use of org.infinispan.server.core.ProtocolServer in project infinispan by infinispan.
the class ServerStateManagerImpl method updateIpFilters.
private CompletionStage<Void> updateIpFilters(String connector, Collection<IpFilterRule> rules) {
ProtocolServer protocolServer = server.getProtocolServers().get(connector);
if (rules.isEmpty()) {
protocolServer.getConfiguration().ipFilter().rules(Collections.emptyList());
Server.log.connectorIpFilterCleared(connector);
return CompletableFutures.completedNull();
} else {
List<IpSubnetFilterRule> localRules = new ArrayList<>(rules.size());
for (IpFilterRule rule : rules) {
localRules.add(new IpSubnetFilterRule(rule.cidr, IpFilterRuleType.valueOf(rule.type)));
}
protocolServer.getConfiguration().ipFilter().rules(localRules);
Transport transport = getTransport(protocolServer);
CompositeChannelMatcher matcher = new CompositeChannelMatcher(protocolServer.getChannelMatcher(), new IpFilterRuleChannelMatcher(localRules));
return transport.closeChannels(matcher).thenApply(v -> {
Server.log.connectorIpFilterSet(connector, localRules);
return v;
});
}
}
use of org.infinispan.server.core.ProtocolServer in project infinispan by infinispan.
the class Server method run.
public synchronized CompletableFuture<ExitStatus> run() {
CompletableFuture<ExitStatus> r = exitHandler.getExitFuture();
if (status == ComponentStatus.RUNNING) {
return r;
}
protocolServers = new ConcurrentHashMap<>(4);
try {
// Load any server extensions
extensions = new Extensions();
extensions.load(classLoader);
// Create the cache manager
cacheManager = new DefaultCacheManager(configurationBuilderHolder, false);
// Retrieve the server configuration
serverConfiguration = SecurityActions.getCacheManagerConfiguration(cacheManager).module(ServerConfiguration.class);
serverConfiguration.setServer(this);
// Initialize the data sources
dataSources = new HashMap<>();
InitialContext initialContext = new InitialContext();
for (DataSourceConfiguration dataSourceConfiguration : serverConfiguration.dataSources().values()) {
DataSource dataSource = DataSourceFactory.create(dataSourceConfiguration);
dataSources.put(dataSourceConfiguration.name(), dataSource);
initialContext.bind(dataSourceConfiguration.jndiName(), dataSource);
}
// Start the cache manager
SecurityActions.startCacheManager(cacheManager);
BasicComponentRegistry bcr = SecurityActions.getGlobalComponentRegistry(cacheManager).getComponent(BasicComponentRegistry.class.getName());
blockingManager = bcr.getComponent(BlockingManager.class).running();
serverStateManager = new ServerStateManagerImpl(this, cacheManager, bcr.getComponent(GlobalConfigurationManager.class).running());
bcr.registerComponent(ServerStateManager.class, serverStateManager, false);
ScheduledExecutorService timeoutExecutor = bcr.getComponent(KnownComponentNames.TIMEOUT_SCHEDULE_EXECUTOR, ScheduledExecutorService.class).running();
// BlockingManager of single container used for writing the global manifest, but this will need to change
// when multiple containers are supported by the server. Similarly, the default cache manager is used to create
// the clustered locks.
Path dataRoot = serverRoot.toPath().resolve(properties.getProperty(INFINISPAN_SERVER_DATA_PATH));
backupManager = new BackupManagerImpl(blockingManager, cacheManager, dataRoot);
backupManager.init();
// Register the task manager
taskManager = bcr.getComponent(TaskManager.class).running();
taskManager.registerTaskEngine(extensions.getServerTaskEngine(cacheManager));
// Initialize the OpenTracing integration
RequestTracer.start();
for (EndpointConfiguration endpoint : serverConfiguration.endpoints().endpoints()) {
// Start the protocol servers
SinglePortRouteSource routeSource = new SinglePortRouteSource();
Set<Route<? extends RouteSource, ? extends RouteDestination>> routes = ConcurrentHashMap.newKeySet();
endpoint.connectors().parallelStream().forEach(configuration -> {
try {
Class<? extends ProtocolServer> protocolServerClass = configuration.getClass().getAnnotation(ConfigurationFor.class).value().asSubclass(ProtocolServer.class);
ProtocolServer protocolServer = Util.getInstance(protocolServerClass);
protocolServer.setServerManagement(this, endpoint.admin());
if (configuration instanceof HotRodServerConfiguration) {
ElytronSASLAuthenticationProvider.init((HotRodServerConfiguration) configuration, serverConfiguration, timeoutExecutor);
} else if (configuration instanceof RestServerConfiguration) {
ElytronHTTPAuthenticator.init((RestServerConfiguration) configuration, serverConfiguration);
} else if (configuration instanceof RespServerConfiguration) {
ElytronRESPAuthenticator.init((RespServerConfiguration) configuration, serverConfiguration, blockingManager);
}
protocolServers.put(protocolServer.getName() + "-" + configuration.name(), protocolServer);
SecurityActions.startProtocolServer(protocolServer, configuration, cacheManager);
ProtocolServerConfiguration protocolConfig = protocolServer.getConfiguration();
if (protocolConfig.startTransport()) {
log.protocolStarted(protocolServer.getName(), configuration.socketBinding(), protocolConfig.host(), protocolConfig.port());
} else {
if (protocolServer instanceof HotRodServer) {
routes.add(new Route<>(routeSource, new HotRodServerRouteDestination(protocolServer.getName(), (HotRodServer) protocolServer)));
extensions.apply((HotRodServer) protocolServer);
} else if (protocolServer instanceof RestServer) {
routes.add(new Route<>(routeSource, new RestServerRouteDestination(protocolServer.getName(), (RestServer) protocolServer)));
} else if (protocolServer instanceof RespServer) {
routes.add(new Route<>(routeSource, new RespServerRouteDestination(protocolServer.getName(), (RespServer) protocolServer)));
}
log.protocolStarted(protocolServer.getName());
}
} catch (Throwable t) {
throw t instanceof RuntimeException ? (RuntimeException) t : new RuntimeException(t);
}
});
// Next we start the single-port endpoints
SinglePortRouterConfiguration singlePortRouter = endpoint.singlePortRouter();
SinglePortEndpointRouter endpointServer = new SinglePortEndpointRouter(singlePortRouter);
endpointServer.start(new RoutingTable(routes), cacheManager);
protocolServers.put("endpoint-" + endpoint.socketBinding(), endpointServer);
log.protocolStarted(endpointServer.getName(), singlePortRouter.socketBinding(), singlePortRouter.host(), singlePortRouter.port());
log.endpointUrl(Util.requireNonNullElse(cacheManager.getAddress(), "local"), singlePortRouter.ssl().enabled() ? "https" : "http", singlePortRouter.host(), singlePortRouter.port());
}
serverStateManager.start();
// Change status
this.status = ComponentStatus.RUNNING;
log.serverStarted(Version.getBrandName(), Version.getBrandVersion(), timeService.timeDuration(startTime, TimeUnit.MILLISECONDS));
} catch (Exception e) {
r.completeExceptionally(e);
}
r = r.handle((status, t) -> {
if (t != null) {
Server.log.serverFailedToStart(Version.getBrandName(), t);
}
localShutdown(status);
return null;
});
return r;
}
use of org.infinispan.server.core.ProtocolServer in project infinispan by infinispan.
the class Server method getLoginConfiguration.
@Override
public Map<String, String> getLoginConfiguration(ProtocolServer protocolServer) {
Map<String, String> loginConfiguration = new HashMap<>();
// Get the REST endpoint's authentication configuration
RestServerConfiguration rest = (RestServerConfiguration) protocolServer.getConfiguration();
if (rest.authentication().mechanisms().contains("BEARER_TOKEN")) {
// Find the token realm
RealmConfiguration realm = serverConfiguration.security().realms().getRealm(rest.authentication().securityRealm());
TokenRealmConfiguration realmConfiguration = realm.realmProviders().stream().filter(r -> r instanceof TokenRealmConfiguration).map(r -> (TokenRealmConfiguration) r).findFirst().get();
loginConfiguration.put("mode", "OIDC");
loginConfiguration.put("url", realmConfiguration.authServerUrl());
loginConfiguration.put("realm", realmConfiguration.name());
loginConfiguration.put("clientId", realmConfiguration.clientId());
} else {
loginConfiguration.put("mode", "HTTP");
for (String mechanism : rest.authentication().mechanisms()) {
loginConfiguration.put(mechanism, "true");
}
}
Authenticator authenticator = rest.authentication().authenticator();
loginConfiguration.put("ready", Boolean.toString(authenticator == null || authenticator.isReadyForHttpChallenge()));
return loginConfiguration;
}
use of org.infinispan.server.core.ProtocolServer in project infinispan by infinispan.
the class SinglePortEndpointRouter method getInitializer.
@Override
public ChannelInitializer<Channel> getInitializer() {
Map<String, ProtocolServer<?>> upgradeServers = new HashMap<>();
RestServer restServer = routingTable.streamRoutes(SinglePortRouteSource.class, RestServerRouteDestination.class).findFirst().map(r -> r.getRouteDestination().getProtocolServer()).orElseThrow(() -> new IllegalStateException("There must be a REST route!"));
routingTable.streamRoutes(SinglePortRouteSource.class, HotRodServerRouteDestination.class).findFirst().ifPresent(r -> upgradeServers.put("HR", r.getRouteDestination().getProtocolServer()));
routingTable.streamRoutes(SinglePortRouteSource.class, RespServerRouteDestination.class).findFirst().ifPresent(r -> upgradeServers.put("RP", r.getRouteDestination().getProtocolServer()));
SinglePortChannelInitializer restChannelInitializer = new SinglePortChannelInitializer(this, transport, restServer, upgradeServers);
return new NettyInitializers(restChannelInitializer);
}
use of org.infinispan.server.core.ProtocolServer in project infinispan by infinispan.
the class ServerResource method connectorIpFilterSet.
private CompletionStage<RestResponse> connectorIpFilterSet(RestRequest restRequest) {
NettyRestResponse.Builder builder = new NettyRestResponse.Builder().status(NO_CONTENT);
String connectorName = restRequest.variables().get("connector");
ProtocolServer connector = invocationHelper.getServer().getProtocolServers().get(connectorName);
if (connector == null)
return completedFuture(builder.status(NOT_FOUND).build());
Json json = Json.read(restRequest.contents().asString());
if (!json.isArray()) {
return completedFuture(builder.status(BAD_REQUEST).build());
}
List<Json> list = json.asJsonList();
List<IpSubnetFilterRule> rules = new ArrayList<>(list.size());
for (Json o : list) {
if (!o.has("type") || !o.has("cidr")) {
return completedFuture(builder.status(BAD_REQUEST).build());
} else {
rules.add(new IpSubnetFilterRule(o.at("cidr").asString(), IpFilterRuleType.valueOf(o.at("type").asString())));
}
}
// Verify that none of the REJECT rules match the address from which the request was made
if (connector.equals(invocationHelper.getProtocolServer()) || connector.equals(invocationHelper.getProtocolServer().getEnclosingProtocolServer())) {
InetSocketAddress remoteAddress = restRequest.getRemoteAddress();
for (IpSubnetFilterRule rule : rules) {
if (rule.ruleType() == IpFilterRuleType.REJECT && rule.matches(remoteAddress)) {
return completedFuture(builder.status(CONFLICT).entity(Messages.MSG.rejectRuleMatchesRequestAddress(rule, remoteAddress)).build());
}
}
}
ServerStateManager serverStateManager = invocationHelper.getServer().getServerStateManager();
return Security.doAs(restRequest.getSubject(), (PrivilegedAction<CompletionStage<RestResponse>>) () -> serverStateManager.setConnectorIpFilterRule(connectorName, rules).thenApply(r -> builder.build()));
}
Aggregations