Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * JBoss, Home of Professional Open Source.
   * Copyright 2013, Red Hat, Inc., and individual contributors
   * as indicated by the @author tags. See the copyright.txt file in the
   * distribution for a full listing of individual contributors.
   *
   * This is free software; you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License as
   * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
 package org.jboss.as.test.integration.management.rbac;
 
 import static org.jboss.as.controller.PathAddress.pathAddress;
 import static org.jboss.as.controller.PathElement.pathElement;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ACCESS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.BASE_ROLE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.CORE_SERVICE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILURE_DESCRIPTION;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.GROUP;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.HOSTS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.HOST_SCOPED_ROLE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.INCLUDE_ALL;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MANAGEMENT;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.NAME;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.READ_RESOURCE_OPERATION;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RESULT;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ROLES;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SERVER_GROUPS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SERVER_GROUP_SCOPED_ROLE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.TYPE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.USER;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.VALUE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.WRITE_ATTRIBUTE_OPERATION;
 import static org.jboss.as.domain.management.ModelDescriptionConstants.IS_CALLER_IN_ROLE;
 import static org.jboss.as.test.integration.management.util.ModelUtil.createOpNode;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 
 
Utilities related to RBAC testing.

Author(s):
Brian Stansberry (c) 2013 Red Hat Inc.
 
 public class RbacUtil {
 
     public static final String MONITOR_USER = "Monitor";
     public static final String OPERATOR_USER = "Operator";
     public static final String MAINTAINER_USER = "Maintainer";
     public static final String DEPLOYER_USER = "Deployer";
     public static final String ADMINISTRATOR_USER = "Administrator";
     public static final String AUDITOR_USER = "Auditor";
     public static final String SUPERUSER_USER = "SuperUser";
 
     public static final String MONITOR_ROLE = "Monitor";
     public static final String OPERATOR_ROLE = "Operator";
     public static final String MAINTAINER_ROLE = "Maintainer";
     public static final String DEPLOYER_ROLE = "Deployer";
     public static final String ADMINISTRATOR_ROLE = "Administrator";
     public static final String AUDITOR_ROLE = "Auditor";
     public static final String SUPERUSER_ROLE = "SuperUser";
 
     public static final String ROLE_MAPPING_ADDRESS_BASE = "core-service=management/access=authorization/role-mapping=";
     private static final String ROLE_MAPPING_USER_INCLUDE_ADDRESS_BASE = "/include=user-";
     private static final String ROLE_MAPPING_GROUP_INCLUDE_ADDRESS_BASE = "/include=group-";
 
     private RbacUtil() {
         // prevent instantiation
     }
 
 
     public static ModelNode executeOperation(ModelControllerClient clientModelNode operationOutcome expectedOutcome)
         throws IOException {
         ModelNode result = client.execute(operation);
        return checkOperationResult(operationresultexpectedOutcome);
    }
    public static ModelNode executeOperation(ManagementInterface clientModelNode operationOutcome expectedOutcomethrows IOException {
        ModelNode result = client.execute(operation);
        return checkOperationResult(operationresultexpectedOutcome);
    }
    public static ModelNode checkOperationResult(ModelNode operationModelNode resultOutcome expectedOutcome) {
        String outcome = result.get().asString();
        switch (expectedOutcome) {
            case :
                if (!.equals(outcome)) {
                    ..println("Failed: " + operation);
                    ..print("Result: " + result);
                    fail(result.asString());
                }
                break;
            case : {
                if (!.equals(outcome)) {
                    fail("Didn't fail: " + result.asString());
                }
                if (!result.get().asString().contains("WFLYCTL0313") && !result.asString().contains("WFLYJMX0037")
                        && !result.asString().contains("WFLYJMX0038")  && !result.asString().contains("WFLYJMX0039")  && !result.asString().contains("WFLYJMX0040")) {
                    fail("Incorrect failure type: " + result.asString());
                }
                break;
            }
            case : {
                if (!.equals(outcome)) {
                    fail("Didn't fail: " + result.asString());
                }
                String failureDesc = result.get().asString();
                if (!failureDesc.contains("WFLYCTL0216") && !failureDesc.contains("WFLYCTL0030") && !failureDesc.contains("WFLYJMX0017")) {
                    fail("Incorrect failure type: " + result.asString());
                }
                break;
            }
            case : {
                if (!.equals(outcome)) {
                    fail("Didn't fail: " + result.asString());
                }
                String failureDesc = result.get().asString();
                if (failureDesc.contains("WFLYCTL0216") || failureDesc.contains("WFLYCTL0030")
                        || failureDesc.contains("WFLYCTL0313") || failureDesc.contains("WFLYJMX0017")) {
                    fail("Incorrect failure type: " + result.asString());
                }
                break;
            }
            default:
                throw new IllegalStateException();
        }
        return result;
    }
    public static void addRoleMapping(String roleModelControllerClient clientthrows IOException {
        String address =  + role;
        ModelNode readOp = createOpNode(address);
        if (.equals(client.execute(readOp).get().asString())) {
            ModelNode addOp = createOpNode(address);
            executeOperation(clientaddOp.);
        }
    }
    public static void addRoleUser(String roleString userModelControllerClient clientthrows IOException {
        op.get().set();
        op.get().set(user);
        executeOperation(clientop.);
    }
    public static void removeRoleUser(String roleString userModelControllerClient clientthrows IOException {
        executeOperation(clientop.);
    }
    public static void addRoleGroup(String roleString groupModelControllerClient clientthrows IOException {
        op.get().set();
        op.get().set(group);
        executeOperation(clientop.);
    }
    public static void removeRoleGroup(String roleString groupModelControllerClient clientthrows IOException {
        executeOperation(clientop.);
    }
    public static void removeRoleMapping(String roleModelControllerClient clientthrows IOException {
        ModelNode op = createOpNode( + role);
        executeOperation(clientop.);
    }
    public static void addRoleHeader(ModelNode operationString... roles) {
        ModelNode header = operation.get();
        for (String role : roles) {
            header.add(role);
        }
    }
    public static String[] allStandardRoles() {
    }
    public static void assertIsCallerInRole(ModelControllerClient clientString roleboolean expectedOutcomethrows IOException {
        ModelNode operation = createOpNode( + role);
        ModelNode result = executeOperation(clientoperation.);
        assertEquals("expected caller to be in role " + roleexpectedOutcomeresult.get().asBoolean());
    }
    public static void setRoleMappingIncludeAll(ModelControllerClient clientString roleboolean includeAllthrows IOException {
        operation.get().set();
        operation.get().set(includeAll);
        executeOperation(clientoperation.);
    }
    public static void addServerGroupScopedRole(ModelControllerClient clientString roleNameString baseRole,
                                                String... serverGroupsthrows IOException {
        ModelNode operation = Util.createOperation(pathAddress(
                pathElement(),
                pathElement(.),
                pathElement(roleName)
        ));
        operation.get().set(baseRole);
        ModelNode serverGroupsModelNode = operation.get();
        for (String serverGroup : serverGroups) {
            serverGroupsModelNode.add(serverGroup);
        }
        executeOperation(clientoperation.);
    }
    public static void removeServerGroupScopedRole(ModelControllerClient clientString roleNamethrows IOException {
        ModelNode operation = Util.createOperation(pathAddress(
                pathElement(),
                pathElement(.),
                pathElement(roleName)
        ));
        executeOperation(clientoperation.);
    }
    public static void addHostScopedRole(ModelControllerClient clientString roleNameString baseRole,
                                         String... hoststhrows IOException {
        ModelNode operation = Util.createOperation(pathAddress(
                pathElement(),
                pathElement(.),
                pathElement(roleName)
        ));
        operation.get().set(baseRole);
        ModelNode hostsModelNode = operation.get();
        for (String host : hosts) {
            hostsModelNode.add(host);
        }
        executeOperation(clientoperation.);
    }
    public static void removeHostScopedRole(ModelControllerClient clientString roleNamethrows IOException {
        ModelNode operation = Util.createOperation(pathAddress(
                pathElement(),
                pathElement(.),
                pathElement(roleName)
        ));
        executeOperation(clientoperation.);
    }
New to GrepCode? Check out our FAQ X