nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TSK-1299: Added embedded LDAP to Wildfly example.

This commit is contained in:
holgerhagen 2020-08-03 16:11:22 +02:00
parent 8cb056f078
commit f79f7587a9
22 changed files with 1798 additions and 429 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/test.sh
View File

@ -57,7 +57,7 @@ function main() {
### TEST ### ### TEST ###
mvn -q verify -B -f $REL/.. -Dmaven.javadoc.skip -Dcheckstyle.skip -pl :taskana-core mvn -q verify -B -f $REL/.. -Dmaven.javadoc.skip -Dcheckstyle.skip -pl :taskana-core
# Same as above (H2) we can not use the fancy '-f' maven option # Same as above (H2) we can not use the fancy '-f' maven option
(cd $REL/.. && mvn -q verify -B -pl :taskana-rest-spring-example-wildfly -P postgres -Dmaven.javadoc.skip -Dcheckstyle.skip) (cd $REL/.. && mvn -q verify -B -pl :taskana-rest-spring-example-wildfly -Ddb.type=postgres -Dmaven.javadoc.skip -Dcheckstyle.skip)
;; ;;
HISTORY) HISTORY)
set -x set -x

7
pom.xml
View File

@ -38,7 +38,8 @@
<version.maven.resources>3.1.0</version.maven.resources> <version.maven.resources>3.1.0</version.maven.resources>
<version.maven.surefire>3.0.0-M5</version.maven.surefire> <version.maven.surefire>3.0.0-M5</version.maven.surefire>
<version.maven.asciidoctor>1.6.0</version.maven.asciidoctor> <version.maven.asciidoctor>1.6.0</version.maven.asciidoctor>
<version.maven.wildfly>2.0.2.Final</version.maven.wildfly> <version.maven.clean>3.1.0</version.maven.clean>
<version.maven.dependency>3.1.2</version.maven.dependency>
<!-- release dependencies --> <!-- release dependencies -->
<version.maven.gpg>1.6</version.maven.gpg> <version.maven.gpg>1.6</version.maven.gpg>
@ -50,14 +51,14 @@
<version.spring.mybatis>2.0.5</version.spring.mybatis> <version.spring.mybatis>2.0.5</version.spring.mybatis>
<!-- wildfly dependencies --> <!-- wildfly dependencies -->
<version.wildfly>11.0.0.Final</version.wildfly> <version.wildfly>13.0.0.Final</version.wildfly>
<!-- java ee dependencies --> <!-- java ee dependencies -->
<version.resteasy>4.5.6.Final</version.resteasy> <version.resteasy>4.5.6.Final</version.resteasy>
<version.thorntail>2.7.0.Final</version.thorntail> <version.thorntail>2.7.0.Final</version.thorntail>
<version.wildfly.security>1.12.1.Final</version.wildfly.security>
<version.javaee-api>8.0.1</version.javaee-api> <version.javaee-api>8.0.1</version.javaee-api>
<version.arquillian>1.5.0.Final</version.arquillian> <version.arquillian>1.5.0.Final</version.arquillian>
<version.arquillian.managed.wildfly>2.2.0.Final</version.arquillian.managed.wildfly>
<!-- test dependencies --> <!-- test dependencies -->
<version.archunit>0.14.1</version.archunit> <version.archunit>0.14.1</version.archunit>

180
rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java Normal file
View File

@ -0,0 +1,180 @@
package pro.taskana.rest.security;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/** Default basic configuration for taskana web example. */
@Configuration
@EnableWebSecurity
public class SpringBootWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${taskana.ldap.serverUrl:ldap://localhost:10389}")
private String ldapServerUrl;
@Value("${taskana.ldap.baseDn:OU=Test,O=TASKANA}")
private String ldapBaseDn;
@Value("${taskana.ldap.groupSearchBase:cn=groups}")
private String ldapGroupSearchBase;
@Value("${taskana.ldap.userDnPatterns:uid={0},cn=users}")
private String ldapUserDnPatterns;
@Value("${taskana.ldap.groupSearchFilter:uniqueMember={0}}")
private String ldapGroupSearchFilter;
@Value("${devMode:false}")
private boolean devMode;
@Bean
public WebMvcConfigurer corsConfigurer() {
return new CorsWebMvcConfigurer();
}
@Bean
public FilterRegistrationBean<CorsFilter> corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
@Bean
public DefaultSpringSecurityContextSource defaultSpringSecurityContextSource() {
return new DefaultSpringSecurityContextSource(ldapServerUrl + "/" + ldapBaseDn);
}
@Bean
public LdapAuthoritiesPopulator authoritiesPopulator() {
Function<Map<String, List<String>>, GrantedAuthority> authorityMapper =
record -> {
String role = record.get("spring.security.ldap.dn").get(0);
return new SimpleGrantedAuthority(role);
};
DefaultLdapAuthoritiesPopulator populator =
new DefaultLdapAuthoritiesPopulator(
defaultSpringSecurityContextSource(), ldapGroupSearchBase);
populator.setGroupSearchFilter(ldapGroupSearchFilter);
populator.setSearchSubtree(true);
populator.setRolePrefix("");
populator.setAuthorityMapper(authorityMapper);
return populator;
}
@Bean
public GrantedAuthoritiesMapper grantedAuthoritiesMapper() {
SimpleAuthorityMapper grantedAuthoritiesMapper = new SimpleAuthorityMapper();
grantedAuthoritiesMapper.setPrefix("");
return grantedAuthoritiesMapper;
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userDnPatterns(ldapUserDnPatterns)
.groupSearchBase(ldapGroupSearchBase)
.ldapAuthoritiesPopulator(authoritiesPopulator())
.authoritiesMapper(grantedAuthoritiesMapper())
.contextSource()
.url(ldapServerUrl + "/" + ldapBaseDn)
.and()
.passwordCompare()
.passwordAttribute("userPassword");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**", "/img/**")
.permitAll()
.and()
.csrf()
.disable()
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/docs/**")
.permitAll()
.and()
.addFilter(jaasApiIntegrationFilter())
.addFilterAfter(new SpringSecurityToJaasFilter(), JaasApiIntegrationFilter.class);
if (devMode) {
http.headers()
.frameOptions()
.sameOrigin()
.and()
.authorizeRequests()
.antMatchers("/h2-console/**")
.permitAll();
} else {
addLoginPageConfiguration(http);
}
}
protected void addLoginPageConfiguration(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.deleteCookies("JSESSIONID")
.permitAll();
}
protected JaasApiIntegrationFilter jaasApiIntegrationFilter() {
JaasApiIntegrationFilter filter = new JaasApiIntegrationFilter();
filter.setCreateEmptySubject(true);
return filter;
}
private static class CorsWebMvcConfigurer implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*");
}
}
}

2
rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/rest/security/WebSecurityConfig.java → rest/taskana-rest-spring-example-common/src/test/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java
View File

@ -30,7 +30,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/** Default basic configuration for taskana web example. */ /** Default basic configuration for taskana web example. */
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public class SpringBootWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${taskana.ldap.serverUrl:ldap://localhost:10389}") @Value("${taskana.ldap.serverUrl:ldap://localhost:10389}")
private String ldapServerUrl; private String ldapServerUrl;

239
rest/taskana-rest-spring-example-wildfly/pom.xml
View File

@ -15,24 +15,14 @@
<relativePath>../pom.xml</relativePath> <relativePath>../pom.xml</relativePath>
</parent> </parent>
<properties>
<skipIntegrationTests>true</skipIntegrationTests>
<!-- Default H2 DB configuration -->
<connection-url>jdbc:h2:mem:taskana;IGNORECASE=TRUE;LOCK_MODE=0</connection-url>
<driver-class>org.h2.Driver</driver-class>
<driver-name>h2</driver-name>
<user-name>sa</user-name>
<password>sa</password>
</properties>
<dependencyManagement> <dependencyManagement>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>io.thorntail</groupId> <groupId>org.wildfly.bom</groupId>
<artifactId>bom</artifactId> <artifactId>wildfly-javaee7</artifactId>
<version>${version.thorntail}</version>
<scope>import</scope> <scope>import</scope>
<type>pom</type> <type>pom</type>
<version>${version.wildfly}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.jboss.arquillian</groupId> <groupId>org.jboss.arquillian</groupId>
@ -70,10 +60,6 @@
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<!-- https://mvnrepository.com/artifact/org.postgresql/postgresql --> <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql -->
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/com.h2database/h2 --> <!-- https://mvnrepository.com/artifact/com.h2database/h2 -->
<dependency> <dependency>
<groupId>com.h2database</groupId> <groupId>com.h2database</groupId>
@ -83,7 +69,7 @@
<dependency> <dependency>
<groupId>org.wildfly.security</groupId> <groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron</artifactId> <artifactId>wildfly-elytron</artifactId>
<version>${version.wildfly.security}</version> <scope>provided</scope>
</dependency> </dependency>
<!-- test dependencies --> <!-- test dependencies -->
@ -95,14 +81,24 @@
<dependency> <dependency>
<groupId>org.jboss.resteasy</groupId> <groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId> <artifactId>resteasy-client</artifactId>
<version>${version.resteasy}</version> <scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<!-- Brought in via WildFly Swarm bom --> <!-- Brought in via WildFly Swarm bom -->
<dependency> <dependency>
<groupId>io.thorntail</groupId> <groupId>org.wildfly.arquillian</groupId>
<artifactId>arquillian</artifactId> <artifactId>wildfly-arquillian-container-managed</artifactId>
<scope>test</scope> <version>${version.arquillian.managed.wildfly}</version>
<scope>provided</scope>
</dependency> </dependency>
<!-- Brought in via Arquillian BOM, see dependencyManagement section <!-- Brought in via Arquillian BOM, see dependencyManagement section
above --> above -->
@ -111,6 +107,11 @@
<artifactId>arquillian-junit-container</artifactId> <artifactId>arquillian-junit-container</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.jboss.arquillian.protocol</groupId>
<artifactId>arquillian-protocol-servlet</artifactId>
<scope>test</scope>
</dependency>
<dependency> <dependency>
<groupId>org.jboss.shrinkwrap.resolver</groupId> <groupId>org.jboss.shrinkwrap.resolver</groupId>
<artifactId>shrinkwrap-resolver-impl-maven</artifactId> <artifactId>shrinkwrap-resolver-impl-maven</artifactId>
@ -121,160 +122,67 @@
<artifactId>shrinkwrap-resolver-api-maven</artifactId> <artifactId>shrinkwrap-resolver-api-maven</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
<profiles>
<profile>
<id>postgres</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<!-- Reading properties from file and use then as data source
properties is a pending improvement of Jboss development team check out ->
https://issues.jboss.org/browse/WFMP-70 That's why we are including postgres
connection properties directly in this pom file. -->
<properties>
<driver-class>org.postgresql.Driver</driver-class>
<connection-url>jdbc:postgresql://localhost:50102/postgres</connection-url>
<driver-name>postgresqldriver</driver-name>
<user-name>postgres</user-name>
<password>postgres</password>
<activatedProperties>postgres</activatedProperties>
<skipIntegrationTests>false</skipIntegrationTests>
</properties>
</profile>
</profiles>
<build> <build>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins> <plugins>
<plugin> <plugin>
<groupId>org.wildfly.plugins</groupId> <artifactId>maven-clean-plugin</artifactId>
<artifactId>wildfly-maven-plugin</artifactId> <version>${version.maven.clean}</version>
<version>${version.maven.wildfly}</version>
<configuration> <configuration>
<version>${version.wildfly}</version> <excludeDefaultDirectories>true</excludeDefaultDirectories>
<add-user> <filesets>
<users> <fileset>
<user> <directory>target</directory>
<username>admin</username> <excludes>
<password>admin</password> <exclude>wildfly-${version.wildfly}</exclude>
</user> <exclude>wildfly-${version.wildfly}/**</exclude>
<user> </excludes>
<username>admin</username> <followSymlinks>false</followSymlinks>
<password>admin</password> </fileset>
<groups> </filesets>
<group>testGroup</group>
</groups>
<applicationUser>true</applicationUser>
</user>
</users>
</add-user>
</configuration> </configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${version.maven.dependency}</version>
<executions> <executions>
<execution> <execution>
<id>run-wildfly</id> <id>unpack-wildfly</id>
<phase>install</phase> <phase>process-test-classes</phase>
<goals> <goals>
<goal>start</goal> <goal>unpack</goal>
</goals>
</execution>
<!-- Deploy the JDBC library in JBoss -->
<execution>
<id>deploy-driver</id>
<phase>install</phase>
<configuration>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<name>postgresqldriver</name>
</configuration>
<goals>
<goal>deploy-artifact</goal>
</goals>
</execution>
<!-- Add a data source -->
<execution>
<id>add-datasource</id>
<phase>install</phase>
<configuration>
<address>subsystem=datasources,data-source=java:/TaskanaDS</address>
<resources>
<resource>
<properties>
<jndi-name>java:/TaskanaDS</jndi-name>
<enabled>true</enabled>
<connection-url>${connection-url}</connection-url>
<driver-class>${driver-class}</driver-class>
<driver-name>${driver-name}</driver-name>
<user-name>${user-name}</user-name>
<password>${password}</password>
</properties>
</resource>
</resources>
</configuration>
<goals>
<goal>add-resource</goal>
</goals>
</execution>
<execution>
<id>edit-undertow</id>
<phase>install</phase>
<goals>
<goal>execute-commands</goal>
</goals> </goals>
<configuration> <configuration>
<commands> <artifactItems>
<command>/subsystem=undertow:write-attribute(name=default-server,value=default-server)</command> <artifactItem>
<command>/subsystem=undertow:write-attribute(name=default-virtual-host,value=default-host)</command> <groupId>org.wildfly</groupId>
<command>/subsystem=undertow:write-attribute(name=default-servlet-container,value=default)</command> <artifactId>wildfly-dist</artifactId>
<command>/subsystem=undertow:write-attribute(name=default-security-domain,value=ApplicationDomain)</command> <version>${version.wildfly}</version>
</commands> <type>zip</type>
<overWrite>false</overWrite>
<outputDirectory>${project.build.directory}</outputDirectory>
</artifactItem>
</artifactItems>
</configuration> </configuration>
</execution> </execution>
<execution> <execution>
<id>add-application-security-domain</id> <id>copy-postgres-db-driver</id>
<phase>install</phase> <phase>process-test-classes</phase>
<goals> <goals>
<goal>add-resource</goal> <goal>copy</goal>
</goals> </goals>
<configuration> <configuration>
<address>subsystem=undertow</address> <artifactItems>
<resources> <artifactItem>
<resource> <groupId>org.postgresql</groupId>
<address>application-security-domain=ApplicationDomain</address> <artifactId>postgresql</artifactId>
<properties> <outputDirectory>${project.build.directory}/wildfly-${version.wildfly}/modules/system/layers/base/org/postgresql/main</outputDirectory>
<http-authentication-factory>application-http-authentication</http-authentication-factory> </artifactItem>
</properties> </artifactItems>
</resource>
</resources>
</configuration> </configuration>
</execution> </execution>
<!-- Deploy the application on install -->
<execution>
<id>wildfly-deploy</id>
<phase>install</phase>
<goals>
<goal>deploy</goal>
</goals>
</execution>
<!-- shutdown the application on install -->
<execution>
<id>wildfly-shutdown</id>
<phase>install</phase>
<goals>
<goal>shutdown</goal>
</goals>
</execution>
</executions> </executions>
</plugin> </plugin>
<plugin> <plugin>
@ -295,7 +203,6 @@
<goal>test</goal> <goal>test</goal>
</goals> </goals>
<configuration> <configuration>
<skip>${skipIntegrationTests}</skip>
<includes> <includes>
<include>**/*Test.java</include> <include>**/*Test.java</include>
</includes> </includes>
@ -308,6 +215,24 @@
<artifactId>maven-resources-plugin</artifactId> <artifactId>maven-resources-plugin</artifactId>
<version>${version.maven.resources}</version> <version>${version.maven.resources}</version>
<executions> <executions>
<execution>
<id>copy-module-xml</id>
<phase>process-test-classes</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/wildfly-${version.wildfly}/modules/system/layers/base/org/postgresql/main</outputDirectory>
<resources>
<resource>
<directory>src/test/resources</directory>
<includes>
<include>module.xml</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
<execution> <execution>
<id>copy-documentation-to-static-folder</id> <id>copy-documentation-to-static-folder</id>
<phase>prepare-package</phase> <phase>prepare-package</phase>

65
rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java
View File

@ -7,8 +7,6 @@ import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean; import org.springframework.web.filter.GenericFilterBean;
import org.wildfly.security.auth.server.SecurityDomain; import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity; import org.wildfly.security.auth.server.SecurityIdentity;
@ -24,52 +22,45 @@ public class ElytronToJaasFilter extends GenericFilterBean {
throws IOException, ServletException { throws IOException, ServletException {
SecurityIdentity securityIdentity = getSecurityIdentity(); SecurityIdentity securityIdentity = getSecurityIdentity();
if (securityIdentity != null) { if (securityIdentity != null) {
Roles roles = securityIdentity.getRoles(); applySecurityIdentityToSubject(securityIdentity);
Subject subject = obtainSubject(request);
if (subject != null) {
if (subject.getPrincipals().size() == 0) {
subject.getPrincipals().add(securityIdentity.getPrincipal());
}
if (subject.getPrincipals(GroupPrincipal.class).size() == 0) {
roles.forEach(role -> subject.getPrincipals().add(new GroupPrincipal(role)));
}
}
} }
chain.doFilter(request, response); chain.doFilter(request, response);
} }
/** private void applySecurityIdentityToSubject(SecurityIdentity securityIdentity) {
* Obtains the <code>Subject</code> to run as or <code>null</code> if no <code>Subject</code> is Roles roles = securityIdentity.getRoles();
* available. Subject subject = obtainSubject();
* if (subject != null) {
* <p>The default implementation attempts to obtain the <code>Subject</code> from the <code> if (subject.getPrincipals().size() == 0) {
* SecurityContext</code>'s <code>Authentication</code>. If it is of type <code> subject.getPrincipals().add(securityIdentity.getPrincipal());
* JaasAuthenticationToken</code> and is authenticated, the <code>Subject</code> is returned from }
* it. Otherwise, <code>null</code> is returned. if (subject.getPrincipals(GroupPrincipal.class).size() == 0) {
* roles.forEach(role -> subject.getPrincipals().add(new GroupPrincipal(role)));
* @param request the current <code>ServletRequest</code> }
* @return the Subject to run as or <code>null</code> if no <code>Subject</code> is available. if (logger.isDebugEnabled()) {
*/ logger.debug("Current JAAS subject after applying Elytron SecurityIdentity: " + subject);
protected Subject obtainSubject(ServletRequest request) { }
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Attempting to obtainSubject using authentication : " + authentication);
}
if (authentication == null) {
return null;
}
if (!authentication.isAuthenticated()) {
return null;
} }
}
return Subject.getSubject(AccessController.getContext()); private Subject obtainSubject() {
Subject subject = Subject.getSubject(AccessController.getContext());
if (logger.isDebugEnabled()) {
logger.debug("Current JAAS subject: " + subject);
}
return subject;
} }
private SecurityIdentity getSecurityIdentity() { private SecurityIdentity getSecurityIdentity() {
SecurityDomain current = SecurityDomain.getCurrent(); SecurityDomain current = SecurityDomain.getCurrent();
SecurityIdentity identity = null;
if (current != null) { if (current != null) {
return current.getCurrentSecurityIdentity(); identity = current.getCurrentSecurityIdentity();
} }
return null; if (logger.isDebugEnabled()) {
logger.debug("Current Elytron SecurityIdentity: " + identity);
}
return identity;
} }
} }

49
rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/LogoutController.java Normal file
View File

@ -0,0 +1,49 @@
package pro.taskana.wildfly.security;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.servlet.view.RedirectView;
/** The logout controller. */
@Controller
public class LogoutController {
private static final Logger LOGGER = LoggerFactory.getLogger(LogoutController.class);
@GetMapping(path = "/logout")
public RedirectView loginErrorGet(HttpServletRequest request) {
return logout(request);
}
@PostMapping(path = "/logout")
public RedirectView loginErrorPost(HttpServletRequest request) {
return logout(request);
}
public RedirectView logout(HttpServletRequest request) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Logging out...");
}
if (request.getSession(false) != null) {
request.getSession(false).invalidate(); // remove session.
}
if (request.getSession() != null) {
request.getSession().invalidate(); // remove session.
}
try {
request.logout();
} catch (ServletException e) {
LOGGER.warn("Exception caught while logging out: {}", e.getMessage());
}
return new RedirectView("/", true);
}
}

161
rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/WildflyWebSecurityConfig.java
View File

@ -1,29 +1,17 @@
package pro.taskana.wildfly.security; package pro.taskana.wildfly.security;
import java.util.ArrayList; import org.springframework.boot.web.servlet.FilterRegistrationBean;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
import org.springframework.security.core.GrantedAuthority; import org.springframework.web.cors.CorsConfiguration;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.web.filter.CorsFilter;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.Roles;
import pro.taskana.rest.security.WebSecurityConfig;
/** /**
* Default basic configuration for taskana web example running on Wildfly / JBoss with Elytron or * Default basic configuration for taskana web example running on Wildfly / JBoss with Elytron or
@ -31,111 +19,46 @@ import pro.taskana.rest.security.WebSecurityConfig;
*/ */
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@Order(1) public class WildflyWebSecurityConfig extends WebSecurityConfigurerAdapter {
public class WildflyWebSecurityConfig extends WebSecurityConfig {
@Value("${devMode:false}")
private boolean devMode;
@Bean @Bean
public J2eePreAuthenticatedProcessingFilter preAuthFilter() { public WebMvcConfigurer corsConfigurer() {
J2eePreAuthenticatedProcessingFilter filter = new J2eePreAuthenticatedProcessingFilter(); return new CorsWebMvcConfigurer();
filter.setAuthenticationManager(preAuthManager()); }
@Bean
public FilterRegistrationBean<CorsFilter> corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilter(jaasApiIntegrationFilter())
.addFilterAfter(new ElytronToJaasFilter(), JaasApiIntegrationFilter.class)
.csrf()
.disable();
}
protected JaasApiIntegrationFilter jaasApiIntegrationFilter() {
JaasApiIntegrationFilter filter = new JaasApiIntegrationFilter();
filter.setCreateEmptySubject(true);
return filter; return filter;
} }
@Bean private static class CorsWebMvcConfigurer implements WebMvcConfigurer {
public AuthenticationManager preAuthManager() {
return new AuthenticationManager() {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
return preauthAuthProvider().authenticate(authentication);
}
};
}
@Bean
public PreAuthenticatedAuthenticationProvider preauthAuthProvider() {
PreAuthenticatedAuthenticationProvider preauthAuthProvider =
new PreAuthenticatedAuthenticationProvider();
preauthAuthProvider.setPreAuthenticatedUserDetailsService(authenticationUserDetailsService());
return preauthAuthProvider;
}
@Bean
public AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>
authenticationUserDetailsService() {
return new PreAuthenticatedAuthenticationTokenAuthenticationUserDetailsService();
}
private static class PreAuthenticatedAuthenticationTokenAuthenticationUserDetailsService
implements AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
@Override @Override
public UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) public void addCorsMappings(CorsRegistry registry) {
throws UsernameNotFoundException { registry.addMapping("/**").allowedOrigins("*");
return new MyUserDetails(token);
}
private static class MyUserDetails implements UserDetails {
private static final long serialVersionUID = 1L;
private final PreAuthenticatedAuthenticationToken token;
public MyUserDetails(PreAuthenticatedAuthenticationToken token) {
this.token = token;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<>();
SecurityIdentity securityIdentity = getSecurityIdentity();
if (securityIdentity != null) {
Roles roles = securityIdentity.getRoles();
roles.forEach(role -> authorities.add(new SimpleGrantedAuthority(role)));
}
return authorities;
}
@Override
public String getPassword() {
return (String) token.getCredentials();
}
@Override
public String getUsername() {
return token.getName();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
private SecurityIdentity getSecurityIdentity() {
SecurityDomain current = SecurityDomain.getCurrent();
if (current != null) {
return current.getCurrentSecurityIdentity();
}
return null;
}
} }
} }
} }

24
rest/taskana-rest-spring-example-wildfly/src/main/resources/application.properties
View File

@ -5,27 +5,29 @@ taskana.schemaName=TASKANA
####### properties to connect to LDAP ####### properties to connect to LDAP
taskana.ldap.serverUrl=ldap://localhost:10389 taskana.ldap.serverUrl=ldap://localhost:10389
taskana.ldap.bindDn=uid=admin,ou=system taskana.ldap.bindDn=uid=admin
taskana.ldap.bindPassword=secret taskana.ldap.bindPassword=secret
taskana.ldap.baseDn=o=TaskanaTest taskana.ldap.baseDn=ou=Test,O=TASKANA
####### properties that control search for users and groups taskana.ldap.userSearchBase=cn=users
taskana.ldap.userSearchBase=ou=people
taskana.ldap.userSearchFilterName=objectclass taskana.ldap.userSearchFilterName=objectclass
taskana.ldap.userSearchFilterValue=person taskana.ldap.userSearchFilterValue=person
taskana.ldap.userFirstnameAttribute=givenName taskana.ldap.userFirstnameAttribute=givenName
taskana.ldap.userLastnameAttribute=sn taskana.ldap.userLastnameAttribute=sn
taskana.ldap.userIdAttribute=uid taskana.ldap.userIdAttribute=uid
taskana.ldap.groupSearchBase=ou=groups taskana.ldap.groupSearchBase=
taskana.ldap.groupSearchFilterName=objectclass taskana.ldap.groupSearchFilterName=objectclass
taskana.ldap.groupSearchFilterValue=groupOfUniqueNames taskana.ldap.groupSearchFilterValue=groupofuniquenames
taskana.ldap.groupNameAttribute=cn taskana.ldap.groupNameAttribute=cn
taskana.ldap.minSearchForLength=3 taskana.ldap.minSearchForLength=3
taskana.ldap.maxNumberOfReturnedAccessIds=50 taskana.ldap.maxNumberOfReturnedAccessIds=50
taskana.ldap.groupsOfUser=memberUid taskana.ldap.groupsOfUser=uniquemember
####### JobScheduler cron expression that specifies when the JobSchedler runs ####### JobScheduler cron expression that specifies when the JobSchedler runs
taskana.jobscheduler.async.cron=0 * * * * * taskana.jobscheduler.async.cron=0 * * * * *
####### cache static resources properties ####### cache static resources properties
spring.resources.cache.cachecontrol.cache-private=true spring.resources.cache.cachecontrol.cache-private=true
####### for upload of big workbasket- or classification-files ####### for upload of big workbasket- or classification-files
spring.servlet.multipart.max-file-size=10MB spring.servlet.multipart.max-file-size=10MB
spring.servlet.multipart.max-request-size=10MB spring.servlet.multipart.max-request-size=10MB
@ -38,3 +40,11 @@ server.tomcat.max-swallow-size=-1
####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy ####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy
server.tomcat.remoteip.internal-proxies=.* server.tomcat.remoteip.internal-proxies=.*
server.forward-headers-strategy=native server.forward-headers-strategy=native
# Embedded Spring LDAP server
spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
spring.ldap.embedded.credential.username= uid=admin
spring.ldap.embedded.credential.password= secret
spring.ldap.embedded.ldif=classpath:taskana-example.ldif
spring.ldap.embedded.port= 10389
spring.ldap.embedded.validation.enabled=false

49
rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/classes/logging.properties
View File

@ -1,49 +0,0 @@
# Note this file has been generated and will be overwritten if a
# logging subsystem has been defined in the XML configuration.
# Additional loggers to configure (the root logger is always configured)
loggers=sun.rmi,org.jboss.as.config,com.arjuna,org.springframework,pro.taskana
logger.level=INFO
logger.handlers=FILE,CONSOLE
logger.org.springframework.level=INFO
logger.org.springframework.useParentHandlers=true
logger.pro.taskana.level=INFO
logger.pro.taskana.useParentHandlers=true
logger.sun.rmi.level=WARN
logger.sun.rmi.useParentHandlers=true
logger.org.jboss.as.config.level=WARN
logger.org.jboss.as.config.useParentHandlers=true
logger.com.arjuna.level=WARN
logger.com.arjuna.useParentHandlers=true
handler.CONSOLE=org.jboss.logmanager.handlers.ConsoleHandler
handler.CONSOLE.formatter=COLOR-PATTERN
handler.CONSOLE.properties=autoFlush,target,enabled
handler.CONSOLE.autoFlush=true
handler.CONSOLE.target=SYSTEM_OUT
handler.CONSOLE.enabled=true
handler.FILE=org.jboss.logmanager.handlers.PeriodicRotatingFileHandler
handler.FILE.formatter=PATTERN
handler.FILE.properties=append,autoFlush,enabled,suffix,fileName
handler.FILE.constructorProperties=fileName,append
handler.FILE.append=true
handler.FILE.autoFlush=true
handler.FILE.enabled=true
handler.FILE.suffix=.yyyy-MM-dd
handler.FILE.fileName=${project.buildDir}/taskana/rest/taskana-rest-spring-example-wildfly/target/wildfly-11.0.0.Final/standalone/log/server.log
formatter.PATTERN=org.jboss.logmanager.formatters.PatternFormatter
formatter.PATTERN.properties=pattern
formatter.PATTERN.pattern=%d{yyyy-MM-dd HH\:mm\:ss,SSS} %-5p [%c] (%t) %s%e%n
formatter.COLOR-PATTERN=org.jboss.logmanager.formatters.PatternFormatter
formatter.COLOR-PATTERN.properties=pattern
formatter.COLOR-PATTERN.pattern=%K{level}%d{HH\:mm\:ss,SSS} %-5p [%c] (%t) %s%e%n

1
rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/jboss-web.xml
View File

@ -4,4 +4,5 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_7_2.xsd"> xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_7_2.xsd">
<context-root>/taskana</context-root> <context-root>/taskana</context-root>
<security-domain>taskanaApplicationDomain</security-domain>
</jboss-web> </jboss-web>

54
rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/web.xml
View File

@ -1,15 +1,45 @@
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" <web-app version="3.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"> http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<display-name>TaskanaRestWildflySpring</display-name> <display-name>TaskanaRestWildflySpring</display-name>
<session-config>
<login-config> <tracking-mode>COOKIE</tracking-mode>
<auth-method>FORM</auth-method> </session-config>
<form-login-config> <welcome-file-list>
<form-login-page>/login</form-login-page> <welcome-file>index.html</welcome-file>
<form-error-page>/loginerror</form-error-page> </welcome-file-list>
</form-login-config> <security-constraint>
</login-config> <web-resource-collection>
<web-resource-name>taskana-web</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Public</web-resource-name>
<url-pattern>/css/main.css</url-pattern>
<url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css</url-pattern>
<url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css.map</url-pattern>
<url-pattern>/img/logo.png</url-pattern>
<url-pattern>/logout</url-pattern>
</web-resource-collection>
<!-- No auth-constraint means everybody has access! -->
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>taskanaApplicationDomain</realm-name>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login?error</form-error-page>
</form-login-config>
</login-config>
</web-app> </web-app>

108
rest/taskana-rest-spring-example-wildfly/src/test/java/pro/taskana/TaskanaWildflyTest.java
View File

@ -1,10 +1,16 @@
package pro.taskana; package pro.taskana;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.fasterxml.jackson.module.paramnames.ParameterNamesModule;
import java.io.File; import java.io.File;
import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.RunAsClient; import org.jboss.arquillian.container.test.api.RunAsClient;
@ -15,17 +21,22 @@ import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven; import org.jboss.shrinkwrap.resolver.api.maven.Maven;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.ParameterizedTypeReference; import org.springframework.core.ParameterizedTypeReference;
import org.springframework.hateoas.MediaTypes;
import org.springframework.hateoas.mediatype.hal.Jackson2HalModule;
import org.springframework.http.HttpEntity; import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.web.client.RestTemplate; import org.springframework.web.client.RestTemplate;
import pro.taskana.common.rest.models.AccessIdRepresentationModel;
import pro.taskana.common.rest.models.TaskanaUserInfoRepresentationModel; import pro.taskana.common.rest.models.TaskanaUserInfoRepresentationModel;
import pro.taskana.task.rest.models.TaskRepresentationModel;
/** /**
* This test class is configured to run with postgres DB if you want to run it with h2 it is needed. * This test class is configured to run with postgres DB if you want to run it with h2 it is needed.
@ -34,9 +45,22 @@ import pro.taskana.common.rest.models.TaskanaUserInfoRepresentationModel;
@RunWith(Arquillian.class) @RunWith(Arquillian.class)
public class TaskanaWildflyTest { public class TaskanaWildflyTest {
private static final Logger LOGGER = LoggerFactory.getLogger(TaskanaWildflyTest.class);
public static final String AUTHORIZATION_TEAMLEAD_1 = "Basic dGVhbWxlYWQtMTp0ZWFtbGVhZC0x";
@Deployment(testable = false) @Deployment(testable = false)
public static Archive<?> createTestArchive() { public static Archive<?> createTestArchive() {
String applicationPropertyFile = "application.properties";
String dbType = System.getProperty("db.type");
if (dbType != null && !dbType.isEmpty()) {
applicationPropertyFile = "application-" + dbType + ".properties";
}
LOGGER.info(
"Running with db.type '{}' and using property file '{}'", dbType, applicationPropertyFile);
File[] files = File[] files =
Maven.resolver() Maven.resolver()
.loadPomFromFile("pom.xml") .loadPomFromFile("pom.xml")
@ -48,35 +72,95 @@ public class TaskanaWildflyTest {
return ShrinkWrap.create(WebArchive.class, "taskana.war") return ShrinkWrap.create(WebArchive.class, "taskana.war")
.addPackages(true, "pro.taskana") .addPackages(true, "pro.taskana")
.addAsResource("taskana.properties") .addAsResource("taskana.properties")
.addAsResource("application.properties") .addAsResource(applicationPropertyFile, "application.properties")
.addAsResource("project-defaults.yml") .addAsResource("taskana-test.ldif")
.addAsWebInfResource("int-test-web.xml", "web.xml")
.addAsWebInfResource("int-test-jboss-web.xml", "jboss-web.xml")
.addAsLibraries(files); .addAsLibraries(files);
} }
@Test @Test
@RunAsClient @RunAsClient
public void shouldGetStatusOK() { public void should_ReturnUserInformationForAuthenticatedUser_IfRequested() {
HttpEntity<String> httpEntity = new HttpEntity<>(getHeadersTeamlead_1());
HttpHeaders headers = new HttpHeaders();
HttpEntity<String> request = new HttpEntity<>(headers);
ResponseEntity<TaskanaUserInfoRepresentationModel> response = ResponseEntity<TaskanaUserInfoRepresentationModel> response =
getRestTemplate() getRestTemplate()
.exchange( .exchange(
"http://127.0.0.1:" + "8090" + "/api/v1/current-user-info", "http://127.0.0.1:" + "8080" + "/taskana/api/v1/current-user-info",
HttpMethod.GET, HttpMethod.GET,
request, httpEntity,
ParameterizedTypeReference.forType(TaskanaUserInfoRepresentationModel.class)); ParameterizedTypeReference.forType(TaskanaUserInfoRepresentationModel.class));
assertEquals(HttpStatus.OK, response.getStatusCode()); assertEquals(HttpStatus.OK, response.getStatusCode());
TaskanaUserInfoRepresentationModel currentUser = response.getBody();
assertEquals("teamlead-1", currentUser.getUserId());
assertEquals(4, currentUser.getGroupIds().size());
assertEquals(3, currentUser.getRoles().size());
} }
private RestTemplate getRestTemplate() { @Test
@RunAsClient
public void should_ReturnUserFromLdap_WhenWildcardSearchIsConducted() {
HttpEntity<String> httpEntity = new HttpEntity<>(getHeadersTeamlead_1());
ResponseEntity<AccessIdListResource> response =
getRestTemplate()
.exchange(
"http://127.0.0.1:8080/taskana/api/v1/access-ids?search-for=rig",
HttpMethod.GET,
httpEntity,
ParameterizedTypeReference.forType(AccessIdListResource.class));
assertEquals(HttpStatus.OK, response.getStatusCode());
AccessIdListResource accessIdList = response.getBody();
assertEquals(2, accessIdList.size());
}
@Test
@RunAsClient
public void should_ReturnTask_WhenRequested() {
HttpEntity<String> httpEntity = new HttpEntity<>(getHeadersTeamlead_1());
ResponseEntity<TaskRepresentationModel> response =
getRestTemplate()
.exchange(
"http://127.0.0.1:8080/taskana/api/v1/tasks/TKI:000000000000000000000000000000000001",
HttpMethod.GET,
httpEntity,
ParameterizedTypeReference.forType(TaskRepresentationModel.class));
assertEquals(HttpStatus.OK, response.getStatusCode());
assertThat(response.getBody()).isNotNull();
}
/**
* Return a REST template which is capable of dealing with responses in HAL format.
*
* @return RestTemplate
*/
private static RestTemplate getRestTemplate() {
ObjectMapper mapper = new ObjectMapper(); ObjectMapper mapper = new ObjectMapper();
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
mapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
mapper.registerModule(new Jackson2HalModule());
mapper
.registerModule(new ParameterNamesModule())
.registerModule(new Jdk8Module())
.registerModule(new JavaTimeModule());
MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter(); MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
converter.setSupportedMediaTypes(MediaType.parseMediaTypes("application/json")); converter.setSupportedMediaTypes(Collections.singletonList(MediaTypes.HAL_JSON));
converter.setObjectMapper(mapper); converter.setObjectMapper(mapper);
return new RestTemplate(Collections.singletonList(converter)); RestTemplate template = new RestTemplate();
// important to add first to ensure priority
template.getMessageConverters().add(0, converter);
return template;
}
private HttpHeaders getHeadersTeamlead_1() {
HttpHeaders headers = new HttpHeaders();
headers.add("Authorization", AUTHORIZATION_TEAMLEAD_1);
headers.add("Content-Type", "application/json");
return headers;
}
static class AccessIdListResource extends ArrayList<AccessIdRepresentationModel> {
private static final long serialVersionUID = 1L;
} }
} }

46
rest/taskana-rest-spring-example-wildfly/src/test/resources/application-postgres.properties Normal file
View File

@ -0,0 +1,46 @@
logging.level.pro.taskana=DEBUG
logging.level.org.springframework=DEBUG
######## Taskana DB #######
datasource.jndi=java:/TaskanaDS/PostgreSQL
taskana.schemaName=taskana
devMode=true
####### properties to connect to LDAP
taskana.ldap.serverUrl=ldap://localhost:10389
taskana.ldap.bindDn=uid=admin
taskana.ldap.bindPassword=secret
taskana.ldap.baseDn=ou=Test,O=TASKANA
taskana.ldap.userSearchBase=cn=users
taskana.ldap.userSearchFilterName=objectclass
taskana.ldap.userSearchFilterValue=person
taskana.ldap.userFirstnameAttribute=givenName
taskana.ldap.userLastnameAttribute=sn
taskana.ldap.userIdAttribute=uid
taskana.ldap.groupSearchBase=
taskana.ldap.groupSearchFilterName=objectclass
taskana.ldap.groupSearchFilterValue=groupOfUniqueNames
taskana.ldap.groupNameAttribute=cn
taskana.ldap.minSearchForLength=3
taskana.ldap.maxNumberOfReturnedAccessIds=50
taskana.ldap.groupsOfUser=uniquemember
####### JobScheduler cron expression that specifies when the JobSchedler runs
taskana.jobscheduler.async.cron=0 * * * * *
####### cache static resources propertiesgit add --
spring.resources.cache.cachecontrol.cache-private=true
spring.main.allow-bean-definition-overriding=true
####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy
server.tomcat.remoteip.internal-proxies=.*
server.forward-headers-strategy=native
# Embedded Spring LDAP server
spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
spring.ldap.embedded.credential.username= uid=admin
spring.ldap.embedded.credential.password= secret
spring.ldap.embedded.ldif=classpath:taskana-test.ldif
spring.ldap.embedded.port= 10389
spring.ldap.embedded.validation.enabled=false

31
rest/taskana-rest-spring-example-wildfly/src/test/resources/application.properties
View File

@ -1,31 +1,34 @@
logging.level.pro.taskana=INFO logging.level.pro.taskana=DEBUG
### logging.level.org.springframework=DEBUG logging.level.org.springframework=DEBUG
######## Taskana DB ####### ######## Taskana DB #######
datasource.jndi=java:jboss/datasources/TestDS datasource.jndi=java:/TaskanaDS/H2
taskana.schemaName=taskana taskana.schemaName=TASKANA
devMode=true devMode=true
####### properties to connect to LDAP ####### properties to connect to LDAP
taskana.ldap.serverUrl=ldap://localhost:10389 taskana.ldap.serverUrl=ldap://localhost:10389
taskana.ldap.bindDn=uid=admin,ou=system taskana.ldap.bindDn=uid=admin
taskana.ldap.bindPassword=secret taskana.ldap.bindPassword=secret
taskana.ldap.baseDn=o=TaskanaTest taskana.ldap.baseDn=ou=Test,O=TASKANA
####### properties that control search for users and groups taskana.ldap.userSearchBase=cn=users
taskana.ldap.userSearchBase=ou=people
taskana.ldap.userSearchFilterName=objectclass taskana.ldap.userSearchFilterName=objectclass
taskana.ldap.userSearchFilterValue=person taskana.ldap.userSearchFilterValue=person
taskana.ldap.userFirstnameAttribute=givenName taskana.ldap.userFirstnameAttribute=givenName
taskana.ldap.userLastnameAttribute=sn taskana.ldap.userLastnameAttribute=sn
taskana.ldap.userIdAttribute=uid taskana.ldap.userIdAttribute=uid
taskana.ldap.groupSearchBase=ou=groups taskana.ldap.groupSearchBase=
taskana.ldap.groupSearchFilterName=objectclass taskana.ldap.groupSearchFilterName=objectclass
taskana.ldap.groupSearchFilterValue=groupOfUniqueNames taskana.ldap.groupSearchFilterValue=groupOfUniqueNames
taskana.ldap.groupNameAttribute=cn taskana.ldap.groupNameAttribute=cn
taskana.ldap.minSearchForLength=3 taskana.ldap.minSearchForLength=3
taskana.ldap.maxNumberOfReturnedAccessIds=50 taskana.ldap.maxNumberOfReturnedAccessIds=50
taskana.ldap.groupsOfUser=memberUid taskana.ldap.groupsOfUser=uniquemember
####### JobScheduler cron expression that specifies when the JobSchedler runs ####### JobScheduler cron expression that specifies when the JobSchedler runs
taskana.jobscheduler.async.cron=0 * * * * * taskana.jobscheduler.async.cron=0 * * * * *
####### cache static resources propertiesgit add -- ####### cache static resources propertiesgit add --
spring.resources.cache.cachecontrol.cache-private=true spring.resources.cache.cachecontrol.cache-private=true
spring.main.allow-bean-definition-overriding=true spring.main.allow-bean-definition-overriding=true
@ -33,3 +36,11 @@ spring.main.allow-bean-definition-overriding=true
####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy ####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy
server.tomcat.remoteip.internal-proxies=.* server.tomcat.remoteip.internal-proxies=.*
server.forward-headers-strategy=native server.forward-headers-strategy=native
# Embedded Spring LDAP server
spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
spring.ldap.embedded.credential.username= uid=admin
spring.ldap.embedded.credential.password= secret
spring.ldap.embedded.ldif=classpath:taskana-test.ldif
spring.ldap.embedded.port= 10389
spring.ldap.embedded.validation.enabled=false

16
rest/taskana-rest-spring-example-wildfly/src/test/resources/arquillian.xml Normal file
View File

@ -0,0 +1,16 @@
<arquillian xmlns="http://jboss.org/schema/arquillian"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/schema/arquillian
http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
<defaultProtocol type="Servlet 3.0" />
<container qualifier="jboss" default="true">
<configuration>
<property name="jbossHome">target/wildfly-13.0.0.Final</property>
<property name="serverConfig">../../../../src/test/resources/int-test-standalone.xml</property>
<!-- <property name="javaVmArguments">-Xmx512m -XX:MaxPermSize=128m
-Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y
</property> -->
<property name="javaVmArguments">-Djava.util.logging.manager=org.jboss.logmanager.LogManager</property>
</configuration>
</container>
</arquillian>

8
rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-jboss-web.xml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web version="7.2"
xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_7_2.xsd">
<context-root>/taskana</context-root>
<security-domain>taskanaApplicationDomain</security-domain>
</jboss-web>

849
rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-standalone.xml Normal file
View File

@ -0,0 +1,849 @@
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:7.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan" />
<extension module="org.jboss.as.connector" />
<extension module="org.jboss.as.deployment-scanner" />
<extension module="org.jboss.as.ee" />
<extension module="org.jboss.as.ejb3" />
<extension module="org.jboss.as.jaxrs" />
<extension module="org.jboss.as.jdr" />
<extension module="org.jboss.as.jmx" />
<extension module="org.jboss.as.jpa" />
<extension module="org.jboss.as.jsf" />
<extension module="org.jboss.as.logging" />
<extension module="org.jboss.as.mail" />
<extension module="org.jboss.as.naming" />
<extension module="org.jboss.as.pojo" />
<extension module="org.jboss.as.remoting" />
<extension module="org.jboss.as.sar" />
<extension module="org.jboss.as.security" />
<extension module="org.jboss.as.transactions" />
<extension module="org.jboss.as.webservices" />
<extension module="org.jboss.as.weld" />
<extension module="org.wildfly.extension.batch.jberet" />
<extension
module="org.wildfly.extension.bean-validation" />
<extension
module="org.wildfly.extension.core-management" />
<extension module="org.wildfly.extension.elytron" />
<extension module="org.wildfly.extension.io" />
<extension
module="org.wildfly.extension.request-controller" />
<extension
module="org.wildfly.extension.security.manager" />
<extension module="org.wildfly.extension.undertow" />
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local"
skip-group-loading="true" />
<properties path="mgmt-users.properties"
relative-to="jboss.server.config.dir" />
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties"
relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore"
relative-to="jboss.server.config.dir"
keystore-password="password" alias="server"
key-password="password"
generate-self-signed-certificate-host="localhost" />
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*"
skip-group-loading="true" />
<properties
path="application-users.properties"
relative-to="jboss.server.config.dir" />
</authentication>
<authorization>
<properties
path="application-roles.properties"
relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter" />
</formatters>
<handlers>
<file-handler name="file"
formatter="json-formatter" path="audit-log.log"
relative-to="jboss.server.data.dir" />
</handlers>
<logger log-boot="true" log-read-only="false"
enabled="false">
<handlers>
<handler name="file" />
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface
http-authentication-factory="management-http-authentication">
<http-upgrade enabled="true"
sasl-authentication-factory="management-sasl-authentication" />
<socket-binding http="management-http" />
</http-interface>
</management-interfaces>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local" />
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<subsystem xmlns="urn:jboss:domain:logging:5.0">
<console-handler name="CONSOLE">
<level name="INFO" />
<formatter>
<named-formatter
name="COLOR-PATTERN" />
</formatter>
</console-handler>
<periodic-rotating-file-handler
name="FILE" autoflush="true">
<formatter>
<named-formatter name="PATTERN" />
</formatter>
<file relative-to="jboss.server.log.dir"
path="server.log" />
<suffix value=".yyyy-MM-dd" />
<append value="true" />
</periodic-rotating-file-handler>
<logger category="com.arjuna">
<level name="WARN" />
</logger>
<logger category="org.jboss.as.config">
<level name="ALL" />
</logger>
<logger category="sun.rmi">
<level name="WARN" />
</logger>
<logger category="pro.taskana"
use-parent-handlers="true">
<level name="DEBUG" />
</logger>
<logger category="org.springframework"
use-parent-handlers="true">
<level name="INFO" />
</logger>
<logger category="org.springframework.web"
use-parent-handlers="true">
<level name="DEBUG" />
</logger>
<logger category="org.slf4j"
use-parent-handlers="true">
<level name="DEBUG" />
</logger>
<logger category="org.springframework.security"
use-parent-handlers="true">
<level name="DEBUG" />
</logger>
<logger category="org.jboss.security"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<logger category="org.jboss.as.security"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<logger category="org.picketbox"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<logger
category="org.jboss.as.domain.management.security"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<logger category="org.wildfly.security"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<logger category="org.wildfly.elytron"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<logger category="org.apache.catalina"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<logger category="org.wildfly.extension.undertow"
use-parent-handlers="true">
<level name="ALL" />
</logger>
<root-logger>
<level name="INFO" />
<handlers>
<handler name="CONSOLE" />
<handler name="FILE" />
</handlers>
</root-logger>
<formatter name="PATTERN">
<pattern-formatter
pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
<formatter name="COLOR-PATTERN">
<pattern-formatter
pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
</subsystem>
<subsystem xmlns="urn:jboss:domain:batch-jberet:2.0">
<default-job-repository
name="in-memory" />
<default-thread-pool name="batch" />
<job-repository name="in-memory">
<in-memory />
</job-repository>
<thread-pool name="batch">
<max-threads count="10" />
<keepalive-time time="30" unit="seconds" />
</thread-pool>
</subsystem>
<subsystem
xmlns="urn:jboss:domain:bean-validation:1.0" />
<subsystem
xmlns="urn:jboss:domain:core-management:1.0" />
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
<datasource
jndi-name="java:jboss/datasources/ExampleDS"
pool-name="ExampleDS" enabled="true"
use-java-context="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jta="true"
jndi-name="java:/TaskanaDS/H2"
pool-name="TASKANA Datasource" enabled="true"
use-ccm="false">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1
</connection-url>
<driver-class>org.h2.Driver</driver-class>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
<validation>
<background-validation>false
</background-validation>
</validation>
</datasource>
<datasource jta="true"
jndi-name="java:/TaskanaDS/PostgreSQL"
pool-name="TASKANA PostgreSQL Datasource"
enabled="true" use-ccm="false">
<connection-url>jdbc:postgresql://localhost:50102/postgres
</connection-url>
<driver-class>org.postgresql.Driver</driver-class>
<driver>postgresql</driver>
<security>
<user-name>postgres</user-name>
<password>postgres</password>
</security>
<validation>
<background-validation>false
</background-validation>
</validation>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource
</xa-datasource-class>
</driver>
<driver name="postgresql"
module="org.postgresql">
<driver-class>org.postgresql.Driver
</driver-class>
</driver>
</drivers>
</datasources>
</subsystem>
<subsystem
xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments"
relative-to="jboss.server.base.dir" scan-interval="5000"
runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ee:4.0">
<spec-descriptor-property-replacement>false
</spec-descriptor-property-replacement>
<concurrent>
<context-services>
<context-service name="default"
jndi-name="java:jboss/ee/concurrency/context/default"
use-transaction-setup-provider="true" />
</context-services>
<managed-thread-factories>
<managed-thread-factory
name="default"
jndi-name="java:jboss/ee/concurrency/factory/default"
context-service="default" />
</managed-thread-factories>
<managed-executor-services>
<managed-executor-service
name="default"
jndi-name="java:jboss/ee/concurrency/executor/default"
context-service="default"
hung-task-threshold="60000"
keepalive-time="5000" />
</managed-executor-services>
<managed-scheduled-executor-services>
<managed-scheduled-executor-service
name="default"
jndi-name="java:jboss/ee/concurrency/scheduler/default"
context-service="default"
hung-task-threshold="60000"
keepalive-time="3000" />
</managed-scheduled-executor-services>
</concurrent>
<default-bindings
context-service="java:jboss/ee/concurrency/context/default"
datasource="java:jboss/datasources/ExampleDS"
managed-executor-service="java:jboss/ee/concurrency/executor/default"
managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
managed-thread-factory="java:jboss/ee/concurrency/factory/default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
<session-bean>
<stateless>
<bean-instance-pool-ref
pool-name="slsb-strict-max-pool" />
</stateless>
<stateful default-access-timeout="5000"
cache-ref="simple"
passivation-disabled-cache-ref="simple" />
<singleton default-access-timeout="5000" />
</session-bean>
<pools>
<bean-instance-pools>
<strict-max-pool
name="slsb-strict-max-pool"
derive-size="from-worker-pools"
instance-acquisition-timeout="5"
instance-acquisition-timeout-unit="MINUTES" />
<strict-max-pool
name="mdb-strict-max-pool"
derive-size="from-cpu-count"
instance-acquisition-timeout="5"
instance-acquisition-timeout-unit="MINUTES" />
</bean-instance-pools>
</pools>
<caches>
<cache name="simple" />
<cache name="distributable"
passivation-store-ref="infinispan"
aliases="passivating clustered" />
</caches>
<passivation-stores>
<passivation-store name="infinispan"
cache-container="ejb" max-size="10000" />
</passivation-stores>
<async thread-pool-name="default" />
<timer-service thread-pool-name="default"
default-data-store="default-file-store">
<data-stores>
<file-data-store
name="default-file-store"
path="timer-service-data"
relative-to="jboss.server.data.dir" />
</data-stores>
</timer-service>
<remote connector-ref="http-remoting-connector"
thread-pool-name="default">
<channel-creation-options>
<option name="READ_TIMEOUT"
value="${prop.remoting-connector.read.timeout:20}"
type="xnio" />
<option name="MAX_OUTBOUND_MESSAGES"
value="1234" type="remoting" />
</channel-creation-options>
</remote>
<thread-pools>
<thread-pool name="default">
<max-threads count="10" />
<keepalive-time time="100"
unit="milliseconds" />
</thread-pool>
</thread-pools>
<default-security-domain
value="other" />
<default-missing-method-permissions-deny-access
value="true" />
<log-system-exceptions value="true" />
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:3.0"
final-providers="combined-providers"
disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers
name="combined-providers">
<providers name="elytron" />
<providers name="openssl" />
</aggregate-providers>
<provider-loader name="elytron"
module="org.wildfly.security.elytron" />
<provider-loader name="openssl"
module="org.wildfly.openssl" />
</providers>
<audit-logging>
<file-audit-log name="local-audit"
path="audit.log" relative-to="jboss.server.log.dir"
format="JSON" />
</audit-logging>
<security-domains>
<security-domain
name="ApplicationDomain"
default-realm="ApplicationRealm"
permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm"
role-decoder="groups-to-roles" />
<realm name="local" />
</security-domain>
<security-domain name="ManagementDomain"
default-realm="ManagementRealm"
permission-mapper="default-permission-mapper">
<realm name="ManagementRealm"
role-decoder="groups-to-roles" />
<realm name="local"
role-mapper="super-user-mapper" />
</security-domain>
<security-domain name="taskanaLdapSD"
default-realm="taskanaLR"
permission-mapper="default-permission-mapper">
<realm name="taskanaLR"
role-decoder="from-roles-attribute" />
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local"
identity="$local" />
<properties-realm
name="ApplicationRealm">
<users-properties
path="application-users.properties"
relative-to="jboss.server.config.dir"
digest-realm-name="ApplicationRealm" />
<groups-properties
path="application-roles.properties"
relative-to="jboss.server.config.dir" />
</properties-realm>
<properties-realm
name="ManagementRealm">
<users-properties
path="mgmt-users.properties"
relative-to="jboss.server.config.dir"
digest-realm-name="ManagementRealm" />
<groups-properties
path="mgmt-groups.properties"
relative-to="jboss.server.config.dir" />
</properties-realm>
<ldap-realm name="taskanaLR"
dir-context="taskanaDC">
<identity-mapping
rdn-identifier="uid"
use-recursive-search="false"
search-base-dn="cn=users,ou=Test,O=TASKANA">
<attribute-mapping>
<attribute to="Roles"
filter="(&amp;(objectClass=groupofuniquenames)(uniquemember={1}))"
filter-base-dn="ou=Test,O=TASKANA" />
</attribute-mapping>
<user-password-mapper
from="userPassword" />
</identity-mapping>
</ldap-realm>
</security-realms>
<mappers>
<simple-permission-mapper
name="default-permission-mapper"
mapping-mode="first">
<permission-mapping>
<principal name="anonymous" />
<permission
class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission"
module="org.wildfly.extension.batch.jberet"
target-name="*" />
<permission
class-name="org.wildfly.transaction.client.RemoteTransactionPermission"
module="org.wildfly.transaction.client" />
<permission
class-name="org.jboss.ejb.client.RemoteEJBPermission"
module="org.jboss.ejb-client" />
</permission-mapping>
<permission-mapping
match-all="true">
<permission
class-name="org.wildfly.security.auth.permission.LoginPermission" />
<permission
class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission"
module="org.wildfly.extension.batch.jberet"
target-name="*" />
<permission
class-name="org.wildfly.transaction.client.RemoteTransactionPermission"
module="org.wildfly.transaction.client" />
<permission
class-name="org.jboss.ejb.client.RemoteEJBPermission"
module="org.jboss.ejb-client" />
</permission-mapping>
</simple-permission-mapper>
<constant-realm-mapper
name="local" realm-name="local" />
<simple-role-decoder
name="groups-to-roles" attribute="groups" />
<simple-role-decoder
name="from-roles-attribute" attribute="Roles" />
<constant-role-mapper
name="super-user-mapper">
<role name="SuperUser" />
</constant-role-mapper>
<constant-role-mapper
name="user-mapper">
<role name="user" />
</constant-role-mapper>
</mappers>
<http>
<http-authentication-factory
name="management-http-authentication"
security-domain="ManagementDomain"
http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm
realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory
name="taskana-ldap-http-auth"
security-domain="taskanaLdapSD"
http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm
realm-name="taskanaApplicationDomain" />
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory
name="global" />
</http>
<sasl>
<sasl-authentication-factory
name="management-sasl-authentication"
sasl-server-factory="configured"
security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism
mechanism-name="JBOSS-LOCAL-USER"
realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm
realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory
name="application-sasl-authentication"
sasl-server-factory="configured"
security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism
mechanism-name="JBOSS-LOCAL-USER"
realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm
realm-name="ApplicationRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory
name="configured" sasl-server-factory="elytron">
<properties>
<property
name="wildfly.sasl.local-user.default-user"
value="$local" />
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory
name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron" />
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory
name="global" />
</sasl>
<dir-contexts>
<dir-context name="taskanaDC"
url="ldap://127.0.0.1:10389" principal="uid=admin">
<credential-reference
clear-text="secret" />
</dir-context>
</dir-contexts>
</subsystem>
<subsystem xmlns="urn:jboss:domain:infinispan:6.0">
<cache-container name="server"
default-cache="default"
module="org.wildfly.clustering.server">
<local-cache name="default">
<transaction mode="BATCH" />
</local-cache>
</cache-container>
<cache-container name="web"
default-cache="passivation"
module="org.wildfly.clustering.web.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store passivation="true"
purge="false" />
</local-cache>
</cache-container>
<cache-container name="ejb" aliases="sfsb"
default-cache="passivation"
module="org.wildfly.clustering.ejb.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store passivation="true"
purge="false" />
</local-cache>
</cache-container>
<cache-container name="hibernate"
module="org.hibernate.infinispan">
<local-cache name="entity">
<transaction mode="NON_XA" />
<object-memory size="10000" />
<expiration max-idle="100000" />
</local-cache>
<local-cache name="local-query">
<object-memory size="10000" />
<expiration max-idle="100000" />
</local-cache>
<local-cache name="timestamps" />
</cache-container>
</subsystem>
<subsystem xmlns="urn:jboss:domain:io:3.0">
<worker name="default" />
<buffer-pool name="default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0" />
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true"
fail-on-error="true" fail-on-warn="false" />
<bean-validation enabled="true" />
<default-workmanager>
<short-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10"
unit="seconds" />
</short-running-threads>
<long-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10"
unit="seconds" />
</long-running-threads>
</default-workmanager>
<cached-connection-manager />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jdr:1.0" />
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model />
<expose-expression-model />
<remoting-connector />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
<jpa default-datasource=""
default-extended-persistence-inheritance="DEEP" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jsf:1.1" />
<subsystem xmlns="urn:jboss:domain:mail:3.0">
<mail-session name="default"
jndi-name="java:jboss/mail/Default">
<smtp-server
outbound-socket-binding-ref="mail-smtp" />
</mail-session>
</subsystem>
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming />
</subsystem>
<subsystem xmlns="urn:jboss:domain:pojo:1.0" />
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector
name="http-remoting-connector" connector-ref="default"
security-realm="ApplicationRealm" />
</subsystem>
<subsystem
xmlns="urn:jboss:domain:request-controller:1.0" />
<subsystem
xmlns="urn:jboss:domain:resource-adapters:5.0" />
<subsystem xmlns="urn:jboss:domain:sar:1.0" />
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other"
cache-type="default">
<authentication>
<login-module code="Remoting"
flag="optional">
<module-option
name="password-stacking"
value="useFirstPass" />
</login-module>
<login-module code="RealmDirect"
flag="required">
<module-option
name="password-stacking"
value="useFirstPass" />
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy"
cache-type="default">
<authorization>
<policy-module code="Delegating"
flag="required" />
</authorization>
</security-domain>
</security-domains>
</subsystem>
<subsystem
xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<maximum-set>
<permission
class="java.security.AllPermission" />
</maximum-set>
</deployment-permissions>
</subsystem>
<subsystem xmlns="urn:jboss:domain:transactions:4.0">
<core-environment>
<process-id>
<uuid />
</process-id>
</core-environment>
<recovery-environment
socket-binding="txn-recovery-environment"
status-socket-binding="txn-status-manager" />
<object-store path="tx-object-store"
relative-to="jboss.server.data.dir" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:undertow:6.0">
<buffer-cache name="default" />
<server name="default-server">
<http-listener name="default"
socket-binding="http" redirect-socket="https"
enable-http2="true" />
<https-listener name="https"
socket-binding="https"
security-realm="ApplicationRealm"
enable-http2="true" />
<host name="default-host" alias="localhost">
<location name="/"
handler="welcome-content" />
<filter-ref name="server-header" />
<filter-ref name="x-powered-by-header" />
<http-invoker
security-realm="ApplicationRealm" />
</host>
</server>
<servlet-container name="default">
<jsp-config />
<websockets />
</servlet-container>
<handlers>
<file name="welcome-content"
path="${jboss.home.dir}/welcome-content" />
</handlers>
<filters>
<response-header name="server-header"
header-name="Server" header-value="WildFly/11" />
<response-header
name="x-powered-by-header"
header-name="X-Powered-By" header-value="Undertow/1" />
</filters>
<application-security-domains>
<application-security-domain
name="taskanaApplicationDomain"
http-authentication-factory="taskana-ldap-http-auth" />
</application-security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:webservices:2.0">
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<endpoint-config
name="Standard-Endpoint-Config" />
<endpoint-config
name="Recording-Endpoint-Config">
<pre-handler-chain
name="recording-handlers"
protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
<handler name="RecordingHandler"
class="org.jboss.ws.common.invocation.RecordingServerHandler" />
</pre-handler-chain>
</endpoint-config>
<client-config name="Standard-Client-Config" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:4.0" />
</profile>
<interfaces>
<interface name="management">
<inet-address
value="${jboss.bind.address.management:127.0.0.1}" />
</interface>
<interface name="public">
<inet-address
value="${jboss.bind.address:127.0.0.1}" />
</interface>
</interfaces>
<socket-binding-group name="standard-sockets"
default-interface="public"
port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http"
interface="management"
port="${jboss.management.http.port:9990}" />
<socket-binding name="management-https"
interface="management"
port="${jboss.management.https.port:9993}" />
<socket-binding name="ajp"
port="${jboss.ajp.port:8009}" />
<socket-binding name="http"
port="${jboss.http.port:8080}" />
<socket-binding name="https"
port="${jboss.https.port:8443}" />
<socket-binding name="txn-recovery-environment"
port="4712" />
<socket-binding name="txn-status-manager"
port="4713" />
<outbound-socket-binding
name="mail-smtp">
<remote-destination host="localhost"
port="25" />
</outbound-socket-binding>
</socket-binding-group>
</server>

41
rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-web.xml Normal file
View File

@ -0,0 +1,41 @@
<web-app version="3.1"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<display-name>TaskanaRestWildflySpring</display-name>
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>taskana-web</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Public</web-resource-name>
<url-pattern>/css/main.css</url-pattern>
<url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css</url-pattern>
<url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css.map</url-pattern>
<url-pattern>/img/logo.png</url-pattern>
<url-pattern>/logout</url-pattern>
</web-resource-collection>
<!-- No auth-constraint means everybody has access! -->
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>taskanaApplicationDomain</realm-name>
</login-config>
</web-app>

14
rest/taskana-rest-spring-example-wildfly/src/test/resources/module.xml Normal file
View File

@ -0,0 +1,14 @@
<?xml version='1.0' encoding='UTF-8'?>
<module xmlns="urn:jboss:module:1.1" name="org.postgresql">
<resources>
<!--the name of your driver -->
<resource-root path="postgresql-42.2.14.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>

19
rest/taskana-rest-spring-example-wildfly/src/test/resources/project-defaults.yml
View File

@ -1,19 +0,0 @@
swarm:
port:
offset: 10
datasources:
data-sources:
TestDS:
driver-name: postgresql
connection-url: jdbc:postgresql://localhost:50102/postgres
user-name: postgres
password: postgres
jdbc-drivers:
mypostgres:
driver-class-name: org.postgresql.Driver
xa-datasource-name: org.postgresql.xa.PGXADataSource
driver-module-name: org.postgresql
myh2:
driver-class-name: org.h2.Driver
xa-datasource-name: org.h2.jdbcx.JdbcDataSource
driver-module-name: com.h2database.h2

258
rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana-test.ldif Normal file
View File

@ -0,0 +1,258 @@
######################
# Base Structure
######################
dn: OU=Test,O=TASKANA
ou: Organisationseinheit
objectclass: top
objectclass: organizationalUnit
dn: cn=groups,OU=Test,O=TASKANA
cn: groups
objectclass: top
objectclass: container
dn: cn=users,OU=Test,O=TASKANA
cn: users
objectclass: top
objectclass: container
dn: cn=organisation,OU=Test,O=TASKANA
cn: organisation
objectclass: top
objectclass: container
########################
# Users General
########################
dn: uid=monitor,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Monitor
description: desc
uid: monitor
sn: Monitor
ou: Organisationseinheit/Organisationseinheit IT
cn: monitor monitor
userPassword: monitor
dn: uid=taskadmin,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Task
description: desc
uid: taskadmin
sn: Admin
ou: Organisationseinheit/Organisationseinheit IT
cn: Task admin
userPassword: taskadmin
dn: uid=admin,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Admin
description: desc
uid: admin
sn: Admin
ou: Organisationseinheit/Organisationseinheit IT
cn: Admin Admin
userPassword: admin
dn: uid=businessadmin,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Business
description: desc
uid: businessadmin
sn: Admin
ou: Organisationseinheit/Organisationseinheit IT
cn: Business Admin
userPassword: businessadmin
########################
# Users KSC 1
########################
dn: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Titus
description: desc
uid: teamlead-1
sn: Toll
ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
cn: Titus Toll
userPassword: teamlead-1
dn: uid=user-1-1,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Max
description: desc
uid: user-1-1
sn: Mustermann
ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
cn: Max Mustermann
userPassword: user-1-1
dn: uid=user-1-2,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Elena
description: desc
uid: user-1-2
sn: Eifrig
ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
cn: Elena Eifrig
userPassword: user-1-2
########################
# Users KSC 2
########################
dn: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Frauke
description: desc
uid: teamlead-2
sn: Faul
ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
cn: Frauke Faul
userPassword: teamlead-2
dn: uid=user-2-1,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Simone
description: desc
uid: user-2-1
sn: Müller
ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
cn: Simone Müller
userPassword: user-2-1
dn: uid=user-2-2,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Tim
description: desc
uid: user-2-2
sn:: U2NobMOkZnJpZw==
ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
cn:: VGltIFNjaGzDpGZyaWc=
userPassword: user-2-1
########################
# Users Domäne B
########################
dn: uid=user-b-1,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Bernd
description: desc
uid: user-b-1
sn: Bern
ou: Organisationseinheit/Organisationseinheit B
cn: Bernd Bern
userPassword: user-b-1
dn: uid=user-b-2,cn=users,OU=Test,O=TASKANA
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: person
objectclass: top
givenName: Brunhilde
description: desc
uid: user-b-2
sn: Bio
ou: Organisationseinheit/Organisationseinheit B
cn: Brunhilde Bio
userPassword: user-b-2
########################
# Groups
########################
dn: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
uniquemember: uid=user-1-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
uniquemember: uid=user-2-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=user-2-2,cn=users,OU=Test,O=TASKANA
cn: ksc-users
objectclass: groupofuniquenames
objectclass: top
dn: cn=ksc-teamleads,cn=groups,OU=Test,O=TASKANA
uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
cn: ksc-teamleads
objectclass: groupofuniquenames
objectclass: top
dn: cn=business-admins,cn=groups,OU=Test,O=TASKANA
uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
uniquemember: uid=businessadmin,cn=users,OU=Test,O=TASKANA
cn: business-admins
objectclass: groupofuniquenames
objectclass: top
dn: cn=monitor-users,cn=groups,OU=Test,O=TASKANA
uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
cn: monitor-users
objectclass: groupofuniquenames
objectclass: top
######################
# Organizational Units
######################
dn: cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
cn: Organisationseinheit KSC
uniquemember: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
uniquemember: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
objectclass: groupofuniquenames
objectclass: top
dn: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=user-1-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
cn: Organisationseinheit KSC 1
objectclass: groupofuniquenames
objectclass: top
dn: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
uniquemember: uid=user-2-1,cn=users,OU=Test,O=TASKANA
uniquemember: uid=user-2-2,cn=users,OU=Test,O=TASKANA
cn: Organisationseinheit KSC 2
objectclass: groupofuniquenames
objectclass: top
dn: cn=Organisationseinheit B,cn=organisation,OU=Test,O=TASKANA
cn: Organisationseinheit B
objectclass: groupofuniquenames
objectclass: top