Example 1 with ApplicationSecurityDomainConfig
use of org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig in project wildfly by wildfly.
the class EJBDefaultSecurityDomainProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
final EEModuleDescription eeModuleDescription = deploymentUnit.getAttachment(EE_MODULE_DESCRIPTION);
if (eeModuleDescription == null) {
return;
}
final Collection<ComponentDescription> componentDescriptions = eeModuleDescription.getComponentDescriptions();
if (componentDescriptions == null || componentDescriptions.isEmpty()) {
return;
}
final String defaultSecurityDomain;
if (eeModuleDescription.getDefaultSecurityDomain() == null) {
defaultSecurityDomain = this.defaultSecurityDomainName;
} else {
defaultSecurityDomain = eeModuleDescription.getDefaultSecurityDomain();
}
final CapabilityServiceSupport support = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.CAPABILITY_SERVICE_SUPPORT);
final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
// If we have a ServiceName for a security domain it should be used for all components.
ServiceName elytronDomainServiceName = securityMetaData != null ? securityMetaData.getSecurityDomain() : null;
final ServiceName ejbSecurityDomainServiceName = deploymentUnit.getServiceName().append(EJBSecurityDomainService.SERVICE_NAME);
final ApplicationSecurityDomainConfig defaultDomainMapping = knownSecurityDomain.apply(defaultSecurityDomain);
final ServiceName defaultElytronDomainServiceName;
if (defaultDomainMapping != null) {
defaultElytronDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, defaultSecurityDomain).append("security-domain");
} else {
defaultElytronDomainServiceName = null;
}
ApplicationSecurityDomainConfig selectedElytronDomainConfig = null;
if (elytronDomainServiceName == null) {
String selectedElytronDomainName = null;
boolean legacyDomainDefined = false;
boolean defaultRequired = false;
for (ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
ejbComponentDescription.setDefaultSecurityDomain(defaultSecurityDomain);
// Ensure the Jakarta Enterprise Beans components within a deployment are associated with at most one Elytron security domain
String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
defaultRequired = defaultRequired || definedSecurityDomain == null;
ApplicationSecurityDomainConfig definedDomainMapping = definedSecurityDomain != null ? knownSecurityDomain.apply(definedSecurityDomain) : null;
if (definedDomainMapping != null) {
if (selectedElytronDomainName == null) {
selectedElytronDomainName = definedSecurityDomain;
selectedElytronDomainConfig = definedDomainMapping;
} else if (selectedElytronDomainName.equals(definedSecurityDomain) == false) {
throw EjbLogger.ROOT_LOGGER.multipleSecurityDomainsDetected();
}
} else if (definedSecurityDomain != null) {
legacyDomainDefined = true;
}
}
}
final boolean useDefaultElytronMapping;
/*
* We only need to fall into the default handling if at least one Jakarta Enterprise Beans Component has no defined
* security domain.
*/
if (defaultRequired && selectedElytronDomainName == null && defaultDomainMapping != null) {
selectedElytronDomainName = defaultSecurityDomain;
selectedElytronDomainConfig = defaultDomainMapping;
elytronDomainServiceName = defaultElytronDomainServiceName;
// Only apply a default domain to the whole deployment if no legacy domain was defined.
useDefaultElytronMapping = !legacyDomainDefined;
} else {
useDefaultElytronMapping = false;
}
// If this Jakarta Enterprise Beans deployment is associated with an Elytron security domain, set up the security domain mapping
if (selectedElytronDomainConfig != null) {
final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
ServiceName applicationSecurityDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, selectedElytronDomainName);
elytronDomainServiceName = applicationSecurityDomainServiceName.append("security-domain");
final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(applicationSecurityDomainServiceName, ApplicationSecurityDomain.class, ejbSecurityDomainService.getApplicationSecurityDomainInjector());
builder.install();
for (final ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
// The component may have had a legacy SecurityDomain defined.
if (useDefaultElytronMapping || selectedElytronDomainName.equals(definedSecurityDomain)) {
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
ejbComponentDescription.setRequiresJacc(selectedElytronDomainConfig.isEnableJacc());
ejbComponentDescription.setLegacyCompliantPrincipalPropagation(selectedElytronDomainConfig.isLegacyCompliantPrincipalPropagation());
ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
} else if (definedSecurityDomain == null && defaultDomainMapping != null) {
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
ejbComponentDescription.setSecurityDomainServiceName(defaultElytronDomainServiceName);
ejbComponentDescription.setRequiresJacc(defaultDomainMapping.isEnableJacc());
ejbComponentDescription.setLegacyCompliantPrincipalPropagation(defaultDomainMapping.isLegacyCompliantPrincipalPropagation());
ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
}
}
}
}
} else {
// We will use the defined Elytron domain for all Jakarta Enterprise Beans and ignore individual configuration.
// Bean level activation remains dependent on configuration of bean - i.e. does it actually need security?
final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(elytronDomainServiceName, SecurityDomain.class, ejbSecurityDomainService.getSecurityDomainInjector());
builder.install();
for (ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
componentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
}
}
}
}
Also used :
CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport)
ATTACHMENT_KEY(org.jboss.as.server.security.SecurityMetaData.ATTACHMENT_KEY)
EE_MODULE_DESCRIPTION(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION)
EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription)
Collection(java.util.Collection)
DeploymentPhaseContext(org.jboss.as.server.deployment.DeploymentPhaseContext)
ServiceBuilder(org.jboss.msc.service.ServiceBuilder)
EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription)
Function(java.util.function.Function)
ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
BooleanSupplier(java.util.function.BooleanSupplier)
ComponentDescription(org.jboss.as.ee.component.ComponentDescription)
SecurityMetaData(org.jboss.as.server.security.SecurityMetaData)
EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService)
ApplicationSecurityDomainDefinition(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainDefinition)
EjbLogger(org.jboss.as.ejb3.logging.EjbLogger)
ServiceName(org.jboss.msc.service.ServiceName)
DeploymentUnitProcessor(org.jboss.as.server.deployment.DeploymentUnitProcessor)
DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException)
ApplicationSecurityDomain(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription)
ComponentDescription(org.jboss.as.ee.component.ComponentDescription)
SecurityMetaData(org.jboss.as.server.security.SecurityMetaData)
ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig)
EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription)
CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport)
EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription)
ServiceName(org.jboss.msc.service.ServiceName)
EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
Aggregations
Collection (java.util.Collection)1
BooleanSupplier (java.util.function.BooleanSupplier)1
Function (java.util.function.Function)1
CapabilityServiceSupport (org.jboss.as.controller.capability.CapabilityServiceSupport)1
EE_MODULE_DESCRIPTION (org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION)1
ComponentDescription (org.jboss.as.ee.component.ComponentDescription)1
EEModuleDescription (org.jboss.as.ee.component.EEModuleDescription)1
EJBComponentDescription (org.jboss.as.ejb3.component.EJBComponentDescription)1
EJBSecurityDomainService (org.jboss.as.ejb3.deployment.EJBSecurityDomainService)1
EjbLogger (org.jboss.as.ejb3.logging.EjbLogger)1
ApplicationSecurityDomainConfig (org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig)1
ApplicationSecurityDomainDefinition (org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainDefinition)1
ApplicationSecurityDomain (org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain)1
DeploymentPhaseContext (org.jboss.as.server.deployment.DeploymentPhaseContext)1
DeploymentUnit (org.jboss.as.server.deployment.DeploymentUnit)1
DeploymentUnitProcessingException (org.jboss.as.server.deployment.DeploymentUnitProcessingException)1
DeploymentUnitProcessor (org.jboss.as.server.deployment.DeploymentUnitProcessor)1
SecurityMetaData (org.jboss.as.server.security.SecurityMetaData)1
ATTACHMENT_KEY (org.jboss.as.server.security.SecurityMetaData.ATTACHMENT_KEY)1
ServiceBuilder (org.jboss.msc.service.ServiceBuilder)1
