Search in sources :

Example 1 with AuthenticationConfigurationBuilder

use of org.infinispan.server.hotrod.configuration.AuthenticationConfigurationBuilder in project infinispan by infinispan.

the class EndpointConfigurationBuilder method enableImplicitAuthentication.

public static void enableImplicitAuthentication(SecurityConfiguration security, String securityRealmName, HotRodServerConfigurationBuilder builder) {
    // Set the security realm only if it has not been set already
    AuthenticationConfigurationBuilder authentication = builder.authentication();
    if (!authentication.hasSecurityRealm()) {
        authentication.securityRealm(securityRealmName);
        Server.log.debugf("Using endpoint realm \"%s\" for Hot Rod", securityRealmName);
    }
    ServerSecurityRealm securityRealm = security.realms().getRealm(authentication.securityRealm()).serverSecurityRealm();
    // Only add implicit mechanisms if the user has not set any explicitly
    if (!authentication.hasMechanisms()) {
        String serverPrincipal = null;
        for (KerberosSecurityFactoryConfiguration identity : securityRealm.getServerIdentities().kerberosConfigurations()) {
            if (identity.getPrincipal().startsWith("hotrod/")) {
                authentication.enable().addMechanisms(SaslMechanismInformation.Names.GS2_KRB5, SaslMechanismInformation.Names.GSSAPI);
                serverPrincipal = identity.getPrincipal();
                break;
            }
            Server.log.debugf("Enabled Kerberos mechanisms for Hot Rod using principal '%s'", identity.getPrincipal());
        }
        if (securityRealm.hasFeature(ServerSecurityRealm.Feature.TOKEN)) {
            authentication.enable().addMechanisms(SaslMechanismInformation.Names.OAUTHBEARER);
            Server.log.debug("Enabled OAUTHBEARER mechanism for Hot Rod");
        }
        if (securityRealm.hasFeature(ServerSecurityRealm.Feature.TRUST)) {
            authentication.enable().addMechanisms(SaslMechanismInformation.Names.EXTERNAL);
            Server.log.debug("Enabled EXTERNAL mechanism for Hot Rod");
        }
        if (securityRealm.hasFeature(ServerSecurityRealm.Feature.PASSWORD)) {
            authentication.enable().addMechanisms(SaslMechanismInformation.Names.SCRAM_SHA_512, SaslMechanismInformation.Names.SCRAM_SHA_384, SaslMechanismInformation.Names.SCRAM_SHA_256, SaslMechanismInformation.Names.SCRAM_SHA_1, SaslMechanismInformation.Names.DIGEST_SHA_512, SaslMechanismInformation.Names.DIGEST_SHA_384, SaslMechanismInformation.Names.DIGEST_SHA_256, SaslMechanismInformation.Names.DIGEST_SHA, SaslMechanismInformation.Names.CRAM_MD5, SaslMechanismInformation.Names.DIGEST_MD5);
            Server.log.debug("Enabled SCRAM, DIGEST and CRAM mechanisms for Hot Rod");
            // Only enable PLAIN if encryption is on
            if (securityRealm.hasFeature(ServerSecurityRealm.Feature.ENCRYPT)) {
                authentication.enable().addMechanisms(SaslMechanismInformation.Names.PLAIN);
                Server.log.debug("Enabled PLAIN mechanism for Hot Rod");
            }
        }
        authentication.serverAuthenticationProvider(new ElytronSASLAuthenticationProvider(authentication.securityRealm(), serverPrincipal, authentication.sasl().mechanisms()));
    }
}
Also used : KerberosSecurityFactoryConfiguration(org.infinispan.server.configuration.security.KerberosSecurityFactoryConfiguration) ServerSecurityRealm(org.infinispan.server.security.ServerSecurityRealm) ElytronSASLAuthenticationProvider(org.infinispan.server.security.ElytronSASLAuthenticationProvider) AuthenticationConfigurationBuilder(org.infinispan.server.hotrod.configuration.AuthenticationConfigurationBuilder)

Aggregations

KerberosSecurityFactoryConfiguration (org.infinispan.server.configuration.security.KerberosSecurityFactoryConfiguration)1 AuthenticationConfigurationBuilder (org.infinispan.server.hotrod.configuration.AuthenticationConfigurationBuilder)1 ElytronSASLAuthenticationProvider (org.infinispan.server.security.ElytronSASLAuthenticationProvider)1 ServerSecurityRealm (org.infinispan.server.security.ServerSecurityRealm)1