use of org.jboss.as.domain.http.server.security.RealmIdentityManager in project wildfly-swarm by wildfly-swarm.
the class SecureHttpContexts method secureHandler.
/**
* Wraps the target handler and makes it inheritSecurity.
* Includes a predicate for relevant web contexts.
*/
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
HttpHandler handler = toWrap;
handler = new AuthenticationCallHandler(handler);
handler = new AuthenticationConstraintHandler(handler);
RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
for (AuthMechanism current : mechanisms) {
switch(current) {
case DIGEST:
List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
break;
case PLAIN:
undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
break;
case LOCAL:
break;
default:
}
}
handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
// the predicate handler takes care that all of the above
// will only be enacted on relevant web contexts
handler = new PredicateHandler(exchange -> {
if (!monitor.getSecurityRealm().isPresent()) {
return false;
}
if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
return true;
}
if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
if (!hasTokenAuth(exchange)) {
return true;
}
return false;
}
if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
return true;
}
return false;
}, handler, toWrap);
return handler;
}
use of org.jboss.as.domain.http.server.security.RealmIdentityManager in project wildfly-swarm by wildfly-swarm.
the class SecureHttpContexts method secureHandler.
/**
* Wraps the target handler and makes it inheritSecurity.
* Includes a predicate for relevant web contexts.
*/
@SuppressWarnings("deprecation")
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
HttpHandler handler = toWrap;
handler = new AuthenticationCallHandler(handler);
handler = new AuthenticationConstraintHandler(handler);
RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
for (AuthMechanism current : mechanisms) {
switch(current) {
case DIGEST:
List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
break;
case PLAIN:
undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
break;
case LOCAL:
break;
default:
}
}
handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
// the predicate handler takes care that all of the above
// will only be enacted on relevant web contexts
handler = new PredicateHandler(exchange -> {
if (!monitor.getSecurityRealm().isPresent()) {
return false;
}
if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
return true;
}
if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
if (!hasTokenAuth(exchange)) {
return true;
}
return false;
}
if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
return true;
}
return false;
}, handler, toWrap);
return handler;
}
Aggregations