diff --git a/security/subsystem/src/main/java/org/jboss/as/security/AuditResourceDefinition.java b/security/subsystem/src/main/java/org/jboss/as/security/AuditResourceDefinition.java
index 2587eaf286a4..336b995c1985 100644
--- a/security/subsystem/src/main/java/org/jboss/as/security/AuditResourceDefinition.java
+++ b/security/subsystem/src/main/java/org/jboss/as/security/AuditResourceDefinition.java
@@ -27,7 +27,6 @@
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
-import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
import org.jboss.dmr.ModelNode;
/**
@@ -74,9 +73,4 @@ protected void updateModel(OperationContext context, ModelNode operation) throws
}
}
- static void registerTransformers_1_3_0(ResourceTransformationDescriptionBuilder parentBuilder) {
- ResourceTransformationDescriptionBuilder builder = parentBuilder.addChildResource(SecurityExtension.PATH_AUDIT_CLASSIC);
- MappingProviderModuleDefinition.registerTransformers_1_3_0(builder);
- }
-
}
diff --git a/security/subsystem/src/main/java/org/jboss/as/security/MappingProviderModuleDefinition.java b/security/subsystem/src/main/java/org/jboss/as/security/MappingProviderModuleDefinition.java
index 7a8ea0611287..a3fce08100fe 100644
--- a/security/subsystem/src/main/java/org/jboss/as/security/MappingProviderModuleDefinition.java
+++ b/security/subsystem/src/main/java/org/jboss/as/security/MappingProviderModuleDefinition.java
@@ -26,10 +26,6 @@
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.transform.description.DiscardAttributeChecker;
-import org.jboss.as.controller.transform.description.RejectAttributeChecker;
-import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
-import org.jboss.dmr.ModelNode;
/**
* This class should better be called {@code AuditProviderModuleDefinition} rather than {@code MappingProviderModuleDefinition},
@@ -51,12 +47,5 @@ public AttributeDefinition[] getAttributes() {
return ATTRIBUTES;
}
- static void registerTransformers_1_3_0(ResourceTransformationDescriptionBuilder parentBuilder) {
- ResourceTransformationDescriptionBuilder builder = parentBuilder.addChildResource(PATH_PROVIDER_MODULE);
- builder.getAttributeBuilder()
- .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(false, true,
- new ModelNode(ModuleName.PICKETBOX.getName())), MODULE)
- .addRejectCheck(RejectAttributeChecker.DEFINED, MODULE).end();
- }
}
diff --git a/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainResourceDefinition.java b/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainResourceDefinition.java
index 89c771ea4ffa..0008e7c472a5 100644
--- a/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainResourceDefinition.java
+++ b/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainResourceDefinition.java
@@ -48,7 +48,6 @@
import org.jboss.as.controller.operations.validation.StringAllowedValuesValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
-import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.as.security.service.SecurityDomainService;
@@ -230,9 +229,4 @@ private static void waitForService(final ServiceController> controller) throws
}
}
- static void registerTransformers_1_3_0(ResourceTransformationDescriptionBuilder parentBuilder) {
- ResourceTransformationDescriptionBuilder builder = parentBuilder.addChildResource(SecurityExtension.SECURITY_DOMAIN_PATH);
- AuditResourceDefinition.registerTransformers_1_3_0(builder);
- }
-
}
diff --git a/security/subsystem/src/main/java/org/jboss/as/security/SecurityTransformers.java b/security/subsystem/src/main/java/org/jboss/as/security/SecurityTransformers.java
index ff03e52570b5..c38a53e0bb38 100644
--- a/security/subsystem/src/main/java/org/jboss/as/security/SecurityTransformers.java
+++ b/security/subsystem/src/main/java/org/jboss/as/security/SecurityTransformers.java
@@ -22,6 +22,10 @@
package org.jboss.as.security;
+import static org.jboss.as.security.Constants.MODULE;
+import static org.jboss.as.security.MappingProviderModuleDefinition.PATH_PROVIDER_MODULE;
+import static org.jboss.as.security.SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC;
+
import org.jboss.as.controller.ModelVersion;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.transform.ExtensionTransformerRegistration;
@@ -30,6 +34,7 @@
import org.jboss.as.controller.transform.description.RejectAttributeChecker;
import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
import org.jboss.as.controller.transform.description.TransformationDescription;
+import org.jboss.dmr.ModelNode;
/**
* @author Tomaz Cerar (c) 2017 Red Hat Inc.
@@ -42,7 +47,7 @@ public String getSubsystemName() {
@Override
public void registerTransformers(SubsystemTransformerRegistration subsystemRegistration) {
-// only register transformers for model version 1.3.0 (EAP 6.2+).
+ // only register transformers for model version 1.3.0 (EAP 6.2+).
registerTransformers_1_3_0(subsystemRegistration);
}
@@ -53,12 +58,18 @@ private void registerTransformers_1_3_0(SubsystemTransformerRegistration subsyst
builder.rejectChildResource(PathElement.pathElement(Constants.ELYTRON_TRUST_STORE));
builder.rejectChildResource(PathElement.pathElement(Constants.ELYTRON_KEY_MANAGER));
builder.rejectChildResource(PathElement.pathElement(Constants.ELYTRON_TRUST_MANAGER));
- builder.addChildResource(PathElement.pathElement(Constants.SECURITY_MANAGEMENT))
- .getAttributeBuilder()
- .addRejectCheck(RejectAttributeChecker.DEFINED, SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC)
- .setDiscard(DiscardAttributeChecker.UNDEFINED, SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC);
+ builder.getAttributeBuilder()
+ .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(INITIALIZE_JACC.getDefaultValue()), INITIALIZE_JACC)
+ .addRejectCheck(RejectAttributeChecker.DEFINED, INITIALIZE_JACC);
- SecurityDomainResourceDefinition.registerTransformers_1_3_0(builder);
+
+ builder
+ .addChildResource(SecurityExtension.SECURITY_DOMAIN_PATH)
+ .addChildResource(SecurityExtension.PATH_AUDIT_CLASSIC)
+ .addChildResource(PATH_PROVIDER_MODULE)
+ .getAttributeBuilder()
+ .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(new ModelNode(ModuleName.PICKETBOX.getName())), MODULE)
+ .addRejectCheck(RejectAttributeChecker.DEFINED, MODULE).end();
TransformationDescription.Tools.register(builder.build(), subsystemRegistration, ModelVersion.create(1, 3, 0));
}
diff --git a/security/subsystem/src/test/java/org/jboss/as/security/SecurityDomainModelv20UnitTestCase.java b/security/subsystem/src/test/java/org/jboss/as/security/SecurityDomainModelv20UnitTestCase.java
index 154e1c2b17f4..b3832e192949 100644
--- a/security/subsystem/src/test/java/org/jboss/as/security/SecurityDomainModelv20UnitTestCase.java
+++ b/security/subsystem/src/test/java/org/jboss/as/security/SecurityDomainModelv20UnitTestCase.java
@@ -15,24 +15,12 @@
*/
package org.jboss.as.security;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
import java.io.File;
import java.io.IOException;
import java.util.Properties;
-import org.jboss.as.controller.ModelVersion;
-import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.model.test.FailedOperationTransformationConfig;
-import org.jboss.as.model.test.ModelTestControllerVersion;
-import org.jboss.as.model.test.ModelTestUtils;
import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
import org.jboss.as.subsystem.test.AdditionalInitialization;
-import org.jboss.as.subsystem.test.KernelServices;
-import org.jboss.as.subsystem.test.KernelServicesBuilder;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -107,63 +95,4 @@ public void testSchemaOfSubsystemTemplates() throws Exception {
protected AdditionalInitialization createAdditionalInitialization() {
return AdditionalInitialization.withCapabilities("org.wildfly.clustering.infinispan.default-cache-configuration.security");
}
-
- @Test
- public void testTransformersEAP64() throws Exception {
- testTransformers(ModelTestControllerVersion.EAP_6_4_0);
- }
-
- @Test
- public void testTransformersEAP70() throws Exception {
- testTransformers(ModelTestControllerVersion.EAP_7_0_0);
- }
-
- private void testTransformers(ModelTestControllerVersion controllerVersion) throws Exception {
-
- KernelServicesBuilder builder = createKernelServicesBuilder(createAdditionalInitialization());
- ModelVersion version = ModelVersion.create(1, 3, 0);
-
- final String mavenGavVersion = controllerVersion.getMavenGavVersion();
- final String artifactId;
- if (controllerVersion.isEap() && mavenGavVersion.equals(controllerVersion.getCoreVersion())) {
- /* EAP 6 */
- artifactId = "jboss-as-security";
- } else {
- artifactId = "wildfly-security";
- }
-
- builder.createLegacyKernelServicesBuilder(AdditionalInitialization.MANAGEMENT, controllerVersion, version)
- .addMavenResourceURL(controllerVersion.getMavenGroupId() + ":"+ artifactId +":" + mavenGavVersion);
-
- KernelServices mainServices = builder.build();
- assertTrue(mainServices.isSuccessfulBoot());
- KernelServices legacyServices = mainServices.getLegacyServices(version);
- assertNotNull(legacyServices);
- assertTrue(legacyServices.isSuccessfulBoot());
-
- // any elytron-related resources in the model should get rejected as those are not supported in model version 1.3.0.
- PathAddress subsystemAddress = PathAddress.pathAddress(PathElement.pathElement(SUBSYSTEM, getMainSubsystemName()));
- ModelTestUtils.checkFailedTransformedBootOperations(mainServices, version,
- builder.parseXmlResource("securitysubsystemv20.xml"),
- new FailedOperationTransformationConfig()
- .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_REALM)),
- FailedOperationTransformationConfig.REJECTED_RESOURCE)
- .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_STORE)),
- FailedOperationTransformationConfig.REJECTED_RESOURCE)
- .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_STORE)),
- FailedOperationTransformationConfig.REJECTED_RESOURCE)
- .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_MANAGER)),
- FailedOperationTransformationConfig.REJECTED_RESOURCE)
- .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_MANAGER)),
- FailedOperationTransformationConfig.REJECTED_RESOURCE)
- .addFailedAttribute(
- PathAddress.pathAddress(subsystemAddress,
- PathElement.pathElement(Constants.SECURITY_DOMAIN, "domain-with-custom-audit-provider"),
- SecurityExtension.PATH_AUDIT_CLASSIC,
- PathElement.pathElement(Constants.PROVIDER_MODULE,
- "org.myorg.security.MyCustomLogAuditProvider")),
- new FailedOperationTransformationConfig.NewAttributesConfig(Constants.MODULE))
- .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.SECURITY_MANAGEMENT)),
- new FailedOperationTransformationConfig.NewAttributesConfig(Constants.INITIALIZE_JACC)));
- }
}
diff --git a/security/subsystem/src/test/java/org/jboss/as/security/SecurityTransformersTestCase.java b/security/subsystem/src/test/java/org/jboss/as/security/SecurityTransformersTestCase.java
new file mode 100644
index 000000000000..59dced95d5ce
--- /dev/null
+++ b/security/subsystem/src/test/java/org/jboss/as/security/SecurityTransformersTestCase.java
@@ -0,0 +1,155 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2017, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.security;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+
+import org.jboss.as.controller.ModelVersion;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.model.test.FailedOperationTransformationConfig;
+import org.jboss.as.model.test.ModelTestControllerVersion;
+import org.jboss.as.model.test.ModelTestUtils;
+import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
+import org.jboss.as.subsystem.test.AdditionalInitialization;
+import org.jboss.as.subsystem.test.KernelServices;
+import org.jboss.as.subsystem.test.KernelServicesBuilder;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * @author Tomaz Cerar (c) 2017 Red Hat Inc.
+ */
+public class SecurityTransformersTestCase extends AbstractSubsystemBaseTest {
+
+ public SecurityTransformersTestCase() {
+ super(SecurityExtension.SUBSYSTEM_NAME, new SecurityExtension());
+ }
+
+ @Override
+ protected String getSubsystemXml() throws IOException {
+ return readResource("securitysubsystemv20.xml");
+ }
+
+
+ @Override
+ protected AdditionalInitialization createAdditionalInitialization() {
+ return AdditionalInitialization.withCapabilities("org.wildfly.clustering.infinispan.default-cache-configuration.security");
+ }
+
+ @Test
+ public void testTransformersEAP64() throws Exception {
+ testTransformers(ModelTestControllerVersion.EAP_6_4_0);
+ }
+
+ @Test
+ public void testTransformersEAP70() throws Exception {
+ testTransformers(ModelTestControllerVersion.EAP_7_0_0);
+ }
+
+ private void testTransformers(ModelTestControllerVersion controllerVersion) throws Exception {
+ ModelVersion version = ModelVersion.create(1, 3, 0);
+
+ final String mavenGavVersion = controllerVersion.getMavenGavVersion();
+ final String artifactId;
+ if (controllerVersion.isEap() && mavenGavVersion.equals(controllerVersion.getCoreVersion())) {
+ /* EAP 6 */
+ artifactId = "jboss-as-security";
+ } else {
+ artifactId = "wildfly-security";
+ }
+
+ String mavenGav = String.format("%s:%s:%s", controllerVersion.getMavenGroupId(), artifactId, controllerVersion.getMavenGavVersion());
+
+ testTransformers(controllerVersion, version, mavenGav);
+ testReject(controllerVersion, version, mavenGav);
+ }
+
+ private void testReject(ModelTestControllerVersion controllerVersion, ModelVersion targetVersion, String mavenGAV) throws Exception {
+ KernelServicesBuilder builder = createKernelServicesBuilder(createAdditionalInitialization());
+ builder.createLegacyKernelServicesBuilder(null, controllerVersion, targetVersion)
+ .configureReverseControllerCheck(createAdditionalInitialization(), null)
+ //.skipReverseControllerCheck()
+ .addMavenResourceURL(mavenGAV)
+ .dontPersistXml();
+
+ KernelServices mainServices = builder.build();
+ Assert.assertTrue(mainServices.isSuccessfulBoot());
+ KernelServices legacyServices = mainServices.getLegacyServices(targetVersion);
+ Assert.assertTrue(legacyServices.isSuccessfulBoot());
+ Assert.assertNotNull(legacyServices);
+
+ // any elytron-related resources in the model should get rejected as those are not supported in model version 1.3.0.
+ PathAddress subsystemAddress = PathAddress.pathAddress(PathElement.pathElement(SUBSYSTEM, getMainSubsystemName()));
+ ModelTestUtils.checkFailedTransformedBootOperations(mainServices, targetVersion,
+ builder.parseXmlResource("security-transformers-reject_2.0.xml"),
+ new FailedOperationTransformationConfig()
+ .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_REALM)),
+ FailedOperationTransformationConfig.REJECTED_RESOURCE)
+ .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_STORE)),
+ FailedOperationTransformationConfig.REJECTED_RESOURCE)
+ .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_STORE)),
+ FailedOperationTransformationConfig.REJECTED_RESOURCE)
+ .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_MANAGER)),
+ FailedOperationTransformationConfig.REJECTED_RESOURCE)
+ .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_MANAGER)),
+ FailedOperationTransformationConfig.REJECTED_RESOURCE)
+ .addFailedAttribute(
+ PathAddress.pathAddress(subsystemAddress,
+ PathElement.pathElement(Constants.SECURITY_DOMAIN, "domain-with-custom-audit-provider"),
+ SecurityExtension.PATH_AUDIT_CLASSIC,
+ PathElement.pathElement(Constants.PROVIDER_MODULE,
+ "org.myorg.security.MyCustomLogAuditProvider")),
+ new FailedOperationTransformationConfig.NewAttributesConfig(Constants.MODULE))
+ .addFailedAttribute(PathAddress.pathAddress(subsystemAddress),
+ new FailedOperationTransformationConfig.NewAttributesConfig(Constants.INITIALIZE_JACC)));
+ legacyServices.shutdown();
+ mainServices.shutdown();
+ }
+
+
+ private void testTransformers(ModelTestControllerVersion controllerVersion, ModelVersion targetVersion, String mavenGAV) throws Exception {
+ //Boot up empty controllers with the resources needed for the ops coming from the xml to work
+ KernelServicesBuilder builder = createKernelServicesBuilder(createAdditionalInitialization())
+ .setSubsystemXmlResource("security-transformers_2.0.xml");
+ builder.createLegacyKernelServicesBuilder(null, controllerVersion, targetVersion)
+ .addMavenResourceURL(mavenGAV)
+ .configureReverseControllerCheck(createAdditionalInitialization(), null)
+ .dontPersistXml();
+
+ KernelServices mainServices = builder.build();
+ assertTrue(mainServices.isSuccessfulBoot());
+ assertTrue(mainServices.getLegacyServices(targetVersion).isSuccessfulBoot());
+
+ checkSubsystemModelTransformation(mainServices, targetVersion, null);
+ mainServices.shutdown();
+ }
+
+
+ @Override
+ public void testSchema() throws Exception {
+ }
+}
diff --git a/security/subsystem/src/test/resources/org/jboss/as/security/security-transformers-reject_2.0.xml b/security/subsystem/src/test/resources/org/jboss/as/security/security-transformers-reject_2.0.xml
new file mode 100644
index 000000000000..787437d527e6
--- /dev/null
+++ b/security/subsystem/src/test/resources/org/jboss/as/security/security-transformers-reject_2.0.xml
@@ -0,0 +1,163 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/security/subsystem/src/test/resources/org/jboss/as/security/security-transformers_2.0.xml b/security/subsystem/src/test/resources/org/jboss/as/security/security-transformers_2.0.xml
new file mode 100644
index 000000000000..0e7b1b85d3d7
--- /dev/null
+++ b/security/subsystem/src/test/resources/org/jboss/as/security/security-transformers_2.0.xml
@@ -0,0 +1,149 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+