role-mappers-test.xml");
}
private void init(String... domainsToActivate) throws Exception {
services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("role-mappers-test.xml").build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestDomain5");
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestDomain6");
}
@Test
public void testMappedRoleMapper() throws Exception {
init("TestDomain5");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain5");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user2");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertEquals("user2", identity.getPrincipal().getName());
}
@Test
public void testMappedRoleMapper2() throws Exception {
init("TestDomain6");
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain6");
Assert.assertNotNull(services.getContainer());
Assert.assertNotNull(services.getContainer().getService(serviceName));
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue();
Assert.assertNotNull(domain);
ServerAuthenticationContext context = domain.createNewAuthenticationContext();
context.setAuthenticationName("user3");
Assert.assertTrue(context.exists());
Assert.assertTrue(context.authorize());
context.succeed();
SecurityIdentity identity = context.getAuthorizedIdentity();
Roles roles = identity.getRoles();
Assert.assertTrue(roles.contains("admin"));
Assert.assertTrue(roles.contains("user"));
Assert.assertFalse(roles.contains("joe"));
Assert.assertFalse(roles.contains("application-user"));
Assert.assertFalse(roles.contains("123-admin-123"));
Assert.assertFalse(roles.contains("aa-user-aa"));
Assert.assertEquals("user3", identity.getPrincipal().getName());
}
@Test
public void testAddRegexRoleMapperWillFailWithInvalidRegexAttribute() {
ModelNode operation = new ModelNode();
operation.get(ClientConstants.OP_ADDR).add("subsystem", "elytron").add("regex-role-mapper", "my-regex-role-mapper");
operation.get(ClientConstants.OP).set(ClientConstants.ADD);
operation.get(ElytronDescriptionConstants.REGEX).set("*-admin");
operation.get(ElytronDescriptionConstants.REPLACEMENT).set("$1");
ModelNode response = services.executeOperation(operation);
// operation will fail because regex is not valid (starts with asterisk)
if (! response.get(OUTCOME).asString().equals(FAILED)) {
Assert.fail(response.toJSONString(false));
}
}
@Before
public void init() throws Exception {
String subsystemXml;
if (JdkUtils.isIbmJdk()) {
subsystemXml = "tls-ibm.xml";
} else {
subsystemXml = JdkUtils.getJavaSpecVersion() <= 12 ? "tls-sun.xml" : "tls-oracle13plus.xml";
}
services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource(subsystemXml).build();
if (!services.isSuccessfulBoot()) {
Assert.fail(services.getBootError().toString());
}
}
}