From 468021be6cd31ac3af8b2aa9704fcf76c298df5c Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Thu, 9 Sep 2021 15:57:22 +0100 Subject: [PATCH 01/12] [WFLY-15199] Add initial analysis for the removal of the legacy security subsystem. --- ...5199_Remove_Legacy_Security_Subsystem.adoc | 123 ++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc new file mode 100644 index 000000000..e7b6497ca --- /dev/null +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -0,0 +1,123 @@ += [WFLY-15199] Remove legacy the security subystsem from the feature packs and convert to a skeleton, +:author: Darran Lofthouse +:email: darran.lofthouse@redhat.com +:toc: left +:icons: font +:idprefix: +:idseparator: - + +== Overview + +During the development of WildFly 11 a new security solution using WildFly Elytron was integrated +into WildFly in parallel with the legacy security solution based on PicketBox. This enhancement +is to complete the activities to de-activate the legacy security subsystem and remove it from the +default configurations and Galleon feature packs. + +== Issue Metadata + +=== Issue + +* https://issues.redhat.com/browse/WFLY-15199[WFLY-15199] + +=== Related Issues + +* + +=== Dev Contacts + +* mailto:{email}[{author}] + +=== QE Contacts + +=== Testing By +// Put an x in the relevant field to indicate if testing will be done by Engineering or QE. +// Discuss with QE during the Kickoff state to decide this +* [ ] Engineering + +* [ ] QE + +=== Affected Projects or Components + +=== Other Interested Projects + +=== Relevant Installation Types +// Remove the x next to the relevant field if the feature in question is not relevant +// to that kind of WildFly installation +* [x] Traditional standalone server (unzipped or provisioned by Galleon) + +* [x] Managed domain + +* [x] OpenShift s2i + +* [x] Bootable jar + +== Requirements + +=== Hard Requirements + +The `security` subsystem will be converted to a skeleton subsystem, this will mean that it can +be used in domain mode to manage older servers but it can not be used for runtime configuration in +WildFly 25 or later. + +All feature packs will be updated to remove the legacy security subsystem and any references to +it's capabilities. + +The following subsystems will require additional configuration to default to WildFly Elytron +security: + + * ejb2 + * iiop-openjdk + * messaging-activemq + * undertow + +=== Nice-to-Have Requirements + +=== Non-Requirements + +//== Implementation Plan +//// +Delete if not needed. The intent is if you have a complex feature which can +not be delivered all in one go to suggest the strategy. If your feature falls +into this category, please mention the Release Coordinators on the pull +request so they are aware. +//// +== Test Plan + +The following table identifies the tests in WildFly Core and WildFly affected by the removal. + +.Test Case Updates +|=== +|Test Case |Action + +| +| + + + +.Action Key +|=== +|Action | Description + +|Ignored +|Ignored to revisit. + +|Removed +|Test case removed entirely. + +|Reduced +|Removed vault specific testing from case. + +|Tweaked +|Minor changes needed for vault removal. +|=== + +== Community Documentation + +After the removal is merged a full pass through the community documentation will be required to +remove references to legacy security. + +== Release Note Content + +The legacy security subsystem has now been disabled for use at runtime and has been removed from +the default configurations we ship and removed from the Galleon feature packs. Users should +define their security resources within the `elytron` subsystem. From ca22c218ce0c5adc30ee398cf6e866defe2d2b7e Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Thu, 9 Sep 2021 16:48:10 +0100 Subject: [PATCH 02/12] [WFLT-15199] Add the affected "web" test cases. --- ...5199_Remove_Legacy_Security_Subsystem.adoc | 36 ++++++++++++++++--- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index e7b6497ca..46deeb541 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -89,9 +89,38 @@ The following table identifies the tests in WildFly Core and WildFly affected by |=== |Test Case |Action +|org.jboss.as.test.integration.web.security.WebSecuritySimpleRoleMappingSecurityManagerTestCase +|Removed + +|org.jboss.as.test.integration.web.security.digest.WebSecurityDIGESTTestCase +|Converted + +|org.jboss.as.test.integration.web.security.external.WebSecurityExternalAuthTestCase +|Converted + +|org.jboss.as.test.integration.web.security.form.WebSecuritySimpleRoleMappingTestCase +|Removed + +|org.jboss.as.test.integration.web.security.jaspi.WebSecurityJaspiTestCase +|Removed + +|org.jboss.as.test.integration.web.security.jaspi.WebSecurityJaspiWithFailingAuthModuleTestCase +|Removed + +| +|Removed + | +|Removed + | +|Removed +| +|Removed + +| +|Removed .Action Key @@ -104,11 +133,8 @@ The following table identifies the tests in WildFly Core and WildFly affected by |Removed |Test case removed entirely. -|Reduced -|Removed vault specific testing from case. - -|Tweaked -|Minor changes needed for vault removal. +|Converted +|Converted to use Elytron security exclusively. |=== == Community Documentation From b4a0a13e8ec6e88ed3f2947b420ad01d79b94a58 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Sat, 11 Sep 2021 12:52:44 +0100 Subject: [PATCH 03/12] [WFLY-15199] Further test cases added. --- ...5199_Remove_Legacy_Security_Subsystem.adoc | 123 ++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 46deeb541..067186b5c 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -107,6 +107,129 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.integration.web.security.jaspi.WebSecurityJaspiWithFailingAuthModuleTestCase |Removed +|org.jboss.as.test.smoke.deployment.rar.tests.earpackage.EarPackagedDeploymentTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.deployment.rar.tests.multiactivation.MultipleActivationTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.deployment.rar.tests.afterresourcecreation.AfterResourceCreationDeploymentTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.deployment.rar.tests.configproperty.ConfigPropertyTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.deployment.rar.tests.raconnection.RaTestConnectionTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.rar.RarDeploymentTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.deployment.rar.tests.redeployment.ReDeploymentTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.mgmt.resourceadapter.ResourceAdapterOperationsUnitTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.deployment.rar.tests.multiobjectactivation.MultipleObjectActivationTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.smoke.deployment.rar.tests.multiobjectpartialactivation.MultipleObjectPartialActivationTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.ws.authentication.EJBEndpointAuthenticationTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] + +|org.jboss.as.test.integration.ws.authentication.EJBEndpointNoClassLevelSecurityAnnotationAuthenticationTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] + +|org.jboss.as.test.integration.ws.authentication.EJBEndpointSecuredWSDLAccessTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] + +|org.jboss.as.test.integration.ws.authentication.PojoEndpointAuthenticationTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] + +|org.jboss.as.test.integration.security.loginmodules.CustomLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.DatabaseLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.IdentityLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.LdapExtLikeAdvancedLdapLMTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.LdapExtLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.LdapExtPasswordCachingTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.LdapLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.MultipleCustomLoginModulesTest +|Removed + +|org.jboss.as.test.integration.security.loginmodules.RunAsLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.UsersRolesLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.jaas.JAASIdentityCachingTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.negotiation.SPNEGOLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.auditing.CustomAuditProviderModuleTest +|Removed + +|org.jboss.as.test.integration.web.security.runas.WebSecurityRunAsTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15261[WFLY-15261] + +|org.jboss.as.test.integration.web.security.servlet.methods.DenyUncoveredHttpMethodsTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15261[WFLY-15261] + +|org.jboss.as.test.integration.jca.security.WildFlyActivationRaWithSecurityDomainTestCase +|Removed + +|org.jboss.as.test.integration.jca.security.DsWithSecurityDomainTestCase +|Removed + +|org.jboss.as.test.integration.jca.security.WildFlyActivationRaWithMixedSecurityTestCase +|Removed + +|org.jboss.as.test.integration.jca.security.DsWithMixedSecurityTestCase +|Removed + +|org.jboss.as.test.integration.jca.security.workmanager.WildFlyActivationRaWithWMSecurityDomainWorkManagerTestCase +|Removed + +|org.jboss.as.test.integration.ejb.security.callerprincipal.GetCallerPrincipalWithNoDefaultSecurityDomainTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15262[WFLY-15262] + +|org.jboss.as.test.integration.ejb.security.RunAsPrincipalCustomDomainTestCase +|Removed + +|org.jboss.as.test.integration.jca.security.IronJacamarActivationRaWithSecurityDomainTestCase +|Removed + +|org.jboss.as.test.integration.jca.security.WildFlyActivationRaWithElytronAuthContextTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.management.api.security.SecurityDomainTestCase +|Removed + +|org.jboss.as.test.integration.management.api.security.SecurityDomainDotNameTestCase +|Removed + | |Removed From e80e06480fd7863cef041bb880f13bd294fd377f Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Tue, 14 Sep 2021 15:58:33 +0100 Subject: [PATCH 04/12] [WFLY-15199] Additional tests ignored or removed due to legacy security removal. --- ...5199_Remove_Legacy_Security_Subsystem.adoc | 174 +++++++++++++++++- 1 file changed, 169 insertions(+), 5 deletions(-) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 067186b5c..f9e16c1e4 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -230,21 +230,185 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.integration.management.api.security.SecurityDomainDotNameTestCase |Removed -| +|org.jboss.as.test.integration.security.aselytron.SecurityDomainAsElytronSecurityRealmTestCase |Removed -| +|org.jboss.as.test.integration.security.cli.JsseTestCase |Removed -| +|org.jboss.as.test.integration.jca.anno.NoRaAnnoTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.anno.RaAnnoTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.basic.BasicDeployment10TestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.basic.BasicDeployment15TestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.basic.BasicDeployment16TestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.basic.BasicDeployment17TestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.basic.BasicDoubleDeployment16TestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.basic.BasicDoubleDeploymentFail16_1TestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.basic.BasicDoubleDeploymentFail16_2TestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.security.auditing.SecurityAuditingTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15263[WFLY-15263] + +|org.jboss.as.test.integration.security.jaspi.EESecurityAuthMechanismMultiConstraintsTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15264[WFLY-15264] + +|org.jboss.as.test.integration.security.jaspi.EESecurityAuthMechanismTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15264[WFLY-15264] + +|org.jboss.as.test.integration.security.jaspi.JASPIHttpSchemeServerAuthModelTestCase +|Removed + +|org.jboss.as.test.integration.security.jaspi.JaspiFormAuthTestCase +|Removed + +|org.jboss.as.test.integration.security.xacml.EjbXACMLAuthorizationModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.xacml.JBossPDPInteroperabilityTestCase +|Removed + +|org.jboss.as.test.integration.security.xacml.JBossPDPServletInitializationTestCase +|Removed + +|org.jboss.as.test.integration.security.xacml.WebXACMLAuthorizationModuleTestCase +|Removed + +|org.jboss.as.test.integration.security.loginmodules.databases.ExternalDatabaseLoginTestCase +|Removed + +|org.jboss.as.test.integration.security.context.ReuseAuthenticatedSubjectTestCase +|Removed + +|org.wildfly.test.elytron.intermediate.SecurityDomainContextRealmTestCase +|Removed + +|org.wildfly.test.elytron.intermediate.X509SecurityDomainContextRealmTestCase +|Removed + +|org.jboss.as.test.integration.jca.capacitypolicies.ResourceAdapterCapacityPoliciesTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.ijdeployment.IronJacamarDeploymentTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.ijdeployment.IronJacamarDoubleDeploymentTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.metrics.RaCfgMetricUnitTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.poolattributes.ResourceAdapterPoolAttributesTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.statistics.ResourceAdapterStatisticsTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.BasicFlatTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.BasicJarTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.MultiActivationFlatTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.MultiActivationJarTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.MultiObjectActivationFlatTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.MultiObjectActivationJarTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.PartialObjectActivationFlatTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.PartialObjectActivationJarTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.PureFlatTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.PureJarTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.TwoModulesFlatTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.TwoModulesJarTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.TwoModulesOfDifferentTypeTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.TwoRaFlatTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.jboss.as.test.integration.jca.moduledeployment.TwoRaJarTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] + +|org.wildfly.test.integration.vdx.standalone.MessagingTestCase.testWrongOrderOfElements +|Ignored https://issues.redhat.com/browse/WFLY-15271[WFLY-15271] + +|org.jboss.as.test.iiop.security.IIOPSecurityInvocationTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15271[WFLY-15271] + +|org.jboss.as.test.xts.wsba.participantcompletion.client.BAParticipantCompletionTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.xts.wsat.client.ATTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.xts.suspend.wsat.AtomicTransactionSuspendTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.xts.annotation.client.TransactionalTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.xts.wsba.coordinatorcompletion.client.BACoordinatorCompletionTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.xts.annotation.client.CompensatableTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.txbridge.fromjta.BridgeFromJTATestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.xts.suspend.wsba.BusinessActivitySuspendTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] + +|org.jboss.as.test.clustering.cluster.sso.ReplicatedSingleSignOnTestCase |Removed -| +|org.jboss.as.test.clustering.cluster.sso.remote.RemoteSingleSignOnTestCase |Removed -| +|org.wildfly.test.manual.management.MPScriptTestCase.testFailure() |Removed +|org.jboss.as.test.manualmode.security.SecuredDataSourceTestCase +|Removed + +|org.jboss.as.testsuite.integration.secman.PBStaticMethodsTestCase +|Removed .Action Key |=== From e2e9c603b22539bac325f127776f207a673c4d6b Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Tue, 14 Sep 2021 18:56:56 +0100 Subject: [PATCH 05/12] [WFLY-15199] Removed web services tests as they have been converted. --- .../WFLY-15199_Remove_Legacy_Security_Subsystem.adoc | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index f9e16c1e4..9e2314841 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -137,18 +137,6 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.smoke.deployment.rar.tests.multiobjectpartialactivation.MultipleObjectPartialActivationTestCase |Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] -|org.jboss.as.test.integration.ws.authentication.EJBEndpointAuthenticationTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] - -|org.jboss.as.test.integration.ws.authentication.EJBEndpointNoClassLevelSecurityAnnotationAuthenticationTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] - -|org.jboss.as.test.integration.ws.authentication.EJBEndpointSecuredWSDLAccessTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] - -|org.jboss.as.test.integration.ws.authentication.PojoEndpointAuthenticationTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15253[WFLY-15253] - |org.jboss.as.test.integration.security.loginmodules.CustomLoginModuleTestCase |Removed From b452af1a3d9ca607a1219268961c31307f344ecd Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Wed, 15 Sep 2021 09:59:00 +0100 Subject: [PATCH 06/12] [WFLY-15199] Remove XTS tests from the list as these have been fixed. --- ...5199_Remove_Legacy_Security_Subsystem.adoc | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 9e2314841..1e122ea9c 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -359,30 +359,6 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.iiop.security.IIOPSecurityInvocationTestCase |Ignored https://issues.redhat.com/browse/WFLY-15271[WFLY-15271] -|org.jboss.as.test.xts.wsba.participantcompletion.client.BAParticipantCompletionTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - -|org.jboss.as.test.xts.wsat.client.ATTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - -|org.jboss.as.test.xts.suspend.wsat.AtomicTransactionSuspendTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - -|org.jboss.as.test.xts.annotation.client.TransactionalTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - -|org.jboss.as.test.xts.wsba.coordinatorcompletion.client.BACoordinatorCompletionTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - -|org.jboss.as.test.xts.annotation.client.CompensatableTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - -|org.jboss.as.test.txbridge.fromjta.BridgeFromJTATestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - -|org.jboss.as.test.xts.suspend.wsba.BusinessActivitySuspendTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15275[WFLY-15275] - |org.jboss.as.test.clustering.cluster.sso.ReplicatedSingleSignOnTestCase |Removed From 62b51924182d027829b3c821e3d11f8688d29273 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Thu, 16 Sep 2021 11:10:33 +0100 Subject: [PATCH 07/12] [WFLY-15199] Remove JCA tests as these have been activated. --- ...5199_Remove_Legacy_Security_Subsystem.adoc | 123 ------------------ 1 file changed, 123 deletions(-) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 1e122ea9c..13121113f 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -107,36 +107,6 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.integration.web.security.jaspi.WebSecurityJaspiWithFailingAuthModuleTestCase |Removed -|org.jboss.as.test.smoke.deployment.rar.tests.earpackage.EarPackagedDeploymentTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.deployment.rar.tests.multiactivation.MultipleActivationTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.deployment.rar.tests.afterresourcecreation.AfterResourceCreationDeploymentTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.deployment.rar.tests.configproperty.ConfigPropertyTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.deployment.rar.tests.raconnection.RaTestConnectionTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.rar.RarDeploymentTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.deployment.rar.tests.redeployment.ReDeploymentTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.mgmt.resourceadapter.ResourceAdapterOperationsUnitTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.deployment.rar.tests.multiobjectactivation.MultipleObjectActivationTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.smoke.deployment.rar.tests.multiobjectpartialactivation.MultipleObjectPartialActivationTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - |org.jboss.as.test.integration.security.loginmodules.CustomLoginModuleTestCase |Removed @@ -209,9 +179,6 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.integration.jca.security.IronJacamarActivationRaWithSecurityDomainTestCase |Removed -|org.jboss.as.test.integration.jca.security.WildFlyActivationRaWithElytronAuthContextTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - |org.jboss.as.test.integration.management.api.security.SecurityDomainTestCase |Removed @@ -224,33 +191,6 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.integration.security.cli.JsseTestCase |Removed -|org.jboss.as.test.integration.jca.anno.NoRaAnnoTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.anno.RaAnnoTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.basic.BasicDeployment10TestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.basic.BasicDeployment15TestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.basic.BasicDeployment16TestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.basic.BasicDeployment17TestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.basic.BasicDoubleDeployment16TestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.basic.BasicDoubleDeploymentFail16_1TestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.basic.BasicDoubleDeploymentFail16_2TestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - |org.jboss.as.test.integration.security.auditing.SecurityAuditingTestCase |Ignored https://issues.redhat.com/browse/WFLY-15263[WFLY-15263] @@ -290,69 +230,6 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.wildfly.test.elytron.intermediate.X509SecurityDomainContextRealmTestCase |Removed -|org.jboss.as.test.integration.jca.capacitypolicies.ResourceAdapterCapacityPoliciesTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.ijdeployment.IronJacamarDeploymentTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.ijdeployment.IronJacamarDoubleDeploymentTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.metrics.RaCfgMetricUnitTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.poolattributes.ResourceAdapterPoolAttributesTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.statistics.ResourceAdapterStatisticsTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.BasicFlatTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.BasicJarTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.MultiActivationFlatTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.MultiActivationJarTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.MultiObjectActivationFlatTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.MultiObjectActivationJarTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.PartialObjectActivationFlatTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.PartialObjectActivationJarTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.PureFlatTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.PureJarTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.TwoModulesFlatTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.TwoModulesJarTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.TwoModulesOfDifferentTypeTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.TwoRaFlatTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - -|org.jboss.as.test.integration.jca.moduledeployment.TwoRaJarTestCase -|Ignored https://issues.redhat.com/browse/WFLY-15249[WFLY-15249] - |org.wildfly.test.integration.vdx.standalone.MessagingTestCase.testWrongOrderOfElements |Ignored https://issues.redhat.com/browse/WFLY-15271[WFLY-15271] From 9a4998909596355ee3c34aa273758f6e79710fe1 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Thu, 16 Sep 2021 11:19:31 +0100 Subject: [PATCH 08/12] [WFLY-15199] / [WFLY-15301] Update the issue links. --- security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 13121113f..2ead631a3 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -17,11 +17,12 @@ default configurations and Galleon feature packs. === Issue -* https://issues.redhat.com/browse/WFLY-15199[WFLY-15199] +* https://issues.redhat.com/browse/WFLY-15199[WFLY-15199 - Remove legacy security configuration from all feature packs.] +* https://issues.redhat.com/browse/WFLY-15301[WFLY-15301 - Convert the legacy security subsystem to a model only subsystem.] === Related Issues -* +* https://issues.redhat.com/browse/EAP7-1094[EAP7-1094] === Dev Contacts From 8963532b72cef2988bd4a7c8624a12946e9166b4 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Sat, 25 Sep 2021 17:07:37 +0100 Subject: [PATCH 09/12] [WFLY-15314] Removing test specifically for JBoss Negotiation. --- security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 2ead631a3..ee1ba18a6 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -252,6 +252,9 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.testsuite.integration.secman.PBStaticMethodsTestCase |Removed +|org.jboss.as.test.clustering.cluster.web.ReplicationForNegotiationAuthenticatorTestCase +|Removed + .Action Key |=== |Action | Description From a74d6b6d286260281f0ee05503189c5a67b7b04e Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Sat, 25 Sep 2021 18:05:43 +0100 Subject: [PATCH 10/12] [WFLY-15301] Remove test for runtime testing of legacy security. --- security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index ee1ba18a6..6eb78b16c 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -255,6 +255,9 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.clustering.cluster.web.ReplicationForNegotiationAuthenticatorTestCase |Removed +|org.jboss.as.security.service.SimpleSecurityServiceManagerMockTest +|Removed + .Action Key |=== |Action | Description From f0761715a839684398c94b82be6fc080892b50be Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Wed, 24 Nov 2021 08:57:37 +0000 Subject: [PATCH 11/12] [WFLY-15199] Add PolicyContextTestCase to ignored tests. --- security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 6eb78b16c..3037a6892 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -258,6 +258,9 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.security.service.SimpleSecurityServiceManagerMockTest |Removed +|org.jboss.as.test.integration.security.jacc.context.PolicyContextTestCase +|Ignored https://issues.redhat.com/browse/WFLY-15740[WFLY-15740] + .Action Key |=== |Action | Description From a4574bdc667d65e475ae55c707b2f2b5b20a325a Mon Sep 17 00:00:00 2001 From: Darran Lofthouse <darran.lofthouse@jboss.com> Date: Wed, 22 Feb 2023 18:19:20 +0000 Subject: [PATCH 12/12] [WFLY-15199] Further changes following review discussion. --- security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc index 3037a6892..7d59175e1 100644 --- a/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc +++ b/security/WFLY-15199_Remove_Legacy_Security_Subsystem.adoc @@ -66,10 +66,14 @@ it's capabilities. The following subsystems will require additional configuration to default to WildFly Elytron security: - * ejb2 + * ejb3 * iiop-openjdk * messaging-activemq * undertow + +For all subsystems that use a reference to a legacy security resource, these will remain usable in +`Stage.MODEL` but will be flagged as deprecated. Where they are used in `Stage.RUNTIME` they +will result in an `OperationFailedException` as they can only be used on older hosts. === Nice-to-Have Requirements @@ -260,6 +264,7 @@ The following table identifies the tests in WildFly Core and WildFly affected by |org.jboss.as.test.integration.security.jacc.context.PolicyContextTestCase |Ignored https://issues.redhat.com/browse/WFLY-15740[WFLY-15740] +|=== .Action Key |===