Search in sources :

Example 1 with RealmConfiguration

use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.

the class Server method getLoginConfiguration.

@Override
public Map<String, String> getLoginConfiguration(ProtocolServer protocolServer) {
    Map<String, String> loginConfiguration = new HashMap<>();
    // Get the REST endpoint's authentication configuration
    RestServerConfiguration rest = (RestServerConfiguration) protocolServer.getConfiguration();
    if (rest.authentication().mechanisms().contains("BEARER_TOKEN")) {
        // Find the token realm
        RealmConfiguration realm = serverConfiguration.security().realms().getRealm(rest.authentication().securityRealm());
        TokenRealmConfiguration realmConfiguration = realm.realmProviders().stream().filter(r -> r instanceof TokenRealmConfiguration).map(r -> (TokenRealmConfiguration) r).findFirst().get();
        loginConfiguration.put("mode", "OIDC");
        loginConfiguration.put("url", realmConfiguration.authServerUrl());
        loginConfiguration.put("realm", realmConfiguration.name());
        loginConfiguration.put("clientId", realmConfiguration.clientId());
    } else {
        loginConfiguration.put("mode", "HTTP");
        for (String mechanism : rest.authentication().mechanisms()) {
            loginConfiguration.put(mechanism, "true");
        }
    }
    Authenticator authenticator = rest.authentication().authenticator();
    loginConfiguration.put("ready", Boolean.toString(authenticator == null || authenticator.isReadyForHttpChallenge()));
    return loginConfiguration;
}
Also used : SSLContext(javax.net.ssl.SSLContext) ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) LogFactory(org.infinispan.util.logging.LogFactory) DataSourceFactory(org.infinispan.server.datasource.DataSourceFactory) WildFlyElytronHttpBasicProvider(org.wildfly.security.http.basic.WildFlyElytronHttpBasicProvider) KnownComponentNames(org.infinispan.factories.KnownComponentNames) GlobalConfigurationManager(org.infinispan.globalstate.GlobalConfigurationManager) Log(org.infinispan.server.logging.Log) WildFlyElytronHttpSpnegoProvider(org.wildfly.security.http.spnego.WildFlyElytronHttpSpnegoProvider) WildFlyElytronHttpClientCertProvider(org.wildfly.security.http.cert.WildFlyElytronHttpClientCertProvider) BasicComponentRegistry(org.infinispan.factories.impl.BasicComponentRegistry) DefaultCacheManager(org.infinispan.manager.DefaultCacheManager) ConfigurationBuilderHolder(org.infinispan.configuration.parsing.ConfigurationBuilderHolder) Map(java.util.Map) TaskManager(org.infinispan.tasks.TaskManager) DataSourceConfiguration(org.infinispan.server.configuration.DataSourceConfiguration) ElytronSASLAuthenticationProvider(org.infinispan.server.security.ElytronSASLAuthenticationProvider) ServerStateManagerImpl(org.infinispan.server.state.ServerStateManagerImpl) Path(java.nio.file.Path) NamingManager(javax.naming.spi.NamingManager) HotRodServer(org.infinispan.server.hotrod.HotRodServer) WildFlyElytronSaslExternalProvider(org.wildfly.security.sasl.external.WildFlyElytronSaslExternalProvider) WildFlyElytronSaslScramProvider(org.wildfly.security.sasl.scram.WildFlyElytronSaslScramProvider) InitialContext(javax.naming.InitialContext) SinglePortRouteSource(org.infinispan.server.router.routes.singleport.SinglePortRouteSource) JGroupsTransport(org.infinispan.remoting.transport.jgroups.JGroupsTransport) NamedSocketFactory(org.infinispan.remoting.transport.jgroups.NamedSocketFactory) AuthorizationPermission(org.infinispan.security.AuthorizationPermission) Set(java.util.Set) EndpointConfiguration(org.infinispan.server.configuration.endpoint.EndpointConfiguration) Executors(java.util.concurrent.Executors) ComponentStatus(org.infinispan.lifecycle.ComponentStatus) RouteDestination(org.infinispan.server.router.routes.RouteDestination) CompletionStage(java.util.concurrent.CompletionStage) ConfigurationFor(org.infinispan.commons.configuration.ConfigurationFor) RestServerRouteDestination(org.infinispan.server.router.routes.rest.RestServerRouteDestination) SerializeWith(org.infinispan.commons.marshall.SerializeWith) ProtocolServerConfiguration(org.infinispan.server.core.configuration.ProtocolServerConfiguration) RouteSource(org.infinispan.server.router.routes.RouteSource) StringBuilderWriter(org.infinispan.commons.io.StringBuilderWriter) SerializableFunction(org.infinispan.util.function.SerializableFunction) HotRodServerRouteDestination(org.infinispan.server.router.routes.hotrod.HotRodServerRouteDestination) EndpointConfigurationBuilder(org.infinispan.server.configuration.endpoint.EndpointConfigurationBuilder) Supplier(java.util.function.Supplier) EmbeddedCacheManager(org.infinispan.manager.EmbeddedCacheManager) ClusterExecutor(org.infinispan.manager.ClusterExecutor) WildFlyElytronSaslLocalUserProvider(org.wildfly.security.sasl.localuser.WildFlyElytronSaslLocalUserProvider) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) ProtocolServerConfigurationBuilder(org.infinispan.server.core.configuration.ProtocolServerConfigurationBuilder) Address(org.infinispan.remoting.transport.Address) Route(org.infinispan.server.router.routes.Route) PrivilegedActionException(java.security.PrivilegedActionException) Properties(java.util.Properties) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) IOException(java.io.IOException) Authenticator(org.infinispan.rest.authentication.Authenticator) ServerManagement(org.infinispan.server.core.ServerManagement) InputStreamReader(java.io.InputStreamReader) TransportSecurityConfiguration(org.infinispan.server.configuration.security.TransportSecurityConfiguration) File(java.io.File) BackupManager(org.infinispan.server.core.BackupManager) WildFlyElytronSaslGs2Provider(org.wildfly.security.sasl.gs2.WildFlyElytronSaslGs2Provider) ServerConfiguration(org.infinispan.server.configuration.ServerConfiguration) Paths(java.nio.file.Paths) RespServerConfiguration(org.infinispan.server.resp.configuration.RespServerConfiguration) BufferedReader(java.io.BufferedReader) RestServerConfiguration(org.infinispan.rest.configuration.RestServerConfiguration) DefaultTimeService(org.infinispan.commons.time.DefaultTimeService) ConfigurationWriter(org.infinispan.commons.configuration.io.ConfigurationWriter) URL(java.net.URL) ObjectOutput(java.io.ObjectOutput) ServerAdminOperationsHandler(org.infinispan.server.tasks.admin.ServerAdminOperationsHandler) LoggingAuditLogger(org.infinispan.security.audit.LoggingAuditLogger) ProtocolServer(org.infinispan.server.core.ProtocolServer) CompletableFutures(org.infinispan.util.concurrent.CompletableFutures) ProcessInfo(org.infinispan.commons.jdkspecific.ProcessInfo) CacheConfigurationException(org.infinispan.commons.CacheConfigurationException) WildFlyElytronHttpBearerProvider(org.wildfly.security.http.bearer.WildFlyElytronHttpBearerProvider) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) RespServerRouteDestination(org.infinispan.server.router.routes.resp.RespServerRouteDestination) Collectors(java.util.stream.Collectors) List(java.util.List) OS(org.infinispan.commons.util.OS) ObjectInput(java.io.ObjectInput) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) SinglePortRouterConfiguration(org.infinispan.server.router.configuration.SinglePortRouterConfiguration) RealmConfiguration(org.infinispan.server.configuration.security.RealmConfiguration) WildFlyElytronHttpDigestProvider(org.wildfly.security.http.digest.WildFlyElytronHttpDigestProvider) RestServer(org.infinispan.rest.RestServer) HashMap(java.util.HashMap) CompletableFuture(java.util.concurrent.CompletableFuture) WildFlyElytronSaslOAuth2Provider(org.wildfly.security.sasl.oauth2.WildFlyElytronSaslOAuth2Provider) RequestTracer(org.infinispan.server.core.RequestTracer) WildFlyElytronSaslGssapiProvider(org.wildfly.security.sasl.gssapi.WildFlyElytronSaslGssapiProvider) ServerStateManager(org.infinispan.server.core.ServerStateManager) Version(org.infinispan.commons.util.Version) BackupManagerImpl(org.infinispan.server.core.backup.BackupManagerImpl) WildFlyElytronSaslDigestProvider(org.wildfly.security.sasl.digest.WildFlyElytronSaslDigestProvider) DataSource(javax.sql.DataSource) ServerConfigurationSerializer(org.infinispan.server.configuration.ServerConfigurationSerializer) ElytronRESPAuthenticator(org.infinispan.server.security.ElytronRESPAuthenticator) Util(org.infinispan.commons.util.Util) RoutingTable(org.infinispan.server.router.RoutingTable) ServerInitialContextFactoryBuilder(org.infinispan.server.context.ServerInitialContextFactoryBuilder) HotRodServerConfiguration(org.infinispan.server.hotrod.configuration.HotRodServerConfiguration) RespServer(org.infinispan.server.resp.RespServer) Security(org.infinispan.security.Security) TimeUnit(java.util.concurrent.TimeUnit) WildFlyElytronSaslPlainProvider(org.wildfly.security.sasl.plain.WildFlyElytronSaslPlainProvider) ServerConfigurationBuilder(org.infinispan.server.configuration.ServerConfigurationBuilder) Configuration(org.infinispan.configuration.cache.Configuration) ParserRegistry(org.infinispan.configuration.parsing.ParserRegistry) ElytronHTTPAuthenticator(org.infinispan.server.security.ElytronHTTPAuthenticator) SinglePortEndpointRouter(org.infinispan.server.router.router.impl.singleport.SinglePortEndpointRouter) BlockingManager(org.infinispan.util.concurrent.BlockingManager) Collections(java.util.Collections) LogManager(org.apache.logging.log4j.LogManager) TimeService(org.infinispan.commons.time.TimeService) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) RealmConfiguration(org.infinispan.server.configuration.security.RealmConfiguration) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) RestServerConfiguration(org.infinispan.rest.configuration.RestServerConfiguration) Authenticator(org.infinispan.rest.authentication.Authenticator) ElytronRESPAuthenticator(org.infinispan.server.security.ElytronRESPAuthenticator) ElytronHTTPAuthenticator(org.infinispan.server.security.ElytronHTTPAuthenticator)

Example 2 with RealmConfiguration

use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.

the class ServerConfigurationSerializer method writeSecurityRealms.

private void writeSecurityRealms(ConfigurationWriter writer, RealmsConfiguration realms) {
    if (!realms.realms().isEmpty()) {
        writer.writeStartArrayElement(Element.SECURITY_REALMS);
        for (Map.Entry<String, RealmConfiguration> e : realms.realms().entrySet()) {
            RealmConfiguration realm = e.getValue();
            writer.writeStartElement(Element.SECURITY_REALM);
            realm.attributes().write(writer);
            writeServerIdentities(writer, realm.serverIdentitiesConfiguration());
            for (RealmProvider provider : realm.realmProviders()) {
                if (provider instanceof FileSystemRealmConfiguration) {
                    writeRealm(writer, (FileSystemRealmConfiguration) provider);
                } else if (provider instanceof LdapRealmConfiguration) {
                    writeRealm(writer, (LdapRealmConfiguration) provider);
                } else if (provider instanceof LocalRealmConfiguration) {
                    writeRealm(writer, (LocalRealmConfiguration) provider);
                } else if (provider instanceof PropertiesRealmConfiguration) {
                    writeRealm(writer, (PropertiesRealmConfiguration) provider);
                } else if (provider instanceof TokenRealmConfiguration) {
                    writeRealm(writer, (TokenRealmConfiguration) provider);
                } else if (provider instanceof TrustStoreConfiguration) {
                    writeRealm(writer, (TrustStoreRealmConfiguration) provider);
                }
            }
            // SECURITY_REALM
            writer.writeEndElement();
        }
        // SECURITY_REALMS
        writer.writeEndArrayElement();
    }
}
Also used : RealmConfiguration(org.infinispan.server.configuration.security.RealmConfiguration) LdapRealmConfiguration(org.infinispan.server.configuration.security.LdapRealmConfiguration) LocalRealmConfiguration(org.infinispan.server.configuration.security.LocalRealmConfiguration) TrustStoreRealmConfiguration(org.infinispan.server.configuration.security.TrustStoreRealmConfiguration) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) PropertiesRealmConfiguration(org.infinispan.server.configuration.security.PropertiesRealmConfiguration) FileSystemRealmConfiguration(org.infinispan.server.configuration.security.FileSystemRealmConfiguration) PropertiesRealmConfiguration(org.infinispan.server.configuration.security.PropertiesRealmConfiguration) TrustStoreConfiguration(org.infinispan.server.configuration.security.TrustStoreConfiguration) RealmProvider(org.infinispan.server.configuration.security.RealmProvider) LocalRealmConfiguration(org.infinispan.server.configuration.security.LocalRealmConfiguration) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) FileSystemRealmConfiguration(org.infinispan.server.configuration.security.FileSystemRealmConfiguration) LdapRealmConfiguration(org.infinispan.server.configuration.security.LdapRealmConfiguration) TrustStoreRealmConfiguration(org.infinispan.server.configuration.security.TrustStoreRealmConfiguration) Map(java.util.Map)

Example 3 with RealmConfiguration

use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.

the class EndpointConfigurationBuilder method create.

public EndpointConfiguration create(SocketBindingsConfiguration bindingsConfiguration, SecurityConfiguration securityConfiguration) {
    boolean implicitSecurity = implicitConnectorSecurity && securityRealm() != null;
    bindingsConfiguration.applySocketBinding(attributes.attribute(EndpointConfiguration.SOCKET_BINDING).get(), singlePortBuilder, singlePortBuilder);
    List<ProtocolServerConfiguration> connectors = new ArrayList<>(connectorBuilders.size());
    for (ProtocolServerConfigurationBuilder<?, ?> builder : connectorBuilders) {
        bindingsConfiguration.applySocketBinding(builder.socketBinding(), builder, singlePortBuilder);
        if (implicitSecurity) {
            if (builder instanceof HotRodServerConfigurationBuilder) {
                enableImplicitAuthentication(securityConfiguration, securityRealm(), (HotRodServerConfigurationBuilder) builder);
            } else if (builder instanceof RestServerConfigurationBuilder) {
                enableImplicitAuthentication(securityConfiguration, securityRealm(), (RestServerConfigurationBuilder) builder);
            } else if (builder instanceof RespServerConfigurationBuilder) {
                enableImplicitAuthentication(securityConfiguration, securityRealm(), (RespServerConfigurationBuilder) builder);
            }
        }
        connectors.add(builder.create());
    }
    if (implicitSecurity) {
        RealmConfiguration realm = securityConfiguration.realms().getRealm(securityRealm());
        if (realm.hasFeature(ServerSecurityRealm.Feature.ENCRYPT)) {
            singlePortBuilder.ssl().enable().sslContext(realm.serverSSLContext());
        }
    }
    return new EndpointConfiguration(attributes.protect(), connectors, singlePortBuilder.create());
}
Also used : RestServerConfigurationBuilder(org.infinispan.rest.configuration.RestServerConfigurationBuilder) RespServerConfigurationBuilder(org.infinispan.server.resp.configuration.RespServerConfigurationBuilder) RealmConfiguration(org.infinispan.server.configuration.security.RealmConfiguration) ProtocolServerConfiguration(org.infinispan.server.core.configuration.ProtocolServerConfiguration) ArrayList(java.util.ArrayList) HotRodServerConfigurationBuilder(org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder)

Example 4 with RealmConfiguration

use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.

the class ServerConfigurationParserTest method validateConfiguration.

private void validateConfiguration(ServerConfiguration configuration) {
    // Interfaces
    assertEquals(2, configuration.networkInterfaces().size());
    NetworkAddress defaultInterface = configuration.networkInterfaces().get("default").getNetworkAddress();
    assertNotNull(defaultInterface);
    assertTrue(defaultInterface.getAddress().isLoopbackAddress());
    // Socket bindings
    Map<String, SocketBindingConfiguration> socketBindings = configuration.socketBindings();
    assertEquals(5, socketBindings.size());
    assertEquals(11221, socketBindings.get("memcached").port());
    assertEquals(12221, socketBindings.get("memcached-2").port());
    assertEquals(11222, socketBindings.get("default").port());
    assertEquals(11223, socketBindings.get("hotrod").port());
    assertEquals(8080, socketBindings.get("rest").port());
    // Security realms
    Map<String, RealmConfiguration> realms = configuration.security().realms().realms();
    assertEquals(3, realms.size());
    RealmConfiguration realmConfiguration = realms.get("default");
    assertEquals("default", realmConfiguration.name());
    realmConfiguration = realms.get("using-credentials");
    assertEquals("using-credentials", realmConfiguration.name());
    // Data Sources
    Map<String, DataSourceConfiguration> dataSources = configuration.dataSources();
    assertEquals(2, dataSources.size());
    DataSourceConfiguration dataSource = dataSources.get("database");
    assertEquals("jdbc/database", dataSource.jndiName());
    assertEquals("jdbc:h2:tcp://${org.infinispan.test.host.address}:1521/test", dataSource.url());
    assertEquals("test", dataSource.username());
    assertEquals("test", new String(dataSource.password()));
    assertEquals("SELECT 1", dataSource.initialSql());
    assertEquals("org.h2.Driver", dataSource.driver());
    assertEquals(10, dataSource.maxSize());
    assertEquals(1, dataSource.minSize());
    assertEquals(1, dataSource.initialSize());
    assertEquals(1, dataSource.connectionProperties().size());
    assertEquals(10000, dataSource.leakDetection());
    assertEquals(1000, dataSource.backgroundValidation());
    assertEquals(500, dataSource.validateOnAcquisition());
    assertEquals("somevalue", dataSource.connectionProperties().get("someproperty"));
    dataSource = dataSources.get("database-with-credential");
    assertEquals("test", new String(dataSource.password()));
    // Connectors
    List<ProtocolServerConfiguration> connectors = configuration.endpoints().endpoints().get(0).connectors();
    assertEquals(3, connectors.size());
    assertTrue(connectors.get(0) instanceof HotRodServerConfiguration);
    assertTrue(connectors.get(1) instanceof RestServerConfiguration);
    assertTrue(connectors.get(2) instanceof MemcachedServerConfiguration);
    // Ensure endpoints are bound to the interfaces
    SinglePortRouterConfiguration singlePortRouter = configuration.endpoints().endpoints().get(0).singlePortRouter();
    assertEquals(socketBindings.get("default").interfaceConfiguration().getNetworkAddress().getAddress().getHostAddress(), singlePortRouter.host());
    assertEquals(socketBindings.get("default").port(), singlePortRouter.port());
    assertEquals(socketBindings.get("memcached").port(), configuration.endpoints().endpoints().get(0).connectors().get(2).port());
    assertEquals("strongPassword", new String(((Supplier<char[]>) realmProvider(realmConfiguration, LdapRealmConfiguration.class).attributes().attribute(Attribute.CREDENTIAL).get()).get()));
    assertEquals("secret", new String(((Supplier<char[]>) realmConfiguration.serverIdentitiesConfiguration().sslConfiguration().trustStore().attributes().attribute(Attribute.PASSWORD).get()).get()));
    assertEquals("1fdca4ec-c416-47e0-867a-3d471af7050f", new String(((Supplier<char[]>) realmProvider(realmConfiguration, TokenRealmConfiguration.class).oauth2Configuration().attributes().attribute(Attribute.CLIENT_SECRET).get()).get()));
}
Also used : HotRodServerConfiguration(org.infinispan.server.hotrod.configuration.HotRodServerConfiguration) SinglePortRouterConfiguration(org.infinispan.server.router.configuration.SinglePortRouterConfiguration) RealmConfiguration(org.infinispan.server.configuration.security.RealmConfiguration) LdapRealmConfiguration(org.infinispan.server.configuration.security.LdapRealmConfiguration) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) ProtocolServerConfiguration(org.infinispan.server.core.configuration.ProtocolServerConfiguration) MemcachedServerConfiguration(org.infinispan.server.memcached.configuration.MemcachedServerConfiguration) NetworkAddress(org.infinispan.server.network.NetworkAddress) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) RestServerConfiguration(org.infinispan.rest.configuration.RestServerConfiguration) ElytronPasswordProviderSupplier(org.infinispan.server.security.ElytronPasswordProviderSupplier) Supplier(java.util.function.Supplier)

Aggregations

RealmConfiguration (org.infinispan.server.configuration.security.RealmConfiguration)3 Map (java.util.Map)2 Supplier (java.util.function.Supplier)2 LdapRealmConfiguration (org.infinispan.server.configuration.security.LdapRealmConfiguration)2 TokenRealmConfiguration (org.infinispan.server.configuration.security.TokenRealmConfiguration)2 ProtocolServerConfiguration (org.infinispan.server.core.configuration.ProtocolServerConfiguration)2 BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 IOException (java.io.IOException)1 InputStreamReader (java.io.InputStreamReader)1 ObjectInput (java.io.ObjectInput)1 ObjectOutput (java.io.ObjectOutput)1 URL (java.net.URL)1 Path (java.nio.file.Path)1 Paths (java.nio.file.Paths)1 PrivilegedActionException (java.security.PrivilegedActionException)1 ArrayList (java.util.ArrayList)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1 List (java.util.List)1