use of io.undertow.security.api.AuthenticationMechanismFactory in project wildfly by wildfly.
the class ServletContainerAdd method installRuntimeServices.
public void installRuntimeServices(OperationContext context, ModelNode model, String name) throws OperationFailedException {
final ModelNode fullModel = Resource.Tools.readModel(context.readResource(PathAddress.EMPTY_ADDRESS), 2);
final SessionCookieConfig config = SessionCookieDefinition.INSTANCE.getConfig(context, fullModel.get(SessionCookieDefinition.INSTANCE.getPathElement().getKeyValuePair()));
final CrawlerSessionManagerConfig crawlerSessionManagerConfig = CrawlerSessionManagementDefinition.INSTANCE.getConfig(context, fullModel.get(CrawlerSessionManagementDefinition.INSTANCE.getPathElement().getKeyValuePair()));
final boolean persistentSessions = PersistentSessionsDefinition.isEnabled(context, fullModel.get(PersistentSessionsDefinition.INSTANCE.getPathElement().getKeyValuePair()));
final boolean allowNonStandardWrappers = ServletContainerDefinition.ALLOW_NON_STANDARD_WRAPPERS.resolveModelAttribute(context, model).asBoolean();
final boolean proactiveAuth = ServletContainerDefinition.PROACTIVE_AUTHENTICATION.resolveModelAttribute(context, model).asBoolean();
final String bufferCache = ServletContainerDefinition.DEFAULT_BUFFER_CACHE.resolveModelAttribute(context, model).asString();
final boolean disableFileWatchService = ServletContainerDefinition.DISABLE_FILE_WATCH_SERVICE.resolveModelAttribute(context, model).asBoolean();
JSPConfig jspConfig = JspDefinition.INSTANCE.getConfig(context, fullModel.get(JspDefinition.INSTANCE.getPathElement().getKeyValuePair()));
final String stackTracesString = ServletContainerDefinition.STACK_TRACE_ON_ERROR.resolveModelAttribute(context, model).asString();
final ModelNode defaultEncodingValue = ServletContainerDefinition.DEFAULT_ENCODING.resolveModelAttribute(context, model);
final String defaultEncoding = defaultEncodingValue.isDefined() ? defaultEncodingValue.asString() : null;
final boolean useListenerEncoding = ServletContainerDefinition.USE_LISTENER_ENCODING.resolveModelAttribute(context, model).asBoolean();
final boolean ignoreFlush = ServletContainerDefinition.IGNORE_FLUSH.resolveModelAttribute(context, model).asBoolean();
final boolean eagerFilterInit = ServletContainerDefinition.EAGER_FILTER_INIT.resolveModelAttribute(context, model).asBoolean();
final boolean disableCachingForSecuredPages = ServletContainerDefinition.DISABLE_CACHING_FOR_SECURED_PAGES.resolveModelAttribute(context, model).asBoolean();
final int sessionIdLength = ServletContainerDefinition.SESSION_ID_LENGTH.resolveModelAttribute(context, model).asInt();
Boolean directoryListingEnabled = null;
if (model.hasDefined(Constants.DIRECTORY_LISTING)) {
directoryListingEnabled = ServletContainerDefinition.DIRECTORY_LISTING.resolveModelAttribute(context, model).asBoolean();
}
Integer maxSessions = null;
if (model.hasDefined(Constants.MAX_SESSIONS)) {
maxSessions = ServletContainerDefinition.MAX_SESSIONS.resolveModelAttribute(context, model).asInt();
}
final int sessionTimeout = ServletContainerDefinition.DEFAULT_SESSION_TIMEOUT.resolveModelAttribute(context, model).asInt();
WebsocketsDefinition.WebSocketInfo webSocketInfo = WebsocketsDefinition.INSTANCE.getConfig(context, fullModel.get(WebsocketsDefinition.INSTANCE.getPathElement().getKeyValuePair()));
final Map<String, String> mimeMappings = new HashMap<>();
if (fullModel.hasDefined(Constants.MIME_MAPPING)) {
for (final Property mapping : fullModel.get(Constants.MIME_MAPPING).asPropertyList()) {
mimeMappings.put(mapping.getName(), MimeMappingDefinition.VALUE.resolveModelAttribute(context, mapping.getValue()).asString());
}
}
List<String> welcomeFiles = new ArrayList<>();
if (fullModel.hasDefined(Constants.WELCOME_FILE)) {
for (final Property welcome : fullModel.get(Constants.WELCOME_FILE).asPropertyList()) {
welcomeFiles.add(welcome.getName());
}
}
// WFLY-2553 Adding default WildFly specific mechanisms here - subsequently we could enhance the servlet-container
// config to override / add mechanisms.
Map<String, AuthenticationMechanismFactory> authenticationMechanisms = new HashMap<>();
authenticationMechanisms.put("SPNEGO", new NegotiationMechanismFactory());
authenticationMechanisms.put(HttpServletRequest.DIGEST_AUTH, DigestAuthenticationMechanismFactory.FACTORY);
final ServletContainerService container = new ServletContainerService(allowNonStandardWrappers, ServletStackTraces.valueOf(stackTracesString.toUpperCase().replace('-', '_')), config, jspConfig, defaultEncoding, useListenerEncoding, ignoreFlush, eagerFilterInit, sessionTimeout, disableCachingForSecuredPages, webSocketInfo != null, webSocketInfo != null && webSocketInfo.isDispatchToWorker(), webSocketInfo != null && webSocketInfo.isPerMessageDeflate(), webSocketInfo == null ? -1 : webSocketInfo.getDeflaterLevel(), mimeMappings, welcomeFiles, directoryListingEnabled, proactiveAuth, sessionIdLength, authenticationMechanisms, maxSessions, crawlerSessionManagerConfig, disableFileWatchService);
final ServiceTarget target = context.getServiceTarget();
final ServiceBuilder<ServletContainerService> builder = target.addService(UndertowService.SERVLET_CONTAINER.append(name), container);
if (bufferCache != null) {
builder.addDependency(BufferCacheService.SERVICE_NAME.append(bufferCache), DirectBufferCache.class, container.getBufferCacheInjectedValue());
}
if (persistentSessions) {
builder.addDependency(AbstractPersistentSessionManager.SERVICE_NAME, SessionPersistenceManager.class, container.getSessionPersistenceManagerInjectedValue());
}
if (webSocketInfo != null) {
builder.addDependency(IOServices.WORKER.append(webSocketInfo.getWorker()), XnioWorker.class, container.getWebsocketsWorker());
builder.addDependency(IOServices.BUFFER_POOL.append(webSocketInfo.getBufferPool()), Pool.class, (InjectedValue) container.getWebsocketsBufferPool());
}
builder.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
}
use of io.undertow.security.api.AuthenticationMechanismFactory in project indy by Commonjava.
the class DeploymentInfoUtils method merge.
public static void merge(final DeploymentInfo into, final DeploymentInfo from) {
final Map<String, AuthenticationMechanismFactory> authMechs = from.getAuthenticationMechanisms();
if (authMechs != null) {
for (final Map.Entry<String, AuthenticationMechanismFactory> entry : authMechs.entrySet()) {
into.addAuthenticationMechanism(entry.getKey(), entry.getValue());
}
}
if (from.getAuthorizationManager() != null) {
into.setAuthorizationManager(from.getAuthorizationManager());
}
if (from.getConfidentialPortManager() != null) {
into.setConfidentialPortManager(from.getConfidentialPortManager());
}
final List<ErrorPage> errorPages = from.getErrorPages();
if (errorPages != null) {
into.addErrorPages(errorPages);
}
if (from.getExceptionHandler() != null) {
into.setExceptionHandler(from.getExceptionHandler());
}
final List<FilterMappingInfo> filterMappings = from.getFilterMappings();
if (filterMappings != null) {
for (final FilterMappingInfo fmi : filterMappings) {
switch(fmi.getMappingType()) {
case SERVLET:
{
into.addFilterServletNameMapping(fmi.getFilterName(), fmi.getMapping(), fmi.getDispatcher());
break;
}
default:
{
into.addFilterUrlMapping(fmi.getFilterName(), fmi.getMapping(), fmi.getDispatcher());
}
}
}
}
final Map<String, FilterInfo> filterInfos = from.getFilters();
if (filterInfos != null) {
into.addFilters(filterInfos.values());
}
if (from.getIdentityManager() != null) {
into.setIdentityManager(from.getIdentityManager());
}
final Map<String, String> initParameters = from.getInitParameters();
if (initParameters != null) {
for (final Map.Entry<String, String> entry : initParameters.entrySet()) {
logger.debug("Init-Param: {} = {} from: {}", entry.getKey(), entry.getValue(), from);
into.addInitParameter(entry.getKey(), entry.getValue());
}
}
final List<LifecycleInterceptor> lifecycleInterceptors = from.getLifecycleInterceptors();
if (lifecycleInterceptors != null) {
for (final LifecycleInterceptor lifecycleInterceptor : lifecycleInterceptors) {
into.addLifecycleInterceptor(lifecycleInterceptor);
}
}
final List<ListenerInfo> listeners = from.getListeners();
if (listeners != null) {
into.addListeners(listeners);
}
if (from.getMetricsCollector() != null) {
into.setMetricsCollector(from.getMetricsCollector());
}
final List<MimeMapping> mimeMappings = from.getMimeMappings();
if (mimeMappings != null) {
into.addMimeMappings(mimeMappings);
}
final List<NotificationReceiver> notificationReceivers = from.getNotificationReceivers();
if (notificationReceivers != null) {
into.addNotificationReceivers(notificationReceivers);
}
final Map<String, Set<String>> principalVersusRolesMap = from.getPrincipalVersusRolesMap();
if (principalVersusRolesMap != null) {
for (final Map.Entry<String, Set<String>> entry : principalVersusRolesMap.entrySet()) {
into.addPrincipalVsRoleMappings(entry.getKey(), entry.getValue());
}
}
final List<SecurityConstraint> securityConstraints = from.getSecurityConstraints();
if (securityConstraints != null) {
if (logger.isDebugEnabled()) {
for (final SecurityConstraint sc : securityConstraints) {
logger.debug("Security Constraint: {} from: {}", sc, from);
}
}
into.addSecurityConstraints(securityConstraints);
}
final LoginConfig loginConfig = from.getLoginConfig();
if (loginConfig != null) {
logger.debug("Login Config with realm: {} and mechanism: {} from: {}", loginConfig.getRealmName(), loginConfig.getAuthMethods(), from);
if (into.getLoginConfig() != null) {
throw new IllegalStateException("Two or more deployment providers are attempting to provide login configurations! Enable debug logging to see more.");
}
into.setLoginConfig(loginConfig);
}
if (from.getSecurityContextFactory() != null) {
into.setSecurityContextFactory(from.getSecurityContextFactory());
}
final Set<String> securityRoles = from.getSecurityRoles();
if (securityRoles != null) {
into.addSecurityRoles(securityRoles);
}
final List<ServletContainerInitializerInfo> servletContainerInitializers = from.getServletContainerInitializers();
if (servletContainerInitializers != null) {
into.addServletContainerInitalizers(servletContainerInitializers);
}
final Map<String, Object> servletContextAttributes = from.getServletContextAttributes();
if (servletContextAttributes != null) {
for (final Map.Entry<String, Object> entry : servletContextAttributes.entrySet()) {
into.addServletContextAttribute(entry.getKey(), entry.getValue());
}
}
final List<ServletExtension> servletExtensions = from.getServletExtensions();
if (servletExtensions != null) {
for (final ServletExtension servletExtension : servletExtensions) {
into.addServletExtension(servletExtension);
}
}
final Map<String, ServletInfo> servletInfos = from.getServlets();
if (servletInfos != null) {
into.addServlets(servletInfos.values());
}
final List<SessionListener> sessionListeners = from.getSessionListeners();
if (sessionListeners != null) {
for (final SessionListener sessionListener : sessionListeners) {
into.addSessionListener(sessionListener);
}
}
if (from.getSessionManagerFactory() != null) {
into.setSessionManagerFactory(from.getSessionManagerFactory());
}
if (from.getSessionPersistenceManager() != null) {
into.setSessionPersistenceManager(from.getSessionPersistenceManager());
}
if (from.getTempDir() != null) {
into.setTempDir(from.getTempDir());
}
final List<String> welcomePages = from.getWelcomePages();
if (welcomePages != null) {
into.addWelcomePages(welcomePages);
}
final List<HandlerWrapper> initWrappers = from.getInitialHandlerChainWrappers();
if (initWrappers != null) {
for (final HandlerWrapper wrapper : initWrappers) {
into.addInitialHandlerChainWrapper(wrapper);
}
}
final List<HandlerWrapper> outerWrappers = from.getOuterHandlerChainWrappers();
if (outerWrappers != null) {
for (final HandlerWrapper wrapper : outerWrappers) {
into.addOuterHandlerChainWrapper(wrapper);
}
}
final List<HandlerWrapper> innerWrappers = from.getInnerHandlerChainWrappers();
if (innerWrappers != null) {
for (final HandlerWrapper wrapper : innerWrappers) {
into.addInnerHandlerChainWrapper(wrapper);
}
}
}
use of io.undertow.security.api.AuthenticationMechanismFactory in project undertow by undertow-io.
the class DeploymentManagerImpl method setupSecurityHandlers.
/**
* sets up the outer security handlers.
* <p/>
* the handler that actually performs the access check happens later in the chain, it is not setup here
*
* @param initialHandler The handler to wrap with security handlers
*/
private HttpHandler setupSecurityHandlers(HttpHandler initialHandler) {
final DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
final LoginConfig loginConfig = deploymentInfo.getLoginConfig();
HttpHandler current = initialHandler;
current = new SSLInformationAssociationHandler(current);
final SecurityPathMatches securityPathMatches = buildSecurityConstraints();
securityPathMatches.logWarningsAboutUncoveredMethods();
current = new ServletAuthenticationCallHandler(current);
for (HandlerWrapper wrapper : deploymentInfo.getSecurityWrappers()) {
current = wrapper.wrap(current);
}
if (deploymentInfo.isDisableCachingForSecuredPages()) {
current = Handlers.predicate(Predicates.authRequired(), Handlers.disableCache(current), current);
}
if (!securityPathMatches.isEmpty()) {
current = new ServletAuthenticationConstraintHandler(current);
}
current = new ServletConfidentialityConstraintHandler(deploymentInfo.getConfidentialPortManager(), current);
if (!securityPathMatches.isEmpty()) {
current = new ServletSecurityConstraintHandler(securityPathMatches, current);
}
HandlerWrapper initialSecurityWrapper = deploymentInfo.getInitialSecurityWrapper();
String mechName = null;
if (initialSecurityWrapper == null) {
final Map<String, AuthenticationMechanismFactory> factoryMap = new HashMap<>(deploymentInfo.getAuthenticationMechanisms());
final IdentityManager identityManager = deploymentInfo.getIdentityManager();
if (!factoryMap.containsKey(BASIC_AUTH)) {
factoryMap.put(BASIC_AUTH, new BasicAuthenticationMechanism.Factory(identityManager));
}
if (!factoryMap.containsKey(FORM_AUTH)) {
factoryMap.put(FORM_AUTH, new ServletFormAuthenticationMechanism.Factory(identityManager));
}
if (!factoryMap.containsKey(DIGEST_AUTH)) {
factoryMap.put(DIGEST_AUTH, new DigestAuthenticationMechanism.Factory(identityManager));
}
if (!factoryMap.containsKey(CLIENT_CERT_AUTH)) {
factoryMap.put(CLIENT_CERT_AUTH, new ClientCertAuthenticationMechanism.Factory(identityManager));
}
if (!factoryMap.containsKey(ExternalAuthenticationMechanism.NAME)) {
factoryMap.put(ExternalAuthenticationMechanism.NAME, new ExternalAuthenticationMechanism.Factory(identityManager));
}
if (!factoryMap.containsKey(GenericHeaderAuthenticationMechanism.NAME)) {
factoryMap.put(GenericHeaderAuthenticationMechanism.NAME, new GenericHeaderAuthenticationMechanism.Factory(identityManager));
}
List<AuthenticationMechanism> authenticationMechanisms = new LinkedList<>();
if (deploymentInfo.isUseCachedAuthenticationMechanism()) {
authenticationMechanisms.add(new CachedAuthenticatedSessionMechanism(identityManager));
}
if (loginConfig != null || deploymentInfo.getJaspiAuthenticationMechanism() != null) {
//we don't allow multipart requests, and use the default encoding when it's set
FormEncodedDataDefinition formEncodedDataDefinition = new FormEncodedDataDefinition();
if (deploymentInfo.getDefaultEncoding() != null) {
formEncodedDataDefinition.setDefaultEncoding(deploymentInfo.getDefaultEncoding());
}
FormParserFactory parser = FormParserFactory.builder(false).addParser(formEncodedDataDefinition).build();
List<AuthMethodConfig> authMethods = Collections.<AuthMethodConfig>emptyList();
if (loginConfig != null) {
authMethods = loginConfig.getAuthMethods();
}
for (AuthMethodConfig method : authMethods) {
AuthenticationMechanismFactory factory = factoryMap.get(method.getName());
if (factory == null) {
throw UndertowServletMessages.MESSAGES.unknownAuthenticationMechanism(method.getName());
}
if (mechName == null) {
mechName = method.getName();
}
final Map<String, String> properties = new HashMap<>();
properties.put(AuthenticationMechanismFactory.CONTEXT_PATH, deploymentInfo.getContextPath());
properties.put(AuthenticationMechanismFactory.REALM, loginConfig.getRealmName());
properties.put(AuthenticationMechanismFactory.ERROR_PAGE, loginConfig.getErrorPage());
properties.put(AuthenticationMechanismFactory.LOGIN_PAGE, loginConfig.getLoginPage());
properties.putAll(method.getProperties());
String name = method.getName().toUpperCase(Locale.US);
// The mechanism name is passed in from the HttpServletRequest interface as the name reported needs to be
// comparable using '=='
name = name.equals(FORM_AUTH) ? FORM_AUTH : name;
name = name.equals(BASIC_AUTH) ? BASIC_AUTH : name;
name = name.equals(DIGEST_AUTH) ? DIGEST_AUTH : name;
name = name.equals(CLIENT_CERT_AUTH) ? CLIENT_CERT_AUTH : name;
authenticationMechanisms.add(factory.create(name, parser, properties));
}
}
deployment.setAuthenticationMechanisms(authenticationMechanisms);
//if the JASPI auth mechanism is set then it takes over
if (deploymentInfo.getJaspiAuthenticationMechanism() == null) {
current = new AuthenticationMechanismsHandler(current, authenticationMechanisms);
} else {
current = new AuthenticationMechanismsHandler(current, Collections.<AuthenticationMechanism>singletonList(deploymentInfo.getJaspiAuthenticationMechanism()));
}
current = new CachedAuthenticatedSessionHandler(current, this.deployment.getServletContext());
}
List<NotificationReceiver> notificationReceivers = deploymentInfo.getNotificationReceivers();
if (!notificationReceivers.isEmpty()) {
current = new NotificationReceiverHandler(current, notificationReceivers);
}
if (initialSecurityWrapper == null) {
// TODO - A switch to constraint driven could be configurable, however before we can support that with servlets we would
// need additional tracking within sessions if a servlet has specifically requested that authentication occurs.
SecurityContextFactory contextFactory = deploymentInfo.getSecurityContextFactory();
if (contextFactory == null) {
contextFactory = SecurityContextFactoryImpl.INSTANCE;
}
current = new SecurityInitialHandler(deploymentInfo.getAuthenticationMode(), deploymentInfo.getIdentityManager(), mechName, contextFactory, current);
} else {
current = initialSecurityWrapper.wrap(current);
}
return current;
}
Aggregations