Merge branch '42crosssec' into 'release/4.2'

Cross domain distributed transaction using CrossDomainSecurity inside k8s

See merge request weblogic-cloud/weblogic-kubernetes-operator!4806

Author: rjeberhard

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItCrossDomainTransactionSecurity.java

@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Created-By: 1.8.0_201 (Oracle Corporation)
+

integration-tests/src/test/resources/apps/crossdomain-security/META-INF/MANIFEST.MF

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (c) 2024, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+-->
+<application xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.4">
+  <description>JSP 2.0 Expression Language Example</description>
+  <display-name>JSP 2.0 Expression Language Example</display-name>
+  <module>
+    <web>
+      <web-uri>sample_war</web-uri>
+      <context-root>sample_war</context-root>
+    </web>
+  </module>
+</application>

integration-tests/src/test/resources/apps/crossdomain-security/META-INF/application.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (c) 2024, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+-->
+<weblogic-application xmlns="http://www.bea.com/ns/weblogic/90">
+</weblogic-application>

integration-tests/src/test/resources/apps/crossdomain-security/META-INF/weblogic-application.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (c) 2024, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee" version="2.4">
+
+</web-app>

integration-tests/src/test/resources/apps/crossdomain-security/sample_war/WEB-INF/web.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+Copyright (c) 2024, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+-->
+<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90">
+  <session-descriptor>
+     <timeout-secs>15</timeout-secs>
+     <invalidation-interval-secs>60</invalidation-interval-secs>
+  </session-descriptor>
+  <jsp-descriptor>
+    <page-check-seconds>1</page-check-seconds>
+    <verbose>true</verbose>
+  </jsp-descriptor>
+</weblogic-web-app>

integration-tests/src/test/resources/apps/crossdomain-security/sample_war/WEB-INF/weblogic.xml

@@ -0,0 +1,98 @@
+<!--
+Copyright (c) 2024, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+-->
+<%@ page import="java.io.IOException" %>
+<%@ page import="java.util.Hashtable" %>
+<%@ page import="javax.naming.Context" %>
+<%@ page import="javax.naming.InitialContext" %>
+<%@ page import="javax.naming.NamingException" %>
+<%@ page import="javax.servlet.ServletException" %>
+<%@ page import="javax.servlet.annotation.WebServlet" %>
+<%@ page import="javax.servlet.http.HttpServlet" %>
+<%@ page import="javax.servlet.http.HttpServletRequest" %>
+<%@ page import="javax.servlet.http.HttpServletResponse" %>
+<%@ page import="javax.servlet.http.HttpServletResponse" %>
+<%@ page import="javax.jms.Destination" %>
+<%@ page import="javax.jms.ConnectionFactory" %>
+<%@ page import="javax.jms.JMSContext" %>
+<%@ page import="javax.jms.Message" %>
+<%@ page import="javax.jms.JMSConsumer" %>
+<%@ page import="javax.jms.QueueBrowser" %>
+<%@ page import="weblogic.transaction.TransactionHelper" %>
+<%@ page import="weblogic.transaction.TransactionManager" %>
+<%@ page import="javax.transaction.UserTransaction" %>
+
+<%
+try {
+  Context lctx = null;
+  Context rctx = null;
+  String remoteurl = request.getParameter("remoteurl");
+  out.println("#### Remote URL is ["+remoteurl+"]");
+  String action = request.getParameter("action"); 
+  out.println("#### Transcation action ["+action+"]");
+
+  lctx = new InitialContext();
+  out.println("(Local) Got JNDI Context successfully ["+lctx+"]");
+  TransactionHelper tranhelp =TransactionHelper.getTransactionHelper();
+  UserTransaction ut = tranhelp.getUserTransaction();
+
+  ConnectionFactory qcf=
+       (ConnectionFactory)lctx.lookup("weblogic.jms.XAConnectionFactory");
+  out.println("(Local) JMS ConnectionFactory lookup successful ...");
+  JMSContext context = qcf.createContext();
+  out.println("(Local) JMS Context created successfully ...");
+  Destination queue = (Destination)lctx.lookup("jms.admin.adminQueue");
+  out.println("(Local) JMS Destination (jms.admin.adminQueue) lookup successful ...");
+
+  if ( ! action.equals("notx") ) {
+    out.println("Started a user transaction");
+    ut.begin();
+  }
+
+  // Send message to local Destination
+  context.createProducer().send(queue, "Message to a Local Destination");
+  lctx.close();
+
+  Hashtable env = new Hashtable();
+  env.put(Context.INITIAL_CONTEXT_FACTORY,
+          "weblogic.jndi.WLInitialContextFactory");
+  env.put(Context.PROVIDER_URL, remoteurl);
+  // Remote anonymous RMI access via T3 not allowed
+  env.put(Context.SECURITY_PRINCIPAL, "weblogic");
+  env.put(Context.SECURITY_CREDENTIALS, "welcome1");
+  rctx = new InitialContext(env);
+  out.println("(Remote) Got JNDI Context successfully ["+rctx+"]");
+
+  // lookup JMS XAConnectionFactory
+  ConnectionFactory qcf2=
+       (ConnectionFactory)rctx.lookup("jms/ClusterConnectionFactory");
+  out.println("(Remote) JMS ConnectionFactory lookup successful");
+
+  JMSContext context2 = qcf2.createContext();
+  out.println("(Remote) JMS Context created successfully");
+  Destination queue2 = (Destination)rctx.lookup("jms.testUniformQueue");
+  out.println("(Remote) JMS Destination (jms.testUniformQueue) lookup successful ");
+
+  for (int i=0; i<10; i++)
+    context2.createProducer().send(queue2, "Message to a Remote Destination");
+  rctx.close();
+
+  // Get the live context from Tx Coordinator before closing transaction 
+  // Context ctx = new InitialContext(env);
+
+  if ( action.equals("commit") ) {
+    out.println(ut);
+    ut.commit();
+    out.println("#### Message sent in a commit User Transation");
+  } else if ( action.equals("rollback")) {
+    out.println(ut);
+    ut.rollback();
+    out.println("#### Message sent in a rolled-back User Transation");
+  } else {
+    out.println("#### Message sent w/o Transaction");
+  }
+} catch(Exception e) {
+   out.println("#### Got an Exception [" +e+"]");
+}
+%>

integration-tests/src/test/resources/apps/crossdomain-security/sample_war/dtx.jsp

@@ -0,0 +1,80 @@
+<!--
+Copyright (c) 2024, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+-->
+<%@ page import="java.io.IOException" %>
+<%@ page import="java.util.Hashtable" %>
+<%@ page import="javax.naming.Context" %>
+<%@ page import="javax.naming.InitialContext" %>
+<%@ page import="javax.naming.NamingException" %>
+<%@ page import="javax.servlet.ServletException" %>
+<%@ page import="javax.servlet.annotation.WebServlet" %>
+<%@ page import="javax.servlet.http.HttpServlet" %>
+<%@ page import="javax.servlet.http.HttpServletRequest" %>
+<%@ page import="javax.servlet.http.HttpServletResponse" %>
+<%@ page import="javax.servlet.http.HttpServletResponse" %>
+<%@ page import="javax.jms.Destination" %>
+<%@ page import="javax.jms.ConnectionFactory" %>
+<%@ page import="javax.jms.JMSContext" %>
+<%@ page import="javax.jms.Message" %>
+<%@ page import="javax.jms.JMSConsumer" %>
+<%@ page import="javax.jms.QueueBrowser" %>
+
+<%
+try {
+  Context ctx = null;
+
+  String remoteurl = request.getParameter("remoteurl");
+  out.println("Remote URL is [" + remoteurl + "]");
+
+  String action = request.getParameter("action"); 
+  out.println("action [" + action + "]");
+
+  String dest = request.getParameter("dest"); 
+  out.println("Destination  [" + dest + "]");
+
+  Hashtable env = new Hashtable();
+  env.put(Context.INITIAL_CONTEXT_FACTORY,
+          "weblogic.jndi.WLInitialContextFactory");
+  env.put(Context.PROVIDER_URL, remoteurl);
+  // Remote anonymous RMI access via T3 not allowed
+  env.put(Context.SECURITY_PRINCIPAL, "weblogic");
+  env.put(Context.SECURITY_CREDENTIALS, "welcome1");
+  ctx = new InitialContext(env);
+  out.println("Got Remote Context successfully");
+
+  // lookup JMS XAConnectionFactory
+  ConnectionFactory qcf=
+       (ConnectionFactory)ctx.lookup("weblogic.jms.XAConnectionFactory");
+  out.println("JMS ConnectionFactory lookup Successful ...");
+
+  JMSContext context = qcf.createContext();
+  out.println("JMS Context Created Successfully ...");
+  Destination queue = (Destination)ctx.lookup(dest);
+  out.println("JMS Destination lookup Successful ...");
+
+  if ( action.equals("send") ) {
+    context.createProducer().send(queue, "Message to a Destination");
+    out.println("Message sent to the JMS Destination");
+  }
+  
+  if ( action.equals("recv") ) {
+    JMSConsumer consumer = (JMSConsumer) context.createConsumer(queue);
+    out.println("JMS Consumer Created Successfully ..");
+    Message msg=null;
+    int count = 0;
+    do {
+      msg = consumer.receiveNoWait();
+        if ( msg != null ) {
+          // out.println("Message Drained ["+msg+"]");
+          // out.println("Message Drained ["+msg.getBody(String.class)+"]");
+          count++;
+       }
+    } while( msg != null);
+      out.println("Total Message(s) Received : " + count);
+  }
+
+} catch(Exception e) {
+   out.println("Got an Exception [" + e + "]");
+}
+%>

integration-tests/src/test/resources/apps/crossdomain-security/sample_war/get.jsp

@@ -0,0 +1,54 @@
+# Copyright (c) 2024, Oracle Corporation and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+domainInfo:
+    AdminUserName: '@@SECRET:__weblogic-credentials__:username@@'
+    AdminPassword: '@@SECRET:__weblogic-credentials__:password@@'
+    ServerStartMode: 'prod'
+    WLSUserPasswordCredentialMappings:
+     CrossDomain:
+       map1:
+         RemoteDomain: '@@PROP:REMOTE_DOMAIN@@'
+         RemoteUser: xdomain
+         RemotePassword: '@@SECRET:__weblogic-credentials__:password@@'
+
+topology:
+    Name: '@@PROP:DOMAIN_UID@@'
+    AdminServerName: "@@PROP:ADMIN_SERVER_NAME@@"
+    SecurityConfiguration:
+      CrossDomainSecurityEnabled: true
+    Security:
+      User:
+        xdomain:
+          Name: xdomain
+          Password: '@@SECRET:__weblogic-credentials__:password@@'
+          GroupMemberOf:
+               - CrossDomainConnectors
+    Cluster:
+        "@@PROP:CLUSTER_NAME@@":
+            DynamicServers:
+                ServerTemplate:  "@@PROP:CLUSTER_NAME@@-template"
+                ServerNamePrefix: "@@PROP:MANAGED_SERVER_BASE_NAME@@"
+                DynamicClusterSize: "@@PROP:MANAGED_SERVER_COUNT@@"
+                MaxDynamicClusterSize: "@@PROP:MANAGED_SERVER_COUNT@@"
+                CalculatedListenPorts: false
+    Server:
+        "@@PROP:ADMIN_SERVER_NAME@@":
+            ListenPort: 7001
+            NetworkAccessPoint:
+                T3Channel:
+                    ListenPort: '@@PROP:T3CHANNELPORT@@'
+                    PublicAddress: '@@PROP:T3PUBLICADDRESS@@'
+                    PublicPort: '@@PROP:T3CHANNELPORT@@'
+    ServerTemplate:
+        "@@PROP:CLUSTER_NAME@@-template":
+            Cluster: "@@PROP:CLUSTER_NAME@@"
+            ListenPort : '@@PROP:MANAGED_SERVER_PORT@@'
+resources:
+    WebAppContainer:
+         WeblogicPluginEnabled: true
+appDeployments:
+    Application:
+        myear:
+            SourcePath: wlsdeploy/applications/crossdomainsec.ear
+            ModuleType: ear
+            Target: '@@PROP:CLUSTER_NAME@@,@@PROP:ADMIN_SERVER_NAME@@'

integration-tests/src/test/resources/crossdomsecurity/model.dynamic.wls.yaml

@@ -0,0 +1,8 @@
+# Copyright (c) 2024, Oracle Corporation and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+appDeployments:
+    Application:
+        myear:
+            SourcePath: wlsdeploy/applications/crossdomainsec.ear
+            ModuleType: ear
+            Target: '@@PROP:CLUSTER_NAME@@,@@PROP:ADMIN_SERVER_NAME@@'