use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project che-server by eclipse-che.
the class WsMasterModule method configureMultiUserMode.
private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
install(new ReplicationModule(persistenceProperties));
bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
configureJwtProxySecureProvisioner(infrastructure);
} else {
bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
}
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
} else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
}
persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
install(new MultiUserWorkspaceActivityModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
// Permission filters
bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
install(new ResourceModule());
install(new OrganizationApiModule());
install(new OrganizationJpaModule());
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
}
bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
bind(ProfileDao.class).to(JpaProfileDao.class);
bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
} else {
install(new KeycloakModule());
install(new KeycloakUserRemoverModule());
bind(AdminPermissionInitializer.class).asEagerSingleton();
bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
}
install(new MachineAuthModule());
// User and profile - use profile from keycloak and other stuff is JPA
bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
bind(UserDao.class).to(JpaUserDao.class);
bind(PreferenceDao.class).to(JpaPreferenceDao.class);
bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
install(new InfraProxyModule());
}
use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project che-server by eclipse-che.
the class JpaEntitiesCascadeRemovalTest method setUp.
@BeforeMethod
public void setUp() throws Exception {
injector = Guice.createInjector(Stage.PRODUCTION, new AbstractModule() {
@Override
protected void configure() {
H2DBTestServer server = H2DBTestServer.startDefault();
install(new JpaPersistModule("main"));
bind(H2JpaCleaner.class).toInstance(new H2JpaCleaner(server));
bind(EventService.class).in(Singleton.class);
bind(SchemaInitializer.class).toInstance(new FlywaySchemaInitializer(server.getDataSource(), "che-schema"));
bind(DBInitializer.class).asEagerSingleton();
install(new InitModule(PostConstruct.class));
install(new UserJpaModule());
install(new AccountModule());
install(new SshJpaModule());
install(new FactoryJpaModule());
install(new OrganizationJpaModule());
install(new MultiuserWorkspaceJpaModule());
install(new MachineAuthModule());
install(new DevfileModule());
install(new MultiuserUserDevfileJpaModule());
bind(ExecutorServiceWrapper.class).to(NoopExecutorServiceWrapper.class);
bind(FreeResourcesLimitDao.class).to(JpaFreeResourcesLimitDao.class);
bind(RemoveFreeResourcesLimitSubscriber.class).asEagerSingleton();
// initialize empty binder
Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
bind(WorkspaceManager.class);
bind(WorkspaceLockService.class).to(DefaultWorkspaceLockService.class);
bind(WorkspaceStatusCache.class).to(DefaultWorkspaceStatusCache.class);
bind(RuntimeInfrastructure.class).toInstance(mock(RuntimeInfrastructure.class));
MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
bind(PermissionsManager.class);
bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
bind(AccountManager.class);
bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_snapshot")).toInstance(false);
bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_restore")).toInstance(false);
bind(Boolean.class).annotatedWith(Names.named("che.devworkspaces.enabled")).toInstance(false);
bind(WorkspaceSharedPool.class).toInstance(new WorkspaceSharedPool("cached", null, null, new NoopExecutorServiceWrapper()));
bind(String[].class).annotatedWith(Names.named("che.auth.reserved_user_names")).toInstance(new String[0]);
bind(RemoveOrganizationOnLastUserRemovedEventSubscriber.class).asEagerSingleton();
Multibinder.newSetBinder(binder(), ResourceLockKeyProvider.class);
Multibinder.newSetBinder(binder(), ResourceUsageTracker.class);
MapBinder.newMapBinder(binder(), String.class, AvailableResourcesProvider.class);
bind(String.class).annotatedWith(Names.named("che.workspace.plugin_registry_url")).toInstance("");
bind(String.class).annotatedWith(Names.named("che.factory.scm_file_fetcher_limit_bytes")).toInstance("1024");
MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
Multibinder.newSetBinder(binder(), ResourceType.class).addBinding().to(RamResourceType.class);
Multibinder.newSetBinder(binder(), ResourcesProvider.class).addBinding().toInstance((accountId) -> singletonList(new ProvidedResourcesImpl("test", null, accountId, -1L, -1L, singletonList(new ResourceImpl(RamResourceType.ID, 1024, RamResourceType.UNIT)))));
bindConstant().annotatedWith(Names.named("che.workspace.probe_pool_size")).to(1);
// setup bindings for the devfile that would otherwise be read from the config
bindConstant().annotatedWith(Names.named("che.workspace.devfile.default_editor")).to("default/editor/0.0.1");
bindConstant().annotatedWith(Names.named("che.websocket.endpoint")).to("che.websocket.endpoint");
bind(String.class).annotatedWith(Names.named("che.workspace.devfile.default_editor.plugins")).toInstance("default/plugin/0.0.1");
bind(String.class).annotatedWith(Names.named("che.workspace.devfile.async.storage.plugin")).toInstance("");
}
});
eventService = injector.getInstance(EventService.class);
accountDao = injector.getInstance(AccountDao.class);
accountManager = injector.getInstance(AccountManager.class);
userDao = injector.getInstance(UserDao.class);
userManager = injector.getInstance(UserManager.class);
preferenceDao = injector.getInstance(PreferenceDao.class);
profileDao = injector.getInstance(ProfileDao.class);
sshDao = injector.getInstance(SshDao.class);
workspaceDao = injector.getInstance(WorkspaceDao.class);
factoryDao = injector.getInstance(FactoryDao.class);
workerDao = injector.getInstance(WorkerDao.class);
userDevfileDao = injector.getInstance(UserDevfileDao.class);
userDevfilePermissionDao = injector.getInstance(UserDevfilePermissionDao.class);
signatureKeyDao = injector.getInstance(SignatureKeyDao.class);
freeResourcesLimitDao = injector.getInstance(FreeResourcesLimitDao.class);
organizationManager = injector.getInstance(OrganizationManager.class);
memberDao = injector.getInstance(MemberDao.class);
organizationResourcesDistributor = injector.getInstance(OrganizationResourcesDistributor.class);
h2JpaCleaner = injector.getInstance(H2JpaCleaner.class);
}
use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project devspaces-images by redhat-developer.
the class JpaEntitiesCascadeRemovalTest method setUp.
@BeforeMethod
public void setUp() throws Exception {
injector = Guice.createInjector(Stage.PRODUCTION, new AbstractModule() {
@Override
protected void configure() {
H2DBTestServer server = H2DBTestServer.startDefault();
install(new JpaPersistModule("main"));
bind(H2JpaCleaner.class).toInstance(new H2JpaCleaner(server));
bind(EventService.class).in(Singleton.class);
bind(SchemaInitializer.class).toInstance(new FlywaySchemaInitializer(server.getDataSource(), "che-schema"));
bind(DBInitializer.class).asEagerSingleton();
install(new InitModule(PostConstruct.class));
install(new UserJpaModule());
install(new AccountModule());
install(new SshJpaModule());
install(new FactoryJpaModule());
install(new OrganizationJpaModule());
install(new MultiuserWorkspaceJpaModule());
install(new MachineAuthModule());
install(new DevfileModule());
install(new MultiuserUserDevfileJpaModule());
bind(ExecutorServiceWrapper.class).to(NoopExecutorServiceWrapper.class);
bind(FreeResourcesLimitDao.class).to(JpaFreeResourcesLimitDao.class);
bind(RemoveFreeResourcesLimitSubscriber.class).asEagerSingleton();
// initialize empty binder
Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
bind(WorkspaceManager.class);
bind(WorkspaceLockService.class).to(DefaultWorkspaceLockService.class);
bind(WorkspaceStatusCache.class).to(DefaultWorkspaceStatusCache.class);
bind(RuntimeInfrastructure.class).toInstance(mock(RuntimeInfrastructure.class));
MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
bind(PermissionsManager.class);
bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
bind(AccountManager.class);
bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_snapshot")).toInstance(false);
bind(Boolean.class).annotatedWith(Names.named("che.workspace.auto_restore")).toInstance(false);
bind(Boolean.class).annotatedWith(Names.named("che.devworkspaces.enabled")).toInstance(false);
bind(WorkspaceSharedPool.class).toInstance(new WorkspaceSharedPool("cached", null, null, new NoopExecutorServiceWrapper()));
bind(String[].class).annotatedWith(Names.named("che.auth.reserved_user_names")).toInstance(new String[0]);
bind(RemoveOrganizationOnLastUserRemovedEventSubscriber.class).asEagerSingleton();
Multibinder.newSetBinder(binder(), ResourceLockKeyProvider.class);
Multibinder.newSetBinder(binder(), ResourceUsageTracker.class);
MapBinder.newMapBinder(binder(), String.class, AvailableResourcesProvider.class);
bind(String.class).annotatedWith(Names.named("che.workspace.plugin_registry_url")).toInstance("");
bind(String.class).annotatedWith(Names.named("che.factory.scm_file_fetcher_limit_bytes")).toInstance("1024");
MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
Multibinder.newSetBinder(binder(), ResourceType.class).addBinding().to(RamResourceType.class);
Multibinder.newSetBinder(binder(), ResourcesProvider.class).addBinding().toInstance((accountId) -> singletonList(new ProvidedResourcesImpl("test", null, accountId, -1L, -1L, singletonList(new ResourceImpl(RamResourceType.ID, 1024, RamResourceType.UNIT)))));
bindConstant().annotatedWith(Names.named("che.workspace.probe_pool_size")).to(1);
// setup bindings for the devfile that would otherwise be read from the config
bindConstant().annotatedWith(Names.named("che.workspace.devfile.default_editor")).to("default/editor/0.0.1");
bindConstant().annotatedWith(Names.named("che.websocket.endpoint")).to("che.websocket.endpoint");
bind(String.class).annotatedWith(Names.named("che.workspace.devfile.default_editor.plugins")).toInstance("default/plugin/0.0.1");
bind(String.class).annotatedWith(Names.named("che.workspace.devfile.async.storage.plugin")).toInstance("");
}
});
eventService = injector.getInstance(EventService.class);
accountDao = injector.getInstance(AccountDao.class);
accountManager = injector.getInstance(AccountManager.class);
userDao = injector.getInstance(UserDao.class);
userManager = injector.getInstance(UserManager.class);
preferenceDao = injector.getInstance(PreferenceDao.class);
profileDao = injector.getInstance(ProfileDao.class);
sshDao = injector.getInstance(SshDao.class);
workspaceDao = injector.getInstance(WorkspaceDao.class);
factoryDao = injector.getInstance(FactoryDao.class);
workerDao = injector.getInstance(WorkerDao.class);
userDevfileDao = injector.getInstance(UserDevfileDao.class);
userDevfilePermissionDao = injector.getInstance(UserDevfilePermissionDao.class);
signatureKeyDao = injector.getInstance(SignatureKeyDao.class);
freeResourcesLimitDao = injector.getInstance(FreeResourcesLimitDao.class);
organizationManager = injector.getInstance(OrganizationManager.class);
memberDao = injector.getInstance(MemberDao.class);
organizationResourcesDistributor = injector.getInstance(OrganizationResourcesDistributor.class);
h2JpaCleaner = injector.getInstance(H2JpaCleaner.class);
}
use of org.eclipse.che.multiuser.machine.authentication.server.MachineAuthModule in project devspaces-images by redhat-developer.
the class WsMasterModule method configureMultiUserMode.
private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
install(new ReplicationModule(persistenceProperties));
bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
configureJwtProxySecureProvisioner(infrastructure);
} else {
bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
}
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
} else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
}
persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
install(new MultiUserWorkspaceActivityModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
// Permission filters
bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
install(new ResourceModule());
install(new OrganizationApiModule());
install(new OrganizationJpaModule());
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
}
bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
bind(ProfileDao.class).to(JpaProfileDao.class);
bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
} else {
install(new KeycloakModule());
install(new KeycloakUserRemoverModule());
bind(AdminPermissionInitializer.class).asEagerSingleton();
bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
}
install(new MachineAuthModule());
// User and profile - use profile from keycloak and other stuff is JPA
bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
bind(UserDao.class).to(JpaUserDao.class);
bind(PreferenceDao.class).to(JpaPreferenceDao.class);
bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
install(new InfraProxyModule());
}
Aggregations