diff --git a/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/EjbSecurityDomainSetup.java b/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/EjbSecurityDomainSetup.java index 8b9e36d287f4..985594cfa82f 100644 --- a/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/EjbSecurityDomainSetup.java +++ b/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/EjbSecurityDomainSetup.java @@ -44,6 +44,8 @@ import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup; import org.jboss.dmr.ModelNode; import org.wildfly.test.security.common.elytron.EjbElytronDomainSetup; +import org.wildfly.test.security.common.elytron.ElytronDomainSetup; +import org.wildfly.test.security.common.elytron.ServletElytronDomainSetup; /** * Utility methods to create/remove simple security domains @@ -53,7 +55,9 @@ public class EjbSecurityDomainSetup extends AbstractSecurityDomainSetup { protected static final String DEFAULT_SECURITY_DOMAIN_NAME = "ejb3-tests"; + private ElytronDomainSetup elytronDomainSetup; private EjbElytronDomainSetup ejbElytronDomainSetup; + private ServletElytronDomainSetup servletElytronDomainSetup; @Override protected String getSecurityDomainName() { @@ -109,15 +113,22 @@ public void setup(final ManagementClient managementClient, final String containe applyUpdates(managementClient.getControllerClient(), Arrays.asList(compositeOp)); } else { // elytron profile is enabled - ejbElytronDomainSetup = new EjbElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName()); + elytronDomainSetup = new ElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName()); + ejbElytronDomainSetup = new EjbElytronDomainSetup(getSecurityDomainName()); + servletElytronDomainSetup = new ServletElytronDomainSetup(getSecurityDomainName()); + + elytronDomainSetup.setup(managementClient, containerId); ejbElytronDomainSetup.setup(managementClient, containerId); + servletElytronDomainSetup.setup(managementClient, containerId); } } @Override public void tearDown(final ManagementClient managementClient, final String containerId) { - if (ejbElytronDomainSetup != null) { + if (elytronDomainSetup != null) { + servletElytronDomainSetup.tearDown(managementClient, containerId); ejbElytronDomainSetup.tearDown(managementClient, containerId); + elytronDomainSetup.tearDown(managementClient, containerId); } else { super.tearDown(managementClient, containerId); } diff --git a/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/MixedSecurityAnnotationAuthorizationTestCase.java b/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/MixedSecurityAnnotationAuthorizationTestCase.java index d8b4fc46933b..f91067836492 100644 --- a/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/MixedSecurityAnnotationAuthorizationTestCase.java +++ b/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/MixedSecurityAnnotationAuthorizationTestCase.java @@ -14,7 +14,6 @@ import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup; import org.jboss.as.test.shared.integration.ejb.security.Util; import org.jboss.dmr.ModelNode; -import org.jboss.logging.Logger; import org.jboss.shrinkwrap.api.Archive; import org.jboss.shrinkwrap.api.ShrinkWrap; import org.jboss.shrinkwrap.api.spec.WebArchive; @@ -26,6 +25,8 @@ import org.wildfly.security.evidence.PasswordGuessEvidence; import org.wildfly.security.permission.ElytronPermission; import org.wildfly.test.security.common.elytron.EjbElytronDomainSetup; +import org.wildfly.test.security.common.elytron.ElytronDomainSetup; +import org.wildfly.test.security.common.elytron.ServletElytronDomainSetup; import javax.ejb.EJB; import javax.ejb.EJBAccessException; @@ -58,18 +59,18 @@ */ @RunWith(Arquillian.class) @ServerSetup({MixedSecurityAnnotationAuthorizationTestCase.OverridenEjbSecurityDomainSetup.class, - MixedSecurityAnnotationAuthorizationTestCase.OverridingEjbElytronDomainSetup.class}) + MixedSecurityAnnotationAuthorizationTestCase.OverridingElytronDomainSetup.class, + MixedSecurityAnnotationAuthorizationTestCase.OverridingEjbElytronDomainSetup.class, + MixedSecurityAnnotationAuthorizationTestCase.OverridingServletElytronDomainSetup.class}) public class MixedSecurityAnnotationAuthorizationTestCase { - private static final Logger log = Logger.getLogger(MixedSecurityAnnotationAuthorizationTestCase.class.getName()); - @Deployment public static Archive runAsDeployment() { final Package currentPackage = AnnotationAuthorizationTestCase.class.getPackage(); final WebArchive war = ShrinkWrap.create(WebArchive.class, "ejb3security.war") .addClasses(RolesAllowedOverrideBean.class, RolesAllowedOverrideBeanBase.class, PermitAllOverrideBean.class, DenyAllOverrideBean.class).addClass(Util.class) .addClasses(MixedSecurityAnnotationAuthorizationTestCase.class) - .addClasses(AbstractSecurityDomainSetup.class, EjbSecurityDomainSetup.class, EjbElytronDomainSetup.class) + .addClasses(AbstractSecurityDomainSetup.class, EjbSecurityDomainSetup.class, ElytronDomainSetup.class, EjbElytronDomainSetup.class, ServletElytronDomainSetup.class) .addAsWebInfResource(currentPackage, "jboss-web.xml", "jboss-web.xml"); war.addAsManifestResource(createPermissionsXmlAsset( new ElytronPermission("getSecurityDomain"), @@ -315,15 +316,33 @@ private static T runAsElytronIdentity(final String username, final String pa return callable.call(); } - public static class OverridingEjbElytronDomainSetup extends EjbElytronDomainSetup { + public static class OverridingElytronDomainSetup extends ElytronDomainSetup { - public OverridingEjbElytronDomainSetup() { + public OverridingElytronDomainSetup() { super(new File(MixedSecurityAnnotationAuthorizationTestCase.class.getResource("elytronusers.properties").getFile()).getAbsolutePath(), new File(MixedSecurityAnnotationAuthorizationTestCase.class.getResource("roles.properties").getFile()).getAbsolutePath()); } } + public static class OverridingEjbElytronDomainSetup extends EjbElytronDomainSetup { + + @Override + protected String getEjbDomainName() { + return "ejb3-tests"; + } + + } + + public static class OverridingServletElytronDomainSetup extends ServletElytronDomainSetup { + + @Override + protected String getUndertowDomainName() { + return "ejb3-tests"; + } + + } + public static class OverridenEjbSecurityDomainSetup extends EjbSecurityDomainSetup { @Override diff --git a/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/AuthenticationTestCase.java b/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/AuthenticationTestCase.java index 7dc6bcdb37f3..d595f3a2f9a1 100644 --- a/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/AuthenticationTestCase.java +++ b/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/AuthenticationTestCase.java @@ -54,7 +54,6 @@ import org.jboss.arquillian.junit.Arquillian; import org.jboss.as.arquillian.api.ServerSetup; import org.jboss.as.test.categories.CommonCriteria; -import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup; import org.jboss.as.test.shared.TestSuiteEnvironment; import org.jboss.as.test.shared.integration.ejb.security.Util; import org.jboss.shrinkwrap.api.Archive; @@ -68,6 +67,8 @@ import org.wildfly.test.integration.elytron.ejb.authentication.EntryBean; import org.wildfly.test.integration.elytron.ejb.base.WhoAmIBean; import org.wildfly.test.security.common.elytron.EjbElytronDomainSetup; +import org.wildfly.test.security.common.elytron.ElytronDomainSetup; +import org.wildfly.test.security.common.elytron.ServletElytronDomainSetup; /** * Test case to hold the authentication scenarios, these range from calling a servlet which calls a bean to calling a bean which @@ -77,7 +78,7 @@ * @author Darran Lofthouse */ @RunWith(Arquillian.class) -@ServerSetup({ AuthenticationTestCase.EjbSecurityDomainSetup.class }) +@ServerSetup({ AuthenticationTestCase.ElytronDomainSetupOverride.class, EjbElytronDomainSetup.class, ServletElytronDomainSetup.class }) @Category(CommonCriteria.class) public class AuthenticationTestCase { @@ -104,7 +105,7 @@ public static Archive deployment() { .addPackage(WhoAmIBean.class.getPackage()).addPackage(EntryBean.class.getPackage()) .addClass(WhoAmI.class).addClass(Util.class).addClass(Entry.class) .addClasses(WhoAmIServlet.class, AuthenticationTestCase.class) - .addClasses(AbstractSecurityDomainSetup.class, EjbElytronDomainSetup.class) + .addClasses(ElytronDomainSetup.class, EjbElytronDomainSetup.class, ServletElytronDomainSetup.class) .addClass(TestSuiteEnvironment.class) .addAsResource(currentPackage, "users.properties", "users.properties") .addAsResource(currentPackage, "roles.properties", "roles.properties") @@ -465,8 +466,8 @@ public void testICIR_TwoBeans_ReAuth_ViaServlet() throws Exception { // 17.6.9 - Runtime Security Enforcement // 17.6.10 - Audit Trail - static class EjbSecurityDomainSetup extends EjbElytronDomainSetup { - public EjbSecurityDomainSetup() { + static class ElytronDomainSetupOverride extends ElytronDomainSetup { + public ElytronDomainSetupOverride() { super(new File(AuthenticationTestCase.class.getResource("users.properties").getFile()).getAbsolutePath(), new File(AuthenticationTestCase.class.getResource("roles.properties").getFile()).getAbsolutePath()); } diff --git a/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/EntryBean.java b/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/EntryBean.java index 3c29e1c4b051..5bd395a83e72 100644 --- a/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/EntryBean.java +++ b/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/EntryBean.java @@ -32,6 +32,6 @@ * @author Darran Lofthouse */ @Stateless -@SecurityDomain("ejb3-tests") +@SecurityDomain("elytron-tests") public class EntryBean extends org.wildfly.test.integration.elytron.ejb.base.EntryBean implements Entry { } diff --git a/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/WhoAmIBean.java b/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/WhoAmIBean.java index 89b66f35631e..6a5b8d5650dc 100644 --- a/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/WhoAmIBean.java +++ b/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ejb/authentication/WhoAmIBean.java @@ -32,6 +32,6 @@ * @author Darran Lofthouse */ @Stateless -@SecurityDomain("ejb3-tests") +@SecurityDomain("elytron-tests") public class WhoAmIBean extends org.wildfly.test.integration.elytron.ejb.base.WhoAmIBean implements WhoAmI { } diff --git a/testsuite/integration/elytron/src/test/resources/org/wildfly/test/integration/elytron/ejb/jboss-web.xml b/testsuite/integration/elytron/src/test/resources/org/wildfly/test/integration/elytron/ejb/jboss-web.xml index dac146e63250..fe89b6353dc5 100644 --- a/testsuite/integration/elytron/src/test/resources/org/wildfly/test/integration/elytron/ejb/jboss-web.xml +++ b/testsuite/integration/elytron/src/test/resources/org/wildfly/test/integration/elytron/ejb/jboss-web.xml @@ -1,4 +1,4 @@ - ejb3-tests + elytron-tests diff --git a/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/EjbElytronDomainSetup.java b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/EjbElytronDomainSetup.java index d0c49fafb2df..5a8590f58dcb 100644 --- a/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/EjbElytronDomainSetup.java +++ b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/EjbElytronDomainSetup.java @@ -22,24 +22,18 @@ package org.wildfly.test.security.common.elytron; -//import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.COMPOSITE; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; +import static org.wildfly.test.security.common.elytron.Utils.applyRemoveAllowReload; +import static org.wildfly.test.security.common.elytron.Utils.applyUpdate; -import java.io.IOException; -import java.util.LinkedList; -import java.util.List; - +import org.jboss.as.arquillian.api.ServerSetupTask; import org.jboss.as.arquillian.container.ManagementClient; import org.jboss.as.controller.PathAddress; -import org.jboss.as.controller.client.ModelControllerClient; import org.jboss.as.controller.descriptions.ModelDescriptionConstants; import org.jboss.as.controller.operations.common.Util; -import org.jboss.as.test.integration.security.common.AbstractSecurityDomainSetup; import org.jboss.as.test.shared.ServerReload; import org.jboss.dmr.ModelNode; import org.wildfly.extension.elytron.ElytronExtension; @@ -49,13 +43,9 @@ * * @author Jan Kalina */ -public class EjbElytronDomainSetup extends AbstractSecurityDomainSetup { - - private static final String DEFAULT_SECURITY_DOMAIN_NAME = "ejb3-tests"; - - private PathAddress realmAddress; +public class EjbElytronDomainSetup implements ServerSetupTask { - private PathAddress domainAddress; + private static final String DEFAULT_SECURITY_DOMAIN_NAME = "elytron-tests"; private PathAddress saslAuthenticationAddress; @@ -63,25 +53,13 @@ public class EjbElytronDomainSetup extends AbstractSecurityDomainSetup { private PathAddress ejbDomainAddress; - private PathAddress ejbRemoteAddress = PathAddress.pathAddress() - .append(SUBSYSTEM, "ejb3") - .append("service", "remote"); - - private PathAddress httpAuthenticationAddress; - - private PathAddress undertowDomainAddress; - - private final String usersFile; - private final String groupsFile; private final String securityDomainName; - public EjbElytronDomainSetup(final String usersFile, final String groupsFile) { - this(usersFile, groupsFile, DEFAULT_SECURITY_DOMAIN_NAME); + public EjbElytronDomainSetup() { + this(DEFAULT_SECURITY_DOMAIN_NAME); } - public EjbElytronDomainSetup(final String usersFile, final String groupsFile, final String securityDomainName) { - this.usersFile = usersFile; - this.groupsFile = groupsFile; + public EjbElytronDomainSetup(final String securityDomainName) { this.securityDomainName = securityDomainName; } @@ -93,9 +71,6 @@ protected String getSecurityRealmName() { return getSecurityDomainName() + "-ejb3-UsersRoles"; } - protected String getUndertowDomainName() { - return getSecurityDomainName(); - } protected String getEjbDomainName() { return getSecurityDomainName(); @@ -109,32 +84,8 @@ protected String getRemotingConnectorName() { return "http-remoting-connector"; } - protected String getHttpAuthenticationName() { - return getSecurityDomainName(); - } - - protected String getUsersFile() { - return usersFile; - } - - protected String getGroupsFile() { - return groupsFile; - } - - protected boolean isUsersFilePlain() { - return true; - } - @Override public void setup(final ManagementClient managementClient, final String containerId) throws Exception { - realmAddress = PathAddress.pathAddress() - .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME) - .append("properties-realm", getSecurityRealmName()); - - domainAddress = PathAddress.pathAddress() - .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME) - .append("security-domain", getSecurityDomainName()); - saslAuthenticationAddress = PathAddress.pathAddress() .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME) .append("sasl-authentication-factory", getSaslAuthenticationName()); @@ -147,36 +98,12 @@ public void setup(final ManagementClient managementClient, final String containe .append(SUBSYSTEM, "ejb3") .append("application-security-domain", getEjbDomainName()); - httpAuthenticationAddress = PathAddress.pathAddress() - .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME) - .append("http-authentication-factory", getHttpAuthenticationName()); - - undertowDomainAddress = PathAddress.pathAddress() - .append(SUBSYSTEM, "undertow") - .append("application-security-domain", getUndertowDomainName()); - final ModelNode compositeOp = new ModelNode(); compositeOp.get(OP).set(ModelDescriptionConstants.COMPOSITE); compositeOp.get(OP_ADDR).setEmptyList(); ModelNode steps = compositeOp.get(STEPS); - // /subsystem=elytron/properties-realm=UsersRoles:add(users-properties={path=users.properties},groups-properties={path=roles.properties}) - ModelNode addRealm = Util.createAddOperation(realmAddress); - addRealm.get("users-properties").get("path").set(getUsersFile()); - addRealm.get("users-properties").get("plain-text").set(isUsersFilePlain()); // not hashed - addRealm.get("groups-properties").get("path").set(getGroupsFile()); - steps.add(addRealm); - - // /subsystem=elytron/security-domain=EjbDomain:add(default-realm=UsersRoles, realms=[{realm=UsersRoles}]) - ModelNode addDomain = Util.createAddOperation(domainAddress); - addDomain.get("permission-mapper").set("default-permission-mapper"); // LoginPermission for everyone (defined in standalone-elytron.xml) - addDomain.get("default-realm").set(getSecurityRealmName()); - addDomain.get("realms").get(0).get("realm").set(getSecurityRealmName()); - addDomain.get("realms").get(0).get("role-decoder").set("groups-to-roles"); // use attribute "groups" as roles (defined in standalone-elytron.xml) - addDomain.get("realms").get(1).get("realm").set("local"); - steps.add(addDomain); - // /subsystem=elytron/sasl-authentication-factory=ejb3-tests-auth-fac:add(sasl-server-factory=configured,security-domain=EjbDomain,mechanism-configurations=[{mechanism-name=BASIC}]) ModelNode addSaslAuthentication = Util.createAddOperation(saslAuthenticationAddress); addSaslAuthentication.get("sasl-server-factory").set("configured"); @@ -196,17 +123,6 @@ public void setup(final ManagementClient managementClient, final String containe addEjbDomain.get("security-domain").set(getSecurityDomainName()); steps.add(addEjbDomain); - ModelNode addHttpAuthentication = Util.createAddOperation(httpAuthenticationAddress); - addHttpAuthentication.get("security-domain").set(getSecurityDomainName()); - addHttpAuthentication.get("http-server-mechanism-factory").set("global"); - addHttpAuthentication.get("mechanism-configurations").get(0).get("mechanism-name").set("BASIC"); - addHttpAuthentication.get("mechanism-configurations").get(0).get("mechanism-realm-configurations").get(0).get("realm-name").set("TestingRealm"); - steps.add(addHttpAuthentication); - - ModelNode addUndertowDomain = Util.createAddOperation(undertowDomainAddress); - addUndertowDomain.get("http-authentication-factory").set(getHttpAuthenticationName()); - steps.add(addUndertowDomain); - applyUpdate(managementClient.getControllerClient(), compositeOp, false); // TODO: add {"allow-resource-service-restart" => true} to ejbRemoteAddress write-attribute operation once WFLY-8793 / JBEAP-10955 is fixed // and remove this reload @@ -228,10 +144,6 @@ public void tearDown(final ManagementClient managementClient, final String conta throw new RuntimeException(e); } - List updates = new LinkedList<>(); - - applyRemoveAllowReload(managementClient.getControllerClient(), undertowDomainAddress, false); - applyRemoveAllowReload(managementClient.getControllerClient(), httpAuthenticationAddress, false); applyRemoveAllowReload(managementClient.getControllerClient(), ejbDomainAddress, false); // TODO: remove this reload once WFLY-8821 / JBEAP-11074 is fixed try { @@ -240,17 +152,6 @@ public void tearDown(final ManagementClient managementClient, final String conta throw new RuntimeException(e); } applyRemoveAllowReload(managementClient.getControllerClient(), saslAuthenticationAddress, false); - applyRemoveAllowReload(managementClient.getControllerClient(), domainAddress, false); - applyRemoveAllowReload(managementClient.getControllerClient(), realmAddress, false); } - private static void applyRemoveAllowReload(final ModelControllerClient client, PathAddress address, boolean allowFailure) { - ModelNode op = Util.createRemoveOperation(address); - op.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true); - try { - applyUpdate(client, op, allowFailure); - } catch (IOException e) { - throw new RuntimeException(e); - } - } } diff --git a/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/ElytronDomainSetup.java b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/ElytronDomainSetup.java new file mode 100644 index 000000000000..36d0d964fe3d --- /dev/null +++ b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/ElytronDomainSetup.java @@ -0,0 +1,148 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2017, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.wildfly.test.security.common.elytron; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; +import static org.wildfly.test.security.common.elytron.Utils.applyRemoveAllowReload; +import static org.wildfly.test.security.common.elytron.Utils.applyUpdate; + +import org.jboss.as.arquillian.api.ServerSetupTask; +import org.jboss.as.arquillian.container.ManagementClient; +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.descriptions.ModelDescriptionConstants; +import org.jboss.as.controller.operations.common.Util; +import org.jboss.dmr.ModelNode; +import org.wildfly.extension.elytron.ElytronExtension; + +/** + * Utility methods to create/remove simple security domains + * + * @author Jan Kalina + */ +public class ElytronDomainSetup implements ServerSetupTask { + + private static final String DEFAULT_SECURITY_DOMAIN_NAME = "elytron-tests"; + + private PathAddress realmAddress; + + private PathAddress domainAddress; + + private final String usersFile; + private final String groupsFile; + private final String securityDomainName; + + public ElytronDomainSetup(final String usersFile, final String groupsFile) { + this(usersFile, groupsFile, DEFAULT_SECURITY_DOMAIN_NAME); + } + + public ElytronDomainSetup(final String usersFile, final String groupsFile, final String securityDomainName) { + this.usersFile = usersFile; + this.groupsFile = groupsFile; + this.securityDomainName = securityDomainName; + } + + protected String getSecurityDomainName() { + return securityDomainName; + } + + protected String getSecurityRealmName() { + return getSecurityDomainName() + "-ejb3-UsersRoles"; + } + + protected String getUndertowDomainName() { + return getSecurityDomainName(); + } + + protected String getEjbDomainName() { + return getSecurityDomainName(); + } + + protected String getSaslAuthenticationName() { + return getSecurityDomainName(); + } + + protected String getRemotingConnectorName() { + return "http-remoting-connector"; + } + + protected String getHttpAuthenticationName() { + return getSecurityDomainName(); + } + + protected String getUsersFile() { + return usersFile; + } + + protected String getGroupsFile() { + return groupsFile; + } + + protected boolean isUsersFilePlain() { + return true; + } + + @Override + public void setup(final ManagementClient managementClient, final String containerId) throws Exception { + realmAddress = PathAddress.pathAddress() + .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME) + .append("properties-realm", getSecurityRealmName()); + + domainAddress = PathAddress.pathAddress() + .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME) + .append("security-domain", getSecurityDomainName()); + + final ModelNode compositeOp = new ModelNode(); + compositeOp.get(OP).set(ModelDescriptionConstants.COMPOSITE); + compositeOp.get(OP_ADDR).setEmptyList(); + + ModelNode steps = compositeOp.get(STEPS); + + // /subsystem=elytron/properties-realm=UsersRoles:add(users-properties={path=users.properties},groups-properties={path=roles.properties}) + ModelNode addRealm = Util.createAddOperation(realmAddress); + addRealm.get("users-properties").get("path").set(getUsersFile()); + addRealm.get("users-properties").get("plain-text").set(isUsersFilePlain()); // not hashed + addRealm.get("groups-properties").get("path").set(getGroupsFile()); + steps.add(addRealm); + + // /subsystem=elytron/security-domain=EjbDomain:add(default-realm=UsersRoles, realms=[{realm=UsersRoles}]) + ModelNode addDomain = Util.createAddOperation(domainAddress); + addDomain.get("permission-mapper").set("default-permission-mapper"); // LoginPermission for everyone (defined in standalone-elytron.xml) + addDomain.get("default-realm").set(getSecurityRealmName()); + addDomain.get("realms").get(0).get("realm").set(getSecurityRealmName()); + addDomain.get("realms").get(0).get("role-decoder").set("groups-to-roles"); // use attribute "groups" as roles (defined in standalone-elytron.xml) + addDomain.get("realms").get(1).get("realm").set("local"); + steps.add(addDomain); + + applyUpdate(managementClient.getControllerClient(), compositeOp, false); + } + + @Override + public void tearDown(final ManagementClient managementClient, final String containerId) { + applyRemoveAllowReload(managementClient.getControllerClient(), domainAddress, false); + applyRemoveAllowReload(managementClient.getControllerClient(), realmAddress, false); + } + +} diff --git a/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/ServletElytronDomainSetup.java b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/ServletElytronDomainSetup.java new file mode 100644 index 000000000000..8d459aa9ef37 --- /dev/null +++ b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/ServletElytronDomainSetup.java @@ -0,0 +1,115 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2017, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.wildfly.test.security.common.elytron; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; +import static org.wildfly.test.security.common.elytron.Utils.applyRemoveAllowReload; +import static org.wildfly.test.security.common.elytron.Utils.applyUpdate; + +import org.jboss.as.arquillian.api.ServerSetupTask; +import org.jboss.as.arquillian.container.ManagementClient; +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.descriptions.ModelDescriptionConstants; +import org.jboss.as.controller.operations.common.Util; +import org.jboss.dmr.ModelNode; +import org.wildfly.extension.elytron.ElytronExtension; + +/** + * Utility methods to create/remove simple security domains + * + * @author Jan Kalina + */ +public class ServletElytronDomainSetup implements ServerSetupTask { + + private static final String DEFAULT_SECURITY_DOMAIN_NAME = "elytron-tests"; + + private PathAddress httpAuthenticationAddress; + + private PathAddress undertowDomainAddress; + + private final String securityDomainName; + + public ServletElytronDomainSetup() { + this(DEFAULT_SECURITY_DOMAIN_NAME); + } + + public ServletElytronDomainSetup(final String securityDomainName) { + this.securityDomainName = securityDomainName; + } + + protected String getSecurityDomainName() { + return securityDomainName; + } + + protected String getUndertowDomainName() { + return getSecurityDomainName(); + } + + protected String getHttpAuthenticationName() { + return getSecurityDomainName(); + } + + protected String getDeploymentSecurityDomain() { + return getSecurityDomainName(); + } + + @Override + public void setup(final ManagementClient managementClient, final String containerId) throws Exception { + httpAuthenticationAddress = PathAddress.pathAddress() + .append(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME) + .append("http-authentication-factory", getHttpAuthenticationName()); + + undertowDomainAddress = PathAddress.pathAddress() + .append(SUBSYSTEM, "undertow") + .append("application-security-domain", getUndertowDomainName()); + + final ModelNode compositeOp = new ModelNode(); + compositeOp.get(OP).set(ModelDescriptionConstants.COMPOSITE); + compositeOp.get(OP_ADDR).setEmptyList(); + + ModelNode steps = compositeOp.get(STEPS); + + ModelNode addHttpAuthentication = Util.createAddOperation(httpAuthenticationAddress); + addHttpAuthentication.get("security-domain").set(getSecurityDomainName()); + addHttpAuthentication.get("http-server-mechanism-factory").set("global"); + addHttpAuthentication.get("mechanism-configurations").get(0).get("mechanism-name").set("BASIC"); + addHttpAuthentication.get("mechanism-configurations").get(0).get("mechanism-realm-configurations").get(0).get("realm-name").set("TestingRealm"); + steps.add(addHttpAuthentication); + + ModelNode addUndertowDomain = Util.createAddOperation(undertowDomainAddress); + addUndertowDomain.get("http-authentication-factory").set(getHttpAuthenticationName()); + steps.add(addUndertowDomain); + + applyUpdate(managementClient.getControllerClient(), compositeOp, false); + } + + @Override + public void tearDown(final ManagementClient managementClient, final String containerId) { + applyRemoveAllowReload(managementClient.getControllerClient(), undertowDomainAddress, false); + applyRemoveAllowReload(managementClient.getControllerClient(), httpAuthenticationAddress, false); + } + +} diff --git a/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/Utils.java b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/Utils.java new file mode 100644 index 000000000000..01ded5e9e469 --- /dev/null +++ b/testsuite/shared/src/main/java/org/wildfly/test/security/common/elytron/Utils.java @@ -0,0 +1,80 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2017, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.wildfly.test.security.common.elytron; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS; + +import java.io.IOException; +import java.util.List; + +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.client.ModelControllerClient; +import org.jboss.as.controller.client.OperationBuilder; +import org.jboss.as.controller.operations.common.Util; +import org.jboss.dmr.ModelNode; +import org.jboss.logging.Logger; + +/** + * Utility methods for test configuration. + * + * @author Darran Lofthouse + */ +class Utils { + + private static final Logger LOGGER = Logger.getLogger(Utils.class); + + static void applyUpdates(final ModelControllerClient client, final List updates) { + for (ModelNode update : updates) { + try { + applyUpdate(client, update, false); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + } + + static void applyUpdate(final ModelControllerClient client, ModelNode update, boolean allowFailure) throws IOException { + ModelNode result = client.execute(new OperationBuilder(update).build()); + if (result.hasDefined("outcome") && (allowFailure || "success".equals(result.get("outcome").asString()))) { + if (result.hasDefined("result")) { + LOGGER.trace(result.get("result")); + } + } else if (result.hasDefined("failure-description")) { + throw new RuntimeException(result.get("failure-description").toString()); + } else { + throw new RuntimeException("Operation not successful; outcome = " + result.get("outcome")); + } + } + + static void applyRemoveAllowReload(final ModelControllerClient client, PathAddress address, boolean allowFailure) { + ModelNode op = Util.createRemoveOperation(address); + op.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true); + try { + applyUpdate(client, op, allowFailure); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + +}