Examples with SecurityRealm org.jboss.as.domain.management.SecurityRealm used on opensource projects

Search in sources :

Example 1 with SecurityRealm

use of org.jboss.as.domain.management.SecurityRealm in project wildfly by wildfly.

the class HttpsListenerAdd method configureAdditionalDependencies.

@Override
void configureAdditionalDependencies(OperationContext context, ServiceBuilder<? extends UndertowListener> serviceBuilder, ModelNode model, ListenerService service) throws OperationFailedException {
    serviceBuilder.addDependency(HttpListenerAdd.REGISTRY_SERVICE_NAME, ListenerRegistry.class, ((HttpListenerService) service).getHttpListenerRegistry());
    ModelNode sslContextModel = HttpsListenerResourceDefinition.SSL_CONTEXT.resolveModelAttribute(context, model);
    ModelNode securityRealmModel = HttpsListenerResourceDefinition.SECURITY_REALM.resolveModelAttribute(context, model);
    final String sslContextRef = sslContextModel.isDefined() ? sslContextModel.asString() : null;
    final String securityRealmRef = securityRealmModel.isDefined() ? securityRealmModel.asString() : null;
    final InjectedValue<SSLContext> sslContextInjector = new InjectedValue<>();
    final InjectedValue<SecurityRealm> securityRealmInjector = new InjectedValue<>();
    if (securityRealmRef != null) {
        SecurityRealm.ServiceUtil.addDependency(serviceBuilder, securityRealmInjector, securityRealmRef, false);
    }
    if (sslContextRef != null) {
        String runtimeCapability = RuntimeCapability.buildDynamicCapabilityName(SSL_CONTEXT_CAPABILITY, sslContextRef);
        ServiceName sslContextServiceName = context.getCapabilityServiceName(runtimeCapability, SSLContext.class);
        serviceBuilder.addDependency(sslContextServiceName, SSLContext.class, sslContextInjector);
    }
    ((HttpsListenerService) service).setSSLContextSupplier(() -> {
        if (sslContextRef != null) {
            return sslContextInjector.getValue();
        }
        if (securityRealmRef != null) {
            SSLContext sslContext = securityRealmInjector.getValue().getSSLContext();
            if (sslContext == null) {
                throw UndertowLogger.ROOT_LOGGER.noSslContextInSecurityRealm(securityRealmRef);
            }
            return sslContext;
        }
        try {
            return SSLContext.getDefault();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    });
}
Also used : InjectedValue(org.jboss.msc.value.InjectedValue) ServiceName(org.jboss.msc.service.ServiceName) SecurityRealm(org.jboss.as.domain.management.SecurityRealm) SSLContext(javax.net.ssl.SSLContext) ModelNode(org.jboss.dmr.ModelNode) OperationFailedException(org.jboss.as.controller.OperationFailedException)

Example 2 with SecurityRealm

use of org.jboss.as.domain.management.SecurityRealm in project wildfly-swarm by wildfly-swarm.

the class SecureHttpContexts method secureHandler.

/**
 * Wraps the target handler and makes it inheritSecurity.
 * Includes a predicate for relevant web contexts.
 */
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
    HttpHandler handler = toWrap;
    handler = new AuthenticationCallHandler(handler);
    handler = new AuthenticationConstraintHandler(handler);
    RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
    Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
    List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
    undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
    for (AuthMechanism current : mechanisms) {
        switch(current) {
            case DIGEST:
                List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
                List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
                undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
                break;
            case PLAIN:
                undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
                break;
            case LOCAL:
                break;
            default:
        }
    }
    handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
    handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
    // the predicate handler takes care that all of the above
    // will only be enacted on relevant web contexts
    handler = new PredicateHandler(exchange -> {
        if (!monitor.getSecurityRealm().isPresent()) {
            return false;
        }
        if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
            return true;
        }
        if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
            if (!hasTokenAuth(exchange)) {
                return true;
            }
            return false;
        }
        if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
            return true;
        }
        return false;
    }, handler, toWrap);
    return handler;
}
Also used : DigestQop(io.undertow.security.impl.DigestQop) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) HttpServerExchange(io.undertow.server.HttpServerExchange) NamingException(javax.naming.NamingException) SecurityRealm(org.jboss.as.domain.management.SecurityRealm) SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler) ArrayList(java.util.ArrayList) AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler) DigestAlgorithm(io.undertow.security.idm.DigestAlgorithm) AuthenticationMechanismWrapper(org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper) PredicateHandler(io.undertow.server.handlers.PredicateHandler) CachedAuthenticatedSessionMechanism(io.undertow.security.impl.CachedAuthenticatedSessionMechanism) DigestQop(io.undertow.security.impl.DigestQop) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) Monitor(org.wildfly.swarm.microprofile.health.api.Monitor) Vetoed(javax.enterprise.inject.Vetoed) AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler) Set(java.util.Set) AuthenticationMode(io.undertow.security.api.AuthenticationMode) AuthMechanism(org.jboss.as.domain.management.AuthMechanism) HttpHandler(io.undertow.server.HttpHandler) List(java.util.List) SimpleNonceManager(io.undertow.security.impl.SimpleNonceManager) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) RealmIdentityManager(org.jboss.as.domain.http.server.security.RealmIdentityManager) AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler) Optional(java.util.Optional) Collections(java.util.Collections) HttpHandler(io.undertow.server.HttpHandler) AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) CachedAuthenticatedSessionMechanism(io.undertow.security.impl.CachedAuthenticatedSessionMechanism) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) RealmIdentityManager(org.jboss.as.domain.http.server.security.RealmIdentityManager) ArrayList(java.util.ArrayList) PredicateHandler(io.undertow.server.handlers.PredicateHandler) SimpleNonceManager(io.undertow.security.impl.SimpleNonceManager) AuthMechanism(org.jboss.as.domain.management.AuthMechanism) SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler) AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler) AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) DigestAlgorithm(io.undertow.security.idm.DigestAlgorithm)

Example 3 with SecurityRealm

use of org.jboss.as.domain.management.SecurityRealm in project wildfly-swarm by wildfly-swarm.

the class SecureHttpContexts method secureHandler.

/**
 * Wraps the target handler and makes it inheritSecurity.
 * Includes a predicate for relevant web contexts.
 */
@SuppressWarnings("deprecation")
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
    HttpHandler handler = toWrap;
    handler = new AuthenticationCallHandler(handler);
    handler = new AuthenticationConstraintHandler(handler);
    RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
    Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
    List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
    undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
    for (AuthMechanism current : mechanisms) {
        switch(current) {
            case DIGEST:
                List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
                List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
                undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
                break;
            case PLAIN:
                undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
                break;
            case LOCAL:
                break;
            default:
        }
    }
    handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
    handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
    // the predicate handler takes care that all of the above
    // will only be enacted on relevant web contexts
    handler = new PredicateHandler(exchange -> {
        if (!monitor.getSecurityRealm().isPresent()) {
            return false;
        }
        if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
            return true;
        }
        if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
            if (!hasTokenAuth(exchange)) {
                return true;
            }
            return false;
        }
        if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
            return true;
        }
        return false;
    }, handler, toWrap);
    return handler;
}
Also used : DigestQop(io.undertow.security.impl.DigestQop) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) HttpServerExchange(io.undertow.server.HttpServerExchange) NamingException(javax.naming.NamingException) SecurityRealm(org.jboss.as.domain.management.SecurityRealm) SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler) ArrayList(java.util.ArrayList) AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler) DigestAlgorithm(io.undertow.security.idm.DigestAlgorithm) AuthenticationMechanismWrapper(org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper) PredicateHandler(io.undertow.server.handlers.PredicateHandler) CachedAuthenticatedSessionMechanism(io.undertow.security.impl.CachedAuthenticatedSessionMechanism) DigestQop(io.undertow.security.impl.DigestQop) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) Vetoed(javax.enterprise.inject.Vetoed) AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler) Set(java.util.Set) AuthenticationMode(io.undertow.security.api.AuthenticationMode) AuthMechanism(org.jboss.as.domain.management.AuthMechanism) HttpHandler(io.undertow.server.HttpHandler) List(java.util.List) SimpleNonceManager(io.undertow.security.impl.SimpleNonceManager) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) RealmIdentityManager(org.jboss.as.domain.http.server.security.RealmIdentityManager) AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler) Optional(java.util.Optional) Collections(java.util.Collections) HttpHandler(io.undertow.server.HttpHandler) AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) CachedAuthenticatedSessionMechanism(io.undertow.security.impl.CachedAuthenticatedSessionMechanism) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) RealmIdentityManager(org.jboss.as.domain.http.server.security.RealmIdentityManager) ArrayList(java.util.ArrayList) PredicateHandler(io.undertow.server.handlers.PredicateHandler) SimpleNonceManager(io.undertow.security.impl.SimpleNonceManager) AuthMechanism(org.jboss.as.domain.management.AuthMechanism) SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler) AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler) AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) DigestAlgorithm(io.undertow.security.idm.DigestAlgorithm)

Example 4 with SecurityRealm

use of org.jboss.as.domain.management.SecurityRealm in project wildfly by wildfly.

the class EJBClientDescriptorMetaDataProcessor method getCallbackHandler.

private CallbackHandler getCallbackHandler(final ServiceRegistry serviceRegistry, final String userName, final String securityRealmName) {
    if (securityRealmName != null && !securityRealmName.trim().isEmpty()) {
        final ServiceName securityRealmServiceName = SecurityRealm.ServiceUtil.createServiceName(securityRealmName);
        final ServiceController<SecurityRealm> securityRealmController = (ServiceController<SecurityRealm>) serviceRegistry.getService(securityRealmServiceName);
        if (securityRealmController != null) {
            final SecurityRealm securityRealm = securityRealmController.getValue();
            final CallbackHandlerFactory cbhFactory;
            if (securityRealm != null && (cbhFactory = securityRealm.getSecretCallbackHandlerFactory()) != null && userName != null) {
                return cbhFactory.getCallbackHandler(userName);
            }
        }
    }
    return null;
}
Also used : CallbackHandlerFactory(org.jboss.as.domain.management.CallbackHandlerFactory) ServiceName(org.jboss.msc.service.ServiceName) SecurityRealm(org.jboss.as.domain.management.SecurityRealm) ServiceController(org.jboss.msc.service.ServiceController)

Aggregations

SecurityRealm (org.jboss.as.domain.management.SecurityRealm)4 AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)2 AuthenticationMode (io.undertow.security.api.AuthenticationMode)2 AuthenticationCallHandler (io.undertow.security.handlers.AuthenticationCallHandler)2 AuthenticationConstraintHandler (io.undertow.security.handlers.AuthenticationConstraintHandler)2 AuthenticationMechanismsHandler (io.undertow.security.handlers.AuthenticationMechanismsHandler)2 SecurityInitialHandler (io.undertow.security.handlers.SecurityInitialHandler)2 DigestAlgorithm (io.undertow.security.idm.DigestAlgorithm)2 BasicAuthenticationMechanism (io.undertow.security.impl.BasicAuthenticationMechanism)2 CachedAuthenticatedSessionMechanism (io.undertow.security.impl.CachedAuthenticatedSessionMechanism)2 DigestAuthenticationMechanism (io.undertow.security.impl.DigestAuthenticationMechanism)2 DigestQop (io.undertow.security.impl.DigestQop)2 SimpleNonceManager (io.undertow.security.impl.SimpleNonceManager)2 HttpHandler (io.undertow.server.HttpHandler)2 HttpServerExchange (io.undertow.server.HttpServerExchange)2 PredicateHandler (io.undertow.server.handlers.PredicateHandler)2 ArrayList (java.util.ArrayList)2 Collections (java.util.Collections)2 List (java.util.List)2 Optional (java.util.Optional)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial