From d122aa7b0393e3764f9f58b36085ffc12656d35a Mon Sep 17 00:00:00 2001
From: xstefank <xstefank122@gmail.com>
Date: Wed, 6 Mar 2024 10:03:25 +0100
Subject: [PATCH] WFLY-19098 galleon: custom provisioning creates unsecured
 http-invoker

---
 .../undertow-elytron-security.xml             |  3 ++
 testsuite/integration/clustering/pom.xml      | 25 +++++++++
 .../HTTPInvokerSecuredElytronTestCase.java    | 19 +++++++
 .../HTTPInvokerSecuredTestCase.java           | 52 +++++++++++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredElytronTestCase.java
 create mode 100644 testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredTestCase.java

diff --git a/ee-feature-pack/galleon-shared/src/main/resources/feature_groups/undertow-elytron-security.xml b/ee-feature-pack/galleon-shared/src/main/resources/feature_groups/undertow-elytron-security.xml
index d7a68e66308f..319c2622d611 100644
--- a/ee-feature-pack/galleon-shared/src/main/resources/feature_groups/undertow-elytron-security.xml
+++ b/ee-feature-pack/galleon-shared/src/main/resources/feature_groups/undertow-elytron-security.xml
@@ -12,4 +12,7 @@
             <param name="security-domain" value="ApplicationDomain"/>
         </feature>
     </feature>
+
+    <feature-group name="application-http-basic"/>
+    <feature-group name="undertow-http-invoker"/>
 </feature-group-spec>
diff --git a/testsuite/integration/clustering/pom.xml b/testsuite/integration/clustering/pom.xml
index 8aff5f8839b4..99bb3d36f2cf 100644
--- a/testsuite/integration/clustering/pom.xml
+++ b/testsuite/integration/clustering/pom.xml
@@ -2495,6 +2495,31 @@
                             </execution>
                         </executions>
                     </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-resources-plugin</artifactId>
+                        <executions>
+                            <!-- Copy users and roles config from shared resources. -->
+                            <execution>
+                                <id>ejb-lite.ts.config-as.copy-mgmt-users</id>
+                                <phase>process-test-classes</phase>
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <inherited>true</inherited>
+                                <configuration>
+                                    <outputDirectory>${project.build.directory}/wildfly-clustering-ejb/standalone/configuration</outputDirectory>
+                                    <overwrite>true</overwrite>
+                                    <resources>
+                                        <resource>
+                                            <directory>../../shared/src/main/resources</directory>
+                                            <includes><include>*.properties</include></includes>
+                                        </resource>
+                                    </resources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
         </profile>
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredElytronTestCase.java b/testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredElytronTestCase.java
new file mode 100644
index 000000000000..c8db28375289
--- /dev/null
+++ b/testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredElytronTestCase.java
@@ -0,0 +1,19 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.jboss.as.test.smoke.web.httpinvoker;
+
+import org.jboss.dmr.ModelNode;
+import org.junit.Assert;
+
+public class HTTPInvokerSecuredElytronTestCase extends HTTPInvokerSecuredTestCase {
+
+    @Override
+    protected void validateOperation(ModelNode operationResult) {
+        Assert.assertEquals("The http-authentication-factory should be set",
+            "application-http-authentication", operationResult.get("http-authentication-factory").asString());
+        Assert.assertFalse("The security-realm should be undefined",
+            operationResult.get("security-realm").isDefined());
+    }
+}
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredTestCase.java b/testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredTestCase.java
new file mode 100644
index 000000000000..74a2336b056f
--- /dev/null
+++ b/testsuite/integration/web/src/test/java/org/jboss/as/test/smoke/web/httpinvoker/HTTPInvokerSecuredTestCase.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.jboss.as.test.smoke.web.httpinvoker;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.container.test.api.RunAsClient;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.as.arquillian.api.ContainerResource;
+import org.jboss.as.arquillian.container.ManagementClient;
+import org.jboss.as.controller.client.helpers.Operations;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
+import org.jboss.dmr.ModelNode;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(Arquillian.class)
+@RunAsClient
+public abstract class HTTPInvokerSecuredTestCase {
+
+    @Deployment
+    public static Archive<?> getDeployment() {
+        return ShrinkWrap.create(WebArchive.class, "httpinvoker.war");
+    }
+
+    @Test
+    public void testHttpInvokerConfiguration(@ContainerResource ManagementClient managementClient) throws Exception {
+        final ModelNode address = new ModelNode();
+        address.add(ModelDescriptionConstants.SUBSYSTEM, "undertow");
+        address.add(ModelDescriptionConstants.SERVER, "default-server");
+        address.add(ModelDescriptionConstants.HOST, "default-host");
+        address.add("setting", "http-invoker");
+
+        final ModelNode operation = new ModelNode();
+        operation.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.READ_RESOURCE_OPERATION);
+        operation.get(ModelDescriptionConstants.OP_ADDR).set(address);
+
+        final ModelNode result = managementClient.getControllerClient().execute(operation);
+        Assert.assertTrue("Failure to read http-invoker resource: " + result.toString(),
+            Operations.isSuccessfulOutcome(result));
+
+        final ModelNode operationResult = result.get(ModelDescriptionConstants.RESULT);
+        validateOperation(operationResult);
+    }
+
+    protected abstract void validateOperation(ModelNode operationResult);
+}