Example 6 with Administration
use of org.wildfly.extras.creaper.core.online.operations.admin.Administration in project keycloak by keycloak.
the class AuthServerTestEnricher method enableTLS.
private static void enableTLS(OnlineManagementClient client) throws Exception {
Administration administration = new Administration(client);
Operations operations = new Operations(client);
if (!operations.exists(Address.subsystem("elytron").and("server-ssl-context", "httpsSSC"))) {
client.execute("/subsystem=elytron/key-store=httpsKS:add(relative-to=jboss.server.config.dir,path=keycloak.jks,credential-reference={clear-text=secret},type=JKS)");
client.execute("/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,credential-reference={clear-text=secret})");
client.execute("/subsystem=elytron/key-store=twoWayTS:add(relative-to=jboss.server.config.dir,path=keycloak.truststore,credential-reference={clear-text=secret},type=JKS)");
client.execute("/subsystem=elytron/trust-manager=twoWayTM:add(key-store=twoWayTS)");
client.execute("/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=[\"TLSv1.2\"],trust-manager=twoWayTM,want-client-auth=true)");
removeHttpsListener(client, administration);
addHttpsListener(client);
reloadOrRestartTimeoutClient(administration);
} else {
log.info("## The Auth Server has already configured TLS. Skipping ##");
}
}
Also used :
Administration(org.wildfly.extras.creaper.core.online.operations.admin.Administration)
Operations(org.wildfly.extras.creaper.core.online.operations.Operations)
Example 7 with Administration
use of org.wildfly.extras.creaper.core.online.operations.admin.Administration in project keycloak by keycloak.
the class AppServerTestEnricher method enableHTTPSForManagementClient.
public static void enableHTTPSForManagementClient(OnlineManagementClient client) throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
Administration administration = new Administration(client);
Operations operations = new Operations(client);
if (!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
}
client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)");
client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)");
if (AppServerTestEnricher.isEAP6AppServer()) {
if (!operations.exists(Address.subsystem("web").and("connector", "https"))) {
client.apply(new AddConnector.Builder("https").protocol("HTTP/1.1").scheme("https").socketBinding("https").secure(true).build());
client.apply(new AddConnectorSslConfig.Builder("https").password("secret").certificateKeyFile("${jboss.server.config.dir}/adapter.jks").build());
String appServerJavaHome = System.getProperty("app.server.java.home", "");
if (appServerJavaHome.contains("ibm")) {
// Workaround for bug in IBM JDK: https://bugzilla.redhat.com/show_bug.cgi?id=1430730
// Source: https://access.redhat.com/solutions/4133531
client.execute("/subsystem=web/connector=https/configuration=ssl:write-attribute(name=cipher-suite, value=\"SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA\")");
}
}
} else {
removeHttpsListener(client, administration);
addHttpsListenerAppServer(client);
}
reloadOrRestartTimeoutClient(administration);
}
Also used :
Administration(org.wildfly.extras.creaper.core.online.operations.admin.Administration)
Operations(org.wildfly.extras.creaper.core.online.operations.Operations)
Example 8 with Administration
use of org.wildfly.extras.creaper.core.online.operations.admin.Administration in project keycloak by keycloak.
the class ConsoleProtectionTest method beforeConsoleProtectionTest.
@Before
public void beforeConsoleProtectionTest() throws IOException, OperationException {
Assume.assumeTrue("This testClass doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
try (OnlineManagementClient clientWorkerNodeClient = AppServerTestEnricher.getManagementClient()) {
Operations operations = new Operations(clientWorkerNodeClient);
Assume.assumeTrue(operations.exists(Address.subsystem("elytron").and("security-domain", "KeycloakDomain")));
// Create a realm for both wildfly console and mgmt interface
clientWorkerNodeClient.execute("/subsystem=keycloak/realm=jboss-infra:add(auth-server-url=" + getAuthServerContextRoot() + "/auth,realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB)");
// Create a secure-deployment in order to protect mgmt interface
clientWorkerNodeClient.execute("/subsystem=keycloak/secure-deployment=wildfly-management:add(realm=jboss-infra,resource=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)");
// Protect HTTP mgmt interface with Keycloak adapter
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)");
clientWorkerNodeClient.execute("/subsystem=elytron/http-authentication-factory=keycloak-mgmt-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=wildfly-management,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])");
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=keycloak-mgmt-http-authentication)");
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade, value={enabled=true, sasl-authentication-factory=management-sasl-authentication})");
// Enable RBAC where roles are obtained from the identity
clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)");
clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)");
// Create a secure-server in order to publish the wildfly console configuration via mgmt interface
clientWorkerNodeClient.execute("/subsystem=keycloak/secure-server=wildfly-console:add(realm=jboss-infra,resource=wildfly-console,public-client=true)");
log.debug("Reloading the server");
new Administration(clientWorkerNodeClient).reload();
log.debug("Reloaded");
} catch (CliException | IOException | InterruptedException | TimeoutException cause) {
throw new RuntimeException("Failed to configure app server", cause);
}
DroneUtils.addWebDriver(jsDriver);
log.debug("Added jsDriver");
}
Also used :
Administration(org.wildfly.extras.creaper.core.online.operations.admin.Administration)
CliException(org.wildfly.extras.creaper.core.online.CliException)
OnlineManagementClient(org.wildfly.extras.creaper.core.online.OnlineManagementClient)
IOException(java.io.IOException)
Operations(org.wildfly.extras.creaper.core.online.operations.Operations)
TimeoutException(java.util.concurrent.TimeoutException)
Before(org.junit.Before)
Example 9 with Administration
use of org.wildfly.extras.creaper.core.online.operations.admin.Administration in project keycloak by keycloak.
the class AbstractHostnameTest method executeCli.
private void executeCli(String... commands) throws Exception {
OnlineManagementClient client = AuthServerTestEnricher.getManagementClient();
Administration administration = new Administration(client);
LOGGER.debug("Running CLI commands:");
for (String c : commands) {
LOGGER.debug(c);
client.execute(c).assertSuccess();
}
LOGGER.debug("Done");
administration.reload();
client.close();
}
Also used :
Administration(org.wildfly.extras.creaper.core.online.operations.admin.Administration)
OnlineManagementClient(org.wildfly.extras.creaper.core.online.OnlineManagementClient)
Aggregations
Administration (org.wildfly.extras.creaper.core.online.operations.admin.Administration)9
OnlineManagementClient (org.wildfly.extras.creaper.core.online.OnlineManagementClient)7
Operations (org.wildfly.extras.creaper.core.online.operations.Operations)3
StartContainer (org.jboss.arquillian.container.spi.event.StartContainer)2
StopContainer (org.jboss.arquillian.container.spi.event.StopContainer)2
Before (org.junit.Before)2
IOException (java.io.IOException)1
TimeoutException (java.util.concurrent.TimeoutException)1
CliException (org.wildfly.extras.creaper.core.online.CliException)1
