JmxInterfaceStandardRolesBasicTestCase.java

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2013, Red Hat, Inc., and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.jboss.as.test.integration.mgmt.access;

import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PASSWORD;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PORT;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
import static org.jboss.as.test.integration.management.rbac.RbacUtil.MONITOR_USER;
import static org.junit.Assert.fail;

import javax.management.MBeanAttributeInfo;
import javax.management.MBeanInfo;
import javax.management.ObjectName;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.operations.common.Util;

import org.jboss.as.test.integration.management.interfaces.JmxManagementInterface;
import org.jboss.as.test.integration.management.interfaces.ManagementInterface;
import org.jboss.as.test.integration.management.rbac.RbacAdminCallbackHandler;
import org.jboss.dmr.ModelNode;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.wildfly.core.testrunner.ServerSetup;
import org.wildfly.core.testrunner.WildflyTestRunner;

/**
 * @author jcechace
 * @author Ladislav Thon <lthon@redhat.com>
 */
@RunWith(WildflyTestRunner.class)
@ServerSetup({StandardUsersSetupTask.class, StandardExtensionSetupTask.class})
public class JmxInterfaceStandardRolesBasicTestCase extends StandardRolesBasicTestCase {

    private static final String JMX_CONSTRAINED = "subsystem=rbac,rbac-constrained=jmx";
    private static final String HTTP_SOCKET_BINDING = "socket-binding-group=standard-sockets,socket-binding=management-http";

    @Override
    protected ManagementInterface createClient(String userName) {
        return JmxManagementInterface.create(
                getManagementClient().getRemoteJMXURL(),
                userName, RbacAdminCallbackHandler.STD_PASSWORD,
                getJmxDomain()
        );
    }

    @Before
    public void createResource() throws Exception {
        PathAddress subsystemAddress = PathAddress.pathAddress(SUBSYSTEM, "rbac");
        ModelNode addResource = Util.createAddOperation(subsystemAddress.append("rbac-constrained", "jmx"));
        addResource.get("password").set("sa");
        addResource.get("security-domain").set("other");
        addResource.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
        managementClient.getControllerClient().execute(addResource);
    }

    @After
    public void cleanResource() throws Exception {
        PathAddress subsystemAddress = PathAddress.pathAddress(SUBSYSTEM, "rbac");
        ModelNode removeConstrained = Util.createRemoveOperation(subsystemAddress.append("rbac-constrained", "jmx"));
        removeConstrained.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
        managementClient.getControllerClient().execute(removeConstrained);
    }

    protected String getJmxDomain() {
        return "jboss.as";
    }

    @Override
    public void testMonitor() throws Exception {
        super.testMonitor();

        ManagementInterface client = getClientForUser(MONITOR_USER);
        //checkAttributeAccessInfo(client, true, false);
        //checkSensitiveAttributeAccessInfo(client, false, false);
    }

    @Override
    public void testOperator() throws Exception {
        super.testOperator();

        ManagementInterface client = getClientForUser(MONITOR_USER);
        //checkAttributeAccessInfo(client, true, false);
        //checkSensitiveAttributeAccessInfo(client, false, false);
    }

    @Override
    public void testMaintainer() throws Exception {
        super.testMaintainer();

        ManagementInterface client = getClientForUser(MONITOR_USER);
        checkAttributeAccessInfo(client, true, true);
        //checkSensitiveAttributeAccessInfo(client, false, false);
    }

    @Override
    public void testDeployer() throws Exception {
        super.testDeployer();

        ManagementInterface client = getClientForUser(MONITOR_USER);
        //checkAttributeAccessInfo(client, true, false);
        //checkSensitiveAttributeAccessInfo(client, false, false);
    }

    @Override
    public void testAdministrator() throws Exception {
        super.testAdministrator();

        ManagementInterface client = getClientForUser(MONITOR_USER);
        checkAttributeAccessInfo(client, true, true);
        checkSensitiveAttributeAccessInfo(client, true, true);
    }

    @Override
    public void testAuditor() throws Exception {
        super.testAuditor();

        ManagementInterface client = getClientForUser(MONITOR_USER);
        //checkAttributeAccessInfo(client, true, false);
        //checkSensitiveAttributeAccessInfo(client, false, false);
    }

    @Override
    public void testSuperUser() throws Exception {
        super.testSuperUser();

        ManagementInterface client = getClientForUser(MONITOR_USER);
        checkAttributeAccessInfo(client, true, true);
        checkSensitiveAttributeAccessInfo(client, true, true);
    }

    // test utils
    // TODO check[Sensitive]AttributeAccessInfo calls are mostly commented out because of https://issues.jboss.org/browse/WFLY-1984
    private void checkAttributeAccessInfo(ManagementInterface client, boolean read, boolean write) throws Exception {
        JmxManagementInterface jmxClient = (JmxManagementInterface) client;
        readAttributeAccessInfo(jmxClient, HTTP_SOCKET_BINDING, PORT, read, write);
    }

    private void checkSensitiveAttributeAccessInfo(ManagementInterface client, boolean read, boolean write) throws Exception {
        JmxManagementInterface jmxClient = (JmxManagementInterface) client;
        readAttributeAccessInfo(jmxClient, JMX_CONSTRAINED, PASSWORD, read, write);
    }

    private void readAttributeAccessInfo(JmxManagementInterface client, String address, String attribute,
            boolean read, boolean write) throws Exception {
        ObjectName objectName = new ObjectName(getJmxDomain() + ":" + address);
        MBeanInfo mBeanInfo = client.getConnection().getMBeanInfo(objectName);
        for (MBeanAttributeInfo attrInfo : mBeanInfo.getAttributes()) {
            if (attrInfo.getName().equals(attribute)) {
                Assert.assertEquals(read, attrInfo.isReadable());
                Assert.assertEquals(write, attrInfo.isWritable());
                return;
            }
        }
        fail("Attribute " + attribute + " not found at " + address);
    }
}