Merge pull request wildfly-extras#67 from olukas/elytron

7.1.0.DR12 changes in DirContext and SecurityDomain
OndrejKotek · Feb 17, 2017 · 3fbe10c · 3fbe10c
2 parents 3ace179 + ccd3f4b
commit 3fbe10c
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 1 deletion.
diff --git a/...s/src/main/java/org/wildfly/extras/creaper/commands/elytron/dircontext/AddDirContext.java b/...s/src/main/java/org/wildfly/extras/creaper/commands/elytron/dircontext/AddDirContext.java
@@ -21,6 +21,9 @@ public final class AddDirContext implements OnlineCommand {
     private final Boolean enableConnectionPooling;
     private final String sslContext;
     private final ReferralMode referralMode;
+    private final String authenticationContext;
+    private final Integer connectionTimeout;
+    private final Integer readTimeout;
     private final List<Property> properties;
     private final CredentialRef credentialReference;
     private final boolean replaceExisting;
@@ -33,6 +36,9 @@ private AddDirContext(Builder builder) {
         this.enableConnectionPooling = builder.enableConnectionPooling;
         this.sslContext = builder.sslContext;
         this.referralMode = builder.referralMode;
+        this.authenticationContext = builder.authenticationContext;
+        this.connectionTimeout = builder.connectionTimeout;
+        this.readTimeout = builder.readTimeout;
         this.replaceExisting = builder.replaceExisting;
         this.properties = builder.properties;
         this.credentialReference = builder.credentialReference;
@@ -68,6 +74,9 @@ public void apply(OnlineCommandContext ctx) throws Exception {
                 .andOptional("enable-connection-pooling", enableConnectionPooling)
                 .andOptional("ssl-context", sslContext)
                 .andOptional("referral-mode", referralModeValue)
+                .andOptional("authentication-context", authenticationContext)
+                .andOptional("connection-timeout", connectionTimeout)
+                .andOptional("read-timeout", readTimeout)
                 .andOptional("properties", propertiesNode)
                 .andObjectOptional("credential-reference", credentialReferenceValues));
     }
@@ -85,6 +94,9 @@ public static final class Builder {
         private Boolean enableConnectionPooling;
         private String sslContext;
         private ReferralMode referralMode;
+        private String authenticationContext;
+        private Integer connectionTimeout;
+        private Integer readTimeout;
         private List<Property> properties = new ArrayList<Property>();
         private CredentialRef credentialReference;
         private boolean replaceExisting;
@@ -129,6 +141,21 @@ public Builder referralMode(ReferralMode referralMode) {
             return this;
         }
 
+        public Builder authenticationContext(String authenticationContext) {
+            this.authenticationContext = authenticationContext;
+            return this;
+        }
+
+        public Builder connectionTimeout(Integer connectionTimeout) {
+            this.connectionTimeout = connectionTimeout;
+            return this;
+        }
+
+        public Builder readTimeout(Integer readTimeout) {
+            this.readTimeout = readTimeout;
+            return this;
+        }
+
         public Builder addMechanismProperties(Property... properties) {
             if (properties == null) {
                 throw new IllegalArgumentException("Properties added to authentication-configuration must not be null");

diff --git a/...s/src/main/java/org/wildfly/extras/creaper/commands/elytron/domain/AddSecurityDomain.java b/...s/src/main/java/org/wildfly/extras/creaper/commands/elytron/domain/AddSecurityDomain.java
@@ -22,6 +22,9 @@ public final class AddSecurityDomain implements OnlineCommand {
     private final String roleMapper;
     private final String permissionMapper;
     private final List<String> trustedSecurityDomains;
+    private final Boolean outflowAnonymous;
+    private final List<String> outflowSecurityDomains;
+    private final String securityEventListener;
     private final List<Realm> realms;
     private final boolean replaceExisting;
 
@@ -37,6 +40,9 @@ private AddSecurityDomain(Builder builder) {
         this.replaceExisting = builder.replaceExisting;
         this.realms = builder.realms;
         this.trustedSecurityDomains = builder.trustedSecurityDomains;
+        this.outflowAnonymous = builder.outflowAnonymous;
+        this.outflowSecurityDomains = builder.outflowSecurityDomains;
+        this.securityEventListener = builder.securityEventListener;
     }
 
     @Override
@@ -74,7 +80,9 @@ public void apply(OnlineCommandContext ctx) throws Exception {
                 .andOptional("realm-mapper", realmMapper)
                 .andOptional("role-mapper", roleMapper)
                 .andOptional("permission-mapper", permissionMapper)
-                .andListOptional(String.class, "trusted-security-domains", trustedSecurityDomains));
+                .andListOptional(String.class, "trusted-security-domains", trustedSecurityDomains)
+                .andOptional("outflow-anonymous", outflowAnonymous)
+                .andListOptional(String.class, "outflow-security-domains", outflowSecurityDomains));
     }
 
     public static final class Builder {
@@ -88,6 +96,9 @@ public static final class Builder {
         private String roleMapper;
         private String permissionMapper;
         private List<String> trustedSecurityDomains;
+        private Boolean outflowAnonymous;
+        private List<String> outflowSecurityDomains;
+        private String securityEventListener;
         private List<Realm> realms;
         private boolean replaceExisting;
 
@@ -147,6 +158,27 @@ public Builder trustedSecurityDomains(String... trustedSecurityDomains) {
             return this;
         }
 
+        public Builder outflowAnonymous(Boolean outflowAnonymous) {
+            this.outflowAnonymous = outflowAnonymous;
+            return this;
+        }
+
+        public Builder outflowSecurityDomains(String... outflowSecurityDomains) {
+            if (outflowSecurityDomains == null) {
+                throw new IllegalArgumentException("Outflow Security Domains added to security-domain must not be null");
+            }
+            if (this.outflowSecurityDomains == null) {
+                this.outflowSecurityDomains = new ArrayList<String>();
+            }
+            Collections.addAll(this.outflowSecurityDomains, outflowSecurityDomains);
+            return this;
+        }
+
+        public Builder securityEventListener(String securityEventListener) {
+            this.securityEventListener = securityEventListener;
+            return this;
+        }
+
         public Builder realms(Realm... realms) {
             if (realms == null) {
                 throw new IllegalArgumentException("Realms added to security-domain must not be null");

diff --git a/.../java/org/wildfly/extras/creaper/commands/elytron/dircontext/AddDirContextOnlineTest.java b/.../java/org/wildfly/extras/creaper/commands/elytron/dircontext/AddDirContextOnlineTest.java
@@ -12,6 +12,7 @@
 import org.wildfly.extras.creaper.core.CommandFailedException;
 import org.wildfly.extras.creaper.core.online.operations.Address;
 import org.wildfly.extras.creaper.commands.elytron.CredentialRef;
+import org.wildfly.extras.creaper.commands.elytron.authenticationclient.AddAuthenticationContext;
 
 @RunWith(Arquillian.class)
 public class AddDirContextOnlineTest extends AbstractElytronOnlineTest {
@@ -27,11 +28,16 @@ public class AddDirContextOnlineTest extends AbstractElytronOnlineTest {
     private static final Address TEST_SERVER_SSL_CONTEXT_ADDRESS = SUBSYSTEM_ADDRESS
             .and("server-ssl-context", TEST_SERVER_SSL_CONTEXT);
 
+    private static final String TEST_AUTHENTICATION_CONTEXT_NAME = "CreaperTestAuthenticationContext";
+    private static final Address TEST_AUTHENTICATION_CONTEXT_ADDRESS = SUBSYSTEM_ADDRESS
+            .and("authentication-context", TEST_AUTHENTICATION_CONTEXT_NAME);
+
     @After
     public void cleanup() throws Exception {
         ops.removeIfExists(TEST_DIR_CONTEXT_ADDRESS);
         ops.removeIfExists(TEST_DIR_CONTEXT_ADDRESS2);
         ops.removeIfExists(TEST_SERVER_SSL_CONTEXT_ADDRESS);
+        ops.removeIfExists(TEST_AUTHENTICATION_CONTEXT_ADDRESS);
         administration.reloadIfRequired();
     }
 
@@ -67,13 +73,20 @@ public void addFullDirContext() throws Exception {
         AddServerSSLContext addServerSSLContext = new AddServerSSLContext.Builder(TEST_SERVER_SSL_CONTEXT)
                 .build();
         client.apply(addServerSSLContext);
+        AddAuthenticationContext addAuthenticationContext
+                = new AddAuthenticationContext.Builder(TEST_AUTHENTICATION_CONTEXT_NAME)
+                .build();
+        client.apply(addAuthenticationContext);
 
         AddDirContext addDirContext = new AddDirContext.Builder(TEST_DIR_CONTEXT_NAME)
                 .url("localhost")
                 .authenticationLevel(AddDirContext.AuthenticationLevel.STRONG)
                 .enableConnectionPooling(false)
                 .principal("test-principal")
                 .referralMode(AddDirContext.ReferralMode.THROW)
+                .authenticationContext(TEST_AUTHENTICATION_CONTEXT_NAME)
+                .connectionTimeout(10)
+                .readTimeout(20)
                 .sslContext(TEST_SERVER_SSL_CONTEXT)
                 .credentialReference(new CredentialRef.CredentialRefBuilder()
                         .clearText("somePassword")
@@ -90,6 +103,9 @@ public void addFullDirContext() throws Exception {
         checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "enable-connection-pooling", "false");
         checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "principal", "test-principal");
         checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "referral-mode", "THROW");
+        checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "authentication-context", TEST_AUTHENTICATION_CONTEXT_NAME);
+        checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "connection-timeout", "10");
+        checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "read-timeout", "20");
         checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "ssl-context", TEST_SERVER_SSL_CONTEXT);
         checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "credential-reference.clear-text", "somePassword");
         checkAttribute(TEST_DIR_CONTEXT_ADDRESS, "properties.property1", "value1");

diff --git a/.../java/org/wildfly/extras/creaper/commands/elytron/domain/AddSecurityDomainOnlineTest.java b/.../java/org/wildfly/extras/creaper/commands/elytron/domain/AddSecurityDomainOnlineTest.java
@@ -127,11 +127,21 @@ public class AddSecurityDomainOnlineTest extends AbstractElytronOnlineTest {
                     .build())
             .build();
 
+    private static final String TEST_SECURITY_DOMAIN_NAME4 = "CreaperTestSecurityDomain4";
+    private static final Address TEST_SECURITY_DOMAIN_ADDRESS4 = SUBSYSTEM_ADDRESS
+            .and("security-domain", TEST_SECURITY_DOMAIN_NAME4);
+    private final AddSecurityDomain addSecurityDomain4 = new AddSecurityDomain.Builder(TEST_SECURITY_DOMAIN_NAME4)
+            .defaultRealm(TEST_FILESYSTEM_REALM_NAME)
+            .realms(new AddSecurityDomain.RealmBuilder(TEST_FILESYSTEM_REALM_NAME)
+                    .build())
+            .build();
+
     @After
     public void cleanup() throws Exception {
         ops.removeIfExists(TEST_SECURITY_DOMAIN_ADDRESS);
         ops.removeIfExists(TEST_SECURITY_DOMAIN_ADDRESS2);
         ops.removeIfExists(TEST_SECURITY_DOMAIN_ADDRESS3);
+        ops.removeIfExists(TEST_SECURITY_DOMAIN_ADDRESS4);
         ops.removeIfExists(TEST_FILESYSTEM_REALM_ADDRESS);
         ops.removeIfExists(TEST_FILESYSTEM_REALM_ADDRESS2);
         ops.removeIfExists(TEST_SIMPLE_PERMISSION_MAPPER_ADDRESS);
@@ -197,6 +207,7 @@ public void addFullSecurityDomain() throws Exception {
         client.apply(addSimpleRoleDecoder);
         client.apply(addSimpleRoleDecoder2);
         client.apply(addSecurityDomain3);
+        client.apply(addSecurityDomain4);
         AddSecurityDomain addSecurityDomain2 = new AddSecurityDomain.Builder(TEST_SECURITY_DOMAIN_NAME2)
                 .defaultRealm(TEST_FILESYSTEM_REALM_NAME2)
                 .realms(new AddSecurityDomain.RealmBuilder(TEST_FILESYSTEM_REALM_NAME2)
@@ -213,6 +224,8 @@ public void addFullSecurityDomain() throws Exception {
                 .realmMapper(TEST_SIMPLE_REGEX_REALM_MAPPER_NAME)
                 .roleMapper(TEST_CONSTANT_ROLE_MAPPER_NAME)
                 .trustedSecurityDomains(TEST_SECURITY_DOMAIN_NAME2, TEST_SECURITY_DOMAIN_NAME3)
+                .outflowAnonymous(true)
+                .outflowSecurityDomains(TEST_SECURITY_DOMAIN_NAME3, TEST_SECURITY_DOMAIN_NAME4)
                 .realms(new AddSecurityDomain.RealmBuilder(TEST_FILESYSTEM_REALM_NAME)
                         .principalTransformer(TEST_CONSTANT_PRINCIPAL_TRANSFORMER_NAME)
                         .roleDecoder(TEST_SIMPLE_ROLE_DECODER_NAME)
@@ -239,6 +252,9 @@ public void addFullSecurityDomain() throws Exception {
         checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "role-mapper", TEST_CONSTANT_ROLE_MAPPER_NAME);
         checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "trusted-security-domains[0]", TEST_SECURITY_DOMAIN_NAME2);
         checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "trusted-security-domains[1]", TEST_SECURITY_DOMAIN_NAME3);
+        checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "outflow-anonymous", "true");
+        checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "outflow-security-domains[0]", TEST_SECURITY_DOMAIN_NAME3);
+        checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "outflow-security-domains[1]", TEST_SECURITY_DOMAIN_NAME4);
 
         checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "realms[0].realm", TEST_FILESYSTEM_REALM_NAME);
         checkAttribute(TEST_SECURITY_DOMAIN_ADDRESS, "realms[0].principal-transformer",