[WFCORE-5602] security enable-http-auth-http-server command fails for the security domain "other" #4783
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… the security domain "other"
github-actions
bot
added
the
deps-ok
|
@rmartinc , thank-you. The change looks good to me. Did you ran the currently ignored tests with this change? It would be nice to add a testcase to cover it. |
|
Thanks @jfdenise!
Yes, I have worked on top of your PR wildfly/wildfly#14670, tests pass OK and I have tentatively added something like this: @@ -371,6 +373,16 @@ public class SecurityAuthCommandsTestCase {
public void testOOBHTTP() throws Exception {
ctx.handle("security enable-http-auth-http-server --no-reload --security-domain=" + TEST_UNDERTOW_DOMAIN);
Assert.assertEquals(ElytronUtil.OOTB_APPLICATION_DOMAIN, getReferencedSecurityDomain(ctx, TEST_UNDERTOW_DOMAIN));
+
+ try {
+ // enabling the same domain using mechanism should fail now
+ ctx.handle("security enable-http-auth-http-server --no-reload --mechanism=BASIC "
+ + "--file-system-realm-name=" + TEST_FS_REALM + " --security-domain=" + TEST_UNDERTOW_DOMAIN);
+ Assert.fail("Enabling using mechanism should have failed");
+ } catch (Exception e) {
+ MatcherAssert.assertThat(e.getMessage(), CoreMatchers.containsString("Can't mix mechanism and referenced security domain"));
+ }
+
ctx.handle("security disable-http-auth-http-server --no-reload --security-domain=" + TEST_UNDERTOW_DOMAIN);
Assert.assertFalse(domainExists(TEST_UNDERTOW_DOMAIN));
}The same in the |
|
@rmartinc , perfect, thank-you! |
|
@rmartinc thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue: https://issues.redhat.com/browse/WFCORE-5602
When executing a security command over an existing undertow app domain it can happen that it was defined using referenced domain and the command is trying to add an http factory (or vice-versa). In one case the command returns the weird error detected in the JIRA and in the other the domain is not modified at all. This PR just detects that situation and throws an error:
Can't mix mechanism and referenced security domain(the same error that was already used when the command passed both parameters).The tests seem to be in wildfly
SecurityAuthCommandsTestCase.javaclass. But we need to wait for that test to be re-enabled in WFLY-15057 (PR wildfly/wildfly#14670).@jfdenise Please review this when you have some time.
Thanks!