use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.
the class Server method getLoginConfiguration.
@Override
public Map<String, String> getLoginConfiguration(ProtocolServer protocolServer) {
Map<String, String> loginConfiguration = new HashMap<>();
// Get the REST endpoint's authentication configuration
RestServerConfiguration rest = (RestServerConfiguration) protocolServer.getConfiguration();
if (rest.authentication().mechanisms().contains("BEARER_TOKEN")) {
// Find the token realm
RealmConfiguration realm = serverConfiguration.security().realms().getRealm(rest.authentication().securityRealm());
TokenRealmConfiguration realmConfiguration = realm.realmProviders().stream().filter(r -> r instanceof TokenRealmConfiguration).map(r -> (TokenRealmConfiguration) r).findFirst().get();
loginConfiguration.put("mode", "OIDC");
loginConfiguration.put("url", realmConfiguration.authServerUrl());
loginConfiguration.put("realm", realmConfiguration.name());
loginConfiguration.put("clientId", realmConfiguration.clientId());
} else {
loginConfiguration.put("mode", "HTTP");
for (String mechanism : rest.authentication().mechanisms()) {
loginConfiguration.put(mechanism, "true");
}
}
Authenticator authenticator = rest.authentication().authenticator();
loginConfiguration.put("ready", Boolean.toString(authenticator == null || authenticator.isReadyForHttpChallenge()));
return loginConfiguration;
}
use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.
the class ServerConfigurationSerializer method writeSecurityRealms.
private void writeSecurityRealms(ConfigurationWriter writer, RealmsConfiguration realms) {
if (!realms.realms().isEmpty()) {
writer.writeStartArrayElement(Element.SECURITY_REALMS);
for (Map.Entry<String, RealmConfiguration> e : realms.realms().entrySet()) {
RealmConfiguration realm = e.getValue();
writer.writeStartElement(Element.SECURITY_REALM);
realm.attributes().write(writer);
writeServerIdentities(writer, realm.serverIdentitiesConfiguration());
for (RealmProvider provider : realm.realmProviders()) {
if (provider instanceof FileSystemRealmConfiguration) {
writeRealm(writer, (FileSystemRealmConfiguration) provider);
} else if (provider instanceof LdapRealmConfiguration) {
writeRealm(writer, (LdapRealmConfiguration) provider);
} else if (provider instanceof LocalRealmConfiguration) {
writeRealm(writer, (LocalRealmConfiguration) provider);
} else if (provider instanceof PropertiesRealmConfiguration) {
writeRealm(writer, (PropertiesRealmConfiguration) provider);
} else if (provider instanceof TokenRealmConfiguration) {
writeRealm(writer, (TokenRealmConfiguration) provider);
} else if (provider instanceof TrustStoreConfiguration) {
writeRealm(writer, (TrustStoreRealmConfiguration) provider);
}
}
// SECURITY_REALM
writer.writeEndElement();
}
// SECURITY_REALMS
writer.writeEndArrayElement();
}
}
use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.
the class EndpointConfigurationBuilder method create.
public EndpointConfiguration create(SocketBindingsConfiguration bindingsConfiguration, SecurityConfiguration securityConfiguration) {
boolean implicitSecurity = implicitConnectorSecurity && securityRealm() != null;
bindingsConfiguration.applySocketBinding(attributes.attribute(EndpointConfiguration.SOCKET_BINDING).get(), singlePortBuilder, singlePortBuilder);
List<ProtocolServerConfiguration> connectors = new ArrayList<>(connectorBuilders.size());
for (ProtocolServerConfigurationBuilder<?, ?> builder : connectorBuilders) {
bindingsConfiguration.applySocketBinding(builder.socketBinding(), builder, singlePortBuilder);
if (implicitSecurity) {
if (builder instanceof HotRodServerConfigurationBuilder) {
enableImplicitAuthentication(securityConfiguration, securityRealm(), (HotRodServerConfigurationBuilder) builder);
} else if (builder instanceof RestServerConfigurationBuilder) {
enableImplicitAuthentication(securityConfiguration, securityRealm(), (RestServerConfigurationBuilder) builder);
} else if (builder instanceof RespServerConfigurationBuilder) {
enableImplicitAuthentication(securityConfiguration, securityRealm(), (RespServerConfigurationBuilder) builder);
}
}
connectors.add(builder.create());
}
if (implicitSecurity) {
RealmConfiguration realm = securityConfiguration.realms().getRealm(securityRealm());
if (realm.hasFeature(ServerSecurityRealm.Feature.ENCRYPT)) {
singlePortBuilder.ssl().enable().sslContext(realm.serverSSLContext());
}
}
return new EndpointConfiguration(attributes.protect(), connectors, singlePortBuilder.create());
}
use of org.infinispan.server.configuration.security.RealmConfiguration in project infinispan by infinispan.
the class ServerConfigurationParserTest method validateConfiguration.
private void validateConfiguration(ServerConfiguration configuration) {
// Interfaces
assertEquals(2, configuration.networkInterfaces().size());
NetworkAddress defaultInterface = configuration.networkInterfaces().get("default").getNetworkAddress();
assertNotNull(defaultInterface);
assertTrue(defaultInterface.getAddress().isLoopbackAddress());
// Socket bindings
Map<String, SocketBindingConfiguration> socketBindings = configuration.socketBindings();
assertEquals(5, socketBindings.size());
assertEquals(11221, socketBindings.get("memcached").port());
assertEquals(12221, socketBindings.get("memcached-2").port());
assertEquals(11222, socketBindings.get("default").port());
assertEquals(11223, socketBindings.get("hotrod").port());
assertEquals(8080, socketBindings.get("rest").port());
// Security realms
Map<String, RealmConfiguration> realms = configuration.security().realms().realms();
assertEquals(3, realms.size());
RealmConfiguration realmConfiguration = realms.get("default");
assertEquals("default", realmConfiguration.name());
realmConfiguration = realms.get("using-credentials");
assertEquals("using-credentials", realmConfiguration.name());
// Data Sources
Map<String, DataSourceConfiguration> dataSources = configuration.dataSources();
assertEquals(2, dataSources.size());
DataSourceConfiguration dataSource = dataSources.get("database");
assertEquals("jdbc/database", dataSource.jndiName());
assertEquals("jdbc:h2:tcp://${org.infinispan.test.host.address}:1521/test", dataSource.url());
assertEquals("test", dataSource.username());
assertEquals("test", new String(dataSource.password()));
assertEquals("SELECT 1", dataSource.initialSql());
assertEquals("org.h2.Driver", dataSource.driver());
assertEquals(10, dataSource.maxSize());
assertEquals(1, dataSource.minSize());
assertEquals(1, dataSource.initialSize());
assertEquals(1, dataSource.connectionProperties().size());
assertEquals(10000, dataSource.leakDetection());
assertEquals(1000, dataSource.backgroundValidation());
assertEquals(500, dataSource.validateOnAcquisition());
assertEquals("somevalue", dataSource.connectionProperties().get("someproperty"));
dataSource = dataSources.get("database-with-credential");
assertEquals("test", new String(dataSource.password()));
// Connectors
List<ProtocolServerConfiguration> connectors = configuration.endpoints().endpoints().get(0).connectors();
assertEquals(3, connectors.size());
assertTrue(connectors.get(0) instanceof HotRodServerConfiguration);
assertTrue(connectors.get(1) instanceof RestServerConfiguration);
assertTrue(connectors.get(2) instanceof MemcachedServerConfiguration);
// Ensure endpoints are bound to the interfaces
SinglePortRouterConfiguration singlePortRouter = configuration.endpoints().endpoints().get(0).singlePortRouter();
assertEquals(socketBindings.get("default").interfaceConfiguration().getNetworkAddress().getAddress().getHostAddress(), singlePortRouter.host());
assertEquals(socketBindings.get("default").port(), singlePortRouter.port());
assertEquals(socketBindings.get("memcached").port(), configuration.endpoints().endpoints().get(0).connectors().get(2).port());
assertEquals("strongPassword", new String(((Supplier<char[]>) realmProvider(realmConfiguration, LdapRealmConfiguration.class).attributes().attribute(Attribute.CREDENTIAL).get()).get()));
assertEquals("secret", new String(((Supplier<char[]>) realmConfiguration.serverIdentitiesConfiguration().sslConfiguration().trustStore().attributes().attribute(Attribute.PASSWORD).get()).get()));
assertEquals("1fdca4ec-c416-47e0-867a-3d471af7050f", new String(((Supplier<char[]>) realmProvider(realmConfiguration, TokenRealmConfiguration.class).oauth2Configuration().attributes().attribute(Attribute.CLIENT_SECRET).get()).get()));
}
Aggregations