[WFLY-9561] Minor testsuite refactoring so EJB and Servlet security c…

…an be defined independently of each other.

testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/EjbSecurityDomainSetup.java

@@ -44,6 +44,8 @@
 import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup;
 import org.jboss.dmr.ModelNode;
 import org.wildfly.test.security.common.elytron.EjbElytronDomainSetup;
+import org.wildfly.test.security.common.elytron.ElytronDomainSetup;
+import org.wildfly.test.security.common.elytron.ServletElytronDomainSetup;
 
 /**
  * Utility methods to create/remove simple security domains
@@ -53,7 +55,9 @@
 public class EjbSecurityDomainSetup extends AbstractSecurityDomainSetup {
 
     protected static final String DEFAULT_SECURITY_DOMAIN_NAME = "ejb3-tests";
+    private ElytronDomainSetup elytronDomainSetup;
     private EjbElytronDomainSetup ejbElytronDomainSetup;
+    private ServletElytronDomainSetup servletElytronDomainSetup;
 
     @Override
     protected String getSecurityDomainName() {
@@ -109,15 +113,22 @@ public void setup(final ManagementClient managementClient, final String containe
             applyUpdates(managementClient.getControllerClient(), Arrays.asList(compositeOp));
         } else {
             // elytron profile is enabled
-            ejbElytronDomainSetup = new EjbElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName());
+            elytronDomainSetup = new ElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName());
+            ejbElytronDomainSetup = new EjbElytronDomainSetup(getSecurityDomainName());
+            servletElytronDomainSetup = new ServletElytronDomainSetup(getSecurityDomainName());
+
+            elytronDomainSetup.setup(managementClient, containerId);
             ejbElytronDomainSetup.setup(managementClient, containerId);
+            servletElytronDomainSetup.setup(managementClient, containerId);
         }
     }
 
     @Override
     public void tearDown(final ManagementClient managementClient, final String containerId) {
-        if (ejbElytronDomainSetup != null) {
+        if (elytronDomainSetup != null) {
+            servletElytronDomainSetup.tearDown(managementClient, containerId);
             ejbElytronDomainSetup.tearDown(managementClient, containerId);
+            elytronDomainSetup.tearDown(managementClient, containerId);
         } else {
             super.tearDown(managementClient, containerId);
         }

testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/MixedSecurityAnnotationAuthorizationTestCase.java

@@ -14,7 +14,6 @@
 import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup;
 import org.jboss.as.test.shared.integration.ejb.security.Util;
 import org.jboss.dmr.ModelNode;
-import org.jboss.logging.Logger;
 import org.jboss.shrinkwrap.api.Archive;
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
@@ -26,6 +25,8 @@
 import org.wildfly.security.evidence.PasswordGuessEvidence;
 import org.wildfly.security.permission.ElytronPermission;
 import org.wildfly.test.security.common.elytron.EjbElytronDomainSetup;
+import org.wildfly.test.security.common.elytron.ElytronDomainSetup;
+import org.wildfly.test.security.common.elytron.ServletElytronDomainSetup;
 
 import javax.ejb.EJB;
 import javax.ejb.EJBAccessException;
@@ -58,18 +59,18 @@
  */
 @RunWith(Arquillian.class)
 @ServerSetup({MixedSecurityAnnotationAuthorizationTestCase.OverridenEjbSecurityDomainSetup.class,
-        MixedSecurityAnnotationAuthorizationTestCase.OverridingEjbElytronDomainSetup.class})
+        MixedSecurityAnnotationAuthorizationTestCase.OverridingElytronDomainSetup.class,
+        MixedSecurityAnnotationAuthorizationTestCase.OverridingEjbElytronDomainSetup.class,
+        MixedSecurityAnnotationAuthorizationTestCase.OverridingServletElytronDomainSetup.class})
 public class MixedSecurityAnnotationAuthorizationTestCase {
 
-    private static final Logger log = Logger.getLogger(MixedSecurityAnnotationAuthorizationTestCase.class.getName());
-
     @Deployment
     public static Archive<?> runAsDeployment() {
         final Package currentPackage = AnnotationAuthorizationTestCase.class.getPackage();
         final WebArchive war = ShrinkWrap.create(WebArchive.class, "ejb3security.war")
                 .addClasses(RolesAllowedOverrideBean.class, RolesAllowedOverrideBeanBase.class, PermitAllOverrideBean.class, DenyAllOverrideBean.class).addClass(Util.class)
                 .addClasses(MixedSecurityAnnotationAuthorizationTestCase.class)
-                .addClasses(AbstractSecurityDomainSetup.class, EjbSecurityDomainSetup.class, EjbElytronDomainSetup.class)
+                .addClasses(AbstractSecurityDomainSetup.class, EjbSecurityDomainSetup.class, ElytronDomainSetup.class, EjbElytronDomainSetup.class, ServletElytronDomainSetup.class)
                 .addAsWebInfResource(currentPackage, "jboss-web.xml", "jboss-web.xml");
         war.addAsManifestResource(createPermissionsXmlAsset(
                 new ElytronPermission("getSecurityDomain"),
@@ -315,15 +316,33 @@ private static <T> T runAsElytronIdentity(final String username, final String pa
         return callable.call();
     }
 
-    public static class OverridingEjbElytronDomainSetup extends EjbElytronDomainSetup {
+    public static class OverridingElytronDomainSetup extends ElytronDomainSetup {
 
-        public OverridingEjbElytronDomainSetup() {
+        public OverridingElytronDomainSetup() {
             super(new File(MixedSecurityAnnotationAuthorizationTestCase.class.getResource("elytronusers.properties").getFile()).getAbsolutePath(),
                   new File(MixedSecurityAnnotationAuthorizationTestCase.class.getResource("roles.properties").getFile()).getAbsolutePath());
         }
 
     }
 
+    public static class OverridingEjbElytronDomainSetup extends EjbElytronDomainSetup {
+
+        @Override
+        protected String getEjbDomainName() {
+            return "ejb3-tests";
+        }
+
+    }
+
+    public static class OverridingServletElytronDomainSetup extends ServletElytronDomainSetup {
+
+        @Override
+        protected String getUndertowDomainName() {
+            return "ejb3-tests";
+        }
+
+    }
+
     public static class OverridenEjbSecurityDomainSetup extends EjbSecurityDomainSetup {
 
         @Override

testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/AuthenticationTestCase.java

@@ -54,7 +54,6 @@
 import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.as.arquillian.api.ServerSetup;
 import org.jboss.as.test.categories.CommonCriteria;
-import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup;
 import org.jboss.as.test.shared.TestSuiteEnvironment;
 import org.jboss.as.test.shared.integration.ejb.security.Util;
 import org.jboss.shrinkwrap.api.Archive;
@@ -68,6 +67,8 @@
 import org.wildfly.test.integration.elytron.ejb.authentication.EntryBean;
 import org.wildfly.test.integration.elytron.ejb.base.WhoAmIBean;
 import org.wildfly.test.security.common.elytron.EjbElytronDomainSetup;
+import org.wildfly.test.security.common.elytron.ElytronDomainSetup;
+import org.wildfly.test.security.common.elytron.ServletElytronDomainSetup;
 
 /**
  * Test case to hold the authentication scenarios, these range from calling a servlet which calls a bean to calling a bean which
@@ -77,7 +78,7 @@
  * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
  */
 @RunWith(Arquillian.class)
-@ServerSetup({ AuthenticationTestCase.EjbSecurityDomainSetup.class })
+@ServerSetup({ AuthenticationTestCase.ElytronDomainSetupOverride.class, EjbElytronDomainSetup.class, ServletElytronDomainSetup.class })
 @Category(CommonCriteria.class)
 public class AuthenticationTestCase {
 
@@ -104,7 +105,7 @@ public static Archive<?> deployment() {
                 .addPackage(WhoAmIBean.class.getPackage()).addPackage(EntryBean.class.getPackage())
                 .addClass(WhoAmI.class).addClass(Util.class).addClass(Entry.class)
                 .addClasses(WhoAmIServlet.class, AuthenticationTestCase.class)
-                .addClasses(AbstractSecurityDomainSetup.class, EjbElytronDomainSetup.class)
+                .addClasses(ElytronDomainSetup.class, EjbElytronDomainSetup.class, ServletElytronDomainSetup.class)
                 .addClass(TestSuiteEnvironment.class)
                 .addAsResource(currentPackage, "users.properties", "users.properties")
                 .addAsResource(currentPackage, "roles.properties", "roles.properties")
@@ -465,8 +466,8 @@ public void testICIR_TwoBeans_ReAuth_ViaServlet() throws Exception {
     // 17.6.9 - Runtime Security Enforcement
     // 17.6.10 - Audit Trail
 
-    static class EjbSecurityDomainSetup extends EjbElytronDomainSetup {
-        public EjbSecurityDomainSetup() {
+    static class ElytronDomainSetupOverride extends ElytronDomainSetup {
+        public ElytronDomainSetupOverride() {
             super(new File(AuthenticationTestCase.class.getResource("users.properties").getFile()).getAbsolutePath(),
                     new File(AuthenticationTestCase.class.getResource("roles.properties").getFile()).getAbsolutePath());
         }

testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/EntryBean.java

@@ -32,6 +32,6 @@
  * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
  */
 @Stateless
-@SecurityDomain("ejb3-tests")
+@SecurityDomain("elytron-tests")
 public class EntryBean extends org.wildfly.test.integration.elytron.ejb.base.EntryBean implements Entry {
 }

testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/WhoAmIBean.java

@@ -32,6 +32,6 @@
  * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
  */
 @Stateless
-@SecurityDomain("ejb3-tests")
+@SecurityDomain("elytron-tests")
 public class WhoAmIBean extends org.wildfly.test.integration.elytron.ejb.base.WhoAmIBean implements WhoAmI {
 }

testsuite/integration/elytron/src/test/resources/org/wildfly/test/integration/elytron/ejb/jboss-web.xml

@@ -1,4 +1,4 @@
 <?xml version="1.0"?>
 <jboss-web>
-    <security-domain>ejb3-tests</security-domain>
+    <security-domain>elytron-tests</security-domain>
 </jboss-web>

testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/EjbElytronDomainSetup.java

@@ -22,24 +22,18 @@
 
 package org.wildfly.test.security.common.elytron;
 
-//import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.COMPOSITE;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+import static org.wildfly.test.security.common.elytron.Utils.applyRemoveAllowReload;
+import static org.wildfly.test.security.common.elytron.Utils.applyUpdate;
 
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-
+import org.jboss.as.arquillian.api.ServerSetupTask;
 import org.jboss.as.arquillian.container.ManagementClient;
 import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.client.ModelControllerClient;
 import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
 import org.jboss.as.controller.operations.common.Util;
-import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup;
 import org.jboss.as.test.shared.ServerReload;
 import org.jboss.dmr.ModelNode;
 import org.wildfly.extension.elytron.ElytronExtension;
@@ -49,39 +43,23 @@
  *
  * @author <a href="mailto:jkalina@redhat.com">Jan Kalina</a>
  */
-public class EjbElytronDomainSetup extends AbstractSecurityDomainSetup {
-
-    private static final String DEFAULT_SECURITY_DOMAIN_NAME = "ejb3-tests";
-
-    private PathAddress realmAddress;
+public class EjbElytronDomainSetup implements ServerSetupTask {
 
-    private PathAddress domainAddress;
+    private static final String DEFAULT_SECURITY_DOMAIN_NAME = "elytron-tests";
 
     private PathAddress saslAuthenticationAddress;
 
     private PathAddress remotingConnectorAddress;
 
     private PathAddress ejbDomainAddress;
 
-    private PathAddress ejbRemoteAddress = PathAddress.pathAddress()
-            .append(SUBSYSTEM, "ejb3")
-            .append("service", "remote");
-
-    private PathAddress httpAuthenticationAddress;
-
-    private PathAddress undertowDomainAddress;
-
-    private final String usersFile;
-    private final String groupsFile;
     private final String securityDomainName;
 
-    public EjbElytronDomainSetup(final String usersFile, final String groupsFile) {
-        this(usersFile, groupsFile, DEFAULT_SECURITY_DOMAIN_NAME);
+    public EjbElytronDomainSetup() {
+        this(DEFAULT_SECURITY_DOMAIN_NAME);
     }
 
-    public EjbElytronDomainSetup(final String usersFile, final String groupsFile, final String securityDomainName) {
-        this.usersFile = usersFile;
-        this.groupsFile = groupsFile;
+    public EjbElytronDomainSetup(final String securityDomainName) {
         this.securityDomainName = securityDomainName;
     }
 
@@ -93,9 +71,6 @@ protected String getSecurityRealmName() {
         return getSecurityDomainName() + "-ejb3-UsersRoles";
     }
 
-    protected String getUndertowDomainName() {
-        return getSecurityDomainName();
-    }
 
     protected String getEjbDomainName() {
         return getSecurityDomainName();
@@ -109,32 +84,8 @@ protected String getRemotingConnectorName() {
         return "http-remoting-connector";
     }
 
-    protected String getHttpAuthenticationName() {
-        return getSecurityDomainName();
-    }
-
-    protected String getUsersFile() {
-        return usersFile;
-    }
-
-    protected String getGroupsFile() {
-        return groupsFile;
-    }
-
-    protected boolean isUsersFilePlain() {
-        return true;
-    }
-
     @Override
     public void setup(final ManagementClient managementClient, final String containerId) throws Exception {
-        realmAddress = PathAddress.pathAddress()
-                .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME)
-                .append("properties-realm", getSecurityRealmName());
-
-        domainAddress = PathAddress.pathAddress()
-                .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME)
-                .append("security-domain", getSecurityDomainName());
-
         saslAuthenticationAddress = PathAddress.pathAddress()
                 .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME)
                 .append("sasl-authentication-factory", getSaslAuthenticationName());
@@ -147,36 +98,12 @@ public void setup(final ManagementClient managementClient, final String containe
                 .append(SUBSYSTEM, "ejb3")
                 .append("application-security-domain", getEjbDomainName());
 
-        httpAuthenticationAddress = PathAddress.pathAddress()
-                .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME)
-                .append("http-authentication-factory", getHttpAuthenticationName());
-
-        undertowDomainAddress = PathAddress.pathAddress()
-                .append(SUBSYSTEM, "undertow")
-                .append("application-security-domain", getUndertowDomainName());
-
         final ModelNode compositeOp = new ModelNode();
         compositeOp.get(OP).set(ModelDescriptionConstants.COMPOSITE);
         compositeOp.get(OP_ADDR).setEmptyList();
 
         ModelNode steps = compositeOp.get(STEPS);
 
-        // /subsystem=elytron/properties-realm=UsersRoles:add(users-properties={path=users.properties},groups-properties={path=roles.properties})
-        ModelNode addRealm = Util.createAddOperation(realmAddress);
-        addRealm.get("users-properties").get("path").set(getUsersFile());
-        addRealm.get("users-properties").get("plain-text").set(isUsersFilePlain()); // not hashed
-        addRealm.get("groups-properties").get("path").set(getGroupsFile());
-        steps.add(addRealm);
-
-        // /subsystem=elytron/security-domain=EjbDomain:add(default-realm=UsersRoles, realms=[{realm=UsersRoles}])
-        ModelNode addDomain = Util.createAddOperation(domainAddress);
-        addDomain.get("permission-mapper").set("default-permission-mapper"); // LoginPermission for everyone (defined in standalone-elytron.xml)
-        addDomain.get("default-realm").set(getSecurityRealmName());
-        addDomain.get("realms").get(0).get("realm").set(getSecurityRealmName());
-        addDomain.get("realms").get(0).get("role-decoder").set("groups-to-roles"); // use attribute "groups" as roles (defined in standalone-elytron.xml)
-        addDomain.get("realms").get(1).get("realm").set("local");
-        steps.add(addDomain);
-
         // /subsystem=elytron/sasl-authentication-factory=ejb3-tests-auth-fac:add(sasl-server-factory=configured,security-domain=EjbDomain,mechanism-configurations=[{mechanism-name=BASIC}])
         ModelNode addSaslAuthentication = Util.createAddOperation(saslAuthenticationAddress);
         addSaslAuthentication.get("sasl-server-factory").set("configured");
@@ -196,17 +123,6 @@ public void setup(final ManagementClient managementClient, final String containe
         addEjbDomain.get("security-domain").set(getSecurityDomainName());
         steps.add(addEjbDomain);
 
-        ModelNode addHttpAuthentication = Util.createAddOperation(httpAuthenticationAddress);
-        addHttpAuthentication.get("security-domain").set(getSecurityDomainName());
-        addHttpAuthentication.get("http-server-mechanism-factory").set("global");
-        addHttpAuthentication.get("mechanism-configurations").get(0).get("mechanism-name").set("BASIC");
-        addHttpAuthentication.get("mechanism-configurations").get(0).get("mechanism-realm-configurations").get(0).get("realm-name").set("TestingRealm");
-        steps.add(addHttpAuthentication);
-
-        ModelNode addUndertowDomain = Util.createAddOperation(undertowDomainAddress);
-        addUndertowDomain.get("http-authentication-factory").set(getHttpAuthenticationName());
-        steps.add(addUndertowDomain);
-
         applyUpdate(managementClient.getControllerClient(), compositeOp, false);
         // TODO: add {"allow-resource-service-restart" => true} to ejbRemoteAddress write-attribute operation once WFLY-8793 / JBEAP-10955 is fixed
         //       and remove this reload
@@ -228,10 +144,6 @@ public void tearDown(final ManagementClient managementClient, final String conta
             throw new RuntimeException(e);
         }
 
-        List<ModelNode> updates = new LinkedList<>();
-
-        applyRemoveAllowReload(managementClient.getControllerClient(), undertowDomainAddress, false);
-        applyRemoveAllowReload(managementClient.getControllerClient(), httpAuthenticationAddress, false);
         applyRemoveAllowReload(managementClient.getControllerClient(), ejbDomainAddress, false);
         // TODO: remove this reload once WFLY-8821 / JBEAP-11074 is fixed
         try {
@@ -240,17 +152,6 @@ public void tearDown(final ManagementClient managementClient, final String conta
             throw new RuntimeException(e);
         }
         applyRemoveAllowReload(managementClient.getControllerClient(), saslAuthenticationAddress, false);
-        applyRemoveAllowReload(managementClient.getControllerClient(), domainAddress, false);
-        applyRemoveAllowReload(managementClient.getControllerClient(), realmAddress, false);
     }
 
-    private static void applyRemoveAllowReload(final ModelControllerClient client, PathAddress address, boolean allowFailure) {
-        ModelNode op = Util.createRemoveOperation(address);
-        op.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true);
-        try {
-            applyUpdate(client, op, allowFailure);
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
-    }
 }