Search in sources :

Example 6 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testStop_NotAllowed.

/**
     * Stopping an execution by a user who doesn't have the permission to do it.
     */
@Test
public void testStop_NotAllowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final SecurityIdentity user3 = getSecurityIdentity("user3", "password3");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("long-running-batchlet", null));
    TimeUnit.SECONDS.sleep(1);
    try {
        user3.runAs(() -> operator.stop(id));
        Assert.fail("user2 should not be allowed to stop job executions");
    } catch (JobSecurityException e) {
    // OK
    }
    Assert.assertNotEquals(BatchStatus.STOPPED, operator.getJobExecution(id).getBatchStatus());
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) JobSecurityException(javax.batch.operations.JobSecurityException) Test(org.junit.Test)

Example 7 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testStart_Allowed.

/**
     * Try running a job as a user who has the permission to run jobs. It should succeed.
     * The job should also be able to retrieve the name of the user who ran it.
     */
@Test
public void testStart_Allowed() throws Exception {
    identityWithinJob = new CompletableFuture<>();
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    user1.runAs((Callable<Long>) () -> operator.start("assert-identity", new Properties()));
    final String actualUsername = identityWithinJob.get(TimeoutUtil.adjust(20), TimeUnit.SECONDS);
    Assert.assertEquals("user1", actualUsername);
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Properties(java.util.Properties) Test(org.junit.Test)

Example 8 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testStop_Allowed.

/**
     * Stopping an execution by a user who has the permission to do it.
     */
@Test
public void testStop_Allowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final Long id = user1.runAs((Callable<Long>) () -> operator.start("long-running-batchlet", null));
    TimeUnit.SECONDS.sleep(1);
    user1.runAs(() -> operator.stop(id));
    waitForJobEnd(id, 10);
    Assert.assertEquals(BatchStatus.STOPPED, operator.getJobExecution(id).getBatchStatus());
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Test(org.junit.Test)

Example 9 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testRead_Allowed.

/**
     * Test reading execution metadata by a user who has the permission to do it.
     * User1 runs a job and then user2 tries to read its metadata.
     */
@Test
public void testRead_Allowed() throws Exception {
    final Properties jobParams = new Properties();
    jobParams.put("prop1", "val1");
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final SecurityIdentity user3 = getSecurityIdentity("user3", "password3");
    final Long executionId = user1.runAs((Callable<Long>) () -> operator.start("assert-identity", jobParams));
    final Properties retrievedParams = user3.runAs((Callable<Properties>) () -> operator.getJobExecution(executionId).getJobParameters());
    Assert.assertEquals(jobParams, retrievedParams);
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) Properties(java.util.Properties) Test(org.junit.Test)

Example 10 with SecurityIdentity

use of org.wildfly.security.auth.server.SecurityIdentity in project wildfly by wildfly.

the class BatchSubsystemSecurityTestCase method testRestart_NotAllowed.

/**
     * Test restarting failed jobs by a user who doesn't have the permission to do it.
     */
@Test
public void testRestart_NotAllowed() throws Exception {
    final SecurityIdentity user1 = getSecurityIdentity("user1", "password1");
    final SecurityIdentity user2 = getSecurityIdentity("user2", "password2");
    Properties params = new Properties();
    params.put("should.fail", "true");
    final Long executionId = user1.runAs((Callable<Long>) () -> operator.start("failing-batchlet", params));
    waitForJobEnd(executionId, 10);
    Assert.assertEquals(BatchStatus.FAILED, operator.getJobExecution(executionId).getBatchStatus());
    try {
        user2.runAs((Callable<Long>) () -> operator.restart(executionId, params));
        Assert.fail("user2 shouldn't be allowed to restart batch jobs");
    } catch (JobSecurityException e) {
    // OK
    }
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) JobSecurityException(javax.batch.operations.JobSecurityException) Properties(java.util.Properties) Test(org.junit.Test)

Aggregations

SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)37 Test (org.junit.Test)10 Properties (java.util.Properties)8 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)8 Principal (java.security.Principal)7 PrivilegedActionException (java.security.PrivilegedActionException)5 JobSecurityException (javax.batch.operations.JobSecurityException)5 Component (org.jboss.as.ee.component.Component)4 EJBComponent (org.jboss.as.ejb3.component.EJBComponent)4 Connection (org.jboss.remoting3.Connection)4 HashSet (java.util.HashSet)3 RealmUser (org.jboss.as.core.security.RealmUser)3 InterceptorContext (org.jboss.invocation.InterceptorContext)3 SecurityContext (org.jboss.security.SecurityContext)3 PrivilegedAction (java.security.PrivilegedAction)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 ManagedTask (javax.enterprise.concurrent.ManagedTask)2 Subject (javax.security.auth.Subject)2 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2 SessionBeanComponent (org.jboss.as.ejb3.component.session.SessionBeanComponent)2