Merge branch 'Issue#164-support-custom-security-providers' of github.com:oracle/weblogic-deploy-tooling into Issue#164-support-custom-security-providers

Author: CarolynRountree

core/src/main/python/wlsdeploy/aliases/aliases.py

@@ -318,7 +318,7 @@ def get_wlst_flattened_mbean_name(self, location):
         """
         Get the flattened WLST folder name.
         :param location: the location
-        :return: the flattened  folder name
+        :return: the flattened folder name
         :raises: AliasException: if an error occurs due to a bad location or bad alias data
         """
         return self._alias_entries.get_wlst_flattened_name_for_location(location)

core/src/main/python/wlsdeploy/tool/create/creator.py

@@ -19,7 +19,7 @@
 from wlsdeploy.util import dictionary_utils
 from wlsdeploy.util.model import Model
 from wlsdeploy.util.weblogic_helper import WebLogicHelper
-
+ 
 
 class Creator(object):
     """
@@ -401,7 +401,7 @@ def _create_subfolders(self, location, model_nodes):
                 if self.alias_helper.requires_artificial_type_subfolder_handling(sub_location):
                     self.logger.finest('WLSDPLY-12116', key, str(sub_location), subfolder_nodes,
                                        class_name=self.__class_name, method_name=_method_name)
-                    self._create_security_provider_mbeans(key, subfolder_nodes, location)
+                    self._create_security_provider_mbeans(key, subfolder_nodes, location, True)
                 elif len(subfolder_nodes) != 0:
                     if self.alias_helper.supports_multiple_mbean_instances(sub_location):
                         self.logger.finest('WLSDPLY-12109', key, str(sub_location), subfolder_nodes,
@@ -462,7 +462,10 @@ def _delete_existing_providers(self, location):
         The security realms providers in the model are processed as merge to the model. Each realm provider
         section must be complete and true to the resulting domain. Any existing provider not found in the
         model will be removed, and any provider in the model but not in the domain will be added. The resulting
-        provider list will be ordered as listed in the model.
+        provider list will be ordered as listed in the model. If the provider type (i.e. AuthenticationProvider)
+        is not in the model, it is assumed no configuration or ordering is needed, and the provider is skipped.
+        If the provider type is in the model, but there is no MBean entry under the provider, then it is 
+        assumed that all providers for that provider type must be removed.
 
         For create, the default realm and default providers have been added by the weblogic base template and any
         extension templates. They have default values. These providers will be removed from the domain. During
@@ -477,9 +480,8 @@ def _delete_existing_providers(self, location):
         with the correct name. And the DefaultAuthenticationProvider successfully re-adds with the correct default
         identity asserter.
 
-        This release does not support updating the provider list. Because this means that the realms cannot be
-        configured accurately, the security configuration is not configured. It is in the original configuration
-        applied by the templates.
+        This release also supports updating the security configuration realms in both offline and online mode. This
+        release requires a complete list of providers as described in the first paragraph.
 
         :param location: current context of the location pointing at the provider mbean
         """
@@ -497,9 +499,9 @@ def _delete_existing_providers(self, location):
             self.wlst_helper.cd(create_path)
             for existing_folder_name in existing_folder_names:
                 try:
+                    self.logger.info('WLSDPLY-12135', existing_folder_name, wlst_base_provider_type, create_path,
+                                     class_name=self.__class_name, method_name=_method_name)
                     self.wlst_helper.delete(existing_folder_name, wlst_base_provider_type)
-                    self.logger.finer('WLSDPLY-12135', existing_folder_name, wlst_base_provider_type, create_path,
-                                      class_name=self.__class_name, method_name=_method_name)
                 except BundleAwareException, bae:
                     ex = exception_helper.create_exception(self._exception_type, 'WLSDPLY-12134', existing_folder_name,
                                                            self.wls_helper.get_weblogic_version(),

core/src/main/python/wlsdeploy/tool/create/security_provider_creator.py

@@ -24,7 +24,6 @@ class SecurityProviderCreator(Creator):
 
     Custom Security Providers are supported in 12c releases only.
 
-    Configuration of the security realms is not supported in 11g -
     Default providers in 11g have no name. Offline wlst returns 'Provider' as each provider name instead.
     By deleting and re-adding, the providers are added with the appropriate name field.
 
@@ -39,7 +38,8 @@ class SecurityProviderCreator(Creator):
     5. All 11g and 12c versions less than 12.2.1.2 cannot perform a delete on an Adjudicator object.
 
     The SecurityConfiguration is added if it does not exist. The default realm is added if it does not exist.
-    If it is not an 11g target domain, then configure the realms with merge to model with the providers
+    If the model provides a user defined realm, the default realm is not removed. 
+    
     """
     __class_name = 'SecurityProviderHelper'
 
@@ -54,10 +54,11 @@ def __init__(self, model_dictionary, model_context, aliases, exception_type, log
     def create_security_configuration(self, location):
         """
         Create the /SecurityConfiguration folder objects, if any.
-        Update is calling this method. The SecurityConfiguration should already be configured by create domain, but
+        
+        The SecurityConfiguration should already be configured by create domain, but
         allow the method to create the default security configuration with the default realm if for some reason
-        it does not exit. Then bypass any configuration of the update from the model. The update tool does not
-        support configuration of the SecurityConfiguration in this release.
+        it does not exist.  
+        
         :param location: the location to use
         :raises: BundleAwareException of the specified type: if an error occurs
         """
@@ -67,19 +68,15 @@ def create_security_configuration(self, location):
         security_configuration_nodes = dictionary_utils.get_dictionary_element(self._topology, SECURITY_CONFIGURATION)
 
         # in WLS 11g, the SecurityConfiguration mbean is not created until the domain is written.
-        # This is called after the domain is written, but check to make sure the mbean exists.
-        # if missing, we will create it to initialize realm and default security providers.
-        # This release does not support configuring 11g security providers beyond making sure the default
-        # realm exists.
+        # This is called after the domain is written, but check to make sure the mbean does exist.
+        # It missing it will be created to initialize the default realm and security providers.
         config_location = LocationContext(location).append_location(SECURITY_CONFIGURATION)
         existing_names = deployer_utils.get_existing_object_list(config_location, self.alias_helper)
         if len(existing_names) == 0:
             mbean_type, mbean_name = self.alias_helper.get_wlst_mbean_type_and_name(config_location)
             self.wlst_helper.create(mbean_name, mbean_type)
 
-        # This will leave 11g asis with the default security realm for the current release. No configuration
-        # will be done to the 11g default security realm.
-        if len(security_configuration_nodes) > 0: # and self._configure_security_configuration():
+        if len(security_configuration_nodes) > 0:
             self._create_mbean(SECURITY_CONFIGURATION, security_configuration_nodes, location, log_created=True)
 
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
@@ -132,7 +129,8 @@ def __get_default_realm_location(self):
 
     def _configure_security_configuration(self):
         """
-        For this release, the update tool will not configure the security realm.
+        Keep this method in case we need to configure non-support.
+        
         :return: True if can configure the SecurityConfiguration mbean
         """
         _method_name = '_configure_security_configuration'

core/src/main/python/wlsdeploy/tool/util/custom_folder_helper.py

@@ -1,5 +1,5 @@
 """
-Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
 The Universal Permissive License (UPL), Version 1.0
 """
 from java.lang import IllegalArgumentException
@@ -52,11 +52,13 @@ def update_security_folder(self, location, model_category, model_type, model_nam
         # create the MBean using the model name, model_type, category
 
         location.append_location(model_category)
-        mbean_category = self.alias_helper.get_wlst_mbean_type(location)
+        token = self.alias_helper.get_name_token(location)
+        location.add_name_token(token, model_name)
 
+        mbean_category = self.alias_helper.get_wlst_mbean_type(location)
         self.wlst_helper.create(model_name, model_type, mbean_category)
 
-        provider_path = create_path + '/' + mbean_category + '/' + model_name
+        provider_path = self.alias_helper.get_wlst_attributes_path(location)
         provider_mbean = self.wlst_helper.cd(provider_path)
 
         interface_name = model_type + 'MBean'

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -962,7 +962,7 @@ WLSDPLY-12132=Unrecognized data type {0}
 WLSDPLY-12133=Unable to convert "{0}" to value of type {1}
 WLSDPLY-12134=Unable to remove "{0}" in target domain release {1}. The remove is required to properly configure \
   the Realm Provider Type {2}. Consult the WebLogic Deploy Tool documentation for further information. : {3}
-WLSDPLY-12135=Removed Security provider {0} with Provider type {1} at location {2}
+WLSDPLY-12135=Removing Security provider {0} with Provider type {1} at location {2}
 WLSDPLY-12136=No default providers installed for {0} at {1}
 
 # domain_creator.py