Merge 42f28b0 into d1f0bac

elytron/pom.xml

@@ -218,7 +218,7 @@
                                 <exclude>jacc-with-providers.xml</exclude>
                                 <exclude>legacy*.xml</exclude>
                             </excludes>
-                            <systemId>src/main/resources/schema/wildfly-elytron_9_0.xsd</systemId>
+                            <systemId>src/main/resources/schema/wildfly-elytron_10_0.xsd</systemId>
                         </validationSet>
                         <validationSet>
                             <dir>src/main/resources/subsystem-templates</dir>

elytron/src/main/java/org/wildfly/extension/elytron/ElytronDefinition.java

@@ -256,6 +256,7 @@ public void registerChildren(ManagementResourceRegistration resourceRegistration
         resourceRegistration.registerSubModel(new CustomComponentDefinition<>(RoleMapper.class, Function.identity(), ElytronDescriptionConstants.CUSTOM_ROLE_MAPPER, ROLE_MAPPER_RUNTIME_CAPABILITY));
         resourceRegistration.registerSubModel(RoleMapperDefinitions.getLogicalRoleMapperDefinition());
         resourceRegistration.registerSubModel(RoleMapperDefinitions.getMappedRoleMapperDefinition());
+        resourceRegistration.registerSubModel(RoleMapperDefinitions.getRegexRoleMapperDefinition());
 
         // Evidence Decoders
         resourceRegistration.registerSubModel(EvidenceDecoderDefinitions.getX500SubjectEvidenceDecoderDefinition());

elytron/src/main/java/org/wildfly/extension/elytron/ElytronDescriptionConstants.java

@@ -430,6 +430,7 @@ interface ElytronDescriptionConstants {
     String REFERRAL_MODE = "referral-mode";
     String REGISTER_JASPI_FACTORY = "register-jaspi-factory";
     String REGEX_PRINCIPAL_TRANSFORMER = "regex-principal-transformer";
+    String REGEX_ROLE_MAPPER = "regex-role-mapper";
     String REGEX_VALIDATING_PRINCIPAL_TRANSFORMER = "regex-validating-principal-transformer";
     String RELATIVE_TO = "relative-to";
     String REMOVE_ALIAS = "remove-alias";

elytron/src/main/java/org/wildfly/extension/elytron/ElytronExtension.java

@@ -61,6 +61,7 @@ public class ElytronExtension implements Extension {
     static final String NAMESPACE_7_0 = "urn:wildfly:elytron:7.0";
     static final String NAMESPACE_8_0 = "urn:wildfly:elytron:8.0";
     static final String NAMESPACE_9_0 = "urn:wildfly:elytron:9.0";
+    static final String NAMESPACE_10_0 = "urn:wildfly:elytron:10.0";
 
     /**
      * The name of our subsystem within the model.
@@ -82,8 +83,9 @@ public class ElytronExtension implements Extension {
     static final ModelVersion ELYTRON_7_0_0 = ModelVersion.create(7);
     static final ModelVersion ELYTRON_8_0_0 = ModelVersion.create(8);
     static final ModelVersion ELYTRON_9_0_0 = ModelVersion.create(9);
+    static final ModelVersion ELYTRON_10_0_0 = ModelVersion.create(10);
 
-    private static final ModelVersion ELYTRON_CURRENT = ELYTRON_9_0_0;
+    private static final ModelVersion ELYTRON_CURRENT = ELYTRON_10_0_0;
 
     static final String ISO_8601_FORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSSZ";
 
@@ -124,6 +126,7 @@ public void initializeParsers(ExtensionParsingContext context) {
         context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_7_0, () -> new ElytronSubsystemParser7_0());
         context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_8_0, () -> new ElytronSubsystemParser8_0());
         context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_9_0, () -> new ElytronSubsystemParser9_0());
+        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_10_0, () -> new ElytronSubsystemParser10_0());
     }
 
     @Override
@@ -136,7 +139,7 @@ public void initialize(ExtensionContext context) {
         final ManagementResourceRegistration registration = subsystemRegistration.registerSubsystemModel(ElytronDefinition.INSTANCE);
         registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
 
-        subsystemRegistration.registerXMLElementWriter(() -> new ElytronSubsystemParser9_0());
+        subsystemRegistration.registerXMLElementWriter(() -> new ElytronSubsystemParser10_0());
     }
 
     @SuppressWarnings("unchecked")

elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser10_0.java

@@ -0,0 +1,35 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2019 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.wildfly.extension.elytron;
+
+/**
+ * The subsystem parser, which uses stax to read and write to and from xml.
+ *
+ * @author <a href="mailto:fjuma@redhat.com">Farah Juma</a>
+ * @since 12.0
+ */
+public class ElytronSubsystemParser10_0 extends ElytronSubsystemParser9_0 {
+
+    @Override
+    String getNameSpace() {
+        return ElytronExtension.NAMESPACE_10_0;
+    }
+
+}
+

elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemTransformers.java

@@ -35,6 +35,7 @@
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SIMPLE_DIGEST_MAPPER;
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SIZE_ROTATING_FILE_AUDIT_LOG;
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.SYNCHRONIZED;
+import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_10_0_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_1_2_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_2_0_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_3_0_0;
@@ -85,6 +86,8 @@ public String getSubsystemName() {
     public void registerTransformers(SubsystemTransformerRegistration registration) {
         ChainedTransformationDescriptionBuilder chainedBuilder = TransformationDescriptionBuilder.Factory.createChainedSubystemInstance(registration.getCurrentSubsystemVersion());
 
+        // 10.0.0 (WildFly 20) to 9.0.0 (WildFly 19)
+        from10(chainedBuilder);
         // 9.0.0 (WildFly 19) to 8.0.0 (WildFly 18)
         from9(chainedBuilder);
         // 8.0.0 (WildFly 18) to 7.0.0 (WildFly 17)
@@ -102,7 +105,13 @@ public void registerTransformers(SubsystemTransformerRegistration registration)
         // 2.0.0 (WildFly 12) to 1.2.0, (WildFly 11 and EAP 7.1.0)
         from2(chainedBuilder);
 
-        chainedBuilder.buildAndRegister(registration, new ModelVersion[] { ELYTRON_8_0_0, ELYTRON_7_0_0, ELYTRON_6_0_0, ELYTRON_5_0_0, ELYTRON_4_0_0, ELYTRON_3_0_0, ELYTRON_2_0_0, ELYTRON_1_2_0 });
+        chainedBuilder.buildAndRegister(registration, new ModelVersion[] { ELYTRON_9_0_0, ELYTRON_8_0_0, ELYTRON_7_0_0, ELYTRON_6_0_0, ELYTRON_5_0_0, ELYTRON_4_0_0, ELYTRON_3_0_0, ELYTRON_2_0_0, ELYTRON_1_2_0 });
+
+    }
+
+    private static void from10(ChainedTransformationDescriptionBuilder chainedBuilder) {
+        ResourceTransformationDescriptionBuilder builder = chainedBuilder.createBuilder(ELYTRON_10_0_0, ELYTRON_9_0_0);
+        builder.rejectChildResource(PathElement.pathElement(ElytronDescriptionConstants.REGEX_ROLE_MAPPER));
 
     }
 

elytron/src/main/java/org/wildfly/extension/elytron/MapperParser.java

@@ -205,6 +205,13 @@ public void marshallSingleElement(AttributeDefinition attribute, ModelNode prope
             })
             .build();
 
+    private PersistentResourceXMLDescription regexRoleMapperParser = PersistentResourceXMLDescription.builder(RoleMapperDefinitions.getRegexRoleMapperDefinition().getPathElement())
+            .addAttribute(RoleMapperDefinitions.PATTERN)
+            .addAttribute(RoleMapperDefinitions.REPLACEMENT)
+            .addAttribute(RoleMapperDefinitions.KEEP_NON_MAPPED)
+            .addAttribute(RoleMapperDefinitions.REPLACE_ALL)
+            .build();
+
     private PersistentResourceXMLDescription addPrefixRoleMapperParser = PersistentResourceXMLDescription.builder(RoleMapperDefinitions.getAddPrefixRoleMapperDefinition().getPathElement())
             .addAttribute(RoleMapperDefinitions.PREFIX)
             .build();
@@ -380,6 +387,7 @@ public PersistentResourceXMLDescription getParser() {
                 .addChild(x509SubjectAltNameEvidenceDecoder) // new
                 .addChild(getCustomComponentParser(CUSTOM_EVIDENCE_DECODER)) // new
                 .addChild(aggregateEvidenceDecoderParser) // new
+                .addChild(regexRoleMapperParser) // new
                 .build();
     }
 }

elytron/src/main/java/org/wildfly/extension/elytron/RegexAttributeDefinitions.java

@@ -37,7 +37,7 @@ class RegexAttributeDefinitions {
 
     static final SimpleAttributeDefinition PATTERN = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PATTERN, ModelType.STRING, false)
             .setAllowExpression(true)
-            .setValidator(new RexExValidator())
+            .setValidator(new RegExValidator())
             .setMinSize(1)
             .setRestartAllServices()
             .build();
@@ -49,9 +49,9 @@ class RegexAttributeDefinitions {
             .setRestartAllServices()
             .build();
 
-    private static class RexExValidator extends StringLengthValidator {
+    private static class RegExValidator extends StringLengthValidator {
 
-        private RexExValidator() {
+        private RegExValidator() {
             super(1, false, false);
         }
 
@@ -70,7 +70,7 @@ public void validateParameter(String parameterName, ModelNode value) throws Oper
 
     }
 
-    private static class CaptureGroupRexExValidator extends RexExValidator {
+    private static class CaptureGroupRexExValidator extends RegExValidator {
 
         @Override
         public void validateParameter(String parameterName, ModelNode value) throws OperationFailedException {

elytron/src/main/java/org/wildfly/extension/elytron/RoleMapperDefinitions.java

@@ -58,6 +58,7 @@
 import org.jboss.msc.value.InjectedValue;
 import org.wildfly.extension.elytron.TrivialService.ValueSupplier;
 import org.wildfly.security.authz.MappedRoleMapper;
+import org.wildfly.security.authz.RegexRoleMapper;
 import org.wildfly.security.authz.RoleMapper;
 import org.wildfly.security.authz.Roles;
 
@@ -80,6 +81,14 @@ class RoleMapperDefinitions {
         .setRestartAllServices()
         .build();
 
+    static final SimpleAttributeDefinition PATTERN = new SimpleAttributeDefinitionBuilder(RegexAttributeDefinitions.PATTERN).build();
+
+    static final SimpleAttributeDefinition REPLACEMENT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REPLACEMENT, ModelType.STRING, false)
+            .setAllowExpression(true)
+            .setMinSize(1)
+            .setRestartAllServices()
+            .build();
+
     static final SimpleAttributeDefinition LEFT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.LEFT, ModelType.STRING, true)
         .setMinSize(1)
         .setRestartAllServices()
@@ -118,6 +127,12 @@ class RoleMapperDefinitions {
             .setRestartAllServices()
             .build();
 
+    static final SimpleAttributeDefinition REPLACE_ALL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REPLACE_ALL, ModelType.BOOLEAN, true)
+            .setAllowExpression(true)
+            .setDefaultValue(ModelNode.FALSE)
+            .setRestartAllServices()
+            .build();
+
     static final StringListAttributeDefinition ROLES = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.ROLES)
             .setAllowExpression(true)
             .setMinSize(1)
@@ -173,6 +188,31 @@ protected ValueSupplier<RoleMapper> getValueSupplier(OperationContext context, M
         return new RoleMapperResourceDefinition(ElytronDescriptionConstants.MAPPED_ROLE_MAPPER, add, ROLE_MAPPING_MAP, KEEP_MAPPED, KEEP_NON_MAPPED);
     }
 
+    static ResourceDefinition getRegexRoleMapperDefinition() {
+        AbstractAddStepHandler add = new RoleMapperAddHandler(PATTERN, REPLACEMENT, KEEP_NON_MAPPED, REPLACE_ALL) {
+
+            @Override
+            protected ValueSupplier<RoleMapper> getValueSupplier(OperationContext context, ModelNode model) throws OperationFailedException {
+                final String regex = PATTERN.resolveModelAttribute(context, model).asString();
+                final String replacement = REPLACEMENT.resolveModelAttribute(context, model).asString();
+                final Boolean keepNonMapped = KEEP_NON_MAPPED.resolveModelAttribute(context, model).asBoolean();
+                final Boolean replaceAll = REPLACE_ALL.resolveModelAttribute(context, model).asBoolean();
+
+                final RegexRoleMapper roleMapper = new RegexRoleMapper.Builder()
+                        .setPattern(regex)
+                        .setReplacement(replacement)
+                        .setKeepNonMapped(keepNonMapped)
+                        .setReplaceAll(replaceAll)
+                        .build();
+
+                return () -> roleMapper;
+
+            }
+        };
+
+        return new RoleMapperResourceDefinition(ElytronDescriptionConstants.REGEX_ROLE_MAPPER, add, PATTERN, REPLACEMENT, KEEP_NON_MAPPED, REPLACE_ALL);
+    }
+
     static AggregateComponentDefinition<RoleMapper> getAggregateRoleMapperDefinition() {
         return AGGREGATE_ROLE_MAPPER;
     }

elytron/src/main/java/org/wildfly/extension/elytron/_private/ElytronSubsystemMessages.java

@@ -578,4 +578,7 @@ public interface ElytronSubsystemMessages extends BasicLogger {
     @Message(id = 1066, value = "Invalid value for cipher-suite-names. %s")
     OperationFailedException invalidCipherSuiteNames(@Cause Throwable cause, String causeMessage);
 
+    @Message(id = 1067, value = "Value '%s' is not valid regex.")
+    OperationFailedException invalidRegex(String regex);
+
 }

elytron/src/main/resources/org/wildfly/extension/elytron/LocalDescriptions.properties

@@ -668,6 +668,16 @@ elytron.mapped-role-mapper.keep-mapped=When set to 'true' the mapped roles will
 elytron.mapped-role-mapper.keep-non-mapped=When set to 'true' the mapped roles will retain all roles, that have no defined mappings.
 elytron.mapped-role-mapper.role-map=A string to string list map for mapping roles.
 
+elytron.regex-role-mapper=A RoleMapper definition for a RoleMapper that performs a mapping based on regex and replaces matching roles with replacement pattern.
+# Operations
+elytron.regex-role-mapper.add=The add operation for the role mapper.
+elytron.regex-role-mapper.remove=The remove operation for the role mapper.
+# Attributes
+elytron.regex-role-mapper.pattern=Regex string that will be used for matching. Regex can capture groups. Role matches the pattern if given pattern can be found in any substring of given role.
+elytron.regex-role-mapper.replacement=Replacement that will be used when mapping roles that contain the pattern. Can make use of captured groups from pattern.
+elytron.regex-role-mapper.keep-non-mapped=When set to 'true' then the roles that did not match the pattern will be kept and not removed.
+elytron.regex-role-mapper.replace-all=When set to 'false', only first occurrence of the pattern will be replaced in role. When set to 'true' then all of the occurrences will be replaced by replacement.
+
 #####################
 # Realm Definitions #
 #####################