Merge pull request #19434 from shanggeeth/graaljs

Add integration tests for GraalJS based adaptive authentication script execution

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/auth/NashornAdaptiveScriptInitializerTestCase.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.identity.integration.test.auth;
+
+import org.testng.annotations.AfterTest;
+import org.testng.annotations.BeforeTest;
+import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;
+import org.wso2.carbon.utils.CarbonUtils;
+import org.wso2.identity.integration.common.utils.ISIntegrationTest;
+
+import java.io.File;
+
+public class NashornAdaptiveScriptInitializerTestCase extends ISIntegrationTest {
+
+    private ServerConfigurationManager scm;
+    private File defaultConfigFile;
+
+    @BeforeTest(alwaysRun = true)
+    public void initScriptEngineConfig() throws Exception {
+
+        super.init();
+        String carbonHome = CarbonUtils.getCarbonHome();
+        defaultConfigFile = getDeploymentTomlFile(carbonHome);
+        File scriptEngineConfigFile = new File(
+                getISResourceLocation() + File.separator + "scriptEngine" + File.separator +
+                        "nashorn_script_engine_config.toml");
+        scm = new ServerConfigurationManager(isServer);
+        scm.applyConfiguration(scriptEngineConfigFile, defaultConfigFile, true, true);
+    }
+
+    @AfterTest(alwaysRun = true)
+    public void resetScriptEngineConfig() throws Exception {
+
+        super.init();
+        scm.restoreToLastConfiguration(false);
+        scm.restartGracefully();
+    }
+
+}

modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/auth/RiskBasedLoginTestCase.java

@@ -39,6 +39,8 @@
 import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Optional;
+import org.testng.annotations.Parameters;
 import org.testng.annotations.Test;
 import org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider;
 import org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep;
@@ -67,6 +69,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
@@ -100,7 +103,8 @@ public class RiskBasedLoginTestCase extends AbstractAdaptiveAuthenticationTestCa
     MicroserviceServer microserviceServer;
 
     @BeforeClass(alwaysRun = true)
-    public void testInit() throws Exception {
+    @Parameters({"scriptEngine"})
+    public void testInit(@Optional("nashorn") String scriptEngine) throws Exception {
 
         super.init();
 
@@ -143,7 +147,7 @@ public void testInit() throws Exception {
 
         log.info("Restarting the server at: " + isServer.getContextUrls().getBackEndUrl());
         serverConfigurationManager = new ServerConfigurationManager(isServer);
-        changeISConfiguration();
+        changeISConfiguration(scriptEngine);
         log.info("Restarting the server at: " + isServer.getContextUrls().getBackEndUrl() + " is successful");
 
         super.init();
@@ -188,12 +192,17 @@ public void testInit() throws Exception {
         userRiskScores.put(userInfo.getUserName(), 0);
     }
 
-    private void changeISConfiguration() throws Exception {
+    private void changeISConfiguration(String scriptEngine) throws Exception {
+
+        String identityNewResourceFileName = "identity_new_resource.toml";
+        if (scriptEngine.equalsIgnoreCase("nashorn")) {
+            identityNewResourceFileName = "identity_new_resource_nashorn.toml";
+        }
 
         String carbonHome = Utils.getResidentCarbonHome();
         File defaultTomlFile = getDeploymentTomlFile(carbonHome);
         File configuredTomlFile = new File(getISResourceLocation() + File.separator
-                + "identity_new_resource.toml");
+                + identityNewResourceFileName);
         serverConfigurationManager = new ServerConfigurationManager(isServer);
         serverConfigurationManager.applyConfigurationWithoutRestart(configuredTomlFile, defaultTomlFile, true);
         serverConfigurationManager.restartGracefully();

modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/identity_new_resource_nashorn.toml

@@ -0,0 +1,36 @@
+[server]
+hostname = "localhost"
+node_ip = "127.0.0.1"
+base_path = "https://$ref{server.hostname}:${carbon.management.port}"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.identity_db]
+driver = "$env{IDENTITY_DATABASE_DRIVER}"
+url = "$env{IDENTITY_DATABASE_URL}"
+username = "$env{IDENTITY_DATABASE_USERNAME}"
+password = "$env{IDENTITY_DATABASE_PASSWORD}"
+
+[database.shared_db]
+driver = "$env{SHARED_DATABASE_DRIVER}"
+url = "$env{SHARED_DATABASE_URL}"
+username = "$env{SHARED_DATABASE_USERNAME}"
+password = "$env{SHARED_DATABASE_PASSWORD}"
+
+[keystore.primary]
+file_name = "wso2carbon.jks"
+password = "wso2carbon"
+
+[[resource.access_control]]
+context = "(.*)/sample-auth/(.*)"
+secure = false
+http_method = "all"
+
+[AdaptiveAuth]
+ScriptEngine = "nashorn"

modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/scriptEngine/nashorn_script_engine_config.toml

@@ -0,0 +1,77 @@
+[server]
+hostname = "localhost"
+node_ip = "127.0.0.1"
+base_path = "https://$ref{server.hostname}:${carbon.management.port}"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.identity_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2IDENTITY_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[database.shared_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[keystore.primary]
+file_name = "wso2carbon.jks"
+password = "wso2carbon"
+
+[truststore]
+file_name="client-truststore.jks"
+password="wso2carbon"
+type="JKS"
+
+[account_recovery.endpoint.auth]
+hash= "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"
+
+[identity.auth_framework.endpoint]
+app_password= "dashboard"
+
+# The KeyStore which is used for encrypting/decrypting internal data. By default the primary keystore is used as the internal keystore.
+
+#[keystore.internal]
+#file_name = "$ref{keystore.primary.file_name}"
+#type = "$ref{keystore.primary.type}"
+#password = "$ref{keystore.primary.password}"
+#alias = "$ref{keystore.primary.alias}"
+#key_password = "$ref{keystore.primary.key_password}"
+
+# The KeyStore which is used for tls communication. By default the primary keystore is used as the tls keystore.
+
+#[keystore.tls]
+#file_name = "$ref{keystore.primary.file_name}"
+#type = "$ref{keystore.primary.type}"
+#password = "$ref{keystore.primary.password}"
+#alias = "$ref{keystore.primary.alias}"
+#key_password = "$ref{keystore.primary.key_password}"
+
+#Google reCAPTCHA settings.
+
+#[recaptcha]
+#enabled = true
+#api_url = "https://www.google.com/recaptcha/api.js"
+#verify_url = "https://www.google.com/recaptcha/api/siteverify"
+#site_key = ""
+#secret_key = ""
+
+# SMTP email sender settings.
+#[output_adapter.email]
+#from_address= "abcd@gmail.com"
+#username= "abcd"
+#password= "xxxx"
+#hostname= "smtp.gmail.com"
+#port= 587
+
+[AdaptiveAuth]
+ScriptEngine = "nashorn"

modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml

@@ -245,6 +245,21 @@
         </classes>
     </test>
 
+    <test name="is-test-adaptive-authentication-nashorn" preserve-order="true" parallel="false" group-by-instances="true">
+        <classes>
+            <class name="org.wso2.identity.integration.test.auth.NashornAdaptiveScriptInitializerTestCase"/>
+            <class name="org.wso2.identity.integration.test.auth.AdaptiveScriptTemporaryClaimPersistenceTestCase"/>
+            <class name="org.wso2.identity.integration.test.auth.SecondaryStoreUserLoginTestCase"/>
+        </classes>
+    </test>
+
+    <test name="is-test-adaptive-authentication-nashorn-with-restart" preserve-order="true" parallel="false" group-by-instances="true">
+        <parameter name="scriptEngine" value="nashorn"/>
+        <classes>
+            <class name="org.wso2.identity.integration.test.auth.RiskBasedLoginTestCase" />
+        </classes>
+    </test>
+
     <test name="is-tests-default-configuration-ldap" preserve-order="true" parallel="false" group-by-instances="true">
         <classes>
             <class name="org.wso2.identity.integration.test.base.LDAPUserStoreInitializerTestCase"/>

pom.xml

@@ -2382,7 +2382,7 @@
         <identity.app.authz.xacml.version>2.3.2</identity.app.authz.xacml.version>
         <identity.oauth.addons.version>2.5.9</identity.oauth.addons.version>
         <org.wso2.carbon.extension.identity.x509certificate.version>1.1.10</org.wso2.carbon.extension.identity.x509certificate.version>
-        <conditional.authentication.functions.version>1.2.49</conditional.authentication.functions.version>
+        <conditional.authentication.functions.version>1.2.50</conditional.authentication.functions.version>
 
         <!-- Identity Portal Versions -->
         <identity.apps.console.version>2.18.19</identity.apps.console.version>