Examples with ServletElytronDomainSetup org.wildfly.test.security.common.elytron.ServletElytronDomainSetup used on opensource projects

Search in sources :

Example 1 with ServletElytronDomainSetup

use of org.wildfly.test.security.common.elytron.ServletElytronDomainSetup in project eap-additional-testsuite by jboss-set.

the class IdentityPropagationServerSetupTask method doSetup.

@Override
public void doSetup(ManagementClient managementClient, String containerId) throws Exception {
    List<ModelNode> operations = new ArrayList<>();
    // /subsystem=elytron/properties-realm=auth-test-ejb3-UsersRoles:add(users-properties={path=users.properties, plain-text=true},groups-properties={path=roles.properties})
    // /subsystem=elytron/security-domain=auth-test:add(default-realm=auth-test-ejb3-UsersRoles, realms=[{realm=auth-test-ejb3-UsersRoles}])
    ElytronDomainSetup elytronDomainSetup = new ElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName());
    elytronDomainSetup.setup(managementClient, containerId);
    // /subsystem=elytron/http-authentication-factory=auth-test:add(http-server-mechanism-factory=global,security-domain=auth-test,mechanism-configurations=[{mechanism-name=BASIC}])
    // /subsystem=undertow/application-security-domain=auth-test:add(http-authentication-factory=auth-test)
    ServletElytronDomainSetup servletElytronDomainSetup = new ServletElytronDomainSetup(getSecurityDomainName());
    servletElytronDomainSetup.setup(managementClient, containerId);
    // /subsystem=elytron/sasl-authentication-factory=auth-test:add(sasl-server-factory=configured,security-domain=auth-test,mechanism-configurations=[{mechanism-name=BASIC}])
    ModelNode addSaslAuthentication = createOpNode("subsystem=elytron/sasl-authentication-factory=" + getSecurityDomainName(), ADD);
    addSaslAuthentication.get("sasl-server-factory").set("configured");
    addSaslAuthentication.get("security-domain").set(getSecurityDomainName());
    addSaslAuthentication.get("mechanism-configurations").get(0).get("mechanism-name").set("PLAIN");
    operations.add(addSaslAuthentication);
    // /subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory, value=auth-test)
    ModelNode updateRemotingConnector = createOpNode("subsystem=remoting/http-connector=http-remoting-connector", WRITE_ATTRIBUTE_OPERATION);
    updateRemotingConnector.get(ClientConstants.NAME).set("sasl-authentication-factory");
    updateRemotingConnector.get(ClientConstants.VALUE).set(getSecurityDomainName());
    operations.add(updateRemotingConnector);
    // subsystem=remoting/http-connector=http-remoting-connector:undefine-attribute(name=security-realm)
    ModelNode undefineAttrOp2 = createOpNode("subsystem=remoting/http-connector=http-remoting-connector", UNDEFINE_ATTRIBUTE_OPERATION);
    undefineAttrOp2.get(ClientConstants.NAME).set("security-realm");
    operations.add(undefineAttrOp2);
    // /subsystem=ejb3/application-security-domain=auth-test:add(security-domain=auth-test)
    ModelNode addEjbDomain = createOpNode("subsystem=ejb3/application-security-domain=" + getSecurityDomainName(), ADD);
    addEjbDomain.get("security-domain").set(getSecurityDomainName());
    operations.add(addEjbDomain);
    // /subsystem=ejb3:write-attribute(name=default-missing-method-permissions-deny-access, value=false)
    ModelNode updateDefaultMissingMethod = createOpNode("subsystem=ejb3", WRITE_ATTRIBUTE_OPERATION);
    updateDefaultMissingMethod.get(ClientConstants.NAME).set("default-missing-method-permissions-deny-access");
    updateDefaultMissingMethod.get(ClientConstants.VALUE).set(false);
    operations.add(updateDefaultMissingMethod);
    // core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
    ModelNode writeAttrOp4 = createOpNode("core-service=management/management-interface=http-interface", WRITE_ATTRIBUTE_OPERATION);
    writeAttrOp4.get(ClientConstants.NAME).set("http-upgrade");
    writeAttrOp4.get(ClientConstants.VALUE).add("enabled", true);
    writeAttrOp4.get(ClientConstants.VALUE).add("sasl-authentication-factory", getSecurityDomainName());
    operations.add(writeAttrOp4);
    // core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
    ModelNode writeAttrOp5 = createOpNode("core-service=management/management-interface=http-interface", WRITE_ATTRIBUTE_OPERATION);
    writeAttrOp5.get(ClientConstants.NAME).set("http-authentication-factory");
    writeAttrOp5.get(ClientConstants.VALUE).set(getSecurityDomainName());
    operations.add(writeAttrOp5);
    // core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
    ModelNode undefineAttrOp3 = createOpNode("core-service=management/management-interface=http-interface", UNDEFINE_ATTRIBUTE_OPERATION);
    undefineAttrOp3.get(ClientConstants.NAME).set("security-realm");
    operations.add(undefineAttrOp3);
    // /subsystem=elytron/authentication-configuration=forwardit:add(security-domain=ApplicationDomain, sasl-mechanism-selector="#ALL")
    ModelNode addAuthenticationConfiguration = createOpNode("subsystem=elytron/authentication-configuration=forwardit", ADD);
    addAuthenticationConfiguration.get("authentication-name").set("theserver1");
    addAuthenticationConfiguration.get("security-domain").set("ApplicationDomain");
    addAuthenticationConfiguration.get("realm").set("ApplicationRealm");
    addAuthenticationConfiguration.get("forwarding-mode").set("authorization");
    // addAuthenticationConfiguration.get("sasl-mechanism-selector").set("#ALL");
    operations.add(addAuthenticationConfiguration);
    // /subsystem=elytron/authentication-context=forwardctx:add(match-rules=[{match-no-user=true, authentication-configuration=forwardit}])
    ModelNode addAuthenticationContext = createOpNode("subsystem=elytron/authentication-context=forwardctx", ADD);
    addAuthenticationContext.get("match-rules").get(0).get("match-no-user").set(true);
    addAuthenticationContext.get("match-rules").get(0).get("authentication-configuration").set("forwardit");
    operations.add(addAuthenticationContext);
    // /subsystem=elytron/simple-permission-mapper=default-permission-mapper:
    // write-attribute(name=permission-mappings[1], value={principals=[anonymous], permissions=[
    // {class-name="org.wildfly.security.auth.permission.RunAsPrincipalPermission",target-name="*"},
    // {class-name="org.wildfly.security.auth.permission.LoginPermission"}
    // {class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission, module=org.wildfly.extension.batch.jberet, target-name=*},
    // {class-name=org.wildfly.transaction.client.RemoteTransactionPermission, module=org.wildfly.transaction.client},
    // {class-name=org.jboss.ejb.client.RemoteEJBPermission, module=org.jboss.ejb-client}]})
    ModelNode setPermissionMapping1 = createOpNode("subsystem=elytron/simple-permission-mapper=default-permission-mapper", WRITE_ATTRIBUTE_OPERATION);
    setPermissionMapping1.get(ClientConstants.NAME).set("permission-mappings[1]");
    setPermissionMapping1.get(ClientConstants.VALUE).get("principals").get(0).set("theserver1");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(0).get("class-name").set("org.wildfly.security.auth.permission.RunAsPrincipalPermission");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(0).get("target-name").set("*");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(1).get("class-name").set("org.wildfly.security.auth.permission.LoginPermission");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(2).get("class-name").set("org.wildfly.extension.batch.jberet.deployment.BatchPermission");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(2).get("module").set("org.wildfly.extension.batch.jberet");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(2).get("target-name").set("*");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(3).get("class-name").set("org.wildfly.transaction.client.RemoteTransactionPermission");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(3).get("module").set("org.wildfly.transaction.client");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(4).get("class-name").set("org.jboss.ejb.client.RemoteEJBPermission");
    setPermissionMapping1.get(ClientConstants.VALUE).get("permissions").get(4).get("module").set("org.jboss.ejb-client");
    operations.add(setPermissionMapping1);
    // /subsystem=elytron/simple-permission-mapper=default-permission-mapper:
    // write-attribute(name=permission-mappings[2], value={match-all=true, permissions=[
    // {class-name=org.wildfly.security.auth.permission.LoginPermission},
    // {class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission, module=org.wildfly.extension.batch.jberet, target-name=*},
    // {class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},
    // {class-name=org.jboss.ejb.client.RemoteEJBPermission, module=org.jboss.ejb-client}]})
    ModelNode setPermissionMapping2 = createOpNode("subsystem=elytron/simple-permission-mapper=default-permission-mapper", WRITE_ATTRIBUTE_OPERATION);
    setPermissionMapping2.get(ClientConstants.NAME).set("permission-mappings[2]");
    setPermissionMapping2.get(ClientConstants.VALUE).get("match-all").set(true);
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(0).get("class-name").set("org.wildfly.security.auth.permission.LoginPermission");
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(1).get("class-name").set("org.wildfly.extension.batch.jberet.deployment.BatchPermission");
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(1).get("module").set("org.wildfly.extension.batch.jberet");
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(1).get("target-name").set("*");
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(2).get("class-name").set("org.wildfly.transaction.client.RemoteTransactionPermission");
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(2).get("module").set("org.wildfly.transaction.client");
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(3).get("class-name").set("org.jboss.ejb.client.RemoteEJBPermission");
    setPermissionMapping2.get(ClientConstants.VALUE).get("permissions").get(3).get("module").set("org.jboss.ejb-client");
    operations.add(setPermissionMapping2);
    ModelNode updateOp = Operations.createCompositeOperation(operations);
    updateOp.get(OPERATION_HEADERS, ROLLBACK_ON_RUNTIME_FAILURE).set(false);
    updateOp.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true);
    CoreUtils.applyUpdate(updateOp, managementClient.getControllerClient());
    ModelNode removeSecurityOp = new ModelNode();
    removeSecurityOp.get(OP).set(REMOVE);
    removeSecurityOp.get(OP_ADDR).add(SUBSYSTEM, "security");
    CoreUtils.applyUpdate(removeSecurityOp, managementClient.getControllerClient());
}
Also used : ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) ArrayList(java.util.ArrayList) ElytronDomainSetup(org.wildfly.test.security.common.elytron.ElytronDomainSetup) ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) ModelNode(org.jboss.dmr.ModelNode)

Example 2 with ServletElytronDomainSetup

use of org.wildfly.test.security.common.elytron.ServletElytronDomainSetup in project wildfly by wildfly.

the class EjbSecurityDomainSetup method setup.

@Override
public void setup(final ManagementClient managementClient, final String containerId) throws Exception {
    // elytron profile is enabled
    elytronDomainSetup = new ElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName());
    ejbElytronDomainSetup = new EjbElytronDomainSetup(getSecurityDomainName());
    servletElytronDomainSetup = new ServletElytronDomainSetup(getSecurityDomainName());
    elytronDomainSetup.setup(managementClient, containerId);
    ejbElytronDomainSetup.setup(managementClient, containerId);
    servletElytronDomainSetup.setup(managementClient, containerId);
}
Also used : ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) ElytronDomainSetup(org.wildfly.test.security.common.elytron.ElytronDomainSetup) ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) EjbElytronDomainSetup(org.wildfly.test.security.common.elytron.EjbElytronDomainSetup) EjbElytronDomainSetup(org.wildfly.test.security.common.elytron.EjbElytronDomainSetup)

Example 3 with ServletElytronDomainSetup

use of org.wildfly.test.security.common.elytron.ServletElytronDomainSetup in project wildfly by wildfly.

the class EjbSecurityDomainSetup method setup.

@Override
public void setup(final ManagementClient managementClient, final String containerId) throws Exception {
    // elytron profile is enabled
    elytronDomainSetup = new ElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName());
    ejbElytronDomainSetup = new EjbElytronDomainSetup(getSecurityDomainName());
    servletElytronDomainSetup = new ServletElytronDomainSetup(getSecurityDomainName());
    elytronDomainSetup.setup(managementClient, containerId);
    ejbElytronDomainSetup.setup(managementClient, containerId);
    servletElytronDomainSetup.setup(managementClient, containerId);
}
Also used : ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) ElytronDomainSetup(org.wildfly.test.security.common.elytron.ElytronDomainSetup) ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) EjbElytronDomainSetup(org.wildfly.test.security.common.elytron.EjbElytronDomainSetup) EjbElytronDomainSetup(org.wildfly.test.security.common.elytron.EjbElytronDomainSetup)

Example 4 with ServletElytronDomainSetup

use of org.wildfly.test.security.common.elytron.ServletElytronDomainSetup in project wildfly by wildfly.

the class BasicAuthMechanismServerSetupTask method doSetup.

@Override
public void doSetup(ManagementClient managementClient, String containerId) throws Exception {
    List<ModelNode> operations = new ArrayList<>();
    // /subsystem=elytron/properties-realm=auth-test-ejb3-UsersRoles:add(users-properties={path=users.properties, plain-text=true},groups-properties={path=roles.properties})
    // /subsystem=elytron/security-domain=auth-test:add(default-realm=auth-test-ejb3-UsersRoles, realms=[{realm=auth-test-ejb3-UsersRoles}])
    ElytronDomainSetup elytronDomainSetup = new ElytronDomainSetup(getUsersFile(), getGroupsFile(), getSecurityDomainName());
    elytronDomainSetup.setup(managementClient, containerId);
    // /subsystem=elytron/http-authentication-factory=auth-test:add(http-server-mechanism-factory=global,security-domain=auth-test,mechanism-configurations=[{mechanism-name=BASIC}])
    // /subsystem=undertow/application-security-domain=auth-test:add(http-authentication-factory=auth-test)
    ServletElytronDomainSetup servletElytronDomainSetup = new ServletElytronDomainSetup(getSecurityDomainName());
    servletElytronDomainSetup.setup(managementClient, containerId);
    // /subsystem=elytron/sasl-authentication-factory=auth-test:add(sasl-server-factory=configured,security-domain=auth-test,mechanism-configurations=[{mechanism-name=BASIC}])
    ModelNode addSaslAuthentication = createOpNode("subsystem=elytron/sasl-authentication-factory=" + getSecurityDomainName(), ADD);
    addSaslAuthentication.get("sasl-server-factory").set("configured");
    addSaslAuthentication.get("security-domain").set(getSecurityDomainName());
    addSaslAuthentication.get("mechanism-configurations").get(0).get("mechanism-name").set("PLAIN");
    operations.add(addSaslAuthentication);
    // /subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory, value=auth-test)
    ModelNode updateRemotingConnector = createOpNode("subsystem=remoting/http-connector=http-remoting-connector", WRITE_ATTRIBUTE_OPERATION);
    updateRemotingConnector.get(ClientConstants.NAME).set("sasl-authentication-factory");
    updateRemotingConnector.get(ClientConstants.VALUE).set(getSecurityDomainName());
    operations.add(updateRemotingConnector);
    // /subsystem=ejb3/application-security-domain=auth-test:add(security-domain=auth-test)
    ModelNode addEjbDomain = createOpNode("subsystem=ejb3/application-security-domain=" + getSecurityDomainName(), ADD);
    addEjbDomain.get("security-domain").set(getSecurityDomainName());
    operations.add(addEjbDomain);
    // /subsystem=ejb3:write-attribute(name=default-missing-method-permissions-deny-access, value=false)
    ModelNode updateDefaultMissingMethod = createOpNode("subsystem=ejb3", WRITE_ATTRIBUTE_OPERATION);
    updateDefaultMissingMethod.get(ClientConstants.NAME).set("default-missing-method-permissions-deny-access");
    updateDefaultMissingMethod.get(ClientConstants.VALUE).set(false);
    operations.add(updateDefaultMissingMethod);
    // core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
    ModelNode writeAttrOp4 = createOpNode("core-service=management/management-interface=http-interface", WRITE_ATTRIBUTE_OPERATION);
    writeAttrOp4.get(ClientConstants.NAME).set("http-upgrade");
    writeAttrOp4.get(ClientConstants.VALUE).add("enabled", true);
    writeAttrOp4.get(ClientConstants.VALUE).add("sasl-authentication-factory", getSecurityDomainName());
    operations.add(writeAttrOp4);
    // core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
    ModelNode writeAttrOp5 = createOpNode("core-service=management/management-interface=http-interface", WRITE_ATTRIBUTE_OPERATION);
    writeAttrOp5.get(ClientConstants.NAME).set("http-authentication-factory");
    writeAttrOp5.get(ClientConstants.VALUE).set(getSecurityDomainName());
    operations.add(writeAttrOp5);
    ModelNode updateOp = Operations.createCompositeOperation(operations);
    updateOp.get(OPERATION_HEADERS, ROLLBACK_ON_RUNTIME_FAILURE).set(false);
    updateOp.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true);
    CoreUtils.applyUpdate(updateOp, managementClient.getControllerClient());
    ModelNode removeSecurityOp = new ModelNode();
    removeSecurityOp.get(OP).set(REMOVE);
    removeSecurityOp.get(OP_ADDR).add(SUBSYSTEM, "security");
    CoreUtils.applyUpdate(removeSecurityOp, managementClient.getControllerClient());
}
Also used : ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) ArrayList(java.util.ArrayList) ElytronDomainSetup(org.wildfly.test.security.common.elytron.ElytronDomainSetup) ServletElytronDomainSetup(org.wildfly.test.security.common.elytron.ServletElytronDomainSetup) ModelNode(org.jboss.dmr.ModelNode)

Aggregations

ElytronDomainSetup (org.wildfly.test.security.common.elytron.ElytronDomainSetup)4 ServletElytronDomainSetup (org.wildfly.test.security.common.elytron.ServletElytronDomainSetup)4 ArrayList (java.util.ArrayList)2 ModelNode (org.jboss.dmr.ModelNode)2 EjbElytronDomainSetup (org.wildfly.test.security.common.elytron.EjbElytronDomainSetup)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial