Search in sources :

Example 1 with TransportSecurityConfiguration

use of org.infinispan.server.configuration.security.TransportSecurityConfiguration in project infinispan by infinispan.

the class Server method parseConfiguration.

private void parseConfiguration(List<Path> configurationFiles) {
    ParserRegistry parser = new ParserRegistry(classLoader, false, properties);
    try {
        // load the defaults first
        URL defaults = this.getClass().getClassLoader().getResource(SERVER_DEFAULTS);
        defaultsHolder = parser.parse(defaults);
        // Set a default audit logger
        defaultsHolder.getGlobalConfigurationBuilder().security().authorization().auditLogger(new LoggingAuditLogger());
        // base the global configuration to the default
        configurationBuilderHolder = new ConfigurationBuilderHolder(classLoader);
        GlobalConfigurationBuilder global = configurationBuilderHolder.getGlobalConfigurationBuilder();
        global.read(defaultsHolder.getGlobalConfigurationBuilder().build());
        // Copy all default templates
        for (Map.Entry<String, ConfigurationBuilder> entry : defaultsHolder.getNamedConfigurationBuilders().entrySet()) {
            configurationBuilderHolder.newConfigurationBuilder(entry.getKey()).read(entry.getValue().build());
        }
        // then load the user configurations
        for (Path configurationFile : configurationFiles) {
            if (!configurationFile.isAbsolute()) {
                configurationFile = serverConf.toPath().resolve(configurationFile);
            }
            parser.parse(configurationFile.toUri().toURL(), configurationBuilderHolder);
        }
        if (log.isDebugEnabled()) {
            StringBuilderWriter sw = new StringBuilderWriter();
            try (ConfigurationWriter w = ConfigurationWriter.to(sw).build()) {
                Map<String, Configuration> configs = configurationBuilderHolder.getNamedConfigurationBuilders().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().build()));
                parser.serialize(w, global.build(), configs);
            }
            log.debugf("Actual configuration: %s", sw);
        }
        // Amend the named caches configurations with the defaults
        for (Map.Entry<String, ConfigurationBuilder> entry : configurationBuilderHolder.getNamedConfigurationBuilders().entrySet()) {
            Configuration cfg = entry.getValue().build();
            ConfigurationBuilder defaultCfg = defaultsHolder.getNamedConfigurationBuilders().get("org.infinispan." + cfg.clustering().cacheMode().name());
            ConfigurationBuilder rebased = new ConfigurationBuilder().read(defaultCfg.build());
            rebased.read(cfg);
            entry.setValue(rebased);
        }
        // Process the server configuration
        ServerConfigurationBuilder serverBuilder = global.module(ServerConfigurationBuilder.class);
        // Set up transport security
        TransportSecurityConfiguration transportSecurityConfiguration = serverBuilder.security().transport().create();
        if (transportSecurityConfiguration.securityRealm() != null) {
            String securityRealm = transportSecurityConfiguration.securityRealm();
            Supplier<SSLContext> serverSSLContextSupplier = serverBuilder.serverSSLContextSupplier(securityRealm);
            Supplier<SSLContext> clientSSLContextSupplier = serverBuilder.clientSSLContextSupplier(securityRealm);
            NamedSocketFactory namedSocketFactory = new NamedSocketFactory(() -> clientSSLContextSupplier.get().getSocketFactory(), () -> serverSSLContextSupplier.get().getServerSocketFactory());
            global.transport().addProperty(JGroupsTransport.SOCKET_FACTORY, namedSocketFactory);
            Server.log.sslTransport(securityRealm);
        }
        // Set the operation handler on all endpoints
        ServerAdminOperationsHandler adminOperationsHandler = new ServerAdminOperationsHandler(defaultsHolder);
        ServerConfigurationBuilder serverConfigurationBuilder = global.module(ServerConfigurationBuilder.class);
        for (EndpointConfigurationBuilder endpoint : serverConfigurationBuilder.endpoints().endpoints().values()) {
            for (ProtocolServerConfigurationBuilder<?, ?> connector : endpoint.connectors()) {
                connector.adminOperationsHandler(adminOperationsHandler);
            }
        }
        configurationBuilderHolder.validate();
    } catch (IOException e) {
        throw new CacheConfigurationException(e);
    }
}
Also used : GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) SSLContext(javax.net.ssl.SSLContext) ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) LogFactory(org.infinispan.util.logging.LogFactory) DataSourceFactory(org.infinispan.server.datasource.DataSourceFactory) WildFlyElytronHttpBasicProvider(org.wildfly.security.http.basic.WildFlyElytronHttpBasicProvider) KnownComponentNames(org.infinispan.factories.KnownComponentNames) GlobalConfigurationManager(org.infinispan.globalstate.GlobalConfigurationManager) Log(org.infinispan.server.logging.Log) WildFlyElytronHttpSpnegoProvider(org.wildfly.security.http.spnego.WildFlyElytronHttpSpnegoProvider) WildFlyElytronHttpClientCertProvider(org.wildfly.security.http.cert.WildFlyElytronHttpClientCertProvider) BasicComponentRegistry(org.infinispan.factories.impl.BasicComponentRegistry) DefaultCacheManager(org.infinispan.manager.DefaultCacheManager) ConfigurationBuilderHolder(org.infinispan.configuration.parsing.ConfigurationBuilderHolder) Map(java.util.Map) TaskManager(org.infinispan.tasks.TaskManager) DataSourceConfiguration(org.infinispan.server.configuration.DataSourceConfiguration) ElytronSASLAuthenticationProvider(org.infinispan.server.security.ElytronSASLAuthenticationProvider) ServerStateManagerImpl(org.infinispan.server.state.ServerStateManagerImpl) Path(java.nio.file.Path) NamingManager(javax.naming.spi.NamingManager) HotRodServer(org.infinispan.server.hotrod.HotRodServer) WildFlyElytronSaslExternalProvider(org.wildfly.security.sasl.external.WildFlyElytronSaslExternalProvider) WildFlyElytronSaslScramProvider(org.wildfly.security.sasl.scram.WildFlyElytronSaslScramProvider) InitialContext(javax.naming.InitialContext) SinglePortRouteSource(org.infinispan.server.router.routes.singleport.SinglePortRouteSource) JGroupsTransport(org.infinispan.remoting.transport.jgroups.JGroupsTransport) NamedSocketFactory(org.infinispan.remoting.transport.jgroups.NamedSocketFactory) AuthorizationPermission(org.infinispan.security.AuthorizationPermission) Set(java.util.Set) EndpointConfiguration(org.infinispan.server.configuration.endpoint.EndpointConfiguration) Executors(java.util.concurrent.Executors) ComponentStatus(org.infinispan.lifecycle.ComponentStatus) RouteDestination(org.infinispan.server.router.routes.RouteDestination) CompletionStage(java.util.concurrent.CompletionStage) ConfigurationFor(org.infinispan.commons.configuration.ConfigurationFor) RestServerRouteDestination(org.infinispan.server.router.routes.rest.RestServerRouteDestination) SerializeWith(org.infinispan.commons.marshall.SerializeWith) ProtocolServerConfiguration(org.infinispan.server.core.configuration.ProtocolServerConfiguration) RouteSource(org.infinispan.server.router.routes.RouteSource) StringBuilderWriter(org.infinispan.commons.io.StringBuilderWriter) SerializableFunction(org.infinispan.util.function.SerializableFunction) HotRodServerRouteDestination(org.infinispan.server.router.routes.hotrod.HotRodServerRouteDestination) EndpointConfigurationBuilder(org.infinispan.server.configuration.endpoint.EndpointConfigurationBuilder) Supplier(java.util.function.Supplier) EmbeddedCacheManager(org.infinispan.manager.EmbeddedCacheManager) ClusterExecutor(org.infinispan.manager.ClusterExecutor) WildFlyElytronSaslLocalUserProvider(org.wildfly.security.sasl.localuser.WildFlyElytronSaslLocalUserProvider) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) ProtocolServerConfigurationBuilder(org.infinispan.server.core.configuration.ProtocolServerConfigurationBuilder) Address(org.infinispan.remoting.transport.Address) Route(org.infinispan.server.router.routes.Route) PrivilegedActionException(java.security.PrivilegedActionException) Properties(java.util.Properties) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) IOException(java.io.IOException) Authenticator(org.infinispan.rest.authentication.Authenticator) ServerManagement(org.infinispan.server.core.ServerManagement) InputStreamReader(java.io.InputStreamReader) TransportSecurityConfiguration(org.infinispan.server.configuration.security.TransportSecurityConfiguration) File(java.io.File) BackupManager(org.infinispan.server.core.BackupManager) WildFlyElytronSaslGs2Provider(org.wildfly.security.sasl.gs2.WildFlyElytronSaslGs2Provider) ServerConfiguration(org.infinispan.server.configuration.ServerConfiguration) Paths(java.nio.file.Paths) RespServerConfiguration(org.infinispan.server.resp.configuration.RespServerConfiguration) BufferedReader(java.io.BufferedReader) RestServerConfiguration(org.infinispan.rest.configuration.RestServerConfiguration) DefaultTimeService(org.infinispan.commons.time.DefaultTimeService) ConfigurationWriter(org.infinispan.commons.configuration.io.ConfigurationWriter) URL(java.net.URL) ObjectOutput(java.io.ObjectOutput) ServerAdminOperationsHandler(org.infinispan.server.tasks.admin.ServerAdminOperationsHandler) LoggingAuditLogger(org.infinispan.security.audit.LoggingAuditLogger) ProtocolServer(org.infinispan.server.core.ProtocolServer) CompletableFutures(org.infinispan.util.concurrent.CompletableFutures) ProcessInfo(org.infinispan.commons.jdkspecific.ProcessInfo) CacheConfigurationException(org.infinispan.commons.CacheConfigurationException) WildFlyElytronHttpBearerProvider(org.wildfly.security.http.bearer.WildFlyElytronHttpBearerProvider) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) RespServerRouteDestination(org.infinispan.server.router.routes.resp.RespServerRouteDestination) Collectors(java.util.stream.Collectors) List(java.util.List) OS(org.infinispan.commons.util.OS) ObjectInput(java.io.ObjectInput) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) SinglePortRouterConfiguration(org.infinispan.server.router.configuration.SinglePortRouterConfiguration) RealmConfiguration(org.infinispan.server.configuration.security.RealmConfiguration) WildFlyElytronHttpDigestProvider(org.wildfly.security.http.digest.WildFlyElytronHttpDigestProvider) RestServer(org.infinispan.rest.RestServer) HashMap(java.util.HashMap) CompletableFuture(java.util.concurrent.CompletableFuture) WildFlyElytronSaslOAuth2Provider(org.wildfly.security.sasl.oauth2.WildFlyElytronSaslOAuth2Provider) RequestTracer(org.infinispan.server.core.RequestTracer) WildFlyElytronSaslGssapiProvider(org.wildfly.security.sasl.gssapi.WildFlyElytronSaslGssapiProvider) ServerStateManager(org.infinispan.server.core.ServerStateManager) Version(org.infinispan.commons.util.Version) BackupManagerImpl(org.infinispan.server.core.backup.BackupManagerImpl) WildFlyElytronSaslDigestProvider(org.wildfly.security.sasl.digest.WildFlyElytronSaslDigestProvider) DataSource(javax.sql.DataSource) ServerConfigurationSerializer(org.infinispan.server.configuration.ServerConfigurationSerializer) ElytronRESPAuthenticator(org.infinispan.server.security.ElytronRESPAuthenticator) Util(org.infinispan.commons.util.Util) RoutingTable(org.infinispan.server.router.RoutingTable) ServerInitialContextFactoryBuilder(org.infinispan.server.context.ServerInitialContextFactoryBuilder) HotRodServerConfiguration(org.infinispan.server.hotrod.configuration.HotRodServerConfiguration) RespServer(org.infinispan.server.resp.RespServer) Security(org.infinispan.security.Security) TimeUnit(java.util.concurrent.TimeUnit) WildFlyElytronSaslPlainProvider(org.wildfly.security.sasl.plain.WildFlyElytronSaslPlainProvider) ServerConfigurationBuilder(org.infinispan.server.configuration.ServerConfigurationBuilder) Configuration(org.infinispan.configuration.cache.Configuration) ParserRegistry(org.infinispan.configuration.parsing.ParserRegistry) ElytronHTTPAuthenticator(org.infinispan.server.security.ElytronHTTPAuthenticator) SinglePortEndpointRouter(org.infinispan.server.router.router.impl.singleport.SinglePortEndpointRouter) BlockingManager(org.infinispan.util.concurrent.BlockingManager) Collections(java.util.Collections) LogManager(org.apache.logging.log4j.LogManager) TimeService(org.infinispan.commons.time.TimeService) ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) EndpointConfigurationBuilder(org.infinispan.server.configuration.endpoint.EndpointConfigurationBuilder) ProtocolServerConfigurationBuilder(org.infinispan.server.core.configuration.ProtocolServerConfigurationBuilder) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) ServerConfigurationBuilder(org.infinispan.server.configuration.ServerConfigurationBuilder) ConfigurationWriter(org.infinispan.commons.configuration.io.ConfigurationWriter) DataSourceConfiguration(org.infinispan.server.configuration.DataSourceConfiguration) EndpointConfiguration(org.infinispan.server.configuration.endpoint.EndpointConfiguration) ProtocolServerConfiguration(org.infinispan.server.core.configuration.ProtocolServerConfiguration) TransportSecurityConfiguration(org.infinispan.server.configuration.security.TransportSecurityConfiguration) ServerConfiguration(org.infinispan.server.configuration.ServerConfiguration) RespServerConfiguration(org.infinispan.server.resp.configuration.RespServerConfiguration) RestServerConfiguration(org.infinispan.rest.configuration.RestServerConfiguration) TokenRealmConfiguration(org.infinispan.server.configuration.security.TokenRealmConfiguration) SinglePortRouterConfiguration(org.infinispan.server.router.configuration.SinglePortRouterConfiguration) RealmConfiguration(org.infinispan.server.configuration.security.RealmConfiguration) HotRodServerConfiguration(org.infinispan.server.hotrod.configuration.HotRodServerConfiguration) Configuration(org.infinispan.configuration.cache.Configuration) CacheConfigurationException(org.infinispan.commons.CacheConfigurationException) URL(java.net.URL) NamedSocketFactory(org.infinispan.remoting.transport.jgroups.NamedSocketFactory) ProtocolServerConfigurationBuilder(org.infinispan.server.core.configuration.ProtocolServerConfigurationBuilder) ServerConfigurationBuilder(org.infinispan.server.configuration.ServerConfigurationBuilder) Path(java.nio.file.Path) StringBuilderWriter(org.infinispan.commons.io.StringBuilderWriter) ServerAdminOperationsHandler(org.infinispan.server.tasks.admin.ServerAdminOperationsHandler) ParserRegistry(org.infinispan.configuration.parsing.ParserRegistry) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) ConfigurationBuilderHolder(org.infinispan.configuration.parsing.ConfigurationBuilderHolder) LoggingAuditLogger(org.infinispan.security.audit.LoggingAuditLogger) EndpointConfigurationBuilder(org.infinispan.server.configuration.endpoint.EndpointConfigurationBuilder) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) TransportSecurityConfiguration(org.infinispan.server.configuration.security.TransportSecurityConfiguration)

Aggregations

BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 IOException (java.io.IOException)1 InputStreamReader (java.io.InputStreamReader)1 ObjectInput (java.io.ObjectInput)1 ObjectOutput (java.io.ObjectOutput)1 URL (java.net.URL)1 Path (java.nio.file.Path)1 Paths (java.nio.file.Paths)1 PrivilegedActionException (java.security.PrivilegedActionException)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 Properties (java.util.Properties)1 Set (java.util.Set)1 CompletableFuture (java.util.concurrent.CompletableFuture)1 CompletionStage (java.util.concurrent.CompletionStage)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 Executors (java.util.concurrent.Executors)1