Merge pull request wildfly#18188 from rhusar/WFLY-19729

WFLY-19729 *TxClientEJBForwardingTestCase fail while trying to configure legacy security-realm and with security manager
jamezp · Jan 24, 2025 · 9d0f1c8 · 9d0f1c8
2 parents f9aa86f + a39d4ff
commit 9d0f1c8
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 28 deletions.
diff --git a/...tering/src/test/java/org/jboss/as/test/clustering/cluster/AbstractClusteringTestCase.java b/...tering/src/test/java/org/jboss/as/test/clustering/cluster/AbstractClusteringTestCase.java
@@ -187,6 +187,10 @@ public void afterTestMethod() throws Exception {
     }
 
     // Node and deployment lifecycle management convenience methods
+
+    /**
+     * @deprecated Use {@link AbstractClusteringTestCase#start(String)} and {@link AbstractClusteringTestCase#start(Set)} instead.
+     */
     @Deprecated
     protected void start(String... containers) {
         start(Set.of(containers));
@@ -204,6 +208,9 @@ protected void start(Set<String> containers) {
         NodeUtil.start(this.controller, containers);
     }
 
+    /**
+     * @deprecated Use {@link AbstractClusteringTestCase#stop(String)} and {@link AbstractClusteringTestCase#stop(Set)} instead.
+     */
     @Deprecated
     protected void stop(String... containers) {
         stop(Set.of(containers));
@@ -225,6 +232,9 @@ protected boolean isStarted(String container) {
         return NodeUtil.isStarted(this.controller, container);
     }
 
+    /**
+     * @deprecated Use {@link AbstractClusteringTestCase#stop(String, int)} and {@link AbstractClusteringTestCase#stop(Set, int)} instead.
+     */
     @Deprecated
     protected void stop(int timeout, String... containers) {
         stop(Set.of(containers), timeout);
@@ -238,6 +248,9 @@ protected void stop(Set<String> containers, int timeout) {
         NodeUtil.stop(this.controller, containers, timeout);
     }
 
+    /**
+     * @deprecated Use {@link AbstractClusteringTestCase#deploy(String)} and {@link AbstractClusteringTestCase#deploy(Set)} instead.
+     */
     @Deprecated
     protected void deploy(String... deployments) {
         deploy(Set.of(deployments));
@@ -255,6 +268,9 @@ protected void deploy(Set<String> deployments) {
         NodeUtil.deploy(this.deployer, deployments);
     }
 
+    /**
+     * @deprecated Use {@link AbstractClusteringTestCase#undeploy(String)} and {@link AbstractClusteringTestCase#undeploy(Set)} instead.
+     */
     @Deprecated
     protected void undeploy(String... deployments) {
         undeploy(Set.of(deployments));

diff --git a/.../jboss/as/test/clustering/cluster/ejb/forwarding/AbstractRemoteEJBForwardingTestCase.java b/.../jboss/as/test/clustering/cluster/ejb/forwarding/AbstractRemoteEJBForwardingTestCase.java
@@ -8,6 +8,7 @@
 import static org.jboss.as.test.shared.PermissionUtils.createPermissionsXmlAsset;
 import static org.junit.Assert.fail;
 
+import java.io.FilePermission;
 import java.net.SocketPermission;
 import java.util.PropertyPermission;
 import java.util.concurrent.Executors;
@@ -28,8 +29,8 @@
 import org.jboss.as.test.clustering.ejb.EJBDirectory;
 import org.jboss.as.test.clustering.ejb.NamingEJBDirectory;
 import org.jboss.as.test.clustering.ejb.RemoteEJBDirectory;
-import org.jboss.as.test.shared.CLIServerSetupTask;
 import org.jboss.as.test.shared.IntermittentFailure;
+import org.jboss.as.test.shared.ManagementServerSetupTask;
 import org.jboss.as.test.shared.TimeoutUtil;
 import org.jboss.ejb.client.EJBClientPermission;
 import org.jboss.logging.Logger;
@@ -76,7 +77,7 @@ public static void beforeClass() {
     private static final Logger logger = Logger.getLogger(AbstractRemoteEJBForwardingTestCase.class);
 
     AbstractRemoteEJBForwardingTestCase(ExceptionSupplier<EJBDirectory, NamingException> directorySupplier, String implementationClass) {
-        super(FOUR_NODES);
+        super(NODE_1_2_3_4);
 
         this.directorySupplier = directorySupplier;
         this.implementationClass = implementationClass;
@@ -109,9 +110,11 @@ public static Archive<?> createForwardingDeployment(String moduleName, boolean t
         // remote outbound connection configuration
         ejbJar.addAsManifestResource(AbstractRemoteEJBForwardingTestCase.class.getPackage(), "jboss-ejb-client.xml", "jboss-ejb-client.xml");
         ejbJar.addAsResource(createPermissionsXmlAsset(
-                new SocketPermission("localhost", "resolve"),
                 new EJBClientPermission("changeWeakAffinity"),
-                new PropertyPermission("jboss.node.name", "read")
+                new FilePermission("<<ALL FILES>>", "read"),
+                new PropertyPermission("jboss.node.name", "read"),
+                new RuntimePermission("getClassLoader"),
+                new SocketPermission("localhost", "resolve")
         ), "META-INF/jboss-permissions.xml");
         return ejbJar;
     }
@@ -138,7 +141,7 @@ public void test() throws Exception {
             // get the correct forwarder deployment on cluster A
             RemoteStatefulSB bean = directory.lookupStateful(implementationClass, RemoteStatefulSB.class);
 
-            // Allow sufficient time for client to receive full topology
+            // Allow enough time for the client to receive full topology
             logger.debug("Waiting for clusters to form.");
             Thread.sleep(FAILURE_FREE_TIME);
 
@@ -150,12 +153,12 @@ public void test() throws Exception {
             // set up the client invocations
             executor.scheduleWithFixedDelay(client, 0, INVOCATION_WAIT, TimeUnit.MILLISECONDS);
 
-            // a few seconds of non-failure behaviour
+            // a few seconds of non-failure behavior
             Thread.sleep(FAILURE_FREE_TIME);
             client.assertNoExceptions("at the beginning of the test");
 
             logger.debugf("------ Shutdown clusterA-node0 -----");
-            stop(GRACEFUL_SHUTDOWN_TIMEOUT, NODE_1);
+            stop(NODE_1, GRACEFUL_SHUTDOWN_TIMEOUT);
             Thread.sleep(SERVER_DOWN_TIME);
             client.assertNoExceptions("after clusterA-node0 was shut down");
 
@@ -165,7 +168,7 @@ public void test() throws Exception {
             client.assertNoExceptions("after clusterA-node0 was brought up");
 
             logger.debug("----- Shutdown clusterA-node1 -----");
-            stop(GRACEFUL_SHUTDOWN_TIMEOUT, NODE_2);
+            stop(NODE_2, GRACEFUL_SHUTDOWN_TIMEOUT);
             Thread.sleep(SERVER_DOWN_TIME);
 
             logger.debug("------ Startup clusterA-node1 -----");
@@ -174,7 +177,7 @@ public void test() throws Exception {
             client.assertNoExceptions("after clusterA-node1 was brought back up");
 
             logger.debug("----- Shutdown clusterB-node0 -----");
-            stop(GRACEFUL_SHUTDOWN_TIMEOUT, NODE_3);
+            stop(NODE_3, GRACEFUL_SHUTDOWN_TIMEOUT);
             Thread.sleep(SERVER_DOWN_TIME);
             client.assertNoExceptions("after clusterB-node0 was shut down");
 
@@ -184,7 +187,7 @@ public void test() throws Exception {
             client.assertNoExceptions("after clusterB-node0 was brought back up");
 
             logger.debug("----- Shutdown clusterB-node1 -----");
-            stop(GRACEFUL_SHUTDOWN_TIMEOUT, NODE_4);
+            stop(NODE_4, GRACEFUL_SHUTDOWN_TIMEOUT);
             Thread.sleep(SERVER_DOWN_TIME);
 
             logger.debug("------ Startup clusterB-node1 -----");
@@ -198,7 +201,7 @@ public void test() throws Exception {
         }
     }
 
-    private class ClientInvocationTask implements Runnable {
+    private static class ClientInvocationTask implements Runnable {
         private final RemoteStatefulSB bean;
         private int expectedSerial;
         private volatile Exception firstException;
@@ -215,7 +218,7 @@ private class ClientInvocationTask implements Runnable {
         void assertNoExceptions(String when) {
             if (firstException != null) {
                 logger.error(firstException);
-                fail("Client threw an exception " + when + ": " + firstException); // Arrays.stream(firstException.getStackTrace()).map(StackTraceElement::toString).collect(Collectors.joining("\n")));
+                fail("Client threw an exception " + when + ": " + firstException);
             }
         }
 
@@ -240,21 +243,30 @@ public void run() {
         }
     }
 
-    public static class ServerSetupTask extends CLIServerSetupTask {
+    public static class ServerSetupTask extends ManagementServerSetupTask {
         public ServerSetupTask() {
-            this.builder
-                    // clusterA is called 'ejb-forwarder'; clusterB uses default name 'ejb'
-                    .node(NODE_1, NODE_2)
-                    .setup("/subsystem=jgroups/channel=ee:write-attribute(name=cluster,value=ejb-forwarder)")
-                    .setup(String.format("/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=binding-remote-ejb-connection:add(host=%s,port=8280)", TESTSUITE_NODE3))
-                    .setup("/core-service=management/security-realm=PasswordRealm:add")
-                    .setup("/core-service=management/security-realm=PasswordRealm/server-identity=secret:add(value=\"cmVtQHRlZWpicGFzc3dkMQ==\")")
-                    .setup("/subsystem=remoting/remote-outbound-connection=remote-ejb-connection:add(outbound-socket-binding-ref=binding-remote-ejb-connection,protocol=http-remoting,security-realm=PasswordRealm,username=remoteejbuser)")
-                    .teardown("/subsystem=remoting/remote-outbound-connection=remote-ejb-connection:remove")
-                    .teardown("/core-service=management/security-realm=PasswordRealm:remove")
-                    .teardown("/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=binding-remote-ejb-connection:remove")
-                    .teardown("/subsystem=jgroups/channel=ee:write-attribute(name=cluster,value=ejb)")
-            ;
+            super(NODE_1_2, createContainerConfigurationBuilder()
+                    .setupScript(createScriptBuilder()
+                            .startBatch()
+                            .add("/subsystem=jgroups/channel=ee:write-attribute(name=cluster, value=ejb-forwarder)")
+                            .add("/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=binding-remote-ejb-connection:add(host=%s, port=8280)", TESTSUITE_NODE3)
+                            // n.b. user/password is configured statically via testsuite/shared/src/main/resources/application-users.properties file.
+                            .add("/subsystem=elytron/authentication-configuration=remote-ejb-configuration:add(authentication-name=remoteejbuser, security-domain=ApplicationDomain, realm=ApplicationRealm, forwarding-mode=authorization, credential-reference={clear-text=rem@teejbpasswd1})")
+                            .add("/subsystem=elytron/authentication-context=remote-ejb-context:add(match-rules=[{authentication-configuration=remote-ejb-configuration, match-protocol=http-remoting}])")
+                            .add("/subsystem=remoting/remote-outbound-connection=remote-ejb-connection:add(outbound-socket-binding-ref=binding-remote-ejb-connection, authentication-context=remote-ejb-context)")
+                            .endBatch()
+                            .build())
+                    .tearDownScript(createScriptBuilder()
+                            .startBatch()
+                            .add("/subsystem=remoting/remote-outbound-connection=remote-ejb-connection:remove")
+                            .add("/subsystem=elytron/authentication-configuration=remote-ejb-configuration:remove")
+                            .add("/subsystem=elytron/authentication-context=remote-ejb-context:remove")
+                            .add("/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=binding-remote-ejb-connection:remove")
+                            .add("/subsystem=jgroups/channel=ee:write-attribute(name=cluster, value=ejb)")
+                            .endBatch()
+                            .build())
+                    .build());
         }
     }
+
 }
diff --git a/...ng/src/test/java/org/jboss/as/test/clustering/cluster/ejb/forwarding/jboss-ejb-client.xml b/...ng/src/test/java/org/jboss/as/test/clustering/cluster/ejb/forwarding/jboss-ejb-client.xml
@@ -4,7 +4,7 @@
   ~ SPDX-License-Identifier: Apache-2.0
   -->
 
-<jboss-ejb-client xmlns="urn:jboss:ejb-client:1.2">
+<jboss-ejb-client xmlns="urn:jboss:ejb-client:1.5">
     <client-context>
         <ejb-receivers>
             <remoting-ejb-receiver outbound-connection-ref="remote-ejb-connection"/>

diff --git a/testsuite/shared/src/main/resources/application-users.properties b/testsuite/shared/src/main/resources/application-users.properties
@@ -6,7 +6,7 @@
 # guest=guest
 # user1=password1
 # user2=password2
-#remoteejbuser=rem@teejbpasswd1
+# remoteejbuser=rem@teejbpasswd1
 guest=b5d048a237bfd2874b6928e1f37ee15e
 user1=23624d2f74dfcb9688651a066d90b97e
 user2=ab3f9e12039435236d89de9023a304b7