Skip to content

Commit

Permalink
[WFLY-8010] Add utilities to setup Elytron auth config/auth contexts.
Browse files Browse the repository at this point in the history
  • Loading branch information
@sguilhen
sguilhen committed Feb 24, 2017
1 parent a791407 commit 6fd2461
Show file tree
Hide file tree
Showing 5 changed files with 557 additions and 157 deletions.
188 changes: 31 additions & 157 deletions .../java/org/jboss/as/test/integration/jca/security/DsWithElytronSecurityDomainTestCase.java
View file
Expand Up @@ -22,192 +22,66 @@

package org.jboss.as.test.integration.jca.security;

import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.IDENTITY;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.NAME;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PATH;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RELATIVE_TO;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.VALUE;
import static org.junit.Assert.assertNotNull;

import javax.naming.InitialContext;
import javax.sql.DataSource;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.util.Arrays;

import org.h2.tools.Server;
import org.jboss.arquillian.container.test.api.Deployment;

import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.as.arquillian.api.ServerSetup;
import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.as.controller.client.helpers.Operations;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.dmr.ModelNode;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.api.spec.EnterpriseArchive;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.core.testrunner.ServerSetupTask;
import org.wildfly.test.security.common.AbstractElytronSetupTask;
import org.wildfly.test.security.common.elytron.ConfigurableElement;
import org.wildfly.test.security.common.elytron.CredentialReference;
import org.wildfly.test.security.common.elytron.MatchRules;
import org.wildfly.test.security.common.elytron.SimpleAuthConfig;
import org.wildfly.test.security.common.elytron.SimpleAuthContext;

/**
* Data source with security domain test JBQA-5952
*
* @author <a href="mailto:vrastsel@redhat.com"> Vladimir Rastseluev</a>
*/
@RunWith(Arquillian.class)
@ServerSetup(DsWithElytronSecurityDomainTestCase.DsWithElytronSecurityDomainTestCaseSetup.class)
@ServerSetup(DsWithElytronSecurityDomainTestCase.ElytronSetup.class)
public class DsWithElytronSecurityDomainTestCase {

private static final String DATASOURCE_NAME = "ElyDSTest";
private static final PathAddress DATASOURCES_SUBSYSTEM_ADDRESS = PathAddress.pathAddress(ModelDescriptionConstants.SUBSYSTEM, "datasources");

private static final PathAddress ELYTRON_ADDRESS = PathAddress.pathAddress(SUBSYSTEM, "elytron");
public static final String FS_REALM = "fsRealm001";
public static final String AUTH_CTX = "myAuthCtx";
private static final PathAddress FS_REALM_ADDRESS = ELYTRON_ADDRESS.append("filesystem-realm", "fsRealm001");
private static final PathAddress AUTH_ADDRESS = ELYTRON_ADDRESS.append("authentication-context", AUTH_CTX);
private static final String SECURITY_DOMAIN = "ElyDSSecDomain";
private static final String DATABASE_PASSWORD = "chucknorris";
private static final PathAddress IDENTITY_ADDR = FS_REALM_ADDRESS.append(IDENTITY, "sa");
private static final PathAddress ROLE_DECODER_ADDR = ELYTRON_ADDRESS.append("simple-role-decoder", "from-roles-attribute");
private static final PathAddress SECURITY_DOMAIN_ADDR = ELYTRON_ADDRESS.append("security-domain", SECURITY_DOMAIN);


public static class DsWithElytronSecurityDomainTestCaseSetup implements ServerSetupTask {

private Server h2Server;
private Connection connection;
private static final String AUTH_CONFIG = "MyAuthConfig";
private static final String AUTH_CONTEXT = "MyAuthContext";
private static final String DATABASE_USER = "elytron";
private static final String DATABASE_PASSWORD = "passWD12#$";
private static final String DATASOURCE_NAME = "ElytronDSTest";

static class ElytronSetup extends AbstractElytronSetupTask {

@Override
public void setup(ManagementClient managementClient, String s) throws Exception {

final ModelControllerClient client = managementClient.getControllerClient();
setupDB();
createFsRealm(client);
addUser(client);
addSimpleRoleDecoder(client);
addSecurityDomain(client);
addAuthCtx(client);

createDS(client);
}

@Override
public void tearDown(ManagementClient managementClient, String s) throws Exception {
final ModelControllerClient client = managementClient.getControllerClient();

removeDatasourceSilently(managementClient.getControllerClient());
removeSilently(client, SECURITY_DOMAIN_ADDR);
removeSilently(client, ROLE_DECODER_ADDR);
removeSilently(client, IDENTITY_ADDR);
removeSilently(client, FS_REALM_ADDRESS);
tearDownDB();
}

private void createFsRealm(final ModelControllerClient client) throws IOException {
final ModelNode addOperation = Operations.createAddOperation(FS_REALM_ADDRESS.toModelNode());
addOperation.get(PATH).set(FS_REALM);
addOperation.get(RELATIVE_TO).set("jboss.server.data.dir");
execute(client, addOperation);
}

private void addUser(final ModelControllerClient client) throws IOException {
final ModelNode addOperation = Operations.createAddOperation(IDENTITY_ADDR.toModelNode());
execute(client, addOperation);
final ModelNode setPasswordOperation = Operations.createOperation("set-password", IDENTITY_ADDR.toModelNode());
ModelNode clear = setPasswordOperation.get("clear").setEmptyObject();
clear.get("password").set(DATABASE_PASSWORD);
execute(client, setPasswordOperation);
final ModelNode addAttribute = Operations.createOperation("add-attribute", IDENTITY_ADDR.toModelNode());
addAttribute.get(NAME).set("Roles");
addAttribute.get(VALUE).addEmptyList();
addAttribute.get(VALUE).set(Arrays.asList(new ModelNode("Admin"), new ModelNode("Guest")));
execute(client, addAttribute);

}

private void addSimpleRoleDecoder(final ModelControllerClient client) throws IOException {
final ModelNode addOperation = Operations.createAddOperation(ROLE_DECODER_ADDR.toModelNode());
addOperation.get("attribute").set("Roles");
execute(client, addOperation);

}

private void addSecurityDomain(final ModelControllerClient client) throws IOException {
final ModelNode addOperation = Operations.createAddOperation(SECURITY_DOMAIN_ADDR.toModelNode());
ModelNode realms= addOperation.get("realms").addEmptyObject();
realms.get("realm").set(FS_REALM);
realms.get("role-decoder").set("from-roles-attribute");
addOperation.get("default-realm").set(FS_REALM);
addOperation.get("permission-mapper").set("default-permission-mapper");
execute(client, addOperation);

}

private void addAuthCtx(final ModelControllerClient client) throws IOException {
final ModelNode addOperation = Operations.createAddOperation(AUTH_ADDRESS.toModelNode());
ModelNode matchRules= addOperation.get("match-rules").addEmptyObject();
matchRules.get("match-local-security-domain").set(SECURITY_DOMAIN);
execute(client, addOperation);

}

private ModelNode execute(final ModelControllerClient client, final ModelNode op) throws IOException {
final ModelNode result = client.execute(op);
return result;
}


private void createDS(final ModelControllerClient client) throws IOException {
final ModelNode addOperation = Operations.createAddOperation(DATASOURCES_SUBSYSTEM_ADDRESS.append("data-source", DATASOURCE_NAME).toModelNode());
addOperation.get("jndi-name").set("java:jboss/datasources/" + DATASOURCE_NAME);
addOperation.get("driver-name").set("h2");
addOperation.get("connection-url").set("jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE");
addOperation.get("elytron-enabled").set(true);
addOperation.get("authentication-context").set(AUTH_CTX);
addOperation.get(ModelDescriptionConstants.OPERATION_HEADERS).get("allow-resource-service-restart").set(true);
execute(client, addOperation);
}
private void removeDatasourceSilently(final ModelControllerClient client) throws IOException {
removeSilently(client, DATASOURCES_SUBSYSTEM_ADDRESS.append("data-source", DATASOURCE_NAME));


}

private void removeSilently(final ModelControllerClient client, PathAddress address) throws IOException {
final ModelNode removeOperation = Operations.createRemoveOperation(address.toModelNode());
removeOperation.get(ModelDescriptionConstants.OPERATION_HEADERS).get("allow-resource-service-restart").set(true);
execute(client, removeOperation);

}

public void setupDB() throws Exception {
h2Server = Server.createTcpServer("-tcpAllowOthers").start();
// open connection to database, because that's only (easy) way to set password for user sa
connection = DriverManager.getConnection("jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE", "sa", DATABASE_PASSWORD);
}

public void tearDownDB() throws Exception {
connection.close();
h2Server.shutdown();
protected ConfigurableElement[] getConfigurableElements() {
final CredentialReference credRefPwd = CredentialReference.builder().withClearText(DATABASE_PASSWORD).build();
final ConfigurableElement authenticationConfiguration = SimpleAuthConfig.builder().withName(AUTH_CONFIG)
.withAuthenticationName(DATABASE_USER).withCredentialReference(credRefPwd).build();
final MatchRules matchRules = MatchRules.builder().withAuthenticationConfiguration(AUTH_CONFIG).build();
final ConfigurableElement authenticationContext = SimpleAuthContext.builder().withName(AUTH_CONTEXT).
withMatchRules(matchRules).build();

return new ConfigurableElement[] {authenticationConfiguration, authenticationContext};
}
}

@Deployment
public static WebArchive deployment() {
final WebArchive war = ShrinkWrap.create(WebArchive.class, "test.war");
war.addAsManifestResource(new StringAsset("Dependencies: org.jboss.dmr, org.jboss.as.controller-client, org.jboss.as.controller\n"), "MANIFEST.MF");
war.addClass(DsWithElytronSecurityDomainTestCase.class);
war.addClass(DsWithElytronSecurityDomainTestCaseSetup.class);
return war;
public static Archive<?> deployment() {
final JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "single.jar").addClasses(DsWithElytronSecurityDomainTestCase.class);
jar.addClasses(AbstractElytronSetupTask.class, ServerSetupTask.class);
return ShrinkWrap.create(EnterpriseArchive.class, "test.ear").addAsLibrary(jar)
.addAsManifestResource(DsWithSecurityDomainTestCase.class.getPackage(), "security-ds-elytron.xml", "security-ds.xml");
}

@ArquillianResource
Expand Down
13 changes: 13 additions & 0 deletions ...on/basic/src/test/java/org/jboss/as/test/integration/jca/security/security-ds-elytron.xml
View file
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<datasources>
<datasource jndi-name="java:jboss/datasources/ElytronDSTest"
pool-name="securityDs">
<connection-url>jdbc:h2:mem:test-elytron;DB_CLOSE_DELAY=-1</connection-url>
<driver>h2</driver>
<new-connection-sql>select current_user()</new-connection-sql>
<security>
<elytron-enabled>true</elytron-enabled>
<authentication-context>MyAuthContext</authentication-context>
</security>
</datasource>
</datasources>

0 comments on commit 6fd2461

Please sign in to comment.