work on user security

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-elytron-realm/README.md

@@ -0,0 +1,28 @@
+Pymma kie realm for WildFly Elytron
+=======================================
+
+Simple demonstration security realm for WildFly Elytron providing one user identity "myadmin" with password "mypassword".
+It support password verification only, so it can be used with plain-text authentication mechanisms like BASIC, PLAIN or FORM.
+To support mechanisms like DIGEST or SCRAM you will need to implement credential acquirement too.
+
+Usage
+*****
+
+Compile:
+
+        mvn package
+
+Add the module into the WildFly:
+
+        bin/jboss-cli.sh
+        module add --name=com.pymmasoftware.kie-realm --resources=custom-realm-1.0.0.Alpha1-SNAPSHOT.jar --dependencies=org.wildfly.security.elytron,org.wildfly.extension.elytron
+
+Add a custom-realm into the subsystem:
+
+        /subsystem=elytron/custom-realm=pymmaKieRealm:add(module=com.pymmasoftware.kie-realm, class-name=org.chtijbug.wildfly.realm.PymmaKieRealm, configuration={myAttribute="myValue"})
+
+
+use it
+/subsystem=elytron/security-domain=ApplicationDomain:list-add(name=realms, index=0, value={realm=pymmaKieRealm})
+/subsystem=elytron/security-domain=ApplicationDomain:write-attribute(name=default-realm, value=pymmaKieRealm)
+reload

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-elytron-realm/pom.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>drools-framework-kie-wb-parent</artifactId>
+        <groupId>com.pymmasoftware.jbpm</groupId>
+        <version>1.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>drools-framework-elytron-realm</artifactId>
+    <dependencies>
+        <!-- interface SecurityRealm -->
+        <dependency>
+            <groupId>org.wildfly.security</groupId>
+            <artifactId>wildfly-elytron</artifactId>
+            <version>${version.org.wildfly.security.wildfly-elytron}</version>
+        </dependency>
+        <!-- interface Configurable -->
+        <dependency>
+            <groupId>org.wildfly.core</groupId>
+            <artifactId>wildfly-elytron-integration</artifactId>
+            <version>${version.org.wildfly.core}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mongodb</groupId>
+            <artifactId>mongodb-driver</artifactId>
+            <version>${version.mongodb.driver}</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>2.6</version>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.mongodb</groupId>
+                                    <artifactId>mongodb-driver</artifactId>
+                                    <version>${version.mongodb.driver}</version>
+                                    <type>jar</type>
+                                    <overWrite>yes</overWrite>
+                                    <outputDirectory>${project.build.directory}/</outputDirectory>
+                                    <destFileName>mongodb-driver.jar</destFileName>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.mongodb</groupId>
+                                    <artifactId>bson</artifactId>
+                                    <version>${version.mongodb.driver}</version>
+                                    <type>jar</type>
+                                    <overWrite>yes</overWrite>
+                                    <outputDirectory>${project.build.directory}/</outputDirectory>
+                                    <destFileName>bson.jar</destFileName>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.mongodb</groupId>
+                                    <artifactId>mongodb-driver-core</artifactId>
+                                    <version>${version.mongodb.driver}</version>
+                                    <type>jar</type>
+                                    <overWrite>yes</overWrite>
+                                    <outputDirectory>${project.build.directory}/</outputDirectory>
+                                    <destFileName>mongodb-driver-core.jar</destFileName>
+                                </artifactItem>
+                            </artifactItems>
+                            <outputDirectory>${project.build.directory}/</outputDirectory>
+                            <overWriteReleases>true</overWriteReleases>
+                            <overWriteSnapshots>true</overWriteSnapshots>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-elytron-realm/src/main/java/org/chtijbug/wildfly/realm/PymmaKieRealm.java

@@ -0,0 +1,129 @@
+/*
+ * Copyright 2018 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.chtijbug.wildfly.realm;
+
+import com.mongodb.MongoClientSettings;
+import com.mongodb.client.MongoClient;
+import com.mongodb.client.MongoClients;
+import com.mongodb.client.MongoDatabase;
+import org.bson.codecs.configuration.CodecRegistry;
+import org.bson.codecs.pojo.PojoCodecProvider;
+import org.wildfly.extension.elytron.Configurable;
+import org.wildfly.security.auth.SupportLevel;
+import org.wildfly.security.auth.server.RealmIdentity;
+import org.wildfly.security.auth.server.RealmUnavailableException;
+import org.wildfly.security.auth.server.SecurityRealm;
+import org.wildfly.security.credential.Credential;
+import org.wildfly.security.evidence.Evidence;
+import org.wildfly.security.evidence.PasswordGuessEvidence;
+
+import java.security.Principal;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.Map;
+
+import static org.bson.codecs.configuration.CodecRegistries.fromProviders;
+import static org.bson.codecs.configuration.CodecRegistries.fromRegistries;
+
+/**
+ * Example of custom-realm for WildFly Elytron
+ * Realm providing one identity "myadmin" with password "mypassword"
+ *
+ * @author <a href="mailto:jkalina@redhat.com">Jan Kalina</a>
+ */
+public class PymmaKieRealm implements SecurityRealm, Configurable {
+
+    private String connectionString;
+    private String databaseName;
+
+
+    private MongoClient mongoClient;
+    CodecRegistry pojoCodecRegistry;
+    MongoDatabase database;
+    // receiving configuration from subsystem
+    public void initialize(Map<String, String> configuration) {
+        connectionString = configuration.get("connectionString");
+        databaseName = configuration.get("name");
+
+        System.out.println("PymmaKieRealm initialized with databaseName = " + connectionString );
+
+
+        mongoClient = MongoClients.create(connectionString);
+        pojoCodecRegistry = fromRegistries(MongoClientSettings.getDefaultCodecRegistry(),
+                fromProviders(PojoCodecProvider.builder().automatic(true).build()));
+        database = mongoClient.getDatabase(databaseName).withCodecRegistry(pojoCodecRegistry);
+        System.out.println("All setup");
+    }
+
+    // this realm does not allow acquiring credentials
+    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName,
+            AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
+        return SupportLevel.UNSUPPORTED;
+    }
+
+    // this realm will be able to verify password evidences only
+    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
+            throws RealmUnavailableException {
+        return PasswordGuessEvidence.class.isAssignableFrom(evidenceType) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
+    }
+
+    public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException {
+
+        if ("myadmin".equals(principal.getName())) { // identity "myadmin" will have password "mypassword"
+            return new RealmIdentity() {
+                public Principal getRealmIdentityPrincipal() {
+                    return principal;
+                }
+
+                public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
+                        String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
+                    return SupportLevel.UNSUPPORTED;
+                }
+
+                public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException {
+                    return null;
+                }
+
+                public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
+                        throws RealmUnavailableException {
+                    return PasswordGuessEvidence.class.isAssignableFrom(evidenceType) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
+                }
+
+                // evidence will be accepted if it is password "mypassword"
+                public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
+                    if (evidence instanceof PasswordGuessEvidence) {
+                        PasswordGuessEvidence guess = (PasswordGuessEvidence) evidence;
+                        try {
+                            return Arrays.equals("mypassword".toCharArray(), guess.getGuess());
+
+                        } finally {
+                            guess.destroy();
+                        }
+                    }
+                    return false;
+                }
+
+                public boolean exists() throws RealmUnavailableException {
+                    return true;
+                }
+            };
+        }
+
+        return RealmIdentity.NON_EXISTENT;
+    }
+
+}

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/pom.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>drools-framework-kie-wb-parent</artifactId>
+        <groupId>com.pymmasoftware.jbpm</groupId>
+        <version>1.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>drools-framework-uberfire-security-service</artifactId>
+
+
+    <dependencies>
+        <dependency>
+            <groupId>org.uberfire</groupId>
+            <artifactId>uberfire-api</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.uberfire</groupId>
+            <artifactId>uberfire-commons</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.kie.soup</groupId>
+            <artifactId>kie-soup-commons</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.uberfire</groupId>
+            <artifactId>uberfire-security-management-api</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.uberfire</groupId>
+            <artifactId>uberfire-security-management-backend</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.inject</groupId>
+            <artifactId>javax.inject</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.jboss.errai</groupId>
+            <artifactId>errai-javax-enterprise</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.jboss.errai</groupId>
+            <artifactId>errai-security-server</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.jboss.errai</groupId>
+            <artifactId>errai-bus</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.inject</groupId>
+            <artifactId>javax.inject</artifactId>
+            <version>1</version>
+        </dependency>
+    </dependencies>
+
+</project>

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformGroupManager.java

@@ -0,0 +1,122 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates.
+ *  
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.chtijbug.guvnor.uberfire.security;
+
+import org.jboss.errai.security.shared.api.Group;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.uberfire.commons.config.ConfigProperties;
+import org.uberfire.ext.security.management.api.*;
+import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
+import org.uberfire.ext.security.management.api.exception.UnsupportedServiceCapabilityException;
+import org.uberfire.ext.security.management.impl.GroupManagerSettingsImpl;
+import org.uberfire.ext.security.management.search.GroupsIdentifierRuntimeSearchEngine;
+import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine;
+import org.uberfire.ext.security.management.util.SecurityManagementUtils;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * <p>Groups manager service provider implementation for Apache tomcat, when using default realm based on properties files.</p>
+ * @since 0.8.0
+ */
+public class KiePlatformGroupManager  implements GroupManager,
+                                                                     ContextualManager {
+
+    private static final Logger LOG = LoggerFactory.getLogger(KiePlatformGroupManager.class);
+
+    IdentifierRuntimeSearchEngine<Group> groupsSearchEngine;
+
+    public KiePlatformGroupManager() {
+        this(new ConfigProperties(System.getProperties()));
+    }
+
+    public KiePlatformGroupManager(final Map<String, String> gitPrefs) {
+        this(new ConfigProperties(gitPrefs));
+    }
+
+    public KiePlatformGroupManager(final ConfigProperties gitPrefs) {
+      //  loadConfig(gitPrefs);
+    }
+
+    @Override
+    public void initialize(UserSystemManager userSystemManager) throws Exception {
+        groupsSearchEngine = new GroupsIdentifierRuntimeSearchEngine();
+    }
+
+    @Override
+    public void destroy() throws Exception {
+
+    }
+
+    @Override
+    public SearchResponse<Group> search(SearchRequest request) throws SecurityManagementException {
+        return null;
+    }
+
+    @Override
+    public Group get(String identifier) throws SecurityManagementException {
+        return null;
+    }
+
+    @Override
+    public Group create(Group entity) throws SecurityManagementException {
+        return null;
+    }
+
+    @Override
+    public Group update(Group entity) throws SecurityManagementException {
+        throw new UnsupportedServiceCapabilityException(Capability.CAN_UPDATE_GROUP);
+    }
+
+    @Override
+    public void delete(String... identifiers) throws SecurityManagementException {
+
+    }
+
+    @Override
+    public GroupManagerSettings getSettings() {
+        final Map<Capability, CapabilityStatus> capabilityStatusMap = new HashMap<Capability, CapabilityStatus>(8);
+        for (final Capability capability : SecurityManagementUtils.GROUPS_CAPABILITIES) {
+            capabilityStatusMap.put(capability,
+                                    getCapabilityStatus(capability));
+        }
+        return new GroupManagerSettingsImpl(capabilityStatusMap,
+                                            true);
+    }
+
+    protected CapabilityStatus getCapabilityStatus(Capability capability) {
+        if (capability != null) {
+            switch (capability) {
+                case CAN_SEARCH_GROUPS:
+                case CAN_ADD_GROUP:
+                case CAN_READ_GROUP:
+                case CAN_DELETE_GROUP:
+                    return CapabilityStatus.ENABLED;
+            }
+        }
+        return CapabilityStatus.UNSUPPORTED;
+    }
+
+    @Override
+    public void assignUsers(String name,
+                            Collection<String> users) throws SecurityManagementException {
+
+    }
+}

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformSecurityService.java

@@ -0,0 +1,37 @@
+package org.chtijbug.guvnor.uberfire.security;
+
+
+import org.uberfire.ext.security.management.UberfireRoleManager;
+import org.uberfire.ext.security.management.api.GroupManager;
+import org.uberfire.ext.security.management.api.UserManager;
+import org.uberfire.ext.security.management.service.AbstractUserManagementService;
+
+import javax.enterprise.context.Dependent;
+import javax.inject.Inject;
+import javax.inject.Named;
+
+@Dependent
+@Named(value = "TomcatUserManagementService")
+public class KiePlatformSecurityService extends AbstractUserManagementService {
+
+    KiePlatformUserManager userManager;
+    KiePlatformGroupManager groupManager;
+
+    @Inject
+    public KiePlatformSecurityService(final KiePlatformUserManager userManager,
+                                       final KiePlatformGroupManager groupManager,
+                                       final @Named("uberfireRoleManager") UberfireRoleManager roleManager) {
+        super(roleManager);
+        this.userManager = userManager;
+        this.groupManager = groupManager;
+    }
+    @Override
+    public UserManager users() {
+        return new KiePlatformUserManager();
+    }
+
+    @Override
+    public GroupManager groups() {
+        return new KiePlatformGroupManager();
+    }
+}

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformUserManager.java

@@ -0,0 +1,163 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates.
+ *  
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.chtijbug.guvnor.uberfire.security;
+
+import org.jboss.errai.security.shared.api.identity.User;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.uberfire.commons.config.ConfigProperties;
+import org.uberfire.ext.security.management.api.*;
+import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
+import org.uberfire.ext.security.management.impl.UserManagerSettingsImpl;
+import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine;
+import org.uberfire.ext.security.management.search.UsersIdentifierRuntimeSearchEngine;
+import org.uberfire.ext.security.management.util.SecurityManagementUtils;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import static org.kie.soup.commons.validation.PortablePreconditions.checkNotNull;
+
+/**
+ * <p>Users manager service provider implementation for Apache tomcat, when using default realm based on properties files.</p>
+ *
+ * @since 0.8.0
+ */
+public class KiePlatformUserManager  implements UserManager,
+                                                                    ContextualManager {
+
+    private static final Logger LOG = LoggerFactory.getLogger(KiePlatformUserManager.class);
+
+    UserSystemManager userSystemManager;
+    IdentifierRuntimeSearchEngine<User> usersSearchEngine;
+
+    public KiePlatformUserManager() {
+        this(new ConfigProperties(System.getProperties()));
+    }
+
+    public KiePlatformUserManager(final Map<String, String> gitPrefs) {
+        this(new ConfigProperties(gitPrefs));
+    }
+
+    public KiePlatformUserManager(final ConfigProperties gitPrefs) {
+        //loadConfig(gitPrefs);
+    }
+
+    @Override
+    public void initialize(final UserSystemManager userSystemManager) throws Exception {
+        this.userSystemManager = userSystemManager;
+        usersSearchEngine = new UsersIdentifierRuntimeSearchEngine();
+    }
+
+    @Override
+    public void destroy() throws Exception {
+
+    }
+
+    @Override
+    public SearchResponse<User> search(SearchRequest request) throws SecurityManagementException {
+      return null;
+    }
+
+    @Override
+    public User get(String identifier) throws SecurityManagementException {
+        return null;
+    }
+
+    @Override
+    public User create(User entity) throws SecurityManagementException {
+        return null;
+    }
+
+    @Override
+    public User update(User entity) throws SecurityManagementException {
+        return null;
+    }
+
+    @Override
+    public void delete(String... identifiers) throws SecurityManagementException {
+        checkNotNull("identifiers",
+                     identifiers);
+
+    }
+
+    @Override
+    public UserManagerSettings getSettings() {
+        final Map<Capability, CapabilityStatus> capabilityStatusMap = new HashMap<Capability, CapabilityStatus>(8);
+        for (final Capability capability : SecurityManagementUtils.USERS_CAPABILITIES) {
+            capabilityStatusMap.put(capability,
+                                    getCapabilityStatus(capability));
+        }
+        return new UserManagerSettingsImpl(capabilityStatusMap,
+                                           null);
+    }
+
+    @Override
+    public void assignGroups(String username,
+                             Collection<String> groups) throws SecurityManagementException {
+        Set<String> userRoles = SecurityManagementUtils.rolesToString(SecurityManagementUtils.getRoles(userSystemManager,
+                                                                                                       username));
+        userRoles.addAll(groups);
+        doAssignGroups(username,
+                       userRoles);
+    }
+
+    @Override
+    public void assignRoles(String username,
+                            Collection<String> roles) throws SecurityManagementException {
+        Set<String> userGroups = SecurityManagementUtils.groupsToString(SecurityManagementUtils.getGroups(userSystemManager,
+                                                                                                          username));
+        userGroups.addAll(roles);
+        doAssignGroups(username,
+                       userGroups);
+    }
+
+    private void doAssignGroups(String username,
+                                Collection<String> ids) throws SecurityManagementException {
+
+    }
+
+    @Override
+    public void changePassword(String username,
+                               String newPassword) throws SecurityManagementException {
+        checkNotNull("username",
+                     username);
+
+
+    }
+
+    protected CapabilityStatus getCapabilityStatus(Capability capability) {
+        if (capability != null) {
+            switch (capability) {
+                case CAN_SEARCH_USERS:
+                case CAN_ADD_USER:
+                case CAN_UPDATE_USER:
+                case CAN_DELETE_USER:
+                case CAN_READ_USER:
+                case CAN_MANAGE_ATTRIBUTES:
+                case CAN_ASSIGN_GROUPS:
+                    /** As it is using the UberfireRoleManager. **/
+                case CAN_ASSIGN_ROLES:
+                case CAN_CHANGE_PASSWORD:
+                    return CapabilityStatus.ENABLED;
+            }
+        }
+        return CapabilityStatus.UNSUPPORTED;
+    }
+}

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/pom.xml

@@ -38,6 +38,13 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>com.pymmasoftware.jbpm</groupId>
+            <artifactId>drools-framework-elytron-realm</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
 
     </dependencies>
 
@@ -89,6 +96,8 @@
                             <overWriteReleases>false</overWriteReleases>
                             <overWriteSnapshots>false</overWriteSnapshots>
                             <overWriteIfNewer>true</overWriteIfNewer>
+                            <excludeArtifactIds>drools-framework-elytron-realm</excludeArtifactIds>
+                            <includeGroupIds>com.pymmasoftware.jbpm</includeGroupIds>
                         </configuration>
                     </execution>
                 </executions>
@@ -141,7 +150,63 @@
                     </archive>
                 </configuration>
             </plugin>
-
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>2.6</version>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>com.pymmasoftware.jbpm</groupId>
+                                    <artifactId>drools-framework-elytron-realm</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>jar</type>
+                                    <overWrite>yes</overWrite>
+                                    <outputDirectory>${project.build.directory}/</outputDirectory>
+                                    <destFileName>pymma-kie-elytron.jar</destFileName>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.mongodb</groupId>
+                                    <artifactId>mongodb-driver</artifactId>
+                                    <version>${version.mongodb.driver}</version>
+                                    <type>jar</type>
+                                    <overWrite>yes</overWrite>
+                                    <outputDirectory>${project.build.directory}/</outputDirectory>
+                                    <destFileName>mongodb-driver.jar</destFileName>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.mongodb</groupId>
+                                    <artifactId>bson</artifactId>
+                                    <version>${version.mongodb.driver}</version>
+                                    <type>jar</type>
+                                    <overWrite>yes</overWrite>
+                                    <outputDirectory>${project.build.directory}/</outputDirectory>
+                                    <destFileName>bson.jar</destFileName>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.mongodb</groupId>
+                                    <artifactId>mongodb-driver-core</artifactId>
+                                    <version>${version.mongodb.driver}</version>
+                                    <type>jar</type>
+                                    <overWrite>yes</overWrite>
+                                    <outputDirectory>${project.build.directory}/</outputDirectory>
+                                    <destFileName>mongodb-driver-core.jar</destFileName>
+                                </artifactItem>
+                            </artifactItems>
+                            <outputDirectory>${project.build.directory}/</outputDirectory>
+                            <overWriteReleases>true</overWriteReleases>
+                            <overWriteSnapshots>true</overWriteSnapshots>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
     <profiles>
@@ -168,9 +233,43 @@
                                     <build>
                                         <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir>
 
+                                        <!--copies Jar to the maven directory (uses Assembly system)-->
                                         <!--copies Jar to the maven directory (uses Assembly system)-->
                                         <assembly>
-                                            <descriptorRef>artifact</descriptorRef>
+                                            <mode>dir</mode>
+                                            <name>maven/</name>
+                                            <inline xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
+                                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                                                    xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+                                                <id>middleware-rest</id>
+                                                <files>
+                                                    <file>
+                                                        <source>${project.build.directory}/kie-wb.war</source>
+                                                        <outputDirectory>./</outputDirectory>
+                                                        <destName>kie-wb.war</destName>
+                                                    </file>
+                                                    <file>
+                                                        <source>${project.build.directory}/pymma-kie-elytron.jar</source>
+                                                        <outputDirectory>./</outputDirectory>
+                                                        <destName>pymma-kie-elytron.jar</destName>
+                                                    </file>
+                                                    <file>
+                                                        <source>${project.build.directory}/bson.jar</source>
+                                                        <outputDirectory>./</outputDirectory>
+                                                        <destName>bson.jar</destName>
+                                                    </file>
+                                                    <file>
+                                                        <source>${project.build.directory}/mongodb-driver-core.jar</source>
+                                                        <outputDirectory>./</outputDirectory>
+                                                        <destName>mongodb-driver-core.jar</destName>
+                                                    </file>
+                                                    <file>
+                                                        <source>${project.build.directory}/mongodb-driver.jar</source>
+                                                        <outputDirectory>./</outputDirectory>
+                                                        <destName>mongodb-driver.jar</destName>
+                                                    </file>
+                                                </files>
+                                            </inline>
                                         </assembly>
                                         <tags>
                                             <tag>latest</tag>
@@ -242,6 +341,11 @@
                                                         <outputDirectory>./</outputDirectory>
                                                         <destName>kie-wb.war</destName>
                                                     </file>
+                                                    <file>
+                                                        <source>${project.build.directory}/pymma-kie-elytron.jar</source>
+                                                        <outputDirectory>./</outputDirectory>
+                                                        <destName>pymma-kie-elytron.jar</destName>
+                                                    </file>
                                                 </files>
                                             </inline>
                                         </assembly>

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/docker/Dockerfile

@@ -21,8 +21,17 @@ ENV CHTIJBUG_VERSION 2.0.10
 ENV KIE_DEMO false
 ENV JAVA_OPTS -Xms256m -Xmx4512m
 
+####### Pymma Kie Realm #########
 
 
+##com.pymmasoftware.kie-realm
+RUN mkdir /opt/jboss/wildfly/modules/com
+RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware
+RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm
+RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm/main
+ADD maven/pymma-kie-elytron.jar   /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm/main/pymma-kie-elytron.jar
+ADD etc/module.xml /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm/main/module.xml
+
 ####### DROOLS-WB ############
 
 ADD maven/kie-wb.war  /opt/jboss/wildfly/standalone/deployments/$KIE_CONTEXT_PATH.war
@@ -38,7 +47,7 @@ ADD maven/kie-wb.war  /opt/jboss/wildfly/standalone/deployments/$KIE_CONTEXT_PAT
 USER root
 ADD etc/start_drools-wb.sh $JBOSS_HOME/bin/start_drools-wb.sh
 RUN chown jboss:jboss $JBOSS_HOME/bin/start_drools-wb.sh
-
+RUN chown -R jboss:jboss /opt/jboss/wildfly/modules/com/pymmasoftware
 
 
 ####### ENVIRONMENT ############

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/docker/etc/module.xml

@@ -0,0 +1,16 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<module xmlns="urn:jboss:module:1.1" name="com.pymmasoftware.kie-realm">
+
+    <resources>
+        <resource-root path="pymma-kie-elytron.jar"/>
+        <resource-root path="bson.jar"/>
+        <resource-root path="mongodb-driver-core.jar"/>
+        <resource-root path="mongodb-driver.jar"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.wildfly.security.elytron"/>
+        <module name="org.wildfly.extension.elytron"/>
+    </dependencies>
+
+</module>

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/docker/etc/standalone-full-drools.xml

@@ -251,6 +251,12 @@
                 </security-domain>
             </security-domains>
             <security-realms>
+                <custom-realm name="pymmaKieRealm" module="com.pymmasoftware.kie-realm" class-name="org.chtijbug.wildfly.realm.PymmaKieRealm">
+                    <configuration>
+                        <property name="connectionString" value="mongodb://mongodb:27017"/>
+                        <property name="name" value="businessProxyDB"/>
+                    </configuration>
+                </custom-realm>
                 <identity-realm name="local" identity="$local"/>
                 <properties-realm name="ApplicationRealm">
                     <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>

drools-framework-base-tools-parent/drools-framework-kie-wb-parent/pom.xml

@@ -14,6 +14,8 @@
         <module>kie-wb</module>
         <module>kie-drools-framework-rest-backend</module>
         <module>drools-framework-kie-wb-rest-pojo</module>
+        <module>drools-framework-uberfire-security-service</module>
+        <module>drools-framework-elytron-realm</module>
     </modules>
 
     <dependencyManagement>

pom.xml

@@ -30,6 +30,9 @@
         <version.thorntail>2.2.1.Final</version.thorntail>
         <!--registry.host>registry.hub.docker.com/pymmasoftware</registry.host-->
         <registry.host>192.168.1.122:18083</registry.host>
+        <version.org.wildfly.security.wildfly-elytron>1.2.3.Final</version.org.wildfly.security.wildfly-elytron>
+        <version.org.wildfly.core>4.0.0.Final</version.org.wildfly.core>
+        <version.mongodb.driver>3.8.2</version.mongodb.driver>
         <version.number>${git.commit.time}.${git.commit.id.abbrev}</version.number>
     </properties>
     <profiles>