Skip to content

Commit

Permalink
[WFLY-18475] helloworld-mutual-ssl-secured Quickstart Common Enhancem…
Browse files Browse the repository at this point in the history 
…ents CY2023Q3
  • Loading branch information
Prarthona Paul committed Oct 20, 2023
1 parent 8f25960 commit f917738
Show file tree
Hide file tree
Showing 13 changed files with 385 additions and 63 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/quickstart_helloworld-mutual-ssl-secured_ci.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: WildFly helloworld-mutual-ssl-secured Quickstart CI

on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths:
- 'helloworld-mutual-ssl-secured/**'
- '.github/workflows/quickstart_ci.yml'

# Only run the latest job
concurrency:
group: '${{ github.workflow }} @ ${{ github.ref || github.run_id }}'
cancel-in-progress: true

jobs:
call-quickstart_ci:
uses: ./.github/workflows/quickstart_ci.yml
with:
QUICKSTART_PATH: helloworld-mutual-ssl-secured
TEST_PROVISIONED_SERVER: true
TEST_OPENSHIFT: false
82 changes: 48 additions & 34 deletions ejb-security-context-propagation/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,14 @@
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
</dependency>

<!-- Import the Servlet API, we use provided scope as the API is included in the server -->
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>

<dependency>
<groupId>org.jboss.ejb3</groupId>
<artifactId>jboss-ejb3-ext-api</artifactId>
Expand All @@ -149,39 +157,45 @@
<build>
<!-- Set the name of the WAR, used as the context root when the app is deployed -->
<finalName>${project.artifactId}</finalName>
<plugins>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-ejb-plugin</artifactId>
<configuration>
<ejbVersion>3.2</ejbVersion>
<generateClient>true</generateClient>
</configuration>
</plugin>
<!-- Add the Maven exec plug-in to allow us to run a Java program via Maven -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<executable>java</executable>
<workingDirectory>${project.build.directory}/exec-working-directory</workingDirectory>
<arguments>
<!-- automatically creates the classpath using all project dependencies,
also adding the project build directory -->
<argument>-classpath</argument>
<classpath></classpath>
<argument>org.jboss.as.quickstarts.ejb_security_context_propagation.RemoteClient</argument>
</arguments>
</configuration>
<executions>
<execution>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-ejb-plugin</artifactId>
<configuration>
<ejbVersion>3.2</ejbVersion>
<generateClient>true</generateClient>
</configuration>
</plugin>
<!-- Add the Maven exec plug-in to allow us to run a Java program via Maven -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<executable>java</executable>
<workingDirectory>${project.build.directory}/exec-working-directory</workingDirectory>
<arguments>
<!-- automatically creates the classpath using all project dependencies,
also adding the project build directory -->
<argument>-classpath</argument>
<classpath></classpath>
<argument>org.jboss.as.quickstarts.ejb_security_context_propagation.RemoteClient</argument>
</arguments>
</configuration>
<executions>
<execution>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-maven-plugin</artifactId>
<version>${version.plugin.wildfly}</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
29 changes: 8 additions & 21 deletions helloworld-mutual-ssl-secured/README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ It maps the `client_cert_domain` from the quickstart application to the `http-au
[[test_the_server_ssl_configuration]]
== Test the Server TLS Configuration

To test the TLS configuration, access: https://localhost:8443
To test the TLS configuration, start {productName} and access: https://localhost:8443

If it is configured correctly, you should be asked to trust the server certificate.

Expand Down Expand Up @@ -290,6 +290,8 @@ dzXZz0EjjWCPJk+LVEhEvH0GcWAp3x3irpNU4hRZLd0XomY0Z4NnUt7VMBNYDOxVxgT9qcLnEaEpIfYU
ynfnMaOxI67FC2QzhfzERyKqHj47WuwN0xWbS/1gBypS2nUwvItyxaEQG2X5uQY8j8QoY9wcMzIIkP2Mk14gJGHUnA8=
----

// Server Distribution Testing
include::../shared-doc/run-integration-tests-with-server-distribution.adoc[leveloffset=+2]
// Undeploy the Quickstart
include::../shared-doc/undeploy-the-quickstart.adoc[leveloffset=+1]

Expand Down Expand Up @@ -344,26 +346,11 @@ After you are done with this quickstart, remember to remove the certificate that
. Select the *quickstartUser* certificate and click the *Delete* button.
. The certificate has now been removed from the Mozilla Firefox browser.

// Run the Quickstart in Red Hat CodeReady Studio or Eclipse
include::../shared-doc/run-the-quickstart-in-jboss-developer-studio.adoc[leveloffset=+1]

// Additional Red Hat CodeReady Studio instructions
* Make sure you configure the keystores and client certificates as described under xref:set_up_client_keystore_using_java_keytool[Set Up the Client Keystore Using Java Keytool].
* Depending on the browser you choose, make sure you either xref:import_the_client_certificate_into_google_chrome[import the certificate into Google Chrome] or xref:import_the_client_certificate_into_mozilla_firefox[import the certificate into Mozilla Firefox].
* Make sure you configure the server by running the JBoss CLI commands as described above under xref:configure_the_server[Configure the Server]. Stop the server at the end of that step.
* In {JBDSProductName}, choose *Window* –> *Web Browser*, then select the browser you chose to import the certificate.
* To deploy the application, right-click on the *{artifactId}* project and choose *Run As* –> *Run on Server*.
* Make sure you xref:restore_the_server_configuration[restore the {productName} server configuration] when you have completed testing this quickstart.

// Debug the Application
include::../shared-doc/debug-the-application.adoc[leveloffset=+1]

//*************************************************
// Product Release content only
//*************************************************
ifdef::ProductRelease[]
// Build and run sections for other environments/builds
ifndef::ProductRelease,EAPXPRelease[]
:server_provisioning_server_host: https://localhost:8443
include::../shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc[leveloffset=+1]
endif::[]

// Quickstart not compatible with OpenShift
include::../shared-doc/openshift-incompatibility.adoc[leveloffset=+1]
endif::[]
39 changes: 39 additions & 0 deletions helloworld-mutual-ssl-secured/certs.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/bin/sh

# Generate a self-signed keystore with the specified DN fields
expect <<EOF
set timeout 10
spawn keytool -genkey -keystore client.keystore -storepass secret -validity 365 -keyalg RSA -keysize 2048 -storetype pkcs12
expect "What is your first and last name?"
send "quickstartUser\r"
expect "What is the name of your organizational unit?"
send "Sales\r"
expect "What is the name of your organization?"
send "My Organization\r"
expect "What is the name of your City or Locality?"
send "Sao Paulo\r"
expect "What is the name of your State or Province?"
send "Sao Paulo\r"
expect "What is the two-letter country code for this unit?"
send "BR\r"
expect "Is CN=quickstartUser, OU=Sales, O=My Organization, L=Sao Paulo, ST=Sao Paulo, C=BR correct?"
send "yes\r"
expect eof
EOF

# Export the certificate
keytool -exportcert -keystore client.keystore -storetype pkcs12 -storepass secret -keypass secret -file client.crt

# Import the certificate into a truststore
expect <<EOF
set timeout 10
spawn keytool -import -file client.crt -alias quickstartUser -keystore client.truststore -storepass secret
expect "Trust this certificate? [no]: "
send "yes\r"
expect eof
EOF

# Create a new PKCS12 keystore with the same certificate
keytool -importkeystore -srckeystore client.keystore -srcstorepass secret -destkeystore clientCert.p12 -srcstoretype PKCS12 -deststoretype PKCS12 -deststorepass secret
19 changes: 19 additions & 0 deletions helloworld-mutual-ssl-secured/configure-certs.cli
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#configure a key-store in the Elytron subsystem. The path to the keystore file doesn’t actually have to exist yet.
/subsystem=elytron/key-store=clientKS:add(path=client.keystore.P12, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)

#generate a new key pair which will be used later to extract the certificate. This is an RSA key of size 1024. CN must be quickstartUser for the key
/subsystem=elytron/key-store=clientKS:generate-key-pair(alias=example, algorithm=RSA, key-size=2048, validity=365, credential-reference={clear-text=secret}, distinguished-name="CN=quickstartUser")

#Export the certificate to a file
/subsystem=elytron/key-store=clientKS:export-certificate(alias=example, path=clientCert.crt, relative-to=jboss.server.config.dir, pem=true)

#Create a truststore in the elytron subsystem.
/subsystem=elytron/key-store=serverTS:add(path=server.keystore, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)

# Import a certificate into a truststore
/subsystem=elytron/key-store=serverTS:import-certificate(alias=example, path=clientCert.crt, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, validate=false)

#store the keystore and truststore into keystore files
/subsystem=elytron/key-store=serverTS:store()
/subsystem=elytron/key-store=clientKS:store()

104 changes: 98 additions & 6 deletions helloworld-mutual-ssl-secured/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,15 @@
<relativePath/>
</parent>

<properties>
<!-- Version for the server -->
<version.server>30.0.0.Final</version.server>
<!-- The versions for BOMs, Packs and Plugins -->
<version.bom.ee>${version.server}</version.bom.ee>
<version.pack.cloud>5.0.0.Final</version.pack.cloud>
<version.plugin.wildfly>4.2.0.Final</version.plugin.wildfly>
</properties>

<artifactId>helloworld-mutual-ssl-secured</artifactId>
<version>31.0.0.Beta1-SNAPSHOT</version>
<packaging>war</packaging>
Expand All @@ -43,11 +52,6 @@
</license>
</licenses>

<properties>
<!-- The versions for BOMs, Dependencies and Plugins -->
<version.server.bom>30.0.0.Final</version.server.bom>
</properties>

<repositories>
<repository>
<id>jboss-public-maven-repository</id>
Expand Down Expand Up @@ -109,7 +113,7 @@
<dependency>
<groupId>org.wildfly.bom</groupId>
<artifactId>wildfly-ee-with-tools</artifactId>
<version>${version.server.bom}</version>
<version>${version.bom.ee}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
Expand Down Expand Up @@ -139,5 +143,93 @@
<artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>

<!-- Tests -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-maven-plugin</artifactId>
<version>${version.plugin.wildfly}</version>
</plugin>
</plugins>
</pluginManagement>
</build>
<profiles>
<profile>
<id>provisioned-server</id>
<build>
<plugins>
<plugin>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-maven-plugin</artifactId>
<configuration>
<feature-packs>
<feature-pack>
<location>org.wildfly:wildfly-galleon-pack:${version.server}</location>
</feature-pack>
</feature-packs>
<layers>
<!-- layers may be used to customize the server to provision-->
<layer>cloud-server</layer>
<layer>undertow-https</layer>
</layers>
<!-- use cli script(s) to configure the server -->
<packaging-scripts>
<packaging-script>
<scripts>
<script>${basedir}/configure-certs.cli</script>
<script>${basedir}/configure-ssl.cli</script>
</scripts>
<!-- Expressions resolved during server execution -->
<resolve-expressions>false</resolve-expressions>
</packaging-script>
</packaging-scripts>
<!-- deploys the quickstart on root web context -->
<name>ROOT.war</name>
</configuration>
<executions>
<execution>
<goals>
<goal>package</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>integration-testing</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<configuration>
<includes>
<include>**/BasicRuntimeIT</include>
</includes>
</configuration>
<executions>
<execution>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
8 changes: 8 additions & 0 deletions helloworld-mutual-ssl-secured/restore-certs.cli
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#remove the keypairs and certificates from the keystore and truststore
/subsystem=elytron/key-store=serverTS:remove-alias(alias=example)
/subsystem=elytron/key-store=clientKS:remove-alias(alias=example)

#remove the keystore and truststore
/subsystem=elytron/key-store=serverTS:remove
/subsystem=elytron/key-store=clientKS:remove

Loading

0 comments on commit f917738

Please sign in to comment.