private static void addRemoveIncldueForRole(
      final ManagementInterface client, final String roleName, boolean accessible)
      throws IOException {
    String includeAddress = ROLE_MAPPING_BASE + roleName + "/include=temp";
    ModelNode add = createOpNode(includeAddress, ADD);
    add.get(NAME).set("temp");
    add.get(TYPE).set(USER);

    RbacUtil.executeOperation(client, add, accessible ? Outcome.SUCCESS : Outcome.UNAUTHORIZED);

    if (accessible) {
      ModelNode remove = createOpNode(includeAddress, REMOVE);
      RbacUtil.executeOperation(client, remove, Outcome.SUCCESS);
    }
  }
 private static void whoami(ManagementInterface client, String expectedUsername)
     throws IOException {
   ModelNode op = createOpNode(null, "whoami");
   ModelNode result = RbacUtil.executeOperation(client, op, Outcome.SUCCESS);
   String returnedUsername = result.get(RESULT, "identity", USERNAME).asString();
   assertEquals(expectedUsername, returnedUsername);
 }
示例#3
0
 protected void addPath(ModelControllerClient client, Outcome expectedOutcome, String... roles)
     throws IOException {
   ModelNode op = createOpNode(TEST_PATH, ADD);
   op.get(PATH).set("/");
   configureRoles(op, roles);
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
示例#4
0
  protected static void deployDeployment1(DomainClient domainClient) throws IOException {
    ModelNode op = createOpNode(DEPLOYMENT_1, ADD);
    op.get(ENABLED).set(false);
    ModelNode content = op.get(CONTENT).add();
    content.get(BYTES).set(DEPLOYMENT_2_CONTENT);

    RbacUtil.executeOperation(domainClient, op, Outcome.SUCCESS);
  }
  private static ModelNode readAttribute(
      ManagementInterface client, String address, String attributeName, Outcome expectedOutcome)
      throws IOException {
    ModelNode op = createOpNode(address, READ_ATTRIBUTE_OPERATION);
    op.get(NAME).set(attributeName);

    return RbacUtil.executeOperation(client, op, expectedOutcome);
  }
  private static void addDeployment2(ManagementInterface client, Outcome expectedOutcome)
      throws IOException {
    ModelNode op = createOpNode(DEPLOYMENT_2, ADD);
    op.get(ENABLED).set(false);
    ModelNode content = op.get(CONTENT).add();
    content.get(BYTES).set(DEPLOYMENT_2_CONTENT);

    RbacUtil.executeOperation(client, op, expectedOutcome);
  }
示例#7
0
 protected void addDeployment2(
     ModelControllerClient client, Outcome expectedOutcome, String... roles) throws IOException {
   ModelNode op = createOpNode(DEPLOYMENT_2, ADD);
   op.get(ENABLED).set(false);
   ModelNode content = op.get(CONTENT).add();
   content.get(BYTES).set(DEPLOYMENT_2_CONTENT);
   configureRoles(op, roles);
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
  /**
   * @param expectedOutcome for standard and host-scoped roles tests, this is the expected outcome
   *     of all operations; for server-group-scoped roles tests, this is the expected outcome for
   *     the profile of the server group the user is member of, as for the other profiles and for
   *     read-config-as-xml, the outcome is well known
   */
  protected void readWholeConfig(
      ModelControllerClient client, Outcome expectedOutcome, String... roles) throws IOException {
    Outcome expectedOutcomeForReadConfigAsXml = expectedOutcome;
    if (this instanceof AbstractServerGroupScopedRolesTestCase) {
      expectedOutcomeForReadConfigAsXml = Outcome.UNAUTHORIZED;
    }

    ModelNode op = createOpNode(null, READ_CONFIG_AS_XML_OPERATION);
    configureRoles(op, roles);
    RbacUtil.executeOperation(client, op, expectedOutcomeForReadConfigAsXml);

    // the code below calls the non-published operation 'describe'; see WFLY-2379 for more info

    ModelControllerClient domainClient =
        testSupport.getDomainMasterLifecycleUtil().getDomainClient();

    op = createOpNode(null, READ_CHILDREN_NAMES_OPERATION);
    op.get(CHILD_TYPE).set(PROFILE);
    ModelNode profiles = RbacUtil.executeOperation(domainClient, op, Outcome.SUCCESS);
    for (ModelNode profile : profiles.get(RESULT).asList()) {
      Outcome expectedOutcomeForProfile = expectedOutcome;
      if (this instanceof AbstractServerGroupScopedRolesTestCase) {
        expectedOutcomeForProfile =
            "profile-a".equals(profile.asString()) ? expectedOutcome : Outcome.HIDDEN;
      }

      op = createOpNode("profile=" + profile.asString(), DESCRIBE);
      configureRoles(op, roles);
      ModelNode result = RbacUtil.executeOperation(client, op, expectedOutcomeForProfile);
      assertEquals(expectedOutcomeForProfile == Outcome.SUCCESS, result.hasDefined(RESULT));

      op = createOpNode("profile=" + profile.asString(), READ_CHILDREN_NAMES_OPERATION);
      op.get(CHILD_TYPE).set(SUBSYSTEM);
      ModelNode subsystems = RbacUtil.executeOperation(domainClient, op, Outcome.SUCCESS);
      for (ModelNode subsystem : subsystems.get(RESULT).asList()) {
        op =
            createOpNode(
                "profile=" + profile.asString() + "/subsystem=" + subsystem.asString(), DESCRIBE);
        configureRoles(op, roles);
        result = RbacUtil.executeOperation(client, op, expectedOutcomeForProfile);
        assertEquals(expectedOutcomeForProfile == Outcome.SUCCESS, result.hasDefined(RESULT));
      }
    }
  }
 protected ModelNode getServerConfigAccessControl(ModelControllerClient client, String... roles)
     throws IOException {
   ModelNode op = createOpNode(GENERIC_SERVER_CONFIG_ADDRESS, READ_RESOURCE_DESCRIPTION_OPERATION);
   op.get(ACCESS_CONTROL).set("trim-descriptions");
   op.get(OPERATIONS).set(true);
   configureRoles(op, roles);
   return RbacUtil.executeOperation(client, op, Outcome.SUCCESS)
       .get(RESULT)
       .get(0)
       .get(RESULT, ACCESS_CONTROL);
 }
 protected void addJvm(
     ModelControllerClient client,
     String prefixKey,
     String prefixValue,
     Outcome expectedOutcome,
     String... roles)
     throws IOException {
   String fullAddress = getPrefixedAddress(prefixKey, prefixValue, SMALL_JVM);
   ModelNode op = createOpNode(fullAddress, ADD);
   configureRoles(op, roles);
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
示例#11
0
 protected void runGC(
     ModelControllerClient client,
     String host,
     String server,
     Outcome expectedOutcome,
     String... roles)
     throws IOException {
   String serverAddress = server == null ? "" : "/server=" + server;
   String fullAddress = "host=" + host + serverAddress + "/" + MEMORY_MBEAN;
   ModelNode op = createOpNode(fullAddress, "gc");
   configureRoles(op, roles);
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
 protected void restartServer(
     ModelControllerClient client,
     String host,
     String server,
     Outcome expectedOutcome,
     String... roles)
     throws IOException {
   String fullAddress = String.format("host=%s/server-config=%s", host, server);
   ModelNode op = createOpNode(fullAddress, RESTART);
   op.get(BLOCKING).set(true);
   configureRoles(op, roles);
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
 protected void addServerConfig(
     ModelControllerClient client,
     String host,
     String serverGroup,
     Outcome expectedOutcome,
     String... roles)
     throws IOException {
   String fullAddress = getPrefixedAddress(HOST, host, SCOPED_ROLE_SERVER);
   ModelNode op = createOpNode(fullAddress, ADD);
   op.get(GROUP).set(serverGroup);
   op.get(AUTO_START).set(false);
   configureRoles(op, roles);
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
示例#14
0
 protected ModelNode readResource(
     ModelControllerClient client,
     String address,
     String host,
     String server,
     Outcome expectedOutcome,
     String... roles)
     throws IOException {
   String serverPart = server == null ? "" : "/server=" + server;
   String fullAddress = host == null ? address : "host=" + host + serverPart + "/" + address;
   ModelNode op = createOpNode(fullAddress, READ_RESOURCE_OPERATION);
   configureRoles(op, roles);
   return RbacUtil.executeOperation(client, op, expectedOutcome);
 }
  private void readWholeConfig(ManagementInterface client, Outcome expectedOutcome)
      throws IOException {
    ModelNode op = createOpNode(null, READ_CONFIG_AS_XML_OPERATION);
    RbacUtil.executeOperation(client, op, expectedOutcome);

    // the code below calls the non-published operation 'describe'; see WFLY-2379 for more info
    // once that issue is fixed, the test will only make sense for native mgmt interface
    // (or maybe not even that)

    if (this instanceof JmxInterfaceStandardRolesBasicTestCase) {
      return;
    }

    op = createOpNode(null, READ_CHILDREN_NAMES_OPERATION);
    op.get(CHILD_TYPE).set(SUBSYSTEM);
    ModelNode subsystems =
        RbacUtil.executeOperation(getManagementClient().getControllerClient(), op, Outcome.SUCCESS);
    for (ModelNode subsystem : subsystems.get(RESULT).asList()) {
      op = createOpNode("subsystem=" + subsystem.asString(), DESCRIBE);
      ModelNode result = RbacUtil.executeOperation(client, op, expectedOutcome);
      assertEquals(expectedOutcome == Outcome.SUCCESS, result.hasDefined(RESULT));
    }
  }
  @Test
  public void testSuperUser() throws Exception {
    ManagementInterface client = getClientForUser(SUPERUSER_USER);
    whoami(client, SUPERUSER_USER);
    readWholeConfig(client, Outcome.SUCCESS);
    checkStandardReads(client);
    readResource(client, AUTHORIZATION, Outcome.SUCCESS);
    readResource(client, MANAGEMENT_REALM, Outcome.SUCCESS);
    checkSensitiveAttribute(client, true);
    runGC(client, Outcome.SUCCESS);
    if (this instanceof JmxInterfaceStandardRolesBasicTestCase) {
      return; // the 'add' operation is not implemented in JmxManagementInterface
    }
    modifyAccessibleRoles(client, RbacUtil.allStandardRoles());
    addDeployment2(client, Outcome.SUCCESS);
    addPath(client, Outcome.SUCCESS);

    testWFLY1916(client, Outcome.SUCCESS);
  }
 private static void runGC(ManagementInterface client, Outcome expectedOutcome)
     throws IOException {
   ModelNode op = createOpNode(MEMORY_MBEAN, "gc");
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
示例#18
0
 protected static void removeDeployment1(DomainClient domainClient) throws IOException {
   ModelNode op = createOpNode(DEPLOYMENT_1, REMOVE);
   RbacUtil.executeOperation(domainClient, op, Outcome.SUCCESS);
 }
 private void testWFLY1916(ManagementInterface client, Outcome expected) throws IOException {
   ModelNode op = WFLY_1916_OP.clone();
   RbacUtil.executeOperation(client, op, expected);
 }
 private static void addPath(ManagementInterface client, Outcome expectedOutcome)
     throws IOException {
   ModelNode op = createOpNode(TEST_PATH, ADD);
   op.get(PATH).set("/");
   RbacUtil.executeOperation(client, op, expectedOutcome);
 }
  private static ModelNode readResource(
      ManagementInterface client, String address, Outcome expectedOutcome) throws IOException {
    ModelNode op = createOpNode(address, READ_RESOURCE_OPERATION);

    return RbacUtil.executeOperation(client, op, expectedOutcome);
  }