From 9abc7156a84f9f6a4149868a0063717fdae0d1a1 Mon Sep 17 00:00:00 2001 From: Gaurav Gupta Date: Wed, 11 Dec 2019 14:24:16 +0530 Subject: [PATCH 1/2] PAYARA-2598 Fix for multiple Realm Identity Stores registration --- .../java/fish/payara/security/realm/cdi/RealmExtension.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/appserver/security/realm-stores/src/main/java/fish/payara/security/realm/cdi/RealmExtension.java b/appserver/security/realm-stores/src/main/java/fish/payara/security/realm/cdi/RealmExtension.java index 46bbf455967..f8e435f3526 100644 --- a/appserver/security/realm-stores/src/main/java/fish/payara/security/realm/cdi/RealmExtension.java +++ b/appserver/security/realm-stores/src/main/java/fish/payara/security/realm/cdi/RealmExtension.java @@ -164,7 +164,7 @@ private void findRealmIdentityStoreDefinitions(BeanManager beanManager, Proc .scope(ApplicationScoped.class) .beanClass(IdentityStore.class) .types(Object.class, IdentityStore.class) - .addToId(RealmIdentityStore.class) + .addToId(RealmIdentityStore.class + "-" + definition.value()) .create(e -> { RealmIdentityStore mechanism = CDI.current().select(RealmIdentityStore.class).get(); mechanism.setConfiguration(definition); @@ -186,7 +186,7 @@ private void findRealmIdentityStoreDefinitions(BeanManager beanManager, Proc .scope(ApplicationScoped.class) .beanClass(IdentityStore.class) .types(Object.class, IdentityStore.class) - .addToId(RealmIdentityStore.class) + .addToId(RealmIdentityStore.class + "-" + definition.value()) .create(e -> { RealmIdentityStore mechanism = CDI.current().select(RealmIdentityStore.class).get(); mechanism.setConfiguration(definition); From 54760970541b37dcfe6fa1a850a4318cc01bc94a Mon Sep 17 00:00:00 2001 From: Gaurav Gupta Date: Wed, 11 Dec 2019 16:14:15 +0530 Subject: [PATCH 2/2] PAYARA-2598 Testcases for multiple Realm Identity Stores Signed-off-by: Gaurav Gupta --- appserver/tests/payara-samples/pom.xml | 2 + .../samples/realm-identity-stores/pom.xml | 1 - .../MultipleRealmIdentityStoreAppConfig.java | 60 +++++++++ ...tipleRealmIdentityStoreDefinitionTest.java | 127 ++++++++++++++++++ .../src/test/resources/addUsersPayara.txt | 3 +- .../fish/payara/samples/ServerOperations.java | 28 ++++ 6 files changed, 219 insertions(+), 2 deletions(-) create mode 100644 appserver/tests/payara-samples/samples/realm-identity-stores/src/main/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreAppConfig.java create mode 100644 appserver/tests/payara-samples/samples/realm-identity-stores/src/test/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreDefinitionTest.java diff --git a/appserver/tests/payara-samples/pom.xml b/appserver/tests/payara-samples/pom.xml index a751116dedd..3846c9db4da 100644 --- a/appserver/tests/payara-samples/pom.xml +++ b/appserver/tests/payara-samples/pom.xml @@ -71,6 +71,7 @@ jakarta.platform jakarta.jakartaee-api + ${jakartaee.api.version} provided @@ -296,6 +297,7 @@ jakarta.annotation jakarta.annotation-api + ${jakarta.annotation-api.version} diff --git a/appserver/tests/payara-samples/samples/realm-identity-stores/pom.xml b/appserver/tests/payara-samples/samples/realm-identity-stores/pom.xml index 577d5db5fb5..40d880651e9 100644 --- a/appserver/tests/payara-samples/samples/realm-identity-stores/pom.xml +++ b/appserver/tests/payara-samples/samples/realm-identity-stores/pom.xml @@ -61,7 +61,6 @@ made subject to such option by the copyright holder. --> org.glassfish.jersey.core jersey-client test - 2.29.payara-p2 diff --git a/appserver/tests/payara-samples/samples/realm-identity-stores/src/main/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreAppConfig.java b/appserver/tests/payara-samples/samples/realm-identity-stores/src/main/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreAppConfig.java new file mode 100644 index 00000000000..fe0eabd5512 --- /dev/null +++ b/appserver/tests/payara-samples/samples/realm-identity-stores/src/main/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreAppConfig.java @@ -0,0 +1,60 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) [2019] Payara Foundation and/or its affiliates. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can + * obtain a copy of the License at + * https://github.com/payara/Payara/blob/master/LICENSE.txt + * See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at glassfish/legal/LICENSE.txt. + * + * GPL Classpath Exception: + * The Payara Foundation designates this particular file as subject to the "Classpath" + * exception as provided by the Payara Foundation in the GPL Version 2 section of the License + * file that accompanied this code. + * + * Modifications: + * If applicable, add the following below the License Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyright [year] [name of copyright owner]" + * + * Contributor(s): + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package fish.payara.samples.realm.identity.store; + +import static fish.payara.samples.realm.identity.store.common.AuthoritiesConstants.ADMIN; +import static fish.payara.samples.realm.identity.store.common.AuthoritiesConstants.USER; +import fish.payara.security.annotations.RealmIdentityStoreDefinition; +import javax.annotation.security.DeclareRoles; +import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition; +import javax.ws.rs.ApplicationPath; +import javax.ws.rs.core.Application; + +/** + * + * @author Gaurav Gupta + */ +@DeclareRoles({ADMIN, USER}) +@ApplicationPath("resources") +@BasicAuthenticationMechanismDefinition +@RealmIdentityStoreDefinition("file") +@RealmIdentityStoreDefinition("new-file-realm") +public class MultipleRealmIdentityStoreAppConfig extends Application { +} diff --git a/appserver/tests/payara-samples/samples/realm-identity-stores/src/test/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreDefinitionTest.java b/appserver/tests/payara-samples/samples/realm-identity-stores/src/test/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreDefinitionTest.java new file mode 100644 index 00000000000..93edf8e54da --- /dev/null +++ b/appserver/tests/payara-samples/samples/realm-identity-stores/src/test/java/fish/payara/samples/realm/identity/store/MultipleRealmIdentityStoreDefinitionTest.java @@ -0,0 +1,127 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2019 Payara Foundation and/or its affiliates. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can + * obtain a copy of the License at + * https://github.com/payara/Payara/blob/master/LICENSE.txt + * See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at glassfish/legal/LICENSE.txt. + * + * GPL Classpath Exception: + * The Payara Foundation designates this particular file as subject to the "Classpath" + * exception as provided by the Payara Foundation in the GPL Version 2 section of the License + * file that accompanied this code. + * + * Modifications: + * If applicable, add the following below the License Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyright [year] [name of copyright owner]" + * + * Contributor(s): + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package fish.payara.samples.realm.identity.store; + +import fish.payara.samples.ServerOperations; +import fish.payara.samples.realm.identity.store.common.AuthoritiesConstants; +import static fish.payara.samples.realm.identity.store.common.AuthoritiesConstants.ADMIN; +import static fish.payara.samples.realm.identity.store.common.AuthoritiesConstants.DEFAULT_PASSWORD; +import static fish.payara.samples.realm.identity.store.common.AuthoritiesConstants.DEFAULT_USER; +import fish.payara.samples.realm.identity.store.common.Person; +import fish.payara.samples.realm.identity.store.common.PersonController; +import fish.payara.samples.realm.identity.store.common.PersonControllerClient; +import static fish.payara.samples.realm.identity.store.common.PersonControllerClientHelper.getBasicPersonControllerClient; +import java.net.URL; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; +import static javax.ws.rs.core.Response.Status.CREATED; +import static javax.ws.rs.core.Response.Status.UNAUTHORIZED; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.arquillian.test.api.ArquillianResource; +import org.jboss.shrinkwrap.api.ArchivePaths; +import static org.jboss.shrinkwrap.api.ShrinkWrap.create; +import org.jboss.shrinkwrap.api.asset.EmptyAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import static org.valid4j.matchers.http.HttpResponseMatchers.hasStatus; + +/** + * @author Gaurav Gupta + */ +@RunWith(Arquillian.class) +public class MultipleRealmIdentityStoreDefinitionTest { + + @ArquillianResource + private URL deploymentUrl; + + private static final String NEW_USER = "RealmTestUser2"; + + private static final Person NEW_INSTANCE = new Person(NEW_USER, "Realm2", "Test"); + + @Deployment(testable = false) + public static WebArchive createDeployment() { + ServerOperations.setupContainerFileIdentityStore("new-file-realm"); + ServerOperations.restartContainer(); + return create(WebArchive.class) + .addClasses( + MultipleRealmIdentityStoreAppConfig.class, + Person.class, + PersonController.class, + AuthoritiesConstants.class + ) + .addAsWebInfResource(EmptyAsset.INSTANCE, ArchivePaths.create("beans.xml")); + } + + @Before + public void addTestUser() { + ServerOperations.addUserToContainerIdentityStore("file", DEFAULT_USER, ADMIN); + ServerOperations.addUserToContainerIdentityStore("new-file-realm", NEW_USER, ADMIN); + } + + @Test + public void testWithCorrectCredentials() throws Exception { + PersonControllerClient client = getBasicPersonControllerClient(deploymentUrl, DEFAULT_USER, DEFAULT_PASSWORD); + Response response = client.createPerson(Person.DEFAULT_INSTANCE); + assertThat(response, hasStatus(CREATED)); + + client = getBasicPersonControllerClient(deploymentUrl, NEW_USER, DEFAULT_PASSWORD); + response = client.createPerson(NEW_INSTANCE); + assertThat(response, hasStatus(CREATED)); + } + + @Test + public void testWithIncorrectCredentials() throws Exception { + PersonControllerClient client = getBasicPersonControllerClient(deploymentUrl, DEFAULT_USER, "invalid_passwd"); + try { + client.createPerson(Person.DEFAULT_INSTANCE); + fail("/api/person could be accessed without proper security credentials"); + } catch (WebApplicationException wae) { + assertNotNull(wae); + assertThat(wae.getResponse(), hasStatus(UNAUTHORIZED)); + } + } + +} diff --git a/appserver/tests/payara-samples/samples/realm-identity-stores/src/test/resources/addUsersPayara.txt b/appserver/tests/payara-samples/samples/realm-identity-stores/src/test/resources/addUsersPayara.txt index 3a0be88818f..251373cd7cf 100644 --- a/appserver/tests/payara-samples/samples/realm-identity-stores/src/test/resources/addUsersPayara.txt +++ b/appserver/tests/payara-samples/samples/realm-identity-stores/src/test/resources/addUsersPayara.txt @@ -1 +1,2 @@ -create-file-user --groups ROLE_ADMIN --passwordfile ${user.dir}/src/test/resources/password.txt test +create-file-user --groups ROLE_ADMIN --passwordfile ${user.dir}/src/test/resources/password.txt RealmTestUser +create-file-user --groups ROLE_ADMIN --passwordfile ${user.dir}/src/test/resources/password.txt --authrealmname new-file-realm RealmTestUser2 diff --git a/appserver/tests/payara-samples/test-utils/src/main/java/fish/payara/samples/ServerOperations.java b/appserver/tests/payara-samples/test-utils/src/main/java/fish/payara/samples/ServerOperations.java index 78ae20f5180..9cf24d87ee7 100644 --- a/appserver/tests/payara-samples/test-utils/src/main/java/fish/payara/samples/ServerOperations.java +++ b/appserver/tests/payara-samples/test-utils/src/main/java/fish/payara/samples/ServerOperations.java @@ -487,6 +487,34 @@ public static void setupContainerJDBCIDigestIdentityStore() { // WildFly ./bin/add-user.sh -a -u u1 -p p1 -g g1 } + public static void setupContainerFileIdentityStore(String fileRealmName) { + + String javaEEServer = System.getProperty("javaEEServer"); + + if ("glassfish-remote".equals(javaEEServer) || "payara-remote".equals(javaEEServer)) { + + System.out.println("Setting up container File identity store for " + javaEEServer); + + List cmd = new ArrayList<>(); + + cmd.add("create-auth-realm"); + cmd.add("--classname"); + cmd.add("com.sun.enterprise.security.auth.realm.file.FileRealm"); + cmd.add("--property"); + cmd.add("jaas-context=fileRealm:file=" + fileRealmName); + cmd.add(fileRealmName); + + CliCommands.payaraGlassFish(cmd); + } else { + if (javaEEServer == null) { + System.out.println("javaEEServer not specified"); + } else { + System.out.println(javaEEServer + " not supported"); + } + } + + } + public static X509Certificate createSelfSignedCertificate(KeyPair keys) { try { Provider provider = new BouncyCastleProvider();