Search in sources :

Example 1 with MachineAuthModule

use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project che-server by eclipse-che.

the class WsMasterModule method configureMultiUserMode.

private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
    if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
        install(new ReplicationModule(persistenceProperties));
        bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
        configureJwtProxySecureProvisioner(infrastructure);
    } else {
        bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
        bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
        bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
    }
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
    } else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
        bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
    }
    persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
    bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
    install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
    install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
    install(new MultiUserWorkspaceActivityModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
    // Permission filters
    bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
    Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
    binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
    bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
    install(new ResourceModule());
    install(new OrganizationApiModule());
    install(new OrganizationJpaModule());
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
        if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
            bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
            bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
            bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
            bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
        }
        bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
        bind(ProfileDao.class).to(JpaProfileDao.class);
        bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
    } else {
        install(new KeycloakModule());
        install(new KeycloakUserRemoverModule());
        bind(AdminPermissionInitializer.class).asEagerSingleton();
        bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
    }
    install(new MachineAuthModule());
    // User and profile - use profile from keycloak and other stuff is JPA
    bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
    bind(UserDao.class).to(JpaUserDao.class);
    bind(PreferenceDao.class).to(JpaPreferenceDao.class);
    bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
    bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
    install(new InfraProxyModule());
}
Also used : NotImplementedTokenValidator(org.eclipse.che.api.user.server.NotImplementedTokenValidator) TokenValidator(org.eclipse.che.api.user.server.TokenValidator) OIDCInfoProvider(org.eclipse.che.multiuser.oidc.OIDCInfoProvider) KeycloakProviderConfigFactory(org.eclipse.che.workspace.infrastructure.openshift.multiuser.oauth.KeycloakProviderConfigFactory) WorkspaceLockService(org.eclipse.che.api.workspace.server.WorkspaceLockService) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) RemoteSubscriptionStorage(org.eclipse.che.api.core.notification.RemoteSubscriptionStorage) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) OrganizationJpaModule(org.eclipse.che.multiuser.organization.api.OrganizationJpaModule) MultiUserWorkspaceActivityModule(org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule) OAuthAPI(org.eclipse.che.security.oauth.OAuthAPI) EmbeddedOAuthAPI(org.eclipse.che.security.oauth.EmbeddedOAuthAPI) PBKDF2PasswordEncryptor(org.eclipse.che.security.PBKDF2PasswordEncryptor) PasswordEncryptor(org.eclipse.che.security.PasswordEncryptor) DataSource(javax.sql.DataSource) KeycloakUserRemoverModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakUserRemoverModule) KeycloakModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakModule) HeaderRequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.HeaderRequestTokenExtractor) RequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.RequestTokenExtractor) ProfileDao(org.eclipse.che.api.user.server.spi.ProfileDao) JpaProfileDao(org.eclipse.che.api.user.server.jpa.JpaProfileDao) UserDao(org.eclipse.che.api.user.server.spi.UserDao) JpaUserDao(org.eclipse.che.api.user.server.jpa.JpaUserDao) PermissionChecker(org.eclipse.che.multiuser.api.permission.server.PermissionChecker) AdminPermissionInitializer(org.eclipse.che.multiuser.api.permission.server.AdminPermissionInitializer) OIDCSigningKeyResolver(org.eclipse.che.multiuser.oidc.OIDCSigningKeyResolver) SigningKeyResolver(io.jsonwebtoken.SigningKeyResolver) InfraProxyModule(org.eclipse.che.api.infraproxy.server.InfraProxyModule) OrganizationApiModule(org.eclipse.che.multiuser.organization.api.OrganizationApiModule) PreferenceDao(org.eclipse.che.api.user.server.spi.PreferenceDao) JpaPreferenceDao(org.eclipse.che.api.user.server.jpa.JpaPreferenceDao) ResourceModule(org.eclipse.che.multiuser.resource.api.ResourceModule) JwtParser(io.jsonwebtoken.JwtParser) MachineAuthModule(org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule) KubernetesClientConfigFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientConfigFactory) JwkProvider(com.auth0.jwk.JwkProvider) OIDCJwkProvider(org.eclipse.che.multiuser.oidc.OIDCJwkProvider)

Example 2 with MachineAuthModule

use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project che-server by eclipse-che.

the class JpaEntitiesCascadeRemovalTest method setUp.

@BeforeMethod
public void setUp() throws Exception {
    injector = Guice.createInjector(Stage.PRODUCTION, new AbstractModule() {

        @Override
        protected void configure() {
            H2DBTestServer server = H2DBTestServer.startDefault();
            install(new JpaPersistModule("main"));
            bind(H2JpaCleaner.class).toInstance(new H2JpaCleaner(server));
            bind(EventService.class).in(Singleton.class);
            bind(SchemaInitializer.class).toInstance(new FlywaySchemaInitializer(server.getDataSource(), "che-schema"));
            bind(DBInitializer.class).asEagerSingleton();
            install(new InitModule(PostConstruct.class));
            install(new UserJpaModule());
            install(new AccountModule());
            install(new SshJpaModule());
            install(new FactoryJpaModule());
            install(new OrganizationJpaModule());
            install(new MultiuserWorkspaceJpaModule());
            install(new MachineAuthModule());
            install(new DevfileModule());
            install(new MultiuserUserDevfileJpaModule());
            bind(ExecutorServiceWrapper.class).to(NoopExecutorServiceWrapper.class);
            bind(FreeResourcesLimitDao.class).to(JpaFreeResourcesLimitDao.class);
            bind(RemoveFreeResourcesLimitSubscriber.class).asEagerSingleton();
            // initialize empty binder
            Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
            bind(WorkspaceManager.class);
            bind(WorkspaceLockService.class).to(DefaultWorkspaceLockService.class);
            bind(WorkspaceStatusCache.class).to(DefaultWorkspaceStatusCache.class);
            bind(RuntimeInfrastructure.class).toInstance(mock(RuntimeInfrastructure.class));
            MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
            bind(PermissionsManager.class);
            bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
            bind(AccountManager.class);
            bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_snapshot")).toInstance(false);
            bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_restore")).toInstance(false);
            bind(Boolean.class).annotatedWith(Names.named("che.devworkspaces.enabled")).toInstance(false);
            bind(WorkspaceSharedPool.class).toInstance(new WorkspaceSharedPool("cached", null, null, new NoopExecutorServiceWrapper()));
            bind(String[].class).annotatedWith(Names.named("che.auth.reserved_user_names")).toInstance(new String[0]);
            bind(RemoveOrganizationOnLastUserRemovedEventSubscriber.class).asEagerSingleton();
            Multibinder.newSetBinder(binder(), ResourceLockKeyProvider.class);
            Multibinder.newSetBinder(binder(), ResourceUsageTracker.class);
            MapBinder.newMapBinder(binder(), String.class, AvailableResourcesProvider.class);
            bind(String.class).annotatedWith(Names.named("che.workspace.plugin_registry_url")).toInstance("");
            bind(String.class).annotatedWith(Names.named("che.factory.scm_file_fetcher_limit_bytes")).toInstance("1024");
            MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
            Multibinder.newSetBinder(binder(), ResourceType.class).addBinding().to(RamResourceType.class);
            Multibinder.newSetBinder(binder(), ResourcesProvider.class).addBinding().toInstance((accountId) -> singletonList(new ProvidedResourcesImpl("test", null, accountId, -1L, -1L, singletonList(new ResourceImpl(RamResourceType.ID, 1024, RamResourceType.UNIT)))));
            bindConstant().annotatedWith(Names.named("che.workspace.probe_pool_size")).to(1);
            // setup bindings for the devfile that would otherwise be read from the config
            bindConstant().annotatedWith(Names.named("che.workspace.devfile.default_editor")).to("default/editor/0.0.1");
            bindConstant().annotatedWith(Names.named("che.websocket.endpoint")).to("che.websocket.endpoint");
            bind(String.class).annotatedWith(Names.named("che.workspace.devfile.default_editor.plugins")).toInstance("default/plugin/0.0.1");
            bind(String.class).annotatedWith(Names.named("che.workspace.devfile.async.storage.plugin")).toInstance("");
        }
    });
    eventService = injector.getInstance(EventService.class);
    accountDao = injector.getInstance(AccountDao.class);
    accountManager = injector.getInstance(AccountManager.class);
    userDao = injector.getInstance(UserDao.class);
    userManager = injector.getInstance(UserManager.class);
    preferenceDao = injector.getInstance(PreferenceDao.class);
    profileDao = injector.getInstance(ProfileDao.class);
    sshDao = injector.getInstance(SshDao.class);
    workspaceDao = injector.getInstance(WorkspaceDao.class);
    factoryDao = injector.getInstance(FactoryDao.class);
    workerDao = injector.getInstance(WorkerDao.class);
    userDevfileDao = injector.getInstance(UserDevfileDao.class);
    userDevfilePermissionDao = injector.getInstance(UserDevfilePermissionDao.class);
    signatureKeyDao = injector.getInstance(SignatureKeyDao.class);
    freeResourcesLimitDao = injector.getInstance(FreeResourcesLimitDao.class);
    organizationManager = injector.getInstance(OrganizationManager.class);
    memberDao = injector.getInstance(MemberDao.class);
    organizationResourcesDistributor = injector.getInstance(OrganizationResourcesDistributor.class);
    h2JpaCleaner = injector.getInstance(H2JpaCleaner.class);
}
Also used : RuntimeInfrastructure(org.eclipse.che.api.workspace.server.spi.RuntimeInfrastructure) ProvidedResourcesImpl(org.eclipse.che.multiuser.resource.spi.impl.ProvidedResourcesImpl) ExecutorServiceWrapper(org.eclipse.che.commons.observability.ExecutorServiceWrapper) NoopExecutorServiceWrapper(org.eclipse.che.commons.observability.NoopExecutorServiceWrapper) UserDevfilePermissionDao(org.eclipse.che.multiuser.permission.devfile.server.spi.UserDevfilePermissionDao) UserJpaModule(org.eclipse.che.api.user.server.jpa.UserJpaModule) MemberDao(org.eclipse.che.multiuser.organization.spi.MemberDao) InitModule(org.eclipse.che.inject.lifecycle.InitModule) H2JpaCleaner(org.eclipse.che.commons.test.db.H2JpaCleaner) OrganizationManager(org.eclipse.che.multiuser.organization.api.OrganizationManager) NoopExecutorServiceWrapper(org.eclipse.che.commons.observability.NoopExecutorServiceWrapper) UserDevfileDao(org.eclipse.che.api.devfile.server.spi.UserDevfileDao) WorkspaceSharedPool(org.eclipse.che.api.workspace.server.WorkspaceSharedPool) SignatureKeyDao(org.eclipse.che.multiuser.machine.authentication.server.signature.spi.SignatureKeyDao) SchemaInitializer(org.eclipse.che.core.db.schema.SchemaInitializer) FlywaySchemaInitializer(org.eclipse.che.core.db.schema.impl.flyway.FlywaySchemaInitializer) FlywaySchemaInitializer(org.eclipse.che.core.db.schema.impl.flyway.FlywaySchemaInitializer) ProfileDao(org.eclipse.che.api.user.server.spi.ProfileDao) WorkerDao(org.eclipse.che.multiuser.permission.workspace.server.spi.WorkerDao) UserDao(org.eclipse.che.api.user.server.spi.UserDao) DBInitializer(org.eclipse.che.core.db.DBInitializer) AccountModule(org.eclipse.che.account.api.AccountModule) PermissionChecker(org.eclipse.che.multiuser.api.permission.server.PermissionChecker) DevfileModule(org.eclipse.che.api.workspace.server.devfile.DevfileModule) FactoryDao(org.eclipse.che.api.factory.server.spi.FactoryDao) RemoveFreeResourcesLimitSubscriber(org.eclipse.che.multiuser.resource.spi.jpa.JpaFreeResourcesLimitDao.RemoveFreeResourcesLimitSubscriber) WorkspaceLockService(org.eclipse.che.api.workspace.server.WorkspaceLockService) DefaultWorkspaceLockService(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService) OrganizationResourcesDistributor(org.eclipse.che.multiuser.organization.api.resource.OrganizationResourcesDistributor) H2DBTestServer(org.eclipse.che.commons.test.db.H2DBTestServer) OrganizationJpaModule(org.eclipse.che.multiuser.organization.api.OrganizationJpaModule) DefaultWorkspaceStatusCache(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) MultiuserUserDevfileJpaModule(org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule) EventService(org.eclipse.che.api.core.notification.EventService) FactoryJpaModule(org.eclipse.che.api.factory.server.jpa.FactoryJpaModule) MultiuserWorkspaceJpaModule(org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule) AccountDao(org.eclipse.che.account.spi.AccountDao) PreferenceDao(org.eclipse.che.api.user.server.spi.PreferenceDao) SshDao(org.eclipse.che.api.ssh.server.spi.SshDao) JpaPersistModule(com.google.inject.persist.jpa.JpaPersistModule) AbstractModule(com.google.inject.AbstractModule) MachineAuthModule(org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule) ResourceImpl(org.eclipse.che.multiuser.resource.spi.impl.ResourceImpl) UserManager(org.eclipse.che.api.user.server.UserManager) FreeResourcesLimitDao(org.eclipse.che.multiuser.resource.spi.FreeResourcesLimitDao) JpaFreeResourcesLimitDao(org.eclipse.che.multiuser.resource.spi.jpa.JpaFreeResourcesLimitDao) RemoveOrganizationOnLastUserRemovedEventSubscriber(org.eclipse.che.multiuser.organization.api.listener.RemoveOrganizationOnLastUserRemovedEventSubscriber) AccountManager(org.eclipse.che.account.api.AccountManager) SshJpaModule(org.eclipse.che.api.ssh.server.jpa.SshJpaModule) PostConstruct(jakarta.annotation.PostConstruct) WorkspaceDao(org.eclipse.che.api.workspace.server.spi.WorkspaceDao) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 3 with MachineAuthModule

use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project devspaces-images by redhat-developer.

the class JpaEntitiesCascadeRemovalTest method setUp.

@BeforeMethod
public void setUp() throws Exception {
    injector = Guice.createInjector(Stage.PRODUCTION, new AbstractModule() {

        @Override
        protected void configure() {
            H2DBTestServer server = H2DBTestServer.startDefault();
            install(new JpaPersistModule("main"));
            bind(H2JpaCleaner.class).toInstance(new H2JpaCleaner(server));
            bind(EventService.class).in(Singleton.class);
            bind(SchemaInitializer.class).toInstance(new FlywaySchemaInitializer(server.getDataSource(), "che-schema"));
            bind(DBInitializer.class).asEagerSingleton();
            install(new InitModule(PostConstruct.class));
            install(new UserJpaModule());
            install(new AccountModule());
            install(new SshJpaModule());
            install(new FactoryJpaModule());
            install(new OrganizationJpaModule());
            install(new MultiuserWorkspaceJpaModule());
            install(new MachineAuthModule());
            install(new DevfileModule());
            install(new MultiuserUserDevfileJpaModule());
            bind(ExecutorServiceWrapper.class).to(NoopExecutorServiceWrapper.class);
            bind(FreeResourcesLimitDao.class).to(JpaFreeResourcesLimitDao.class);
            bind(RemoveFreeResourcesLimitSubscriber.class).asEagerSingleton();
            // initialize empty binder
            Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
            bind(WorkspaceManager.class);
            bind(WorkspaceLockService.class).to(DefaultWorkspaceLockService.class);
            bind(WorkspaceStatusCache.class).to(DefaultWorkspaceStatusCache.class);
            bind(RuntimeInfrastructure.class).toInstance(mock(RuntimeInfrastructure.class));
            MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
            bind(PermissionsManager.class);
            bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
            bind(AccountManager.class);
            bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_snapshot")).toInstance(false);
            bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_restore")).toInstance(false);
            bind(Boolean.class).annotatedWith(Names.named("che.devworkspaces.enabled")).toInstance(false);
            bind(WorkspaceSharedPool.class).toInstance(new WorkspaceSharedPool("cached", null, null, new NoopExecutorServiceWrapper()));
            bind(String[].class).annotatedWith(Names.named("che.auth.reserved_user_names")).toInstance(new String[0]);
            bind(RemoveOrganizationOnLastUserRemovedEventSubscriber.class).asEagerSingleton();
            Multibinder.newSetBinder(binder(), ResourceLockKeyProvider.class);
            Multibinder.newSetBinder(binder(), ResourceUsageTracker.class);
            MapBinder.newMapBinder(binder(), String.class, AvailableResourcesProvider.class);
            bind(String.class).annotatedWith(Names.named("che.workspace.plugin_registry_url")).toInstance("");
            bind(String.class).annotatedWith(Names.named("che.factory.scm_file_fetcher_limit_bytes")).toInstance("1024");
            MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
            Multibinder.newSetBinder(binder(), ResourceType.class).addBinding().to(RamResourceType.class);
            Multibinder.newSetBinder(binder(), ResourcesProvider.class).addBinding().toInstance((accountId) -> singletonList(new ProvidedResourcesImpl("test", null, accountId, -1L, -1L, singletonList(new ResourceImpl(RamResourceType.ID, 1024, RamResourceType.UNIT)))));
            bindConstant().annotatedWith(Names.named("che.workspace.probe_pool_size")).to(1);
            // setup bindings for the devfile that would otherwise be read from the config
            bindConstant().annotatedWith(Names.named("che.workspace.devfile.default_editor")).to("default/editor/0.0.1");
            bindConstant().annotatedWith(Names.named("che.websocket.endpoint")).to("che.websocket.endpoint");
            bind(String.class).annotatedWith(Names.named("che.workspace.devfile.default_editor.plugins")).toInstance("default/plugin/0.0.1");
            bind(String.class).annotatedWith(Names.named("che.workspace.devfile.async.storage.plugin")).toInstance("");
        }
    });
    eventService = injector.getInstance(EventService.class);
    accountDao = injector.getInstance(AccountDao.class);
    accountManager = injector.getInstance(AccountManager.class);
    userDao = injector.getInstance(UserDao.class);
    userManager = injector.getInstance(UserManager.class);
    preferenceDao = injector.getInstance(PreferenceDao.class);
    profileDao = injector.getInstance(ProfileDao.class);
    sshDao = injector.getInstance(SshDao.class);
    workspaceDao = injector.getInstance(WorkspaceDao.class);
    factoryDao = injector.getInstance(FactoryDao.class);
    workerDao = injector.getInstance(WorkerDao.class);
    userDevfileDao = injector.getInstance(UserDevfileDao.class);
    userDevfilePermissionDao = injector.getInstance(UserDevfilePermissionDao.class);
    signatureKeyDao = injector.getInstance(SignatureKeyDao.class);
    freeResourcesLimitDao = injector.getInstance(FreeResourcesLimitDao.class);
    organizationManager = injector.getInstance(OrganizationManager.class);
    memberDao = injector.getInstance(MemberDao.class);
    organizationResourcesDistributor = injector.getInstance(OrganizationResourcesDistributor.class);
    h2JpaCleaner = injector.getInstance(H2JpaCleaner.class);
}
Also used : RuntimeInfrastructure(org.eclipse.che.api.workspace.server.spi.RuntimeInfrastructure) ProvidedResourcesImpl(org.eclipse.che.multiuser.resource.spi.impl.ProvidedResourcesImpl) ExecutorServiceWrapper(org.eclipse.che.commons.observability.ExecutorServiceWrapper) NoopExecutorServiceWrapper(org.eclipse.che.commons.observability.NoopExecutorServiceWrapper) UserDevfilePermissionDao(org.eclipse.che.multiuser.permission.devfile.server.spi.UserDevfilePermissionDao) UserJpaModule(org.eclipse.che.api.user.server.jpa.UserJpaModule) MemberDao(org.eclipse.che.multiuser.organization.spi.MemberDao) InitModule(org.eclipse.che.inject.lifecycle.InitModule) H2JpaCleaner(org.eclipse.che.commons.test.db.H2JpaCleaner) OrganizationManager(org.eclipse.che.multiuser.organization.api.OrganizationManager) NoopExecutorServiceWrapper(org.eclipse.che.commons.observability.NoopExecutorServiceWrapper) UserDevfileDao(org.eclipse.che.api.devfile.server.spi.UserDevfileDao) WorkspaceSharedPool(org.eclipse.che.api.workspace.server.WorkspaceSharedPool) SignatureKeyDao(org.eclipse.che.multiuser.machine.authentication.server.signature.spi.SignatureKeyDao) SchemaInitializer(org.eclipse.che.core.db.schema.SchemaInitializer) FlywaySchemaInitializer(org.eclipse.che.core.db.schema.impl.flyway.FlywaySchemaInitializer) FlywaySchemaInitializer(org.eclipse.che.core.db.schema.impl.flyway.FlywaySchemaInitializer) ProfileDao(org.eclipse.che.api.user.server.spi.ProfileDao) WorkerDao(org.eclipse.che.multiuser.permission.workspace.server.spi.WorkerDao) UserDao(org.eclipse.che.api.user.server.spi.UserDao) DBInitializer(org.eclipse.che.core.db.DBInitializer) AccountModule(org.eclipse.che.account.api.AccountModule) PermissionChecker(org.eclipse.che.multiuser.api.permission.server.PermissionChecker) DevfileModule(org.eclipse.che.api.workspace.server.devfile.DevfileModule) FactoryDao(org.eclipse.che.api.factory.server.spi.FactoryDao) RemoveFreeResourcesLimitSubscriber(org.eclipse.che.multiuser.resource.spi.jpa.JpaFreeResourcesLimitDao.RemoveFreeResourcesLimitSubscriber) WorkspaceLockService(org.eclipse.che.api.workspace.server.WorkspaceLockService) DefaultWorkspaceLockService(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService) OrganizationResourcesDistributor(org.eclipse.che.multiuser.organization.api.resource.OrganizationResourcesDistributor) H2DBTestServer(org.eclipse.che.commons.test.db.H2DBTestServer) OrganizationJpaModule(org.eclipse.che.multiuser.organization.api.OrganizationJpaModule) DefaultWorkspaceStatusCache(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) MultiuserUserDevfileJpaModule(org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule) EventService(org.eclipse.che.api.core.notification.EventService) FactoryJpaModule(org.eclipse.che.api.factory.server.jpa.FactoryJpaModule) MultiuserWorkspaceJpaModule(org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule) AccountDao(org.eclipse.che.account.spi.AccountDao) PreferenceDao(org.eclipse.che.api.user.server.spi.PreferenceDao) SshDao(org.eclipse.che.api.ssh.server.spi.SshDao) JpaPersistModule(com.google.inject.persist.jpa.JpaPersistModule) AbstractModule(com.google.inject.AbstractModule) MachineAuthModule(org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule) ResourceImpl(org.eclipse.che.multiuser.resource.spi.impl.ResourceImpl) UserManager(org.eclipse.che.api.user.server.UserManager) FreeResourcesLimitDao(org.eclipse.che.multiuser.resource.spi.FreeResourcesLimitDao) JpaFreeResourcesLimitDao(org.eclipse.che.multiuser.resource.spi.jpa.JpaFreeResourcesLimitDao) RemoveOrganizationOnLastUserRemovedEventSubscriber(org.eclipse.che.multiuser.organization.api.listener.RemoveOrganizationOnLastUserRemovedEventSubscriber) AccountManager(org.eclipse.che.account.api.AccountManager) SshJpaModule(org.eclipse.che.api.ssh.server.jpa.SshJpaModule) PostConstruct(jakarta.annotation.PostConstruct) WorkspaceDao(org.eclipse.che.api.workspace.server.spi.WorkspaceDao) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 4 with MachineAuthModule

use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project devspaces-images by redhat-developer.

the class WsMasterModule method configureMultiUserMode.

private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
    if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
        install(new ReplicationModule(persistenceProperties));
        bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
        configureJwtProxySecureProvisioner(infrastructure);
    } else {
        bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
        bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
        bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
    }
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
    } else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
        bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
    }
    persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
    bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
    install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
    install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
    install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
    install(new MultiUserWorkspaceActivityModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
    install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
    // Permission filters
    bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
    Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
    binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
    bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
    bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
    install(new ResourceModule());
    install(new OrganizationApiModule());
    install(new OrganizationJpaModule());
    if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
        bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
        if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
            bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
            bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
            bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
            bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
        }
        bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
        bind(ProfileDao.class).to(JpaProfileDao.class);
        bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
    } else {
        install(new KeycloakModule());
        install(new KeycloakUserRemoverModule());
        bind(AdminPermissionInitializer.class).asEagerSingleton();
        bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
    }
    install(new MachineAuthModule());
    // User and profile - use profile from keycloak and other stuff is JPA
    bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
    bind(UserDao.class).to(JpaUserDao.class);
    bind(PreferenceDao.class).to(JpaPreferenceDao.class);
    bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
    bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
    install(new InfraProxyModule());
}
Also used : NotImplementedTokenValidator(org.eclipse.che.api.user.server.NotImplementedTokenValidator) TokenValidator(org.eclipse.che.api.user.server.TokenValidator) OIDCInfoProvider(org.eclipse.che.multiuser.oidc.OIDCInfoProvider) KeycloakProviderConfigFactory(org.eclipse.che.workspace.infrastructure.openshift.multiuser.oauth.KeycloakProviderConfigFactory) WorkspaceLockService(org.eclipse.che.api.workspace.server.WorkspaceLockService) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) RemoteSubscriptionStorage(org.eclipse.che.api.core.notification.RemoteSubscriptionStorage) WorkspaceStatusCache(org.eclipse.che.api.workspace.server.WorkspaceStatusCache) OrganizationJpaModule(org.eclipse.che.multiuser.organization.api.OrganizationJpaModule) MultiUserWorkspaceActivityModule(org.eclipse.che.multiuser.api.workspace.activity.MultiUserWorkspaceActivityModule) OAuthAPI(org.eclipse.che.security.oauth.OAuthAPI) EmbeddedOAuthAPI(org.eclipse.che.security.oauth.EmbeddedOAuthAPI) PBKDF2PasswordEncryptor(org.eclipse.che.security.PBKDF2PasswordEncryptor) PasswordEncryptor(org.eclipse.che.security.PasswordEncryptor) DataSource(javax.sql.DataSource) KeycloakUserRemoverModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakUserRemoverModule) KeycloakModule(org.eclipse.che.multiuser.keycloak.server.deploy.KeycloakModule) HeaderRequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.HeaderRequestTokenExtractor) RequestTokenExtractor(org.eclipse.che.multiuser.api.authentication.commons.token.RequestTokenExtractor) ProfileDao(org.eclipse.che.api.user.server.spi.ProfileDao) JpaProfileDao(org.eclipse.che.api.user.server.jpa.JpaProfileDao) UserDao(org.eclipse.che.api.user.server.spi.UserDao) JpaUserDao(org.eclipse.che.api.user.server.jpa.JpaUserDao) PermissionChecker(org.eclipse.che.multiuser.api.permission.server.PermissionChecker) AdminPermissionInitializer(org.eclipse.che.multiuser.api.permission.server.AdminPermissionInitializer) OIDCSigningKeyResolver(org.eclipse.che.multiuser.oidc.OIDCSigningKeyResolver) SigningKeyResolver(io.jsonwebtoken.SigningKeyResolver) InfraProxyModule(org.eclipse.che.api.infraproxy.server.InfraProxyModule) OrganizationApiModule(org.eclipse.che.multiuser.organization.api.OrganizationApiModule) PreferenceDao(org.eclipse.che.api.user.server.spi.PreferenceDao) JpaPreferenceDao(org.eclipse.che.api.user.server.jpa.JpaPreferenceDao) ResourceModule(org.eclipse.che.multiuser.resource.api.ResourceModule) JwtParser(io.jsonwebtoken.JwtParser) MachineAuthModule(org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule) KubernetesClientConfigFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientConfigFactory) JwkProvider(com.auth0.jwk.JwkProvider) OIDCJwkProvider(org.eclipse.che.multiuser.oidc.OIDCJwkProvider)

Aggregations

PreferenceDao (org.eclipse.che.api.user.server.spi.PreferenceDao)4 ProfileDao (org.eclipse.che.api.user.server.spi.ProfileDao)4 UserDao (org.eclipse.che.api.user.server.spi.UserDao)4 WorkspaceLockService (org.eclipse.che.api.workspace.server.WorkspaceLockService)4 WorkspaceStatusCache (org.eclipse.che.api.workspace.server.WorkspaceStatusCache)4 PermissionChecker (org.eclipse.che.multiuser.api.permission.server.PermissionChecker)4 MachineAuthModule (org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule)4 OrganizationJpaModule (org.eclipse.che.multiuser.organization.api.OrganizationJpaModule)4 AbstractModule (com.google.inject.AbstractModule)2 JpaPersistModule (com.google.inject.persist.jpa.JpaPersistModule)2 PostConstruct (jakarta.annotation.PostConstruct)2 AccountManager (org.eclipse.che.account.api.AccountManager)2 AccountModule (org.eclipse.che.account.api.AccountModule)2 AccountDao (org.eclipse.che.account.spi.AccountDao)2 EventService (org.eclipse.che.api.core.notification.EventService)2 UserDevfileDao (org.eclipse.che.api.devfile.server.spi.UserDevfileDao)2 FactoryJpaModule (org.eclipse.che.api.factory.server.jpa.FactoryJpaModule)2 FactoryDao (org.eclipse.che.api.factory.server.spi.FactoryDao)2 SshJpaModule (org.eclipse.che.api.ssh.server.jpa.SshJpaModule)2 SshDao (org.eclipse.che.api.ssh.server.spi.SshDao)2