/*
* JBoss, Home of Professional Open Source.
* Copyright 2016, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 2110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.as.test.integration.ejb.remote.security;
import static org.junit.Assert.assertEquals;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.InitialContext;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.as.arquillian.api.ContainerResource;
import org.jboss.as.arquillian.api.ServerSetup;
import org.jboss.as.arquillian.container.ManagementClient;
import org.jboss.as.test.http.HttpInvokerServerSetupTask;
import org.jboss.as.test.integration.common.DefaultConfiguration;
import org.jboss.as.test.integration.management.util.CLIWrapper;
import org.jboss.as.test.shared.integration.ejb.security.Util;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.naming.client.WildFlyInitialContextFactory;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.MatchRule;
import org.wildfly.test.security.common.AbstractElytronSetupTask;
import org.wildfly.test.security.common.elytron.ConfigurableElement;
import org.wildfly.test.security.common.elytron.EJBApplicationSecurityDomainMapping;
/**
* A test case to test an unsecured EJB setting the username and password before the call reaches a secured EJB.
*
* @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
*/
@RunWith(Arquillian.class)
@RunAsClient
@ServerSetup({HttpInvokerServerSetupTask.class, HttpRemoteIdentityTestCase.SecurityDomainsSetup.class})
public class HttpRemoteIdentityTestCase {
@ContainerResource
private ManagementClient managementClient;
private static AuthenticationContext old;
@BeforeClass
public static void setup() {
AuthenticationConfiguration config = AuthenticationConfiguration.EMPTY.useName("user1").usePassword("password1");
AuthenticationContext context = AuthenticationContext.empty().with(MatchRule.ALL, config);
old = AuthenticationContext.captureCurrent();
AuthenticationContext.getContextManager().setGlobalDefault(context);
}
@AfterClass
public static void after() {
AuthenticationContext.getContextManager().setGlobalDefault(old);
}
/**
* Creates a deployment application for this test.
*
* @return
* @throws IOException
*/
@Deployment
public static JavaArchive createDeployment() throws IOException {
final JavaArchive jar = ShrinkWrap.create(JavaArchive.class, EJBUtil.APPLICATION_NAME + ".jar");
jar.addClasses(SecurityInformation.class, IntermediateAccess.class, EntryBean.class, SecuredBean.class, Util.class);
return jar;
}
@Test
public void testDirect() throws Exception {
final SecurityInformation targetBean = lookupEJB(SecuredBean.class, SecurityInformation.class);
assertEquals("user1", targetBean.getPrincipalName());
}
@Test
public void testUnsecured() throws Exception {
final IntermediateAccess targetBean = lookupEJB(EntryBean.class, IntermediateAccess.class);
assertEquals("anonymous", targetBean.getPrincipalName());
}
private Context getRemoteHTTPContext() throws Exception {
final Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, WildFlyInitialContextFactory.class.getName());
URI namingUri = getHttpUri();
env.put(Context.PROVIDER_URL, namingUri.toString());
return new InitialContext(DefaultConfiguration.addSecurityProperties(env));
}
private URI getHttpUri() throws URISyntaxException {
URI webUri = managementClient.getWebUri();
return new URI("http", webUri.getUserInfo(), webUri.getHost(), webUri.getPort(), "/wildfly-services", "", "");
}
private <T> T lookupEJB(Class<? extends T> beanImplClass, Class<T> remoteInterface) throws Exception {
final Context context = getRemoteHTTPContext();
return (T) context.lookup("ejb:/ejb-remote-security-test/" + beanImplClass.getSimpleName() + "!"
+ remoteInterface.getName());
}
static class SecurityDomainsSetup extends AbstractElytronSetupTask {
@Override
protected ConfigurableElement[] getConfigurableElements() {
boolean domainMappingExists = false;
try (CLIWrapper cli = new CLIWrapper(true)) {
domainMappingExists = cli.sendLine("/subsystem=ejb3/application-security-domain=other:read-resource()", true);
} catch (Exception e) {
e.printStackTrace();
}
return domainMappingExists ? null
: new ConfigurableElement[] { new EJBApplicationSecurityDomainMapping("other", "ApplicationDomain") };
}
}
}