From f91773810073467ef538d498479476d7b488ecfc Mon Sep 17 00:00:00 2001
From: Prarthona Paul <prpaul@redhat.com>
Date: Tue, 10 Oct 2023 15:58:03 -0400
Subject: [PATCH] [WFLY-18475] helloworld-mutual-ssl-secured Quickstart Common
 Enhancements CY2023Q3

---
 ...start_helloworld-mutual-ssl-secured_ci.yml |  21 ++++
 ejb-security-context-propagation/pom.xml      |  82 ++++++++------
 helloworld-mutual-ssl-secured/README.adoc     |  29 ++---
 helloworld-mutual-ssl-secured/certs.sh        |  39 +++++++
 .../configure-certs.cli                       |  19 ++++
 helloworld-mutual-ssl-secured/pom.xml         | 104 +++++++++++++++++-
 .../restore-certs.cli                         |   8 ++
 .../helloworld/BasicRuntimeIT.java            |  59 ++++++++++
 .../helloworld_mutual_ssl/BasicRuntimeIT.java |  59 ++++++++++
 helloworld/pom.xml                            |   1 -
 shared-doc/add-application-user.adoc          |   4 +
 ...he-quickstart-with-provisioned-server.adoc |  12 ++
 ...gration-tests-with-provisioned-server.adoc |  11 +-
 13 files changed, 385 insertions(+), 63 deletions(-)
 create mode 100644 .github/workflows/quickstart_helloworld-mutual-ssl-secured_ci.yml
 create mode 100755 helloworld-mutual-ssl-secured/certs.sh
 create mode 100644 helloworld-mutual-ssl-secured/configure-certs.cli
 create mode 100644 helloworld-mutual-ssl-secured/restore-certs.cli
 create mode 100644 helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld/BasicRuntimeIT.java
 create mode 100644 helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld_mutual_ssl/BasicRuntimeIT.java

diff --git a/.github/workflows/quickstart_helloworld-mutual-ssl-secured_ci.yml b/.github/workflows/quickstart_helloworld-mutual-ssl-secured_ci.yml
new file mode 100644
index 0000000000..59000db7b6
--- /dev/null
+++ b/.github/workflows/quickstart_helloworld-mutual-ssl-secured_ci.yml
@@ -0,0 +1,21 @@
+name: WildFly helloworld-mutual-ssl-secured Quickstart CI
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths:
+      - 'helloworld-mutual-ssl-secured/**'
+      - '.github/workflows/quickstart_ci.yml'
+
+# Only run the latest job
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.ref || github.run_id }}'
+  cancel-in-progress: true
+
+jobs:
+  call-quickstart_ci:
+    uses: ./.github/workflows/quickstart_ci.yml
+    with:
+      QUICKSTART_PATH: helloworld-mutual-ssl-secured
+      TEST_PROVISIONED_SERVER: true
+      TEST_OPENSHIFT: false
\ No newline at end of file
diff --git a/ejb-security-context-propagation/pom.xml b/ejb-security-context-propagation/pom.xml
index 151676346f..829a47c0c0 100644
--- a/ejb-security-context-propagation/pom.xml
+++ b/ejb-security-context-propagation/pom.xml
@@ -134,6 +134,14 @@
             <groupId>jakarta.annotation</groupId>
             <artifactId>jakarta.annotation-api</artifactId>
         </dependency>
+
+        <!-- Import the Servlet API, we use provided scope as the API is included in the server -->
+        <dependency>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        
         <dependency>
             <groupId>org.jboss.ejb3</groupId>
             <artifactId>jboss-ejb3-ext-api</artifactId>
@@ -149,39 +157,45 @@
     <build>
         <!-- Set the name of the WAR, used as the context root when the app is deployed -->
         <finalName>${project.artifactId}</finalName>
-        <plugins>
-
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-ejb-plugin</artifactId>
-                <configuration>
-                    <ejbVersion>3.2</ejbVersion>
-                    <generateClient>true</generateClient>
-                </configuration>
-            </plugin>
-            <!-- Add the Maven exec plug-in to allow us to run a Java program via Maven -->
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>exec-maven-plugin</artifactId>
-                <configuration>
-                    <executable>java</executable>
-                    <workingDirectory>${project.build.directory}/exec-working-directory</workingDirectory>
-                    <arguments>
-                        <!-- automatically creates the classpath using all project dependencies,
-                                      also adding the project build directory -->
-                        <argument>-classpath</argument>
-                        <classpath></classpath>
-                        <argument>org.jboss.as.quickstarts.ejb_security_context_propagation.RemoteClient</argument>
-                    </arguments>
-                </configuration>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>exec</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-ejb-plugin</artifactId>
+                    <configuration>
+                        <ejbVersion>3.2</ejbVersion>
+                        <generateClient>true</generateClient>
+                    </configuration>
+                </plugin>
+                <!-- Add the Maven exec plug-in to allow us to run a Java program via Maven -->
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>exec-maven-plugin</artifactId>
+                    <configuration>
+                        <executable>java</executable>
+                        <workingDirectory>${project.build.directory}/exec-working-directory</workingDirectory>
+                        <arguments>
+                            <!-- automatically creates the classpath using all project dependencies,
+                                        also adding the project build directory -->
+                            <argument>-classpath</argument>
+                            <classpath></classpath>
+                            <argument>org.jboss.as.quickstarts.ejb_security_context_propagation.RemoteClient</argument>
+                        </arguments>
+                    </configuration>
+                    <executions>
+                        <execution>
+                            <goals>
+                                <goal>exec</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
+                <plugin>
+                  <groupId>org.wildfly.plugins</groupId>
+                  <artifactId>wildfly-maven-plugin</artifactId>
+                  <version>${version.plugin.wildfly}</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
     </build>
 </project>
diff --git a/helloworld-mutual-ssl-secured/README.adoc b/helloworld-mutual-ssl-secured/README.adoc
index 1dfbfdeab7..a498d03d4d 100644
--- a/helloworld-mutual-ssl-secured/README.adoc
+++ b/helloworld-mutual-ssl-secured/README.adoc
@@ -231,7 +231,7 @@ It maps the `client_cert_domain` from the quickstart application to the `http-au
 [[test_the_server_ssl_configuration]]
 == Test the Server TLS Configuration
 
-To test the TLS configuration, access: https://localhost:8443
+To test the TLS configuration, start {productName} and access: https://localhost:8443
 
 If it is configured correctly, you should be asked to trust the server certificate.
 
@@ -290,6 +290,8 @@ dzXZz0EjjWCPJk+LVEhEvH0GcWAp3x3irpNU4hRZLd0XomY0Z4NnUt7VMBNYDOxVxgT9qcLnEaEpIfYU
 ynfnMaOxI67FC2QzhfzERyKqHj47WuwN0xWbS/1gBypS2nUwvItyxaEQG2X5uQY8j8QoY9wcMzIIkP2Mk14gJGHUnA8=
 ----
 
+// Server Distribution Testing
+include::../shared-doc/run-integration-tests-with-server-distribution.adoc[leveloffset=+2]
 // Undeploy the Quickstart
 include::../shared-doc/undeploy-the-quickstart.adoc[leveloffset=+1]
 
@@ -344,26 +346,11 @@ After you are done with this quickstart, remember to remove the certificate that
 . Select the *quickstartUser* certificate and click the *Delete* button.
 . The certificate has now been removed from the Mozilla Firefox browser.
 
-// Run the Quickstart in Red Hat CodeReady Studio or Eclipse
-include::../shared-doc/run-the-quickstart-in-jboss-developer-studio.adoc[leveloffset=+1]
-
-// Additional Red Hat CodeReady Studio instructions
-* Make sure you configure the keystores and client certificates as described under xref:set_up_client_keystore_using_java_keytool[Set Up the Client Keystore Using Java Keytool].
-* Depending on the browser you choose, make sure you either xref:import_the_client_certificate_into_google_chrome[import the certificate into Google Chrome] or xref:import_the_client_certificate_into_mozilla_firefox[import the certificate into Mozilla Firefox].
-* Make sure you configure the server by running the JBoss CLI commands as described above under xref:configure_the_server[Configure the Server]. Stop the server at the end of that step.
-* In {JBDSProductName}, choose *Window* –> *Web Browser*, then select the browser you chose to import the certificate.
-* To deploy the application, right-click on the *{artifactId}* project and choose *Run As* –> *Run on Server*.
-* Make sure you xref:restore_the_server_configuration[restore the {productName} server configuration] when you have completed testing this quickstart.
-
-// Debug the Application
-include::../shared-doc/debug-the-application.adoc[leveloffset=+1]
-
-//*************************************************
-// Product Release content only
-//*************************************************
-ifdef::ProductRelease[]
+// Build and run sections for other environments/builds
+ifndef::ProductRelease,EAPXPRelease[]
+:server_provisioning_server_host: https://localhost:8443
+include::../shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc[leveloffset=+1]
+endif::[]
 
 // Quickstart not compatible with OpenShift
 include::../shared-doc/openshift-incompatibility.adoc[leveloffset=+1]
-
-endif::[]
diff --git a/helloworld-mutual-ssl-secured/certs.sh b/helloworld-mutual-ssl-secured/certs.sh
new file mode 100755
index 0000000000..46df48a641
--- /dev/null
+++ b/helloworld-mutual-ssl-secured/certs.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# Generate a self-signed keystore with the specified DN fields
+expect <<EOF
+set timeout 10
+spawn keytool -genkey -keystore client.keystore -storepass secret -validity 365 -keyalg RSA -keysize 2048 -storetype pkcs12
+
+expect "What is your first and last name?"
+send "quickstartUser\r"
+expect "What is the name of your organizational unit?"
+send "Sales\r"
+expect "What is the name of your organization?"
+send "My Organization\r"
+expect "What is the name of your City or Locality?"
+send "Sao Paulo\r"
+expect "What is the name of your State or Province?"
+send "Sao Paulo\r"
+expect "What is the two-letter country code for this unit?"
+send "BR\r"
+expect "Is CN=quickstartUser, OU=Sales, O=My Organization, L=Sao Paulo, ST=Sao Paulo, C=BR correct?"
+send "yes\r"
+expect eof
+EOF
+
+# Export the certificate
+keytool -exportcert -keystore client.keystore  -storetype pkcs12 -storepass secret -keypass secret -file client.crt
+
+# Import the certificate into a truststore
+expect <<EOF
+set timeout 10
+spawn keytool -import -file client.crt -alias quickstartUser -keystore client.truststore -storepass secret
+
+expect "Trust this certificate? [no]: "
+send "yes\r"
+expect eof
+EOF
+
+# Create a new PKCS12 keystore with the same certificate
+keytool -importkeystore -srckeystore client.keystore -srcstorepass secret -destkeystore clientCert.p12 -srcstoretype PKCS12 -deststoretype PKCS12 -deststorepass secret
\ No newline at end of file
diff --git a/helloworld-mutual-ssl-secured/configure-certs.cli b/helloworld-mutual-ssl-secured/configure-certs.cli
new file mode 100644
index 0000000000..17ab467168
--- /dev/null
+++ b/helloworld-mutual-ssl-secured/configure-certs.cli
@@ -0,0 +1,19 @@
+#configure a key-store in the Elytron subsystem. The path to the keystore file doesn’t actually have to exist yet.
+/subsystem=elytron/key-store=clientKS:add(path=client.keystore.P12, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)
+
+#generate a new key pair which will be used later to extract the certificate. This is an RSA key of size 1024. CN must be quickstartUser for the key
+/subsystem=elytron/key-store=clientKS:generate-key-pair(alias=example, algorithm=RSA, key-size=2048, validity=365, credential-reference={clear-text=secret}, distinguished-name="CN=quickstartUser")
+
+#Export the certificate to a file
+/subsystem=elytron/key-store=clientKS:export-certificate(alias=example, path=clientCert.crt, relative-to=jboss.server.config.dir, pem=true)
+
+#Create a truststore in the elytron subsystem. 
+/subsystem=elytron/key-store=serverTS:add(path=server.keystore, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)
+
+# Import a certificate into a truststore
+/subsystem=elytron/key-store=serverTS:import-certificate(alias=example, path=clientCert.crt, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, validate=false)
+
+#store the keystore and truststore into keystore files 
+/subsystem=elytron/key-store=serverTS:store()
+/subsystem=elytron/key-store=clientKS:store()
+
diff --git a/helloworld-mutual-ssl-secured/pom.xml b/helloworld-mutual-ssl-secured/pom.xml
index 6c3d721f5e..ee177766ee 100644
--- a/helloworld-mutual-ssl-secured/pom.xml
+++ b/helloworld-mutual-ssl-secured/pom.xml
@@ -29,6 +29,15 @@
         <relativePath/>
     </parent>
 
+    <properties>
+         <!-- Version for the server -->
+        <version.server>30.0.0.Final</version.server>
+        <!-- The versions for BOMs, Packs and Plugins -->
+        <version.bom.ee>${version.server}</version.bom.ee>
+        <version.pack.cloud>5.0.0.Final</version.pack.cloud>
+        <version.plugin.wildfly>4.2.0.Final</version.plugin.wildfly>
+    </properties>
+
     <artifactId>helloworld-mutual-ssl-secured</artifactId>
     <version>31.0.0.Beta1-SNAPSHOT</version>
     <packaging>war</packaging>
@@ -43,11 +52,6 @@
         </license>
     </licenses>
 
-    <properties>
-        <!-- The versions for BOMs, Dependencies and Plugins -->
-        <version.server.bom>30.0.0.Final</version.server.bom>
-    </properties>
-
     <repositories>
         <repository>
             <id>jboss-public-maven-repository</id>
@@ -109,7 +113,7 @@
             <dependency>
                 <groupId>org.wildfly.bom</groupId>
                 <artifactId>wildfly-ee-with-tools</artifactId>
-                <version>${version.server.bom}</version>
+                <version>${version.bom.ee}</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -139,5 +143,93 @@
             <artifactId>jakarta.servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
+
+        <!-- Tests -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
+
+    <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.wildfly.plugins</groupId>
+                    <artifactId>wildfly-maven-plugin</artifactId>
+                    <version>${version.plugin.wildfly}</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+    </build>
+     <profiles>
+        <profile>
+            <id>provisioned-server</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.wildfly.plugins</groupId>
+                        <artifactId>wildfly-maven-plugin</artifactId>
+                        <configuration>
+                            <feature-packs>
+                                <feature-pack>                                    
+                                    <location>org.wildfly:wildfly-galleon-pack:${version.server}</location>
+                                </feature-pack>
+                            </feature-packs>
+                            <layers>
+                                <!-- layers may be used to customize the server to provision-->
+                                <layer>cloud-server</layer>
+                                <layer>undertow-https</layer>
+                            </layers>
+                            <!-- use cli script(s) to configure the server -->
+                            <packaging-scripts>
+                                <packaging-script>
+                                    <scripts>
+                                        <script>${basedir}/configure-certs.cli</script>
+                                        <script>${basedir}/configure-ssl.cli</script>
+                                    </scripts>
+                                    <!-- Expressions resolved during server execution -->
+                                    <resolve-expressions>false</resolve-expressions>
+                                </packaging-script>
+                            </packaging-scripts>
+                            <!-- deploys the quickstart on root web context -->
+                            <name>ROOT.war</name>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>package</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>integration-testing</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-failsafe-plugin</artifactId>
+                        <configuration>
+                            <includes>
+                                <include>**/BasicRuntimeIT</include>
+                            </includes>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>integration-test</goal>
+                                    <goal>verify</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>
diff --git a/helloworld-mutual-ssl-secured/restore-certs.cli b/helloworld-mutual-ssl-secured/restore-certs.cli
new file mode 100644
index 0000000000..82388d62b8
--- /dev/null
+++ b/helloworld-mutual-ssl-secured/restore-certs.cli
@@ -0,0 +1,8 @@
+#remove the keypairs and certificates from the keystore and truststore
+/subsystem=elytron/key-store=serverTS:remove-alias(alias=example)
+/subsystem=elytron/key-store=clientKS:remove-alias(alias=example)
+
+#remove the keystore and truststore 
+/subsystem=elytron/key-store=serverTS:remove
+/subsystem=elytron/key-store=clientKS:remove
+
diff --git a/helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld/BasicRuntimeIT.java b/helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld/BasicRuntimeIT.java
new file mode 100644
index 0000000000..ab0477dfef
--- /dev/null
+++ b/helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld/BasicRuntimeIT.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2023 JBoss by Red Hat.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.as.quickstarts.helloworld;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.time.Duration;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The very basic runtime integration testing.
+ * @author Prarthona Paul
+ * @author emartins
+ */
+public class BasicRuntimeIT {
+
+    private static final String DEFAULT_SERVER_HOST = "https://localhost:8443/helloworld-mutual-ssl-secured";
+
+    @Test
+    public void testHTTPEndpointIsAvailable() throws IOException, InterruptedException, URISyntaxException {
+        String serverHost = System.getenv("SERVER_HOST");
+        if (serverHost == null) {
+            serverHost = System.getProperty("server.host");
+        }
+        if (serverHost == null) {
+            serverHost = DEFAULT_SERVER_HOST;
+        }
+        final HttpRequest request = HttpRequest.newBuilder()
+                .uri(new URI(serverHost+"/"))
+                .GET()
+                .build();
+        final HttpClient client = HttpClient.newBuilder()
+                .followRedirects(HttpClient.Redirect.ALWAYS)
+                .connectTimeout(Duration.ofMinutes(1))
+                .build();
+        final HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
+        assertEquals(200, response.statusCode());
+    }
+}
\ No newline at end of file
diff --git a/helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld_mutual_ssl/BasicRuntimeIT.java b/helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld_mutual_ssl/BasicRuntimeIT.java
new file mode 100644
index 0000000000..83999b6989
--- /dev/null
+++ b/helloworld-mutual-ssl-secured/src/test/java/org/jboss/as/quickstarts/helloworld_mutual_ssl/BasicRuntimeIT.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2023 JBoss by Red Hat.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.as.quickstarts.helloworld_mutual_ssl;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.time.Duration;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The very basic runtime integration testing.
+ * @author Prarthona Paul
+ * @author emartins
+ */
+public class BasicRuntimeIT {
+
+    private static final String DEFAULT_SERVER_HOST = "https://localhost:8443/helloworld-mutual-ssl-secured";
+
+    @Test
+    public void testHTTPEndpointIsAvailable() throws IOException, InterruptedException, URISyntaxException {
+        String serverHost = System.getenv("SERVER_HOST");
+        if (serverHost == null) {
+            serverHost = System.getProperty("server.host");
+        }
+        if (serverHost == null) {
+            serverHost = DEFAULT_SERVER_HOST;
+        }
+        final HttpRequest request = HttpRequest.newBuilder()
+                .uri(new URI(serverHost+"/"))
+                .GET()
+                .build();
+        final HttpClient client = HttpClient.newBuilder()
+                .followRedirects(HttpClient.Redirect.ALWAYS)
+                .connectTimeout(Duration.ofMinutes(1))
+                .build();
+        final HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
+        assertEquals(200, response.statusCode());
+    }
+}
\ No newline at end of file
diff --git a/helloworld/pom.xml b/helloworld/pom.xml
index f690dceed5..755f90c0d6 100644
--- a/helloworld/pom.xml
+++ b/helloworld/pom.xml
@@ -252,5 +252,4 @@
             </build>
         </profile>
     </profiles>
-
 </project>
diff --git a/shared-doc/add-application-user.adoc b/shared-doc/add-application-user.adoc
index 87988ab46f..63f60145ca 100644
--- a/shared-doc/add-application-user.adoc
+++ b/shared-doc/add-application-user.adoc
@@ -17,6 +17,10 @@ ifndef::app-user-groups[]
 :app-group-command:
 endif::app-user-groups[]
 
+// attr which other sections may check (ifdef) to know if users needs to be added
+:addQuickstartUser: true
+
+
 This quickstart uses secured application interfaces and requires that you create the following application user to access the running application.
 
 [cols="20%,20%,20%,40%",options="headers"]
diff --git a/shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc b/shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc
index ffa7f03a1f..436999647c 100644
--- a/shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc
+++ b/shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc
@@ -23,6 +23,18 @@ $ mvn {mavenServerProvisioningCommand} -Pprovisioned-server
 
 The provisioned {productName} server, with the quickstart deployed, can then be found in the `target/server` directory, and its usage is similar to a standard server distribution, with the simplification that there is never the need to specify the server configuration to be started.
 
+ifdef::addQuickstartUser[]
+The quickstart user should be added before running the provisioned server:
+[source,subs="+quotes,attributes+",options="nowrap"]
+----
+$ target/server/bin/add-user.sh -a -u 'quickstartUser' -p 'quickstartPwd1!' {app-group-command}
+----
+[NOTE]
+====
+For Windows, use the `__{jbossHomeName}__\bin\add-user.bat` script.
+====
+endif::[]
+
 The server provisioning functionality is provided by the WildFly Maven Plugin, and you may find its configuration in the quickstart `pom.xml`:
 
 [source,xml,subs="attributes+"]
diff --git a/shared-doc/run-integration-tests-with-provisioned-server.adoc b/shared-doc/run-integration-tests-with-provisioned-server.adoc
index 574eae2319..a4a3807376 100644
--- a/shared-doc/run-integration-tests-with-provisioned-server.adoc
+++ b/shared-doc/run-integration-tests-with-provisioned-server.adoc
@@ -14,7 +14,16 @@ Follow these steps to run the integration tests.
 $ mvn clean package -Pprovisioned-server
 ----
 
-. Start the {productName} provisioned server, this time using the {productName} Maven Plugin, which is recommend for testing due to simpler automation. The path to the provisioned server should be specified using the `server.host` system property.
+ifdef::addQuickstartUser[]
+Add the quickstart user:
+[source,subs="+quotes,attributes+",options="nowrap"]
+----
+$ target/server/bin/add-user.sh -a -u 'quickstartUser' -p 'quickstartPwd1!' {app-group-command}
+----
+endif::[]
+
+
+. Start the {productName} provisioned server, this time using the {productName} Maven Plugin, which is recommended for testing due to simpler automation. The path to the provisioned server should be specified using the `server.host` system property.
 +
 [source,subs="attributes+",options="nowrap"]
 ----