mmaassen/jboss-security-domain.cli.sh

## jboss-security-domain.cli.sh
#!/bin/bash
BASEPATH=$(dirname $0)
source $BASEPATH/functions.sh

LOGFILE="$LOGPATH/$(basename $0).log"
exec > >(tee -i $LOGFILE)

checkSudo

ARRAY="$@"

########################################################################
## Defaults
CACHETYPE=""   ## empty || cache-type=default
FLAG="sufficient"
SECURITY_DOMAIN_NAME="templateRemoveMe"
SECURITY_DOMAIN_LDAP_URL="ldap://localhost"
SECURITY_DOMAIN_LDAP_USER="cn=admin,dc=hydrogenic,dc=nl"
SECURITY_DOMAIN_LDAP_PASSWORD="changethis"
SECURITY_DOMAIN_LDAP_USERS_DN="ou=intern,ou=gebruikers,dc=hydrogenic,dc=nl"
SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE="(uid={0})"
SECURITY_DOMAIN_LDAP_ROLES_DN="ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl"
SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE="(member={1})"
SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE="cn"
DEBUG=false
## Defaults
########################################################################

usage(){
    printError "$0 --omgeving <omgeving>"
    printError "=================================="
    printError "========== OPTIONS ==============="
    printError "=================================="
    printError "--omgeving '$OMGEVING'"
    printError "--name '$SECURITY_DOMAIN_NAME'"
    printError "--ldap-url '$SECURITY_DOMAIN_LDAP_URL'"
    printError "--ldap-user '$SECURITY_DOMAIN_LDAP_USER'"
    printError "--ldap-password '$SECURITY_DOMAIN_LDAP_PASSWORD'"
    printError "--ldap-user-dn '$SECURITY_DOMAIN_LDAP_USERS_DN'"
    printError "--ldap-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE'"
    printError "--ldap-role-dn '$SECURITY_DOMAIN_LDAP_ROLES_DN'"
    printError "--ldap-role-attr '$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE'"
    printError "--ldap-role-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE'"
    printError "=================================="
    printError "--help  #show this message"
    printError "--debug #debug output"
    printError "=================================="
    printError "add-wildfly-security-domain.sh --omgeving dev --name omnimapSecurityDomain --ldap-url 'ldap://ldap.hydrogenic.nl' --ldap-password 'example' --ldap-role-dn 'ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl'"
    printError "=================================="
    exit 1
}

########################################################################

OPTS=`getopt -l "omgeving:,name:,ldap-url:,ldap-user:,ldap-password:,ldap-user-dn:,ldap-user-attr:,ldap-role-dn:,ldap-role-attr:,ldap-role-user-attr:,help,debug" -n 'addSecurityDomain.sh' -- "$ARRAY"`

if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi

# eval set -- "$OPTS"

while true; do
  case "$1" in
    --omgeving )            OMGEVING=$2; shift;shift;;
    --name )                SECURITY_DOMAIN_NAME=$2; shift;shift;;
    --ldap-url )            SECURITY_DOMAIN_LDAP_URL=$2; shift;shift;;
    --ldap-user )           SECURITY_DOMAIN_LDAP_USER=$2; shift;shift;;
    --ldap-password )       SECURITY_DOMAIN_LDAP_PASSWORD=$2; shift;shift;;
    --ldap-user-dn )        SECURITY_DOMAIN_LDAP_USERS_DN=$2; shift;shift;;
    --ldap-user-attr )      SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$2; shift;shift;;
    --ldap-role-dn )        SECURITY_DOMAIN_LDAP_ROLES_DN=$2; shift;shift;;
    --ldap-role-attr )      SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$2; shift;shift;;
    --ldap-role-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$2; shift;shift;;
    --help )                usage ;;
    --debug )               export DEBUG=true; shift;shift;;
    -- ) shift; break ;;
    * ) break ;;
  esac
done


if [[ "y$OMGEVING" == "y" ]]; then
    printError "--omgeving is vereist"
    usage
fi

printDebug "OMGEVING=$OMGEVING"
printDebug "SECURITY_DOMAIN_NAME=$SECURITY_DOMAIN_NAME"
printDebug "SECURITY_DOMAIN_LDAP_URL=$SECURITY_DOMAIN_LDAP_URL"
printDebug "SECURITY_DOMAIN_LDAP_USER=$SECURITY_DOMAIN_LDAP_USER"
printDebug "SECURITY_DOMAIN_LDAP_PASSWORD=$SECURITY_DOMAIN_LDAP_PASSWORD"
printDebug "SECURITY_DOMAIN_LDAP_USERS_DN=$SECURITY_DOMAIN_LDAP_USERS_DN"
printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE"
printDebug "SECURITY_DOMAIN_LDAP_ROLES_DN=$SECURITY_DOMAIN_LDAP_ROLES_DN"
printDebug "SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE"
printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE"


if [[ -f  /tmp/$SECURITY_DOMAIN_NAME.cli ]]; then
    rm -f  /tmp/$SECURITY_DOMAIN_NAME.cli
fi

cat > /tmp/$SECURITY_DOMAIN_NAME.cli << EOF
batch
/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME:add($CACHETYPE)
/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic:add()
/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic/login-module=LdapExtended:add(code=LdapExtended,flag=$FLAG,module-options={"java.naming.provider.url" => "$SECURITY_DOMAIN_LDAP_URL","java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory","bindDN" => "$SECURITY_DOMAIN_LDAP_USER","bindCredential" => "$SECURITY_DOMAIN_LDAP_PASSWORD","baseCtxDN" => "$SECURITY_DOMAIN_LDAP_USERS_DN","baseFilter" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE","rolesCtxDN" => "$SECURITY_DOMAIN_LDAP_ROLES_DN","roleFilter" => "$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE","roleAttributeID" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE","allowEmptyPasswords" => "SUBTREE_SCOPE"})
run-batch
EOF

printDebug "\n\nRunning CLI: \n---\n\n$(cat /tmp/$SECURITY_DOMAIN_NAME.cli)\n\n---\n\n"

sudo -i -u jboss /apps/jboss-running/bin/jboss-cli.sh --connect --controller=`hostname -I` --file=/tmp/$SECURITY_DOMAIN_NAME.cli

## MORE INFO
## https://gist.github.com/hasalex/5854155
	#!/bin/bash
	BASEPATH=$(dirname $0)
	source $BASEPATH/functions.sh

	LOGFILE="$LOGPATH/$(basename $0).log"
	exec > >(tee -i $LOGFILE)

	checkSudo

	ARRAY="$@"

	########################################################################
	## Defaults
	CACHETYPE="" ## empty \|\| cache-type=default
	FLAG="sufficient"
	SECURITY_DOMAIN_NAME="templateRemoveMe"
	SECURITY_DOMAIN_LDAP_URL="ldap://localhost"
	SECURITY_DOMAIN_LDAP_USER="cn=admin,dc=hydrogenic,dc=nl"
	SECURITY_DOMAIN_LDAP_PASSWORD="changethis"
	SECURITY_DOMAIN_LDAP_USERS_DN="ou=intern,ou=gebruikers,dc=hydrogenic,dc=nl"
	SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE="(uid={0})"
	SECURITY_DOMAIN_LDAP_ROLES_DN="ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl"
	SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE="(member={1})"
	SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE="cn"
	DEBUG=false
	## Defaults
	########################################################################

	usage(){
	printError "$0 --omgeving <omgeving>"
	printError "=================================="
	printError "========== OPTIONS ==============="
	printError "=================================="
	printError "--omgeving '$OMGEVING'"
	printError "--name '$SECURITY_DOMAIN_NAME'"
	printError "--ldap-url '$SECURITY_DOMAIN_LDAP_URL'"
	printError "--ldap-user '$SECURITY_DOMAIN_LDAP_USER'"
	printError "--ldap-password '$SECURITY_DOMAIN_LDAP_PASSWORD'"
	printError "--ldap-user-dn '$SECURITY_DOMAIN_LDAP_USERS_DN'"
	printError "--ldap-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE'"
	printError "--ldap-role-dn '$SECURITY_DOMAIN_LDAP_ROLES_DN'"
	printError "--ldap-role-attr '$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE'"
	printError "--ldap-role-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE'"
	printError "=================================="
	printError "--help #show this message"
	printError "--debug #debug output"
	printError "=================================="
	printError "add-wildfly-security-domain.sh --omgeving dev --name omnimapSecurityDomain --ldap-url 'ldap://ldap.hydrogenic.nl' --ldap-password 'example' --ldap-role-dn 'ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl'"
	printError "=================================="
	exit 1
	}

	########################################################################

	OPTS=`getopt -l "omgeving:,name:,ldap-url:,ldap-user:,ldap-password:,ldap-user-dn:,ldap-user-attr:,ldap-role-dn:,ldap-role-attr:,ldap-role-user-attr:,help,debug" -n 'addSecurityDomain.sh' -- "$ARRAY"`

	if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi

	# eval set -- "$OPTS"

	while true; do
	case "$1" in
	--omgeving ) OMGEVING=$2; shift;shift;;
	--name ) SECURITY_DOMAIN_NAME=$2; shift;shift;;
	--ldap-url ) SECURITY_DOMAIN_LDAP_URL=$2; shift;shift;;
	--ldap-user ) SECURITY_DOMAIN_LDAP_USER=$2; shift;shift;;
	--ldap-password ) SECURITY_DOMAIN_LDAP_PASSWORD=$2; shift;shift;;
	--ldap-user-dn ) SECURITY_DOMAIN_LDAP_USERS_DN=$2; shift;shift;;
	--ldap-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$2; shift;shift;;
	--ldap-role-dn ) SECURITY_DOMAIN_LDAP_ROLES_DN=$2; shift;shift;;
	--ldap-role-attr ) SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$2; shift;shift;;
	--ldap-role-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$2; shift;shift;;
	--help ) usage ;;
	--debug ) export DEBUG=true; shift;shift;;
	-- ) shift; break ;;
	* ) break ;;
	esac
	done






	if [[ "y$OMGEVING" == "y" ]]; then
	printError "--omgeving is vereist"
	usage
	fi

	printDebug "OMGEVING=$OMGEVING"
	printDebug "SECURITY_DOMAIN_NAME=$SECURITY_DOMAIN_NAME"
	printDebug "SECURITY_DOMAIN_LDAP_URL=$SECURITY_DOMAIN_LDAP_URL"
	printDebug "SECURITY_DOMAIN_LDAP_USER=$SECURITY_DOMAIN_LDAP_USER"
	printDebug "SECURITY_DOMAIN_LDAP_PASSWORD=$SECURITY_DOMAIN_LDAP_PASSWORD"
	printDebug "SECURITY_DOMAIN_LDAP_USERS_DN=$SECURITY_DOMAIN_LDAP_USERS_DN"
	printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE"
	printDebug "SECURITY_DOMAIN_LDAP_ROLES_DN=$SECURITY_DOMAIN_LDAP_ROLES_DN"
	printDebug "SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE"
	printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE"


	if [[ -f /tmp/$SECURITY_DOMAIN_NAME.cli ]]; then
	rm -f /tmp/$SECURITY_DOMAIN_NAME.cli
	fi

	cat > /tmp/$SECURITY_DOMAIN_NAME.cli << EOF
	batch
	/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME:add($CACHETYPE)
	/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic:add()
	/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic/login-module=LdapExtended:add(code=LdapExtended,flag=$FLAG,module-options={"java.naming.provider.url" => "$SECURITY_DOMAIN_LDAP_URL","java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory","bindDN" => "$SECURITY_DOMAIN_LDAP_USER","bindCredential" => "$SECURITY_DOMAIN_LDAP_PASSWORD","baseCtxDN" => "$SECURITY_DOMAIN_LDAP_USERS_DN","baseFilter" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE","rolesCtxDN" => "$SECURITY_DOMAIN_LDAP_ROLES_DN","roleFilter" => "$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE","roleAttributeID" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE","allowEmptyPasswords" => "SUBTREE_SCOPE"})
	run-batch
	EOF

	printDebug "\n\nRunning CLI: \n---\n\n$(cat /tmp/$SECURITY_DOMAIN_NAME.cli)\n\n---\n\n"

	sudo -i -u jboss /apps/jboss-running/bin/jboss-cli.sh --connect --controller=`hostname -I` --file=/tmp/$SECURITY_DOMAIN_NAME.cli

	## MORE INFO
	## https://gist.github.com/hasalex/5854155