Merge pull request wildfly#17693 from xstefank/WFLY-19098

WFLY-19098 galleon: custom provisioning creates unsecured http-invoker
jasondlee · Mar 8, 2024 · 4b5cf0e · 4b5cf0e
2 parents 03342eb + d122aa7
commit 4b5cf0e
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 0 deletions.
diff --git a/...ature-pack/galleon-shared/src/main/resources/feature_groups/undertow-elytron-security.xml b/...ature-pack/galleon-shared/src/main/resources/feature_groups/undertow-elytron-security.xml
@@ -12,4 +12,7 @@
             <param name="security-domain" value="ApplicationDomain"/>
         </feature>
     </feature>
+
+    <feature-group name="application-http-basic"/>
+    <feature-group name="undertow-http-invoker"/>
 </feature-group-spec>
diff --git a/testsuite/integration/clustering/pom.xml b/testsuite/integration/clustering/pom.xml
@@ -2495,6 +2495,31 @@
                             </execution>
                         </executions>
                     </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-resources-plugin</artifactId>
+                        <executions>
+                            <!-- Copy users and roles config from shared resources. -->
+                            <execution>
+                                <id>ejb-lite.ts.config-as.copy-mgmt-users</id>
+                                <phase>process-test-classes</phase>
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <inherited>true</inherited>
+                                <configuration>
+                                    <outputDirectory>${project.build.directory}/wildfly-clustering-ejb/standalone/configuration</outputDirectory>
+                                    <overwrite>true</overwrite>
+                                    <resources>
+                                        <resource>
+                                            <directory>../../shared/src/main/resources</directory>
+                                            <includes><include>*.properties</include></includes>
+                                        </resource>
+                                    </resources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
         </profile>

diff --git a/.../test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredElytronTestCase.java b/.../test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredElytronTestCase.java
@@ -0,0 +1,19 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.jboss.as.test.smoke.web.httpinvoker;
+
+import org.jboss.dmr.ModelNode;
+import org.junit.Assert;
+
+public class HTTPInvokerSecuredElytronTestCase extends HTTPInvokerSecuredTestCase {
+
+    @Override
+    protected void validateOperation(ModelNode operationResult) {
+        Assert.assertEquals("The http-authentication-factory should be set",
+            "application-http-authentication", operationResult.get("http-authentication-factory").asString());
+        Assert.assertFalse("The security-realm should be undefined",
+            operationResult.get("security-realm").isDefined());
+    }
+}
diff --git a/...web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredTestCase.java b/...web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredTestCase.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.jboss.as.test.smoke.web.httpinvoker;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.container.test.api.RunAsClient;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.as.arquillian.api.ContainerResource;
+import org.jboss.as.arquillian.container.ManagementClient;
+import org.jboss.as.controller.client.helpers.Operations;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
+import org.jboss.dmr.ModelNode;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(Arquillian.class)
+@RunAsClient
+public abstract class HTTPInvokerSecuredTestCase {
+
+    @Deployment
+    public static Archive<?> getDeployment() {
+        return ShrinkWrap.create(WebArchive.class, "httpinvoker.war");
+    }
+
+    @Test
+    public void testHttpInvokerConfiguration(@ContainerResource ManagementClient managementClient) throws Exception {
+        final ModelNode address = new ModelNode();
+        address.add(ModelDescriptionConstants.SUBSYSTEM, "undertow");
+        address.add(ModelDescriptionConstants.SERVER, "default-server");
+        address.add(ModelDescriptionConstants.HOST, "default-host");
+        address.add("setting", "http-invoker");
+
+        final ModelNode operation = new ModelNode();
+        operation.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.READ_RESOURCE_OPERATION);
+        operation.get(ModelDescriptionConstants.OP_ADDR).set(address);
+
+        final ModelNode result = managementClient.getControllerClient().execute(operation);
+        Assert.assertTrue("Failure to read http-invoker resource: " + result.toString(),
+            Operations.isSuccessfulOutcome(result));
+
+        final ModelNode operationResult = result.get(ModelDescriptionConstants.RESULT);
+        validateOperation(operationResult);
+    }
+
+    protected abstract void validateOperation(ModelNode operationResult);
+}