Merge pull request wildfly-extras#89 from olukas/elytron

Added kerberos-security-factory attribute to authentication-configuration
olukas · May 3, 2017 · bf1d40c · bf1d40c
2 parents 696f426 + 9b7be30
commit bf1d40c
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 22 deletions.
diff --git a/.../extras/creaper/commands/elytron/authenticationclient/AddAuthenticationConfiguration.java b/.../extras/creaper/commands/elytron/authenticationclient/AddAuthenticationConfiguration.java
@@ -29,6 +29,7 @@ public final class AddAuthenticationConfiguration implements OnlineCommand {
     private final String protocol;
     private final String realm;
     private final String securityDomain;
+    private final String kerberosSecurityFactory;
     private final boolean replaceExisting;
 
     private AddAuthenticationConfiguration(Builder builder) {
@@ -47,6 +48,7 @@ private AddAuthenticationConfiguration(Builder builder) {
         this.protocol = builder.protocol;
         this.realm = builder.realm;
         this.securityDomain = builder.securityDomain;
+        this.kerberosSecurityFactory = builder.kerberosSecurityFactory;
         this.replaceExisting = builder.replaceExisting;
     }
 
@@ -82,29 +84,12 @@ public void apply(OnlineCommandContext ctx) throws Exception {
                 .andOptional("security-domain", securityDomain)
                 .andOptional("allow-all-mechanisms", allowAllMechanisms)
                 .andOptional("mechanism-properties", mechanismPropertiesNode)
+                .andOptional("kerberos-security-factory", kerberosSecurityFactory)
                 .andObjectOptional("credential-reference", credentialReferenceValues)
                 .andListOptional(String.class, "allow-sasl-mechanisms", allowSaslMechanisms)
                 .andListOptional(String.class, "forbid-sasl-mechanisms", forbidSaslMechanisms));
     }
 
-    private void addOptional(ModelNode node, String name, String value) {
-        if (value != null && !value.isEmpty()) {
-            node.add(name, value);
-        }
-    }
-
-    private void addOptional(ModelNode node, String name, Boolean value) {
-        if (value != null) {
-            node.add(name, value);
-        }
-    }
-
-    private void addOptional(ModelNode node, String name, Integer value) {
-        if (value != null) {
-            node.add(name, value);
-        }
-    }
-
     public static final class Builder {
 
         private String name;
@@ -122,6 +107,7 @@ public static final class Builder {
         private String protocol;
         private String realm;
         private String securityDomain;
+        private String kerberosSecurityFactory;
         private boolean replaceExisting;
 
         public Builder(String name) {
@@ -219,6 +205,11 @@ public Builder securityDomain(String securityDomain) {
             return this;
         }
 
+        public Builder kerberosSecurityFactory(String kerberosSecurityFactory) {
+            this.kerberosSecurityFactory = kerberosSecurityFactory;
+            return this;
+        }
+
         public Builder replaceExisting() {
             this.replaceExisting = true;
             return this;
@@ -228,10 +219,22 @@ public AddAuthenticationConfiguration build() {
             if (allowAllMechanisms != null && (allowSaslMechanisms != null && !allowSaslMechanisms.isEmpty())) {
                 throw new IllegalArgumentException("Only one of allow-all-mechanisms and allow-sasl-mechanisms can be set.");
             }
-            if ((authenticationName != null && anonymous != null)
-                    || (authenticationName != null && securityDomain != null)
-                    || (anonymous != null && securityDomain != null)) {
-                throw new IllegalArgumentException("Only one of authentication-name, anonymous and security-domain can be set.");
+
+            int authCounter = 0;
+            if (authenticationName != null) {
+                authCounter++;
+            }
+            if (anonymous != null) {
+                authCounter++;
+            }
+            if (securityDomain != null) {
+                authCounter++;
+            }
+            if (kerberosSecurityFactory != null) {
+                authCounter++;
+            }
+            if (authCounter > 1) {
+                throw new IllegalArgumentException("Only one of authentication-name, anonymous, security-domain and kerberos-security-factory can be set.");
             }
             return new AddAuthenticationConfiguration(this);
         }

diff --git a/...eaper/commands/elytron/authenticationclient/AddAuthenticationConfigurationOnlineTest.java b/...eaper/commands/elytron/authenticationclient/AddAuthenticationConfigurationOnlineTest.java
@@ -10,6 +10,7 @@
 import org.junit.runner.RunWith;
 import org.wildfly.extras.creaper.commands.elytron.AbstractElytronOnlineTest;
 import org.wildfly.extras.creaper.commands.elytron.CredentialRef;
+import org.wildfly.extras.creaper.commands.elytron.credfactory.AddKerberosSecurityFactory;
 import org.wildfly.extras.creaper.commands.elytron.domain.AddSecurityDomain;
 import org.wildfly.extras.creaper.commands.elytron.realm.AddFilesystemRealm;
 import org.wildfly.extras.creaper.core.CommandFailedException;
@@ -35,12 +36,22 @@ public class AddAuthenticationConfigurationOnlineTest extends AbstractElytronOnl
             .path("/path/to/filesystem")
             .build();
 
+    private static final String TEST_KRB_FACTORY_NAME = "CreaperTestFilesystemRealm";
+    private static final Address TEST_KRB_FACTORY_ADDRESS = SUBSYSTEM_ADDRESS
+            .and("kerberos-security-factory", TEST_KRB_FACTORY_NAME);
+    private final AddKerberosSecurityFactory addKerberosSecurityFactory
+            = new AddKerberosSecurityFactory.Builder(TEST_KRB_FACTORY_NAME)
+            .principal("somePrincipal")
+            .path("/some/path")
+            .build();
+
     @After
     public void cleanup() throws Exception {
         ops.removeIfExists(TEST_AUTHENTICATION_CONFIGURATION_ADDRESS);
         ops.removeIfExists(TEST_AUTHENTICATION_CONFIGURATION_ADDRESS2);
         ops.removeIfExists(TEST_SECURITY_DOMAIN_ADDRESS);
         ops.removeIfExists(TEST_FILESYSTEM_REALM_ADDRESS);
+        ops.removeIfExists(TEST_KRB_FACTORY_ADDRESS);
         administration.reloadIfRequired();
     }
 
@@ -192,6 +203,26 @@ public void addAuthenticationConfiguration_securityDomain() throws Exception {
         checkAttribute("security-domain", TEST_SECURITY_DOMAIN_NAME);
     }
 
+    @Test
+    public void addAuthenticationConfiguration_kerberosSecurityFactory() throws Exception {
+        client.apply(addFilesystemRealm);
+        client.apply(addKerberosSecurityFactory);
+
+        AddAuthenticationConfiguration addAuthenticationConfiguration
+                = new AddAuthenticationConfiguration.Builder(TEST_AUTHENTICATION_CONFIGURATION_NAME)
+                .credentialReference(new CredentialRef.CredentialRefBuilder()
+                        .clearText("somePassword")
+                        .build())
+                .kerberosSecurityFactory(TEST_KRB_FACTORY_NAME)
+                .build();
+        client.apply(addAuthenticationConfiguration);
+
+        assertTrue("Authentication Configuration should be created",
+                ops.exists(TEST_AUTHENTICATION_CONFIGURATION_ADDRESS));
+
+        checkAttribute("kerberos-security-factory", TEST_KRB_FACTORY_NAME);
+    }
+
     @Test(expected = CommandFailedException.class)
     public void addExistAuthenticationConfigurationNotAllowed() throws Exception {
         AddAuthenticationConfiguration addAuthenticationConfiguration
@@ -314,6 +345,42 @@ public void addAuthenticationConfiguration_anonymousAndSecurityDomain() throws E
         fail("Creating command with both anonymous and securityDomain should throw exception");
     }
 
+    @Test(expected = IllegalArgumentException.class)
+    public void addAuthenticationConfiguration_anonymousAndKerberosSecurityFactory() throws Exception {
+        new AddAuthenticationConfiguration.Builder(TEST_AUTHENTICATION_CONFIGURATION_NAME)
+                .credentialReference(new CredentialRef.CredentialRefBuilder()
+                        .clearText("somePassword")
+                        .build())
+                .anonymous(true)
+                .kerberosSecurityFactory("someKerberosSecurityFactory")
+                .build();
+        fail("Creating command with both anonymous and kerberosSecurityFactory should throw exception");
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void addAuthenticationConfiguration_authenticationNameAndKerberosSecurityFactory() throws Exception {
+        new AddAuthenticationConfiguration.Builder(TEST_AUTHENTICATION_CONFIGURATION_NAME)
+                .credentialReference(new CredentialRef.CredentialRefBuilder()
+                        .clearText("somePassword")
+                        .build())
+                .authenticationName("someAuthenticationName")
+                .kerberosSecurityFactory("someKerberosSecurityFactory")
+                .build();
+        fail("Creating command with both authenticationName and kerberosSecurityFactory should throw exception");
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void addAuthenticationConfiguration_securityDomainAndKerberosSecurityFactory() throws Exception {
+        new AddAuthenticationConfiguration.Builder(TEST_AUTHENTICATION_CONFIGURATION_NAME)
+                .credentialReference(new CredentialRef.CredentialRefBuilder()
+                        .clearText("somePassword")
+                        .build())
+                .securityDomain("someSecurityDomain")
+                .kerberosSecurityFactory("someKerberosSecurityFactory")
+                .build();
+        fail("Creating command with both securityDomain and kerberosSecurityFactory should throw exception");
+    }
+
     private void checkAttribute(String attribute, String expectedValue) throws IOException {
         checkAttribute(TEST_AUTHENTICATION_CONFIGURATION_ADDRESS, attribute, expectedValue);
     }