Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WFCORE-4750] Using regex for role in Elytron
- Loading branch information
Showing
17 changed files
with
242 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
120 changes: 120 additions & 0 deletions
120
elytron/src/test/java/org/wildfly/extension/elytron/RegexRoleMapperTestCase.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
package org.wildfly.extension.elytron; | ||
|
||
import org.jboss.as.controller.client.helpers.ClientConstants; | ||
import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest; | ||
import org.jboss.as.subsystem.test.KernelServices; | ||
import org.jboss.dmr.ModelNode; | ||
import org.jboss.msc.service.ServiceName; | ||
import org.junit.Assert; | ||
import org.junit.Before; | ||
import org.junit.Test; | ||
import org.wildfly.security.auth.server.SecurityDomain; | ||
import org.wildfly.security.auth.server.SecurityIdentity; | ||
import org.wildfly.security.auth.server.ServerAuthenticationContext; | ||
import org.wildfly.security.authz.Roles; | ||
|
||
import java.io.IOException; | ||
|
||
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED; | ||
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; | ||
|
||
public class RegexRoleMapperTestCase extends AbstractSubsystemBaseTest { | ||
private KernelServices services = null; | ||
|
||
public RegexRoleMapperTestCase() { | ||
super(ElytronExtension.SUBSYSTEM_NAME, new ElytronExtension()); | ||
} | ||
|
||
@Override | ||
protected String getSubsystemXml() throws IOException { | ||
return readResource("role-mappers-test.xml"); | ||
} | ||
|
||
private void init(String... domainsToActivate) throws Exception { | ||
services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource("role-mappers-test.xml").build(); | ||
if (!services.isSuccessfulBoot()) { | ||
Assert.fail(services.getBootError().toString()); | ||
} | ||
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestDomain5"); | ||
TestEnvironment.activateService(services, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, "TestDomain6"); | ||
} | ||
|
||
@Test | ||
public void testMappedRoleMapper() throws Exception { | ||
init("TestDomain5"); | ||
|
||
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain5"); | ||
Assert.assertNotNull(services.getContainer()); | ||
Assert.assertNotNull(services.getContainer().getService(serviceName)); | ||
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue(); | ||
Assert.assertNotNull(domain); | ||
|
||
ServerAuthenticationContext context = domain.createNewAuthenticationContext(); | ||
context.setAuthenticationName("user2"); | ||
Assert.assertTrue(context.exists()); | ||
Assert.assertTrue(context.authorize()); | ||
context.succeed(); | ||
SecurityIdentity identity = context.getAuthorizedIdentity(); | ||
|
||
Roles roles = identity.getRoles(); | ||
Assert.assertTrue(roles.contains("application-user")); | ||
Assert.assertFalse(roles.contains("123-user")); | ||
Assert.assertFalse(roles.contains("joe")); | ||
Assert.assertEquals("user2", identity.getPrincipal().getName()); | ||
} | ||
|
||
@Test | ||
public void testMappedRoleMapper2() throws Exception { | ||
init("TestDomain6"); | ||
|
||
ServiceName serviceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName("TestDomain6"); | ||
Assert.assertNotNull(services.getContainer()); | ||
Assert.assertNotNull(services.getContainer().getService(serviceName)); | ||
SecurityDomain domain = (SecurityDomain) services.getContainer().getService(serviceName).getValue(); | ||
Assert.assertNotNull(domain); | ||
|
||
ServerAuthenticationContext context = domain.createNewAuthenticationContext(); | ||
context.setAuthenticationName("user3"); | ||
Assert.assertTrue(context.exists()); | ||
Assert.assertTrue(context.authorize()); | ||
context.succeed(); | ||
SecurityIdentity identity = context.getAuthorizedIdentity(); | ||
|
||
Roles roles = identity.getRoles(); | ||
Assert.assertTrue(roles.contains("admin")); | ||
Assert.assertTrue(roles.contains("user")); | ||
Assert.assertFalse(roles.contains("joe")); | ||
Assert.assertFalse(roles.contains("application-user")); | ||
Assert.assertFalse(roles.contains("123-admin-123")); | ||
Assert.assertFalse(roles.contains("aa-user-aa")); | ||
Assert.assertEquals("user3", identity.getPrincipal().getName()); | ||
} | ||
|
||
@Test | ||
public void testAddRegexRoleMapperWillFailWithInvalidRegexAttribute() { | ||
ModelNode operation = new ModelNode(); | ||
operation.get(ClientConstants.OP_ADDR).add("subsystem", "elytron").add("regex-role-mapper", "my-regex-role-mapper"); | ||
operation.get(ClientConstants.OP).set(ClientConstants.ADD); | ||
operation.get(ElytronDescriptionConstants.REGEX).set("*-admin"); | ||
operation.get(ElytronDescriptionConstants.REPLACEMENT).set("$1"); | ||
ModelNode response = services.executeOperation(operation); | ||
// operation will fail because regex is not valid (starts with asterisk) | ||
if (! response.get(OUTCOME).asString().equals(FAILED)) { | ||
Assert.fail(response.toJSONString(false)); | ||
} | ||
} | ||
|
||
@Before | ||
public void init() throws Exception { | ||
String subsystemXml; | ||
if (JdkUtils.isIbmJdk()) { | ||
subsystemXml = "tls-ibm.xml"; | ||
} else { | ||
subsystemXml = JdkUtils.getJavaSpecVersion() <= 12 ? "tls-sun.xml" : "tls-oracle13plus.xml"; | ||
} | ||
services = super.createKernelServicesBuilder(new TestEnvironment()).setSubsystemXmlResource(subsystemXml).build(); | ||
if (!services.isSuccessfulBoot()) { | ||
Assert.fail(services.getBootError().toString()); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 3 additions & 1 deletion
4
elytron/src/test/resources/org/wildfly/extension/elytron/groups.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
user1=firstGroup,secondGroup | ||
user1=firstGroup,secondGroup | ||
user2=joe,123-user | ||
user3=123-admin-123,joe,aa-user-aa |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.