use of org.infinispan.server.security.ElytronHTTPAuthenticator in project infinispan by infinispan.
the class EndpointConfigurationBuilder method enableImplicitAuthentication.
public static void enableImplicitAuthentication(SecurityConfiguration security, String securityRealmName, RestServerConfigurationBuilder builder) {
// Set the security realm only if it has not been set already
org.infinispan.rest.configuration.AuthenticationConfigurationBuilder authentication = builder.authentication();
if (!authentication.hasSecurityRealm()) {
authentication.securityRealm(securityRealmName);
}
ServerSecurityRealm securityRealm = security.realms().getRealm(authentication.securityRealm()).serverSecurityRealm();
// Only add implicit mechanisms if the user has not set any explicitly
if (!authentication.hasMechanisms()) {
String serverPrincipal = null;
for (KerberosSecurityFactoryConfiguration identity : securityRealm.getServerIdentities().kerberosConfigurations()) {
if (identity.getPrincipal().startsWith("HTTP/")) {
authentication.enable().addMechanisms("SPNEGO");
serverPrincipal = identity.getPrincipal();
}
Server.log.debugf("Enabled SPNEGO authentication for HTTP using principal '%s'", identity.getPrincipal());
}
if (securityRealm.hasFeature(ServerSecurityRealm.Feature.TOKEN)) {
authentication.enable().addMechanisms("BEARER_TOKEN");
Server.log.debug("Enabled BEARER_TOKEN for HTTP");
}
if (securityRealm.hasFeature(ServerSecurityRealm.Feature.TRUST)) {
authentication.enable().addMechanisms("CLIENT_CERT");
Server.log.debug("Enabled CLIENT_CERT for HTTP");
}
if (securityRealm.hasFeature(ServerSecurityRealm.Feature.PASSWORD)) {
authentication.enable().addMechanisms("DIGEST");
Server.log.debug("Enabled DIGEST for HTTP");
// Only enable PLAIN if encryption is on
if (securityRealm.hasFeature(ServerSecurityRealm.Feature.ENCRYPT)) {
authentication.enable().addMechanisms("BASIC");
Server.log.debug("Enabled BASIC for HTTP");
}
}
authentication.authenticator(new ElytronHTTPAuthenticator(authentication.securityRealm(), serverPrincipal, authentication.mechanisms()));
}
}
use of org.infinispan.server.security.ElytronHTTPAuthenticator in project infinispan by infinispan.
the class RestServerConfigurationParser method parseAuthentication.
private void parseAuthentication(ConfigurationReader reader, ServerConfigurationBuilder serverBuilder, AuthenticationConfigurationBuilder builder, String securityRealmName) {
if (securityRealmName == null) {
securityRealmName = serverBuilder.endpoints().current().securityRealm();
}
String serverPrincipal = null;
for (int i = 0; i < reader.getAttributeCount(); i++) {
ParseUtils.requireNoNamespaceAttribute(reader, i);
String value = reader.getAttributeValue(i);
Attribute attribute = Attribute.forName(reader.getAttributeName(i));
switch(attribute) {
case SECURITY_REALM:
{
builder.securityRealm(value);
securityRealmName = value;
break;
}
case MECHANISMS:
{
builder.addMechanisms(reader.getListAttributeValue(i));
break;
}
case SERVER_PRINCIPAL:
{
serverPrincipal = value;
break;
}
default:
{
throw ParseUtils.unexpectedAttribute(reader, i);
}
}
}
ParseUtils.requireNoContent(reader);
if (securityRealmName == null) {
throw Server.log.authenticationWithoutSecurityRealm();
}
builder.authenticator(new ElytronHTTPAuthenticator(securityRealmName, serverPrincipal, builder.mechanisms()));
}
Aggregations