Search in sources :

Example 1 with MultiUserWorkspaceActivityModule

use of org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule in project che-server by eclipse-che.

the class WsMasterModule method configureMultiUserMode.

private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
    if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
        install(new ReplicationModule(persistenceProperties));
        bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
        configureJwtProxySecureProvisioner(infrastructure);
    } else {
        bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
        bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
        bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
    }
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
    } else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
        bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
    }
    persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
    bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
    install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
    install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
    install(new MultiUserWorkspaceActivityModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
    // Permission filters
    bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
    Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
    binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
    bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
    install(new ResourceModule());
    install(new OrganizationApiModule());
    install(new OrganizationJpaModule());
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
        if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
            bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
            bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
            bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
            bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
        }
        bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
        bind(ProfileDao.class).to(JpaProfileDao.class);
        bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
    } else {
        install(new KeycloakModule());
        install(new KeycloakUserRemoverModule());
        bind(AdminPermissionInitializer.class).asEagerSingleton();
        bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
    }
    install(new MachineAuthModule());
    // User and profile - use profile from keycloak and other stuff is JPA
    bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
    bind(UserDao.class).to(JpaUserDao.class);
    bind(PreferenceDao.class).to(JpaPreferenceDao.class);
    bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
    bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
    install(new InfraProxyModule());
}
Also used : NotImplementedTokenValidator(org.eclipse.che.api.user.server.NotImplementedTokenValidator) TokenValidator(org.eclipse.che.api.user.server.TokenValidator) OIDCInfoProvider(org.eclipse.che.multiuser.oidc.OIDCInfoProvider) KeycloakProviderConfigFactory(org.eclipse.che.workspace.infrastructure.openshift.multiuser.oauth.KeycloakProviderConfigFactory) WorkspaceLockService(org.eclipse.che.api.workspace.server.WorkspaceLockService) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) RemoteSubscriptionStorage(org.eclipse.che.api.core.notification.RemoteSubscriptionStorage) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) OrganizationJpaModule(org.eclipse.che.multiuser.organization.api.OrganizationJpaModule) MultiUserWorkspaceActivityModule(org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule) OAuthAPI(org.eclipse.che.security.oauth.OAuthAPI) EmbeddedOAuthAPI(org.eclipse.che.security.oauth.EmbeddedOAuthAPI) PBKDF2PasswordEncryptor(org.eclipse.che.security.PBKDF2PasswordEncryptor) PasswordEncryptor(org.eclipse.che.security.PasswordEncryptor) DataSource(javax.sql.DataSource) KeycloakUserRemoverModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakUserRemoverModule) KeycloakModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakModule) HeaderRequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.HeaderRequestTokenExtractor) RequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.RequestTokenExtractor) ProfileDao(org.eclipse.che.api.user.server.spi.ProfileDao) JpaProfileDao(org.eclipse.che.api.user.server.jpa.JpaProfileDao) UserDao(org.eclipse.che.api.user.server.spi.UserDao) JpaUserDao(org.eclipse.che.api.user.server.jpa.JpaUserDao) PermissionChecker(org.eclipse.che.multiuser.api.permission.server.PermissionChecker) AdminPermissionInitializer(org.eclipse.che.multiuser.api.permission.server.AdminPermissionInitializer) OIDCSigningKeyResolver(org.eclipse.che.multiuser.oidc.OIDCSigningKeyResolver) SigningKeyResolver(io.jsonwebtoken.SigningKeyResolver) InfraProxyModule(org.eclipse.che.api.infraproxy.server.InfraProxyModule) OrganizationApiModule(org.eclipse.che.multiuser.organization.api.OrganizationApiModule) PreferenceDao(org.eclipse.che.api.user.server.spi.PreferenceDao) JpaPreferenceDao(org.eclipse.che.api.user.server.jpa.JpaPreferenceDao) ResourceModule(org.eclipse.che.multiuser.resource.api.ResourceModule) JwtParser(io.jsonwebtoken.JwtParser) MachineAuthModule(org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule) KubernetesClientConfigFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientConfigFactory) JwkProvider(com.auth0.jwk.JwkProvider) OIDCJwkProvider(org.eclipse.che.multiuser.oidc.OIDCJwkProvider)

Example 2 with MultiUserWorkspaceActivityModule

use of org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule in project devspaces-images by redhat-developer.

the class WsMasterModule method configureMultiUserMode.

private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
    if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
        install(new ReplicationModule(persistenceProperties));
        bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
        configureJwtProxySecureProvisioner(infrastructure);
    } else {
        bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
        bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
        bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
    }
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
    } else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
        bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
    }
    persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
    bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
    install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
    install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
    install(new MultiUserWorkspaceActivityModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
    // Permission filters
    bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
    Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
    binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
    bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
    install(new ResourceModule());
    install(new OrganizationApiModule());
    install(new OrganizationJpaModule());
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
        if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
            bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
            bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
            bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
            bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
        }
        bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
        bind(ProfileDao.class).to(JpaProfileDao.class);
        bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
    } else {
        install(new KeycloakModule());
        install(new KeycloakUserRemoverModule());
        bind(AdminPermissionInitializer.class).asEagerSingleton();
        bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
    }
    install(new MachineAuthModule());
    // User and profile - use profile from keycloak and other stuff is JPA
    bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
    bind(UserDao.class).to(JpaUserDao.class);
    bind(PreferenceDao.class).to(JpaPreferenceDao.class);
    bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
    bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
    install(new InfraProxyModule());
}
Also used : NotImplementedTokenValidator(org.eclipse.che.api.user.server.NotImplementedTokenValidator) TokenValidator(org.eclipse.che.api.user.server.TokenValidator) OIDCInfoProvider(org.eclipse.che.multiuser.oidc.OIDCInfoProvider) KeycloakProviderConfigFactory(org.eclipse.che.workspace.infrastructure.openshift.multiuser.oauth.KeycloakProviderConfigFactory) WorkspaceLockService(org.eclipse.che.api.workspace.server.WorkspaceLockService) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) RemoteSubscriptionStorage(org.eclipse.che.api.core.notification.RemoteSubscriptionStorage) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) OrganizationJpaModule(org.eclipse.che.multiuser.organization.api.OrganizationJpaModule) MultiUserWorkspaceActivityModule(org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule) OAuthAPI(org.eclipse.che.security.oauth.OAuthAPI) EmbeddedOAuthAPI(org.eclipse.che.security.oauth.EmbeddedOAuthAPI) PBKDF2PasswordEncryptor(org.eclipse.che.security.PBKDF2PasswordEncryptor) PasswordEncryptor(org.eclipse.che.security.PasswordEncryptor) DataSource(javax.sql.DataSource) KeycloakUserRemoverModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakUserRemoverModule) KeycloakModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakModule) HeaderRequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.HeaderRequestTokenExtractor) RequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.RequestTokenExtractor) ProfileDao(org.eclipse.che.api.user.server.spi.ProfileDao) JpaProfileDao(org.eclipse.che.api.user.server.jpa.JpaProfileDao) UserDao(org.eclipse.che.api.user.server.spi.UserDao) JpaUserDao(org.eclipse.che.api.user.server.jpa.JpaUserDao) PermissionChecker(org.eclipse.che.multiuser.api.permission.server.PermissionChecker) AdminPermissionInitializer(org.eclipse.che.multiuser.api.permission.server.AdminPermissionInitializer) OIDCSigningKeyResolver(org.eclipse.che.multiuser.oidc.OIDCSigningKeyResolver) SigningKeyResolver(io.jsonwebtoken.SigningKeyResolver) InfraProxyModule(org.eclipse.che.api.infraproxy.server.InfraProxyModule) OrganizationApiModule(org.eclipse.che.multiuser.organization.api.OrganizationApiModule) PreferenceDao(org.eclipse.che.api.user.server.spi.PreferenceDao) JpaPreferenceDao(org.eclipse.che.api.user.server.jpa.JpaPreferenceDao) ResourceModule(org.eclipse.che.multiuser.resource.api.ResourceModule) JwtParser(io.jsonwebtoken.JwtParser) MachineAuthModule(org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule) KubernetesClientConfigFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientConfigFactory) JwkProvider(com.auth0.jwk.JwkProvider) OIDCJwkProvider(org.eclipse.che.multiuser.oidc.OIDCJwkProvider)

Aggregations

JwkProvider (com.auth0.jwk.JwkProvider)2 JwtParser (io.jsonwebtoken.JwtParser)2 SigningKeyResolver (io.jsonwebtoken.SigningKeyResolver)2 DataSource (javax.sql.DataSource)2 RemoteSubscriptionStorage (org.eclipse.che.api.core.notification.RemoteSubscriptionStorage)2 InfraProxyModule (org.eclipse.che.api.infraproxy.server.InfraProxyModule)2 NotImplementedTokenValidator (org.eclipse.che.api.user.server.NotImplementedTokenValidator)2 TokenValidator (org.eclipse.che.api.user.server.TokenValidator)2 JpaPreferenceDao (org.eclipse.che.api.user.server.jpa.JpaPreferenceDao)2 JpaProfileDao (org.eclipse.che.api.user.server.jpa.JpaProfileDao)2 JpaUserDao (org.eclipse.che.api.user.server.jpa.JpaUserDao)2 PreferenceDao (org.eclipse.che.api.user.server.spi.PreferenceDao)2 ProfileDao (org.eclipse.che.api.user.server.spi.ProfileDao)2 UserDao (org.eclipse.che.api.user.server.spi.UserDao)2 WorkspaceLockService (org.eclipse.che.api.workspace.server.WorkspaceLockService)2 WorkspaceStatusCache (org.eclipse.che.api.workspace.server.WorkspaceStatusCache)2 HeaderRequestTokenExtractor (org.eclipse.che.multiuser.api.authentication.commons.token.HeaderRequestTokenExtractor)2 RequestTokenExtractor (org.eclipse.che.multiuser.api.authentication.commons.token.RequestTokenExtractor)2 AdminPermissionInitializer (org.eclipse.che.multiuser.api.permission.server.AdminPermissionInitializer)2 PermissionChecker (org.eclipse.che.multiuser.api.permission.server.PermissionChecker)2