Search in sources :

Example 1 with ApplicationSecurityDomainConfig

use of org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig in project wildfly by wildfly.

the class EJBDefaultSecurityDomainProcessor method deploy.

@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    final EEModuleDescription eeModuleDescription = deploymentUnit.getAttachment(EE_MODULE_DESCRIPTION);
    if (eeModuleDescription == null) {
        return;
    }
    final Collection<ComponentDescription> componentDescriptions = eeModuleDescription.getComponentDescriptions();
    if (componentDescriptions == null || componentDescriptions.isEmpty()) {
        return;
    }
    final String defaultSecurityDomain;
    if (eeModuleDescription.getDefaultSecurityDomain() == null) {
        defaultSecurityDomain = this.defaultSecurityDomainName;
    } else {
        defaultSecurityDomain = eeModuleDescription.getDefaultSecurityDomain();
    }
    final CapabilityServiceSupport support = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.CAPABILITY_SERVICE_SUPPORT);
    final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
    // If we have a ServiceName for a security domain it should be used for all components.
    ServiceName elytronDomainServiceName = securityMetaData != null ? securityMetaData.getSecurityDomain() : null;
    final ServiceName ejbSecurityDomainServiceName = deploymentUnit.getServiceName().append(EJBSecurityDomainService.SERVICE_NAME);
    final ApplicationSecurityDomainConfig defaultDomainMapping = knownSecurityDomain.apply(defaultSecurityDomain);
    final ServiceName defaultElytronDomainServiceName;
    if (defaultDomainMapping != null) {
        defaultElytronDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, defaultSecurityDomain).append("security-domain");
    } else {
        defaultElytronDomainServiceName = null;
    }
    ApplicationSecurityDomainConfig selectedElytronDomainConfig = null;
    if (elytronDomainServiceName == null) {
        String selectedElytronDomainName = null;
        boolean legacyDomainDefined = false;
        boolean defaultRequired = false;
        for (ComponentDescription componentDescription : componentDescriptions) {
            if (componentDescription instanceof EJBComponentDescription) {
                EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
                ejbComponentDescription.setDefaultSecurityDomain(defaultSecurityDomain);
                // Ensure the Jakarta Enterprise Beans components within a deployment are associated with at most one Elytron security domain
                String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
                defaultRequired = defaultRequired || definedSecurityDomain == null;
                ApplicationSecurityDomainConfig definedDomainMapping = definedSecurityDomain != null ? knownSecurityDomain.apply(definedSecurityDomain) : null;
                if (definedDomainMapping != null) {
                    if (selectedElytronDomainName == null) {
                        selectedElytronDomainName = definedSecurityDomain;
                        selectedElytronDomainConfig = definedDomainMapping;
                    } else if (selectedElytronDomainName.equals(definedSecurityDomain) == false) {
                        throw EjbLogger.ROOT_LOGGER.multipleSecurityDomainsDetected();
                    }
                } else if (definedSecurityDomain != null) {
                    legacyDomainDefined = true;
                }
            }
        }
        final boolean useDefaultElytronMapping;
        /*
             * We only need to fall into the default handling if at least one Jakarta Enterprise Beans Component has no defined
             * security domain.
             */
        if (defaultRequired && selectedElytronDomainName == null && defaultDomainMapping != null) {
            selectedElytronDomainName = defaultSecurityDomain;
            selectedElytronDomainConfig = defaultDomainMapping;
            elytronDomainServiceName = defaultElytronDomainServiceName;
            // Only apply a default domain to the whole deployment if no legacy domain was defined.
            useDefaultElytronMapping = !legacyDomainDefined;
        } else {
            useDefaultElytronMapping = false;
        }
        // If this Jakarta Enterprise Beans deployment is associated with an Elytron security domain, set up the security domain mapping
        if (selectedElytronDomainConfig != null) {
            final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
            ServiceName applicationSecurityDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, selectedElytronDomainName);
            elytronDomainServiceName = applicationSecurityDomainServiceName.append("security-domain");
            final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(applicationSecurityDomainServiceName, ApplicationSecurityDomain.class, ejbSecurityDomainService.getApplicationSecurityDomainInjector());
            builder.install();
            for (final ComponentDescription componentDescription : componentDescriptions) {
                if (componentDescription instanceof EJBComponentDescription) {
                    EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
                    String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
                    // The component may have had a legacy SecurityDomain defined.
                    if (useDefaultElytronMapping || selectedElytronDomainName.equals(definedSecurityDomain)) {
                        ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
                        ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
                        ejbComponentDescription.setRequiresJacc(selectedElytronDomainConfig.isEnableJacc());
                        ejbComponentDescription.setLegacyCompliantPrincipalPropagation(selectedElytronDomainConfig.isLegacyCompliantPrincipalPropagation());
                        ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
                    } else if (definedSecurityDomain == null && defaultDomainMapping != null) {
                        ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
                        ejbComponentDescription.setSecurityDomainServiceName(defaultElytronDomainServiceName);
                        ejbComponentDescription.setRequiresJacc(defaultDomainMapping.isEnableJacc());
                        ejbComponentDescription.setLegacyCompliantPrincipalPropagation(defaultDomainMapping.isLegacyCompliantPrincipalPropagation());
                        ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
                    }
                }
            }
        }
    } else {
        // We will use the defined Elytron domain for all Jakarta Enterprise Beans and ignore individual configuration.
        // Bean level activation remains dependent on configuration of bean - i.e. does it actually need security?
        final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
        final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(elytronDomainServiceName, SecurityDomain.class, ejbSecurityDomainService.getSecurityDomainInjector());
        builder.install();
        for (ComponentDescription componentDescription : componentDescriptions) {
            if (componentDescription instanceof EJBComponentDescription) {
                EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
                ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
                ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
                componentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
            }
        }
    }
}
Also used : CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport) ATTACHMENT_KEY(org.jboss.as.server.security.SecurityMetaData.ATTACHMENT_KEY) EE_MODULE_DESCRIPTION(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION) EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription) Collection(java.util.Collection) DeploymentPhaseContext(org.jboss.as.server.deployment.DeploymentPhaseContext) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription) Function(java.util.function.Function) ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit) BooleanSupplier(java.util.function.BooleanSupplier) ComponentDescription(org.jboss.as.ee.component.ComponentDescription) SecurityMetaData(org.jboss.as.server.security.SecurityMetaData) EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService) ApplicationSecurityDomainDefinition(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainDefinition) EjbLogger(org.jboss.as.ejb3.logging.EjbLogger) ServiceName(org.jboss.msc.service.ServiceName) DeploymentUnitProcessor(org.jboss.as.server.deployment.DeploymentUnitProcessor) DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException) ApplicationSecurityDomain(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription) ComponentDescription(org.jboss.as.ee.component.ComponentDescription) SecurityMetaData(org.jboss.as.server.security.SecurityMetaData) ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig) EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription) CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport) EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription) ServiceName(org.jboss.msc.service.ServiceName) EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)

Aggregations

Collection (java.util.Collection)1 BooleanSupplier (java.util.function.BooleanSupplier)1 Function (java.util.function.Function)1 CapabilityServiceSupport (org.jboss.as.controller.capability.CapabilityServiceSupport)1 EE_MODULE_DESCRIPTION (org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION)1 ComponentDescription (org.jboss.as.ee.component.ComponentDescription)1 EEModuleDescription (org.jboss.as.ee.component.EEModuleDescription)1 EJBComponentDescription (org.jboss.as.ejb3.component.EJBComponentDescription)1 EJBSecurityDomainService (org.jboss.as.ejb3.deployment.EJBSecurityDomainService)1 EjbLogger (org.jboss.as.ejb3.logging.EjbLogger)1 ApplicationSecurityDomainConfig (org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig)1 ApplicationSecurityDomainDefinition (org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainDefinition)1 ApplicationSecurityDomain (org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain)1 DeploymentPhaseContext (org.jboss.as.server.deployment.DeploymentPhaseContext)1 DeploymentUnit (org.jboss.as.server.deployment.DeploymentUnit)1 DeploymentUnitProcessingException (org.jboss.as.server.deployment.DeploymentUnitProcessingException)1 DeploymentUnitProcessor (org.jboss.as.server.deployment.DeploymentUnitProcessor)1 SecurityMetaData (org.jboss.as.server.security.SecurityMetaData)1 ATTACHMENT_KEY (org.jboss.as.server.security.SecurityMetaData.ATTACHMENT_KEY)1 ServiceBuilder (org.jboss.msc.service.ServiceBuilder)1