Skip to content

Commit

Permalink
[WFLY-18475] helloworld-mutual-ssl-secured Quickstart Common Enhancem…
Browse files Browse the repository at this point in the history 
…ents CY2023Q3
  • Loading branch information
Prarthona Paul committed Oct 19, 2023
1 parent e67ac03 commit abb9e1a
Show file tree
Hide file tree
Showing 9 changed files with 479 additions and 41 deletions.
214 changes: 214 additions & 0 deletions .github/workflows/quickstart_helloworld-mutual-ssl-secured_ci.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
name: WildFly helloworld-mutual-ssl-secured Quickstart CI

on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths:
- 'helloworld-mutual-ssl-secured/**'
- '.github/workflows/quickstart_ci.yml'

# Only run the latest job
concurrency:
group: '${{ github.workflow }} @ ${{ github.ref || github.run_id }}'
cancel-in-progress: true

env:
QUICKSTART_PATH: helloworld-mutual-ssl-secured
TEST_PROVISIONED_SERVER: true
TEST_OPENSHIFT: false

jobs:
Matrix-Setup:
runs-on: ubuntu-latest
outputs:
os: ${{ steps.setup-os-matrix.outputs.os }}
steps:
- id: setup-os-matrix
run: echo 'os=[${{ env.MATRIX_OS }}]' >> $GITHUB_OUTPUT

Test-build-default-matrix:
name: BUILD DEFAULT - JDK${{ matrix.jdk }} - ${{ matrix.os }}
runs-on: ${{ matrix.os }}
needs: Matrix-Setup
strategy:
fail-fast: false
matrix:
jdk: [11, 17]
os: ${{ fromJSON(needs.Matrix-Setup.outputs.os) }}
steps:
- uses: actions/checkout@v4
with:
path: quickstarts
- name: Set up JDK ${{ matrix.jdk }}
uses: actions/setup-java@v3
with:
java-version: ${{ matrix.jdk }}
distribution: 'temurin'
cache: 'maven'
- name: Run before script
env:
FILE: "./quickstarts/.github/workflows/quickstart_${{ env.QUICKSTART_PATH }}_ci_before.sh"
run: |
if test -f $FILE;
then
chmod +x $FILE
bash $FILE
fi
shell: bash
- name: Build ${{ env.QUICKSTART_PATH }} Quickstart for Release
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
mvn -U -B -fae clean install -Drelease
shell: bash
- name: Build, run & test ${{ env.QUICKSTART_PATH }} Quickstart with provisioned-server profile
if: ${{ env.TEST_PROVISIONED_SERVER }}
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
echo "Building provisioned server..."
mvn -U -B -fae clean package -Pprovisioned-server
echo "Starting provisioned server..."
mvn -U -B -fae wildfly:start -DjbossHome=target/server -Dstartup-timeout=120
echo "Testing provisioned server..."
mvn -U -B -fae verify -Dserver.host=${{ env.SERVER_PROVISIONING_SERVER_HOST }} -Pintegration-testing
echo "Shutting down provisioned server..."
mvn -U -B -fae wildfly:shutdown
shell: bash
- name: Build, run & test ${{ env.QUICKSTART_PATH }} Quickstart with bootable-jar profile
if: ${{ env.TEST_BOOTABLE_JAR }}
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
echo "Building bootable jar..."
mvn -U -B -fae clean package -Pbootable-jar
echo "Starting bootable jar..."
mvn -U -B -fae wildfly-jar:start -Djar-file-name=target/${{ env.QUICKSTART_PATH }}-bootable.jar -Dstartup-timeout=120
echo "Testing bootable jar..."
mvn -U -B -fae verify -Dserver.host=${{ env.SERVER_PROVISIONING_SERVER_HOST }} -Pintegration-testing
echo "Shutting down bootable jar..."
mvn -U -B -fae wildfly-jar:shutdown
shell: bash
- name: Build ${{ env.QUICKSTART_PATH }} Quickstart with openshift profile
if: ${{ env.TEST_OPENSHIFT }}
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
mvn -U -B -fae clean package -Popenshift
shell: bash
- name: Run after script
env:
FILE: "./quickstarts/.github/workflows/quickstart_${{ env.QUICKSTART_PATH }}_ci_after.sh"
run: |
if test -f $FILE;
then
chmod +x $FILE
bash $FILE
fi
shell: bash
- uses: actions/upload-artifact@v3
if: failure()
with:
name: surefire-reports-JDK${{ matrix.jdk }}-${{ matrix.os }}
path: 'quickstarts/${{ env.QUICKSTART_PATH }}/**/surefire-reports/*.txt'

# Use the shared-wildfly-build workflow to have a consistent WildFly build. Note the branch names MUST match what
# is used in WildFly.
WildFly-build:
uses: wildfly/wildfly/.github/workflows/shared-wildfly-build.yml@main
with:
wildfly-branch: ${{ github.base_ref }}
wildfly-repo: "wildfly/wildfly"

Test-build-with-deps-matrix:
name: BUILD WITH DEPS - JDK${{ matrix.jdk }} - ${{ matrix.os }}
runs-on: ${{ matrix.os }}
needs: [Matrix-Setup, WildFly-build]
strategy:
fail-fast: false
matrix:
jdk: [11, 17]
os: ${{ fromJSON(needs.Matrix-Setup.outputs.os) }}
steps:
- uses: actions/checkout@v4
with:
path: quickstarts
- uses: actions/download-artifact@v3
with:
name: wildfly-maven-repository
path: .
- name: Extract Maven Repo
shell: bash
run: tar -xzf wildfly-maven-repository.tar.gz -C ~
- name: Set up JDK ${{ matrix.jdk }}
uses: actions/setup-java@v3
with:
java-version: ${{ matrix.jdk }}
distribution: 'temurin'
cache: 'maven'
- name: Run before script
env:
FILE: "./quickstarts/.github/workflows/quickstart_${{ env.QUICKSTART_PATH }}_ci_before.sh"
run: |
if test -f $FILE;
then
chmod +x $FILE
bash $FILE
fi
shell: bash
- name: Build Quickstart for Release with built Server version
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
mvn -U -B -fae clean package -Drelease -Dversion.server=${{ needs.wildfly-build.outputs.wildfly-version }}
shell: bash
- name: Build, run & test ${{ env.QUICKSTART_PATH }} Quickstart with provisioned-server profile, and built Server version
if: ${{ env.TEST_PROVISIONED_SERVER }}
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
echo "Building provisioned server..."
mvn -U -B -fae clean package -Pprovisioned-server -Dversion.server=${{ needs.wildfly-build.outputs.wildfly-version }}
echo "Starting provisioned server..."
mvn -U -B -fae wildfly:start -DjbossHome=target/server -Dstartup-timeout=120
echo "Testing provisioned server..."
mvn -U -B -fae verify -Dserver.host=${{ env.SERVER_PROVISIONING_SERVER_HOST }} -Pintegration-testing
echo "Shutting down provisioned server..."
mvn -U -B -fae wildfly:shutdown
shell: bash
- name: Build, run & test ${{ env.QUICKSTART_PATH }} Quickstart with bootable-jar profile, and built Server version
if: ${{ env.TEST_BOOTABLE_JAR }}
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
echo "Building bootable jar..."
mvn -U -B -fae clean package -Pbootable-jar -Dversion.server=${{ needs.wildfly-build.outputs.wildfly-version }}
echo "Starting bootable jar..."
mvn -U -B -fae wildfly-jar:start -Djar-file-name=target/${{ env.QUICKSTART_PATH }}-bootable.jar -Dstartup-timeout=120
echo "Testing bootable jar..."
mvn -U -B -fae verify -Dserver.host=${{ env.SERVER_PROVISIONING_SERVER_HOST }} -Pintegration-testing
echo "Shutting down bootable jar..."
mvn -U -B -fae wildfly-jar:shutdown
shell: bash
- name: Build ${{ env.QUICKSTART_PATH }} Quickstart with openshift profile, and built Server version
if: ${{ env.TEST_OPENSHIFT }}
run: |
cd quickstarts
cd ${{ env.QUICKSTART_PATH }}
mvn -U -B -fae clean package -Popenshift -Dversion.server=${{ needs.wildfly-build.outputs.wildfly-version }}
shell: bash
- name: Run after script
env:
FILE: "./quickstarts/.github/workflows/quickstart_${{ env.QUICKSTART_PATH }}_ci_after.sh"
run: |
if test -f $FILE;
then
chmod +x $FILE
bash $FILE
fi
shell: bash
- uses: actions/upload-artifact@v3
if: failure()
with:
name: surefire-reports-JDK${{ matrix.jdk }}-${{ matrix.os }}
path: 'quickstarts/**/surefire-reports/*.txt'
82 changes: 48 additions & 34 deletions ejb-security-context-propagation/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,14 @@
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
</dependency>

<!-- Import the Servlet API, we use provided scope as the API is included in the server -->
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
<groupId>org.jboss.ejb3</groupId>
<artifactId>jboss-ejb3-ext-api</artifactId>
Expand All @@ -149,39 +157,45 @@
<build>
<!-- Set the name of the WAR, used as the context root when the app is deployed -->
<finalName>${project.artifactId}</finalName>
<plugins>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-ejb-plugin</artifactId>
<configuration>
<ejbVersion>3.2</ejbVersion>
<generateClient>true</generateClient>
</configuration>
</plugin>
<!-- Add the Maven exec plug-in to allow us to run a Java program via Maven -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<executable>java</executable>
<workingDirectory>${project.build.directory}/exec-working-directory</workingDirectory>
<arguments>
<!-- automatically creates the classpath using all project dependencies,
also adding the project build directory -->
<argument>-classpath</argument>
<classpath></classpath>
<argument>org.jboss.as.quickstarts.ejb_security_context_propagation.RemoteClient</argument>
</arguments>
</configuration>
<executions>
<execution>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-ejb-plugin</artifactId>
<configuration>
<ejbVersion>3.2</ejbVersion>
<generateClient>true</generateClient>
</configuration>
</plugin>
<!-- Add the Maven exec plug-in to allow us to run a Java program via Maven -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<executable>java</executable>
<workingDirectory>${project.build.directory}/exec-working-directory</workingDirectory>
<arguments>
<!-- automatically creates the classpath using all project dependencies,
also adding the project build directory -->
<argument>-classpath</argument>
<classpath></classpath>
<argument>org.jboss.as.quickstarts.ejb_security_context_propagation.RemoteClient</argument>
</arguments>
</configuration>
<executions>
<execution>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-maven-plugin</artifactId>
<version>${version.plugin.wildfly}</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
6 changes: 6 additions & 0 deletions helloworld-mutual-ssl-secured/README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,8 @@ dzXZz0EjjWCPJk+LVEhEvH0GcWAp3x3irpNU4hRZLd0XomY0Z4NnUt7VMBNYDOxVxgT9qcLnEaEpIfYU
ynfnMaOxI67FC2QzhfzERyKqHj47WuwN0xWbS/1gBypS2nUwvItyxaEQG2X5uQY8j8QoY9wcMzIIkP2Mk14gJGHUnA8=
----

// Server Distribution Testing
include::../shared-doc/run-integration-tests-with-server-distribution.adoc[leveloffset=+2]
// Undeploy the Quickstart
include::../shared-doc/undeploy-the-quickstart.adoc[leveloffset=+1]

Expand Down Expand Up @@ -346,6 +348,10 @@ After you are done with this quickstart, remember to remove the certificate that

// Run the Quickstart in Red Hat CodeReady Studio or Eclipse
include::../shared-doc/run-the-quickstart-in-jboss-developer-studio.adoc[leveloffset=+1]
// Build and run sections for other environments/builds
ifndef::ProductRelease,EAPXPRelease[]
include::../shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc[leveloffset=+1]
endif::[]

// Additional Red Hat CodeReady Studio instructions
* Make sure you configure the keystores and client certificates as described under xref:set_up_client_keystore_using_java_keytool[Set Up the Client Keystore Using Java Keytool].
Expand Down
39 changes: 39 additions & 0 deletions helloworld-mutual-ssl-secured/certs.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/bin/sh

# Generate a self-signed keystore with the specified DN fields
expect <<EOF
set timeout 10
spawn keytool -genkey -keystore client.keystore -storepass secret -validity 365 -keyalg RSA -keysize 2048 -storetype pkcs12
expect "What is your first and last name?"
send "quickstartUser\r"
expect "What is the name of your organizational unit?"
send "Sales\r"
expect "What is the name of your organization?"
send "My Organization\r"
expect "What is the name of your City or Locality?"
send "Sao Paulo\r"
expect "What is the name of your State or Province?"
send "Sao Paulo\r"
expect "What is the two-letter country code for this unit?"
send "BR\r"
expect "Is CN=quickstartUser, OU=Sales, O=My Organization, L=Sao Paulo, ST=Sao Paulo, C=BR correct?"
send "yes\r"
expect eof
EOF

# Export the certificate
keytool -exportcert -keystore client.keystore -storetype pkcs12 -storepass secret -keypass secret -file client.crt

# Import the certificate into a truststore
expect <<EOF
set timeout 10
spawn keytool -import -file client.crt -alias quickstartUser -keystore client.truststore -storepass secret
expect "Trust this certificate? [no]: "
send "yes\r"
expect eof
EOF

# Create a new PKCS12 keystore with the same certificate
keytool -importkeystore -srckeystore client.keystore -srcstorepass secret -destkeystore clientCert.p12 -srcstoretype PKCS12 -deststoretype PKCS12 -deststorepass secret
19 changes: 19 additions & 0 deletions helloworld-mutual-ssl-secured/configure-certs.cli
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#configure a key-store in the Elytron subsystem. The path to the keystore file doesn’t actually have to exist yet.
/subsystem=elytron/key-store=mutualKS:add(path=clientCert.P12, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)

#generate a new key pair which will be used later to extract the certificate. This is an RSA key of size 1024. CN must be quickstartUser for the key
/subsystem=elytron/key-store=mutualKS:generate-key-pair(alias=example, algorithm=RSA, key-size=2048, validity=365, credential-reference={clear-text=secret}, distinguished-name="CN=quickstartUser")

#Export the certificate to a file
/subsystem=elytron/key-store=mutualKS:export-certificate(alias=example, path=clientCert.crt, relative-to=jboss.server.config.dir, pem=true)

#Create a truststore in the elytron subsystem.
/subsystem=elytron/key-store=mutualTS:add(path=client.keystore, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)

# Import a certificate into a truststore
/subsystem=elytron/key-store=mutualTS:import-certificate(alias=example, path=clientCert.crt, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, trust-cacerts=true, validate=false)

#store the keystore and truststore into keystore files
/subsystem=elytron/key-store=mutualTS:store()
/subsystem=elytron/key-store=mutualKS:store()

Loading

0 comments on commit abb9e1a

Please sign in to comment.