use of org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig in project wildfly by wildfly.
the class EJBDefaultSecurityDomainProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
final EEModuleDescription eeModuleDescription = deploymentUnit.getAttachment(EE_MODULE_DESCRIPTION);
if (eeModuleDescription == null) {
return;
}
final Collection<ComponentDescription> componentDescriptions = eeModuleDescription.getComponentDescriptions();
if (componentDescriptions == null || componentDescriptions.isEmpty()) {
return;
}
final String defaultSecurityDomain;
if (eeModuleDescription.getDefaultSecurityDomain() == null) {
defaultSecurityDomain = this.defaultSecurityDomainName;
} else {
defaultSecurityDomain = eeModuleDescription.getDefaultSecurityDomain();
}
final CapabilityServiceSupport support = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.CAPABILITY_SERVICE_SUPPORT);
final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
// If we have a ServiceName for a security domain it should be used for all components.
ServiceName elytronDomainServiceName = securityMetaData != null ? securityMetaData.getSecurityDomain() : null;
final ServiceName ejbSecurityDomainServiceName = deploymentUnit.getServiceName().append(EJBSecurityDomainService.SERVICE_NAME);
final ApplicationSecurityDomainConfig defaultDomainMapping = knownSecurityDomain.apply(defaultSecurityDomain);
final ServiceName defaultElytronDomainServiceName;
if (defaultDomainMapping != null) {
defaultElytronDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, defaultSecurityDomain).append("security-domain");
} else {
defaultElytronDomainServiceName = null;
}
ApplicationSecurityDomainConfig selectedElytronDomainConfig = null;
if (elytronDomainServiceName == null) {
String selectedElytronDomainName = null;
boolean legacyDomainDefined = false;
boolean defaultRequired = false;
for (ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
ejbComponentDescription.setDefaultSecurityDomain(defaultSecurityDomain);
// Ensure the Jakarta Enterprise Beans components within a deployment are associated with at most one Elytron security domain
String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
defaultRequired = defaultRequired || definedSecurityDomain == null;
ApplicationSecurityDomainConfig definedDomainMapping = definedSecurityDomain != null ? knownSecurityDomain.apply(definedSecurityDomain) : null;
if (definedDomainMapping != null) {
if (selectedElytronDomainName == null) {
selectedElytronDomainName = definedSecurityDomain;
selectedElytronDomainConfig = definedDomainMapping;
} else if (selectedElytronDomainName.equals(definedSecurityDomain) == false) {
throw EjbLogger.ROOT_LOGGER.multipleSecurityDomainsDetected();
}
} else if (definedSecurityDomain != null) {
legacyDomainDefined = true;
}
}
}
final boolean useDefaultElytronMapping;
/*
* We only need to fall into the default handling if at least one Jakarta Enterprise Beans Component has no defined
* security domain.
*/
if (defaultRequired && selectedElytronDomainName == null && defaultDomainMapping != null) {
selectedElytronDomainName = defaultSecurityDomain;
selectedElytronDomainConfig = defaultDomainMapping;
elytronDomainServiceName = defaultElytronDomainServiceName;
// Only apply a default domain to the whole deployment if no legacy domain was defined.
useDefaultElytronMapping = !legacyDomainDefined;
} else {
useDefaultElytronMapping = false;
}
// If this Jakarta Enterprise Beans deployment is associated with an Elytron security domain, set up the security domain mapping
if (selectedElytronDomainConfig != null) {
final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
ServiceName applicationSecurityDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, selectedElytronDomainName);
elytronDomainServiceName = applicationSecurityDomainServiceName.append("security-domain");
final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(applicationSecurityDomainServiceName, ApplicationSecurityDomain.class, ejbSecurityDomainService.getApplicationSecurityDomainInjector());
builder.install();
for (final ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
// The component may have had a legacy SecurityDomain defined.
if (useDefaultElytronMapping || selectedElytronDomainName.equals(definedSecurityDomain)) {
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
ejbComponentDescription.setRequiresJacc(selectedElytronDomainConfig.isEnableJacc());
ejbComponentDescription.setLegacyCompliantPrincipalPropagation(selectedElytronDomainConfig.isLegacyCompliantPrincipalPropagation());
ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
} else if (definedSecurityDomain == null && defaultDomainMapping != null) {
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
ejbComponentDescription.setSecurityDomainServiceName(defaultElytronDomainServiceName);
ejbComponentDescription.setRequiresJacc(defaultDomainMapping.isEnableJacc());
ejbComponentDescription.setLegacyCompliantPrincipalPropagation(defaultDomainMapping.isLegacyCompliantPrincipalPropagation());
ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
}
}
}
}
} else {
// We will use the defined Elytron domain for all Jakarta Enterprise Beans and ignore individual configuration.
// Bean level activation remains dependent on configuration of bean - i.e. does it actually need security?
final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(elytronDomainServiceName, SecurityDomain.class, ejbSecurityDomainService.getSecurityDomainInjector());
builder.install();
for (ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
componentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
}
}
}
}
Aggregations