[WFLY-8803] Backport Latest WildFly Elytron Integration Changes

wildfly · May 18, 2017 · 9f3f755 · 9f3f755
2 parents 891782c + aada71e
commit 9f3f755
Show file tree

Hide file tree

Showing 24 changed files with 191 additions and 829 deletions.
diff --git a/...src/main/java/org/jboss/as/ejb3/deployment/processors/EjbClientContextSetupProcessor.java b/...src/main/java/org/jboss/as/ejb3/deployment/processors/EjbClientContextSetupProcessor.java
@@ -24,7 +24,12 @@
 import static java.security.AccessController.doPrivileged;
 
 import java.net.URI;
+import java.security.GeneralSecurityException;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.net.ssl.SSLContext;
 
 import org.jboss.as.ee.component.Attachments;
 import org.jboss.as.ee.component.ComponentDescription;
@@ -154,37 +159,41 @@ private RegistrationService(Module module) {
         @Override
         public void start(StartContext context) throws StartException {
 
-            doPrivileged((PrivilegedAction<Void>) () -> {
-                // associate the EJB client context and discovery setup with the deployment classloader
-                final EJBClientContextService ejbClientContextService = ejbClientContextInjectedValue.getValue();
-                final EJBClientContext ejbClientContext = ejbClientContextService.getClientContext();
-                final AuthenticationContext ejbClientClustersAuthenticationContext = ejbClientContextService.getClustersAuthenticationContext();
-                final ModuleClassLoader classLoader = module.getClassLoader();
-                EjbLogger.DEPLOYMENT_LOGGER.debugf("Registering EJB client context %s for classloader %s", ejbClientContext, classLoader);
-                final ContextManager<AuthenticationContext> authenticationContextManager = AuthenticationContext.getContextManager();
-                final RemotingProfileService profileService = profileServiceInjectedValue.getOptionalValue();
-                if (profileService != null || ejbClientClustersAuthenticationContext != null)  {
-                    // this is cheating but it works for our purposes
-                    AuthenticationContext authenticationContext = authenticationContextManager.getClassLoaderDefault(classLoader);
-                    if (authenticationContext == null) {
-                        authenticationContext = authenticationContextManager.get();
-                    }
-                    // now transform it
-                    if (profileService != null) {
-                        for (RemotingProfileService.ConnectionSpec connectionSpec : profileService.getConnectionSpecs()) {
-                            authenticationContext = transformOne(connectionSpec, authenticationContext);
+            try {
+                doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+                    // associate the EJB client context and discovery setup with the deployment classloader
+                    final EJBClientContextService ejbClientContextService = ejbClientContextInjectedValue.getValue();
+                    final EJBClientContext ejbClientContext = ejbClientContextService.getClientContext();
+                    final AuthenticationContext ejbClientClustersAuthenticationContext = ejbClientContextService.getClustersAuthenticationContext();
+                    final ModuleClassLoader classLoader = module.getClassLoader();
+                    EjbLogger.DEPLOYMENT_LOGGER.debugf("Registering EJB client context %s for classloader %s", ejbClientContext, classLoader);
+                    final ContextManager<AuthenticationContext> authenticationContextManager = AuthenticationContext.getContextManager();
+                    final RemotingProfileService profileService = profileServiceInjectedValue.getOptionalValue();
+                    if (profileService != null || ejbClientClustersAuthenticationContext != null) {
+                        // this is cheating but it works for our purposes
+                        AuthenticationContext authenticationContext = authenticationContextManager.getClassLoaderDefault(classLoader);
+                        if (authenticationContext == null) {
+                            authenticationContext = authenticationContextManager.get();
                         }
+                        // now transform it
+                        if (profileService != null) {
+                            for (RemotingProfileService.ConnectionSpec connectionSpec : profileService.getConnectionSpecs()) {
+                                authenticationContext = transformOne(connectionSpec, authenticationContext);
+                            }
+                        }
+                        if (ejbClientClustersAuthenticationContext != null) {
+                            authenticationContext = ejbClientClustersAuthenticationContext.with(authenticationContext);
+                        }
+                        // and set the result
+                        authenticationContextManager.setClassLoaderDefault(classLoader, authenticationContext);
                     }
-                    if (ejbClientClustersAuthenticationContext != null) {
-                        authenticationContext =  ejbClientClustersAuthenticationContext.with(authenticationContext);
-                    }
-                    // and set the result
-                    authenticationContextManager.setClassLoaderDefault(classLoader, authenticationContext);
-                }
-                EJBClientContext.getContextManager().setClassLoaderDefault(classLoader, ejbClientContext);
-                Discovery.getContextManager().setClassLoaderDefault(classLoader, discoveryInjector.getValue());
-                return null;
-            });
+                    EJBClientContext.getContextManager().setClassLoaderDefault(classLoader, ejbClientContext);
+                    Discovery.getContextManager().setClassLoaderDefault(classLoader, discoveryInjector.getValue());
+                    return null;
+                });
+            } catch (PrivilegedActionException e) {
+                throw (StartException) e.getCause();
+            }
         }
 
         @Override
@@ -206,9 +215,10 @@ public Void getValue() throws IllegalStateException, IllegalArgumentException {
             return null;
         }
 
-        private static AuthenticationContext transformOne(RemotingProfileService.ConnectionSpec connectionSpec, AuthenticationContext context) {
+        private static AuthenticationContext transformOne(RemotingProfileService.ConnectionSpec connectionSpec, AuthenticationContext context) throws StartException {
             final AbstractOutboundConnectionService connectionService = connectionSpec.getInjector().getValue();
             AuthenticationConfiguration authenticationConfiguration = connectionService.getAuthenticationConfiguration();
+            SSLContext sslContext = connectionService.getSSLContext();
             final URI destinationUri = connectionService.getDestinationUri();
             MatchRule rule = MatchRule.ALL;
             final String scheme = destinationUri.getScheme();
@@ -227,14 +237,19 @@ private static AuthenticationContext transformOne(RemotingProfileService.Connect
             if (path != null && ! path.isEmpty()) {
                 rule = rule.matchPath(path);
             }
-            final String userInfo = destinationUri.getUserInfo();
-            if (userInfo != null) {
-                rule = rule.matchUser(userInfo);
-            }
             final OptionMap connectOptions = connectionSpec.getConnectOptions();
             authenticationConfiguration = RemotingOptions.mergeOptionsIntoAuthenticationConfiguration(connectOptions, authenticationConfiguration);
             AuthenticationConfiguration configuration = CLIENT.getAuthenticationConfiguration(destinationUri, context, - 1, "ejb", "jboss", null);
-            return context.with(0, rule, configuration.with(authenticationConfiguration));
+            if (sslContext == null) {
+                try {
+                    sslContext = CLIENT.getSSLContext(destinationUri, context);
+                } catch (GeneralSecurityException e) {
+                    throw EjbLogger.ROOT_LOGGER.failedToObtainSSLContext(e);
+                }
+            }
+            final SSLContext finalSSLContext = sslContext;
+            AuthenticationContext mergedAuthenticationContext = context.with(0, rule, configuration.with(authenticationConfiguration));
+            return mergedAuthenticationContext.withSsl(0, rule, () -> finalSSLContext);
         }
     }
 }
diff --git a/ejb3/src/main/java/org/jboss/as/ejb3/logging/EjbLogger.java b/ejb3/src/main/java/org/jboss/as/ejb3/logging/EjbLogger.java
@@ -3145,4 +3145,7 @@ public interface EjbLogger extends BasicLogger {
     @LogMessage(level = INFO)
     @Message(id = 493, value = "EJB subsystem suspension complete")
     void suspensionComplete();
+
+    @Message(id = 494, value = "Failed to obtain SSLContext")
+    StartException failedToObtainSSLContext(@Cause Exception cause);
 }
diff --git a/testsuite/domain/pom.xml b/testsuite/domain/pom.xml
@@ -243,7 +243,6 @@
                         <include>org/jboss/as/test/integration/respawn/*TestCase.java</include>
                         <include>org/jboss/as/test/integration/domain/*TestCase.java</include>
                         <include>org/jboss/as/test/integration/domain/suites/*TestSuite.java</include>
-                        <include>org/jboss/as/test/integration/domain/elytron/*TestCase.java</include>
                     </includes>
                 </configuration>
             </plugin>

diff --git a/...test/java/org/jboss/as/test/integration/domain/AbstractSlaveHCAuthenticationTestCase.java b/...test/java/org/jboss/as/test/integration/domain/AbstractSlaveHCAuthenticationTestCase.java