Search in sources :

Example 1 with SecurityMetaData

use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.

the class UndertowDeploymentProcessor method processDeployment.

private void processDeployment(final WarMetaData warMetaData, final DeploymentUnit deploymentUnit, final ServiceTarget serviceTarget, final String deploymentName, final String hostName, final String serverInstanceName, final boolean isDefaultWebModule) throws DeploymentUnitProcessingException {
    ResourceRoot deploymentResourceRoot = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_ROOT);
    final VirtualFile deploymentRoot = deploymentResourceRoot.getRoot();
    final Module module = deploymentUnit.getAttachment(Attachments.MODULE);
    if (module == null) {
        throw new DeploymentUnitProcessingException(UndertowLogger.ROOT_LOGGER.failedToResolveModule(deploymentUnit));
    }
    final JBossWebMetaData metaData = warMetaData.getMergedJBossWebMetaData();
    final List<SetupAction> setupActions = deploymentUnit.getAttachmentList(org.jboss.as.ee.component.Attachments.WEB_SETUP_ACTIONS);
    CapabilityServiceSupport capabilitySupport = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT);
    ScisMetaData scisMetaData = deploymentUnit.getAttachment(ScisMetaData.ATTACHMENT_KEY);
    final Set<ServiceName> dependentComponents = new HashSet<>();
    // see AS7-2077
    // basically we want to ignore components that have failed for whatever reason
    // if they are important they will be picked up when the web deployment actually starts
    final List<ServiceName> components = deploymentUnit.getAttachmentList(WebComponentDescription.WEB_COMPONENTS);
    final Set<ServiceName> failed = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.FAILED_COMPONENTS);
    for (final ServiceName component : components) {
        if (!failed.contains(component)) {
            dependentComponents.add(component);
        }
    }
    String servletContainerName = metaData.getServletContainerName();
    if (servletContainerName == null) {
        servletContainerName = defaultContainer;
    }
    final boolean componentRegistryExists = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.COMPONENT_REGISTRY) != null;
    final ComponentRegistry componentRegistry = componentRegistryExists ? deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.COMPONENT_REGISTRY) : new ComponentRegistry(null);
    final ClassLoader loader = module.getClassLoader();
    final WebInjectionContainer injectionContainer = (metaData.getDistributable() == null) ? new CachingWebInjectionContainer(loader, componentRegistry) : new SimpleWebInjectionContainer(loader, componentRegistry);
    String jaccContextId = metaData.getJaccContextID();
    if (jaccContextId == null) {
        jaccContextId = deploymentUnit.getName();
    }
    if (deploymentUnit.getParent() != null) {
        jaccContextId = deploymentUnit.getParent().getName() + "!" + jaccContextId;
    }
    String pathName = pathNameOfDeployment(deploymentUnit, metaData, isDefaultWebModule);
    final Set<ServiceName> additionalDependencies = new HashSet<>();
    for (final SetupAction setupAction : setupActions) {
        Set<ServiceName> dependencies = setupAction.dependencies();
        if (dependencies != null) {
            additionalDependencies.addAll(dependencies);
        }
    }
    SharedSessionManagerConfig sharedSessionManagerConfig = deploymentUnit.getParent() != null ? deploymentUnit.getParent().getAttachment(SharedSessionManagerConfig.ATTACHMENT_KEY) : null;
    if (!deploymentResourceRoot.isUsePhysicalCodeSource()) {
        try {
            deploymentUnit.addToAttachmentList(ServletContextAttribute.ATTACHMENT_KEY, new ServletContextAttribute(Constants.CODE_SOURCE_ATTRIBUTE_NAME, deploymentRoot.toURL()));
        } catch (MalformedURLException e) {
            throw new DeploymentUnitProcessingException(e);
        }
    }
    deploymentUnit.addToAttachmentList(ServletContextAttribute.ATTACHMENT_KEY, new ServletContextAttribute(Constants.PERMISSION_COLLECTION_ATTRIBUTE_NAME, deploymentUnit.getAttachment(Attachments.MODULE_PERMISSIONS)));
    additionalDependencies.addAll(warMetaData.getAdditionalDependencies());
    try {
        String capability = HostSingleSignOnDefinition.HOST_SSO_CAPABILITY.fromBaseCapability(serverInstanceName, hostName).getName();
        capabilitySupport.getCapabilityRuntimeAPI(capability, Object.class);
        additionalDependencies.add(capabilitySupport.getCapabilityServiceName(capability));
    } catch (CapabilityServiceSupport.NoSuchCapabilityException e) {
    // ignore
    }
    final ServiceName hostServiceName = UndertowService.virtualHostName(serverInstanceName, hostName);
    final ServiceName legacyDeploymentServiceName = UndertowService.deploymentServiceName(serverInstanceName, hostName, pathName);
    final ServiceName deploymentServiceName = UndertowService.deploymentServiceName(deploymentUnit.getServiceName());
    StartupCountdown countDown = deploymentUnit.getAttachment(STARTUP_COUNTDOWN);
    if (countDown != null) {
        deploymentUnit.addToAttachmentList(UndertowAttachments.UNDERTOW_INITIAL_HANDLER_CHAIN_WRAPPERS, handler -> new ComponentStartupCountdownHandler(handler, countDown));
    }
    String securityDomain = deploymentUnit.getAttachment(UndertowAttachments.RESOLVED_SECURITY_DOMAIN);
    TldsMetaData tldsMetaData = deploymentUnit.getAttachment(TldsMetaData.ATTACHMENT_KEY);
    final ServiceName deploymentInfoServiceName = deploymentServiceName.append(UndertowDeploymentInfoService.SERVICE_NAME);
    final ServiceName legacyDeploymentInfoServiceName = legacyDeploymentServiceName.append(UndertowDeploymentInfoService.SERVICE_NAME);
    final ServiceBuilder<?> udisBuilder = serviceTarget.addService(deploymentInfoServiceName);
    final Consumer<DeploymentInfo> diConsumer = udisBuilder.provides(deploymentInfoServiceName, legacyDeploymentInfoServiceName);
    final Supplier<UndertowService> usSupplier = udisBuilder.requires(UndertowService.UNDERTOW);
    final Supplier<SessionManagerFactory> smfSupplier;
    final Supplier<SessionIdentifierCodec> sicSupplier;
    final Supplier<ServletContainerService> scsSupplier = udisBuilder.requires(UndertowService.SERVLET_CONTAINER.append(servletContainerName));
    final Supplier<ComponentRegistry> crSupplier = componentRegistryExists ? udisBuilder.requires(ComponentRegistry.serviceName(deploymentUnit)) : new Supplier<ComponentRegistry>() {

        @Override
        public ComponentRegistry get() {
            return componentRegistry;
        }
    };
    final Supplier<Host> hostSupplier = udisBuilder.requires(hostServiceName);
    Supplier<ControlPoint> cpSupplier = null;
    final Supplier<SuspendController> scSupplier = udisBuilder.requires(capabilitySupport.getCapabilityServiceName(Capabilities.REF_SUSPEND_CONTROLLER));
    final Supplier<ServerEnvironment> serverEnvSupplier = udisBuilder.requires(ServerEnvironmentService.SERVICE_NAME);
    Supplier<SecurityDomain> sdSupplier = null;
    Supplier<HttpServerAuthenticationMechanismFactory> mechanismFactorySupplier = null;
    Supplier<BiFunction> bfSupplier = null;
    for (final ServiceName additionalDependency : additionalDependencies) {
        udisBuilder.requires(additionalDependency);
    }
    final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
    if (isVirtualDomainRequired(deploymentUnit) || isVirtualMechanismFactoryRequired(deploymentUnit)) {
        sdSupplier = udisBuilder.requires(securityMetaData.getSecurityDomain());
    } else if (securityDomain != null) {
        if (mappedSecurityDomain.test(securityDomain)) {
            bfSupplier = udisBuilder.requires(deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT).getCapabilityServiceName(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN, securityDomain));
        } else {
            throw ROOT_LOGGER.deploymentConfiguredForLegacySecurity();
        }
    }
    if (isVirtualMechanismFactoryRequired(deploymentUnit)) {
        if (securityMetaData instanceof AdvancedSecurityMetaData) {
            mechanismFactorySupplier = udisBuilder.requires(((AdvancedSecurityMetaData) securityMetaData).getHttpServerAuthenticationMechanismFactory());
        }
    }
    if (RequestControllerActivationMarker.isRequestControllerEnabled(deploymentUnit)) {
        String topLevelName;
        if (deploymentUnit.getParent() == null) {
            topLevelName = deploymentUnit.getName();
        } else {
            topLevelName = deploymentUnit.getParent().getName();
        }
        cpSupplier = udisBuilder.requires(ControlPointService.serviceName(topLevelName, UndertowExtension.SUBSYSTEM_NAME));
    }
    if (sharedSessionManagerConfig != null) {
        final ServiceName parentSN = deploymentUnit.getParent().getServiceName();
        smfSupplier = udisBuilder.requires(parentSN.append(SharedSessionManagerConfig.SHARED_SESSION_MANAGER_SERVICE_NAME));
        sicSupplier = udisBuilder.requires(parentSN.append(SharedSessionManagerConfig.SHARED_SESSION_IDENTIFIER_CODEC_SERVICE_NAME));
    } else {
        ServletContainerService servletContainer = deploymentUnit.getAttachment(UndertowAttachments.SERVLET_CONTAINER_SERVICE);
        Integer maxActiveSessions = (metaData.getMaxActiveSessions() != null) ? metaData.getMaxActiveSessions() : (servletContainer != null) ? servletContainer.getMaxSessions() : null;
        SessionConfigMetaData sessionConfig = metaData.getSessionConfig();
        int defaultSessionTimeout = ((sessionConfig != null) && sessionConfig.getSessionTimeoutSet()) ? sessionConfig.getSessionTimeout() : (servletContainer != null) ? servletContainer.getDefaultSessionTimeout() : Integer.valueOf(30);
        ServiceName factoryServiceName = deploymentServiceName.append("session");
        ServiceName codecServiceName = deploymentServiceName.append("codec");
        SessionManagementProvider provider = this.getDistributableWebDeploymentProvider(deploymentUnit, metaData);
        SessionManagerFactoryConfiguration configuration = new SessionManagerFactoryConfiguration() {

            @Override
            public String getServerName() {
                return serverInstanceName;
            }

            @Override
            public String getDeploymentName() {
                return deploymentName;
            }

            @Override
            public Module getModule() {
                return module;
            }

            @Override
            public Integer getMaxActiveSessions() {
                return maxActiveSessions;
            }

            @Override
            public Duration getDefaultSessionTimeout() {
                return Duration.ofMinutes(defaultSessionTimeout);
            }
        };
        CapabilityServiceConfigurator factoryConfigurator = provider.getSessionManagerFactoryServiceConfigurator(factoryServiceName, configuration);
        CapabilityServiceConfigurator codecConfigurator = provider.getSessionIdentifierCodecServiceConfigurator(codecServiceName, configuration);
        smfSupplier = udisBuilder.requires(factoryConfigurator.getServiceName());
        sicSupplier = udisBuilder.requires(codecConfigurator.getServiceName());
        CapabilityServiceSupport support = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT);
        factoryConfigurator.configure(support).build(serviceTarget).install();
        codecConfigurator.configure(support).build(serviceTarget).install();
    }
    UndertowDeploymentInfoService undertowDeploymentInfoService = UndertowDeploymentInfoService.builder().setAttributes(deploymentUnit.getAttachmentList(ServletContextAttribute.ATTACHMENT_KEY)).setContextPath(pathName).setDeploymentName(// todo: is this deployment name concept really applicable?
    deploymentName).setDeploymentRoot(deploymentRoot).setMergedMetaData(warMetaData.getMergedJBossWebMetaData()).setModule(module).setScisMetaData(scisMetaData).setJaccContextId(jaccContextId).setSecurityDomain(securityDomain).setTldInfo(createTldsInfo(tldsMetaData, tldsMetaData == null ? null : tldsMetaData.getSharedTlds(deploymentUnit))).setSetupActions(setupActions).setSharedSessionManagerConfig(sharedSessionManagerConfig).setOverlays(warMetaData.getOverlays()).setExpressionFactoryWrappers(deploymentUnit.getAttachmentList(ExpressionFactoryWrapper.ATTACHMENT_KEY)).setPredicatedHandlers(deploymentUnit.getAttachment(UndertowHandlersDeploymentProcessor.PREDICATED_HANDLERS)).setInitialHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_INITIAL_HANDLER_CHAIN_WRAPPERS)).setInnerHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_INNER_HANDLER_CHAIN_WRAPPERS)).setOuterHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_OUTER_HANDLER_CHAIN_WRAPPERS)).setThreadSetupActions(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_THREAD_SETUP_ACTIONS)).setServletExtensions(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_SERVLET_EXTENSIONS)).setExplodedDeployment(ExplodedDeploymentMarker.isExplodedDeployment(deploymentUnit)).setWebSocketDeploymentInfo(deploymentUnit.getAttachment(UndertowAttachments.WEB_SOCKET_DEPLOYMENT_INFO)).setTempDir(warMetaData.getTempDir()).setExternalResources(deploymentUnit.getAttachmentList(UndertowAttachments.EXTERNAL_RESOURCES)).setAllowSuspendedRequests(deploymentUnit.getAttachmentList(UndertowAttachments.ALLOW_REQUEST_WHEN_SUSPENDED)).createUndertowDeploymentInfoService(diConsumer, usSupplier, smfSupplier, sicSupplier, scsSupplier, crSupplier, hostSupplier, cpSupplier, scSupplier, serverEnvSupplier, sdSupplier, mechanismFactorySupplier, bfSupplier);
    udisBuilder.setInstance(undertowDeploymentInfoService);
    final Set<String> seenExecutors = new HashSet<String>();
    if (metaData.getExecutorName() != null) {
        final Supplier<Executor> executor = udisBuilder.requires(IOServices.WORKER.append(metaData.getExecutorName()));
        undertowDeploymentInfoService.addInjectedExecutor(metaData.getExecutorName(), executor);
        seenExecutors.add(metaData.getExecutorName());
    }
    if (metaData.getServlets() != null) {
        for (JBossServletMetaData servlet : metaData.getServlets()) {
            if (servlet.getExecutorName() != null && !seenExecutors.contains(servlet.getExecutorName())) {
                final Supplier<Executor> executor = udisBuilder.requires(IOServices.WORKER.append(servlet.getExecutorName()));
                undertowDeploymentInfoService.addInjectedExecutor(servlet.getExecutorName(), executor);
                seenExecutors.add(servlet.getExecutorName());
            }
        }
    }
    try {
        udisBuilder.install();
    } catch (DuplicateServiceException e) {
        throw UndertowLogger.ROOT_LOGGER.duplicateHostContextDeployments(deploymentInfoServiceName, e.getMessage());
    }
    final ServiceBuilder<?> udsBuilder = serviceTarget.addService(deploymentServiceName);
    final Consumer<UndertowDeploymentService> sConsumer = udsBuilder.provides(deploymentServiceName, legacyDeploymentServiceName);
    final Supplier<ServletContainerService> cSupplier = udsBuilder.requires(UndertowService.SERVLET_CONTAINER.append(defaultContainer));
    final Supplier<ExecutorService> seSupplier = Services.requireServerExecutor(udsBuilder);
    final Supplier<Host> hSupplier = udsBuilder.requires(hostServiceName);
    final Supplier<DeploymentInfo> diSupplier = udsBuilder.requires(deploymentInfoServiceName);
    for (final ServiceName webDependency : deploymentUnit.getAttachmentList(Attachments.WEB_DEPENDENCIES)) {
        udsBuilder.requires(webDependency);
    }
    for (final ServiceName dependentComponent : dependentComponents) {
        udsBuilder.requires(dependentComponent);
    }
    udsBuilder.setInstance(new UndertowDeploymentService(sConsumer, cSupplier, seSupplier, hSupplier, diSupplier, injectionContainer, true));
    udsBuilder.install();
    deploymentUnit.addToAttachmentList(Attachments.DEPLOYMENT_COMPLETE_SERVICES, deploymentServiceName);
    // adding Jakarta Authorization service
    final boolean elytronJacc = capabilitySupport.hasCapability(ELYTRON_JACC_CAPABILITY_NAME);
    final boolean legacyJacc = !elytronJacc && legacySecurityInstalled(deploymentUnit);
    if (legacyJacc || elytronJacc) {
        WarJACCDeployer deployer = new WarJACCDeployer();
        JaccService<WarMetaData> jaccService = deployer.deploy(deploymentUnit, jaccContextId);
        if (jaccService != null) {
            final ServiceName jaccServiceName = deploymentUnit.getServiceName().append(JaccService.SERVICE_NAME);
            ServiceBuilder<?> jaccBuilder = serviceTarget.addService(jaccServiceName, jaccService);
            if (deploymentUnit.getParent() != null) {
                // add dependency to parent policy
                final DeploymentUnit parentDU = deploymentUnit.getParent();
                jaccBuilder.addDependency(parentDU.getServiceName().append(JaccService.SERVICE_NAME), PolicyConfiguration.class, jaccService.getParentPolicyInjector());
            }
            jaccBuilder.addDependency(capabilitySupport.getCapabilityServiceName(elytronJacc ? ELYTRON_JACC_CAPABILITY_NAME : LEGACY_JACC_CAPABILITY_NAME));
            // add dependency to web deployment service
            jaccBuilder.requires(deploymentServiceName);
            jaccBuilder.setInitialMode(Mode.PASSIVE).install();
        }
    }
    // Process the web related mgmt information
    final DeploymentResourceSupport deploymentResourceSupport = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_RESOURCE_SUPPORT);
    final ModelNode node = deploymentResourceSupport.getDeploymentSubsystemModel(UndertowExtension.SUBSYSTEM_NAME);
    node.get(DeploymentDefinition.CONTEXT_ROOT.getName()).set("".equals(pathName) ? "/" : pathName);
    node.get(DeploymentDefinition.VIRTUAL_HOST.getName()).set(hostName);
    node.get(DeploymentDefinition.SERVER.getName()).set(serverInstanceName);
    processManagement(deploymentUnit, metaData);
}
Also used : JBossWebMetaData(org.jboss.metadata.web.jboss.JBossWebMetaData) MalformedURLException(java.net.MalformedURLException) SimpleWebInjectionContainer(org.jboss.as.web.common.SimpleWebInjectionContainer) CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SharedSessionManagerConfig(org.jboss.as.web.session.SharedSessionManagerConfig) DuplicateServiceException(org.jboss.msc.service.DuplicateServiceException) ServerEnvironment(org.jboss.as.server.ServerEnvironment) StartupCountdown(org.jboss.as.ee.component.deployers.StartupCountdown) HashSet(java.util.HashSet) SessionManagerFactoryConfiguration(org.wildfly.clustering.web.container.SessionManagerFactoryConfiguration) AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData) SetupAction(org.jboss.as.server.deployment.SetupAction) UndertowService(org.wildfly.extension.undertow.UndertowService) ServiceName(org.jboss.msc.service.ServiceName) InMemorySessionManagerFactory(io.undertow.servlet.core.InMemorySessionManagerFactory) SessionManagerFactory(io.undertow.servlet.api.SessionManagerFactory) Module(org.jboss.modules.Module) ModelNode(org.jboss.dmr.ModelNode) VirtualFile(org.jboss.vfs.VirtualFile) DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException) SessionManagementProvider(org.wildfly.clustering.web.container.SessionManagementProvider) NonDistributableSessionManagementProvider(org.wildfly.extension.undertow.session.NonDistributableSessionManagementProvider) JBossServletMetaData(org.jboss.metadata.web.jboss.JBossServletMetaData) WarMetaData(org.jboss.as.web.common.WarMetaData) AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData) SecurityMetaData(org.jboss.as.server.security.SecurityMetaData) ServletContextAttribute(org.jboss.as.web.common.ServletContextAttribute) ResourceRoot(org.jboss.as.server.deployment.module.ResourceRoot) DeploymentResourceSupport(org.jboss.as.server.deployment.DeploymentResourceSupport) Executor(java.util.concurrent.Executor) SuspendController(org.jboss.as.server.suspend.SuspendController) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) CachingWebInjectionContainer(org.jboss.as.web.common.CachingWebInjectionContainer) SessionConfigMetaData(org.jboss.metadata.web.spec.SessionConfigMetaData) HttpServerAuthenticationMechanismFactory(org.wildfly.security.http.HttpServerAuthenticationMechanismFactory) CapabilityServiceConfigurator(org.jboss.as.clustering.controller.CapabilityServiceConfigurator) ServletContainerService(org.wildfly.extension.undertow.ServletContainerService) Host(org.wildfly.extension.undertow.Host) ControlPoint(org.wildfly.extension.requestcontroller.ControlPoint) ControlPoint(org.wildfly.extension.requestcontroller.ControlPoint) SessionIdentifierCodec(org.jboss.as.web.session.SessionIdentifierCodec) ComponentRegistry(org.jboss.as.ee.component.ComponentRegistry) BiFunction(java.util.function.BiFunction) SimpleWebInjectionContainer(org.jboss.as.web.common.SimpleWebInjectionContainer) WebInjectionContainer(org.jboss.as.web.common.WebInjectionContainer) CachingWebInjectionContainer(org.jboss.as.web.common.CachingWebInjectionContainer) ExecutorService(java.util.concurrent.ExecutorService) WarJACCDeployer(org.wildfly.extension.undertow.security.jacc.WarJACCDeployer) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)

Example 2 with SecurityMetaData

use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.

the class SecurityDomainResolvingProcessor method deploy.

@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    final WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
    if (warMetaData == null) {
        return;
    }
    final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
    if (securityMetaData != null && securityMetaData.getSecurityDomain() != null) {
        // The SecurityDomain is already defined.
        return;
    }
    final JBossWebMetaData metaData = warMetaData.getMergedJBossWebMetaData();
    String securityDomain = metaData.getSecurityDomain();
    if (securityDomain == null) {
        securityDomain = getJBossAppSecurityDomain(deploymentUnit);
    }
    securityDomain = securityDomain == null ? defaultSecurityDomain : unprefixSecurityDomain(securityDomain);
    if (securityDomain != null) {
        if (mappedSecurityDomain.test(securityDomain)) {
            ServiceName securityDomainName = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT).getCapabilityServiceName(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN, securityDomain).append(Constants.SECURITY_DOMAIN);
            if (securityMetaData != null) {
                securityMetaData.setSecurityDomain(securityDomainName);
            }
            deploymentUnit.putAttachment(RESOLVED_SECURITY_DOMAIN, securityDomain);
        } else if (legacySecurityInstalled(deploymentUnit)) {
            deploymentUnit.putAttachment(RESOLVED_SECURITY_DOMAIN, securityDomain);
        }
    }
}
Also used : JBossWebMetaData(org.jboss.metadata.web.jboss.JBossWebMetaData) ServiceName(org.jboss.msc.service.ServiceName) WarMetaData(org.jboss.as.web.common.WarMetaData) SecurityMetaData(org.jboss.as.server.security.SecurityMetaData) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)

Example 3 with SecurityMetaData

use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.

the class VirtualHttpServerMechanismFactoryNameProcessor method deploy.

@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
    if (securityMetaData != null && isVirtualMechanismFactoryRequired(deploymentUnit)) {
        AdvancedSecurityMetaData advancedSecurityMetaData = new AdvancedSecurityMetaData();
        advancedSecurityMetaData.setHttpServerAuthenticationMechanismFactory(virtualMechanismFactoryName(deploymentUnit));
        // virtual mechanism factory implies virtual security domain
        advancedSecurityMetaData.setSecurityDomain(virtualDomainName(deploymentUnit));
        deploymentUnit.putAttachment(ATTACHMENT_KEY, advancedSecurityMetaData);
    }
}
Also used : AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData) SecurityMetaData(org.jboss.as.server.security.SecurityMetaData) AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)

Example 4 with SecurityMetaData

use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.

the class EJBDefaultSecurityDomainProcessor method deploy.

@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
    final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
    final EEModuleDescription eeModuleDescription = deploymentUnit.getAttachment(EE_MODULE_DESCRIPTION);
    if (eeModuleDescription == null) {
        return;
    }
    final Collection<ComponentDescription> componentDescriptions = eeModuleDescription.getComponentDescriptions();
    if (componentDescriptions == null || componentDescriptions.isEmpty()) {
        return;
    }
    final String defaultSecurityDomain;
    if (eeModuleDescription.getDefaultSecurityDomain() == null) {
        defaultSecurityDomain = this.defaultSecurityDomainName;
    } else {
        defaultSecurityDomain = eeModuleDescription.getDefaultSecurityDomain();
    }
    final CapabilityServiceSupport support = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.CAPABILITY_SERVICE_SUPPORT);
    final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
    // If we have a ServiceName for a security domain it should be used for all components.
    ServiceName elytronDomainServiceName = securityMetaData != null ? securityMetaData.getSecurityDomain() : null;
    final ServiceName ejbSecurityDomainServiceName = deploymentUnit.getServiceName().append(EJBSecurityDomainService.SERVICE_NAME);
    final ApplicationSecurityDomainConfig defaultDomainMapping = knownSecurityDomain.apply(defaultSecurityDomain);
    final ServiceName defaultElytronDomainServiceName;
    if (defaultDomainMapping != null) {
        defaultElytronDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, defaultSecurityDomain).append("security-domain");
    } else {
        defaultElytronDomainServiceName = null;
    }
    ApplicationSecurityDomainConfig selectedElytronDomainConfig = null;
    if (elytronDomainServiceName == null) {
        String selectedElytronDomainName = null;
        boolean legacyDomainDefined = false;
        boolean defaultRequired = false;
        for (ComponentDescription componentDescription : componentDescriptions) {
            if (componentDescription instanceof EJBComponentDescription) {
                EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
                ejbComponentDescription.setDefaultSecurityDomain(defaultSecurityDomain);
                // Ensure the Jakarta Enterprise Beans components within a deployment are associated with at most one Elytron security domain
                String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
                defaultRequired = defaultRequired || definedSecurityDomain == null;
                ApplicationSecurityDomainConfig definedDomainMapping = definedSecurityDomain != null ? knownSecurityDomain.apply(definedSecurityDomain) : null;
                if (definedDomainMapping != null) {
                    if (selectedElytronDomainName == null) {
                        selectedElytronDomainName = definedSecurityDomain;
                        selectedElytronDomainConfig = definedDomainMapping;
                    } else if (selectedElytronDomainName.equals(definedSecurityDomain) == false) {
                        throw EjbLogger.ROOT_LOGGER.multipleSecurityDomainsDetected();
                    }
                } else if (definedSecurityDomain != null) {
                    legacyDomainDefined = true;
                }
            }
        }
        final boolean useDefaultElytronMapping;
        /*
             * We only need to fall into the default handling if at least one Jakarta Enterprise Beans Component has no defined
             * security domain.
             */
        if (defaultRequired && selectedElytronDomainName == null && defaultDomainMapping != null) {
            selectedElytronDomainName = defaultSecurityDomain;
            selectedElytronDomainConfig = defaultDomainMapping;
            elytronDomainServiceName = defaultElytronDomainServiceName;
            // Only apply a default domain to the whole deployment if no legacy domain was defined.
            useDefaultElytronMapping = !legacyDomainDefined;
        } else {
            useDefaultElytronMapping = false;
        }
        // If this Jakarta Enterprise Beans deployment is associated with an Elytron security domain, set up the security domain mapping
        if (selectedElytronDomainConfig != null) {
            final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
            ServiceName applicationSecurityDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, selectedElytronDomainName);
            elytronDomainServiceName = applicationSecurityDomainServiceName.append("security-domain");
            final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(applicationSecurityDomainServiceName, ApplicationSecurityDomain.class, ejbSecurityDomainService.getApplicationSecurityDomainInjector());
            builder.install();
            for (final ComponentDescription componentDescription : componentDescriptions) {
                if (componentDescription instanceof EJBComponentDescription) {
                    EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
                    String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
                    // The component may have had a legacy SecurityDomain defined.
                    if (useDefaultElytronMapping || selectedElytronDomainName.equals(definedSecurityDomain)) {
                        ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
                        ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
                        ejbComponentDescription.setRequiresJacc(selectedElytronDomainConfig.isEnableJacc());
                        ejbComponentDescription.setLegacyCompliantPrincipalPropagation(selectedElytronDomainConfig.isLegacyCompliantPrincipalPropagation());
                        ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
                    } else if (definedSecurityDomain == null && defaultDomainMapping != null) {
                        ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
                        ejbComponentDescription.setSecurityDomainServiceName(defaultElytronDomainServiceName);
                        ejbComponentDescription.setRequiresJacc(defaultDomainMapping.isEnableJacc());
                        ejbComponentDescription.setLegacyCompliantPrincipalPropagation(defaultDomainMapping.isLegacyCompliantPrincipalPropagation());
                        ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
                    }
                }
            }
        }
    } else {
        // We will use the defined Elytron domain for all Jakarta Enterprise Beans and ignore individual configuration.
        // Bean level activation remains dependent on configuration of bean - i.e. does it actually need security?
        final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
        final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(elytronDomainServiceName, SecurityDomain.class, ejbSecurityDomainService.getSecurityDomainInjector());
        builder.install();
        for (ComponentDescription componentDescription : componentDescriptions) {
            if (componentDescription instanceof EJBComponentDescription) {
                EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
                ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
                ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
                componentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
            }
        }
    }
}
Also used : CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport) ATTACHMENT_KEY(org.jboss.as.server.security.SecurityMetaData.ATTACHMENT_KEY) EE_MODULE_DESCRIPTION(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION) EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription) Collection(java.util.Collection) DeploymentPhaseContext(org.jboss.as.server.deployment.DeploymentPhaseContext) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription) Function(java.util.function.Function) ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit) BooleanSupplier(java.util.function.BooleanSupplier) ComponentDescription(org.jboss.as.ee.component.ComponentDescription) SecurityMetaData(org.jboss.as.server.security.SecurityMetaData) EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService) ApplicationSecurityDomainDefinition(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainDefinition) EjbLogger(org.jboss.as.ejb3.logging.EjbLogger) ServiceName(org.jboss.msc.service.ServiceName) DeploymentUnitProcessor(org.jboss.as.server.deployment.DeploymentUnitProcessor) DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException) ApplicationSecurityDomain(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription) ComponentDescription(org.jboss.as.ee.component.ComponentDescription) SecurityMetaData(org.jboss.as.server.security.SecurityMetaData) ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig) EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription) CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport) EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription) ServiceName(org.jboss.msc.service.ServiceName) EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService) DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)

Aggregations

DeploymentUnit (org.jboss.as.server.deployment.DeploymentUnit)4 SecurityMetaData (org.jboss.as.server.security.SecurityMetaData)4 ServiceName (org.jboss.msc.service.ServiceName)3 CapabilityServiceSupport (org.jboss.as.controller.capability.CapabilityServiceSupport)2 DeploymentUnitProcessingException (org.jboss.as.server.deployment.DeploymentUnitProcessingException)2 AdvancedSecurityMetaData (org.jboss.as.web.common.AdvancedSecurityMetaData)2 WarMetaData (org.jboss.as.web.common.WarMetaData)2 JBossWebMetaData (org.jboss.metadata.web.jboss.JBossWebMetaData)2 DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)1 SessionManagerFactory (io.undertow.servlet.api.SessionManagerFactory)1 InMemorySessionManagerFactory (io.undertow.servlet.core.InMemorySessionManagerFactory)1 MalformedURLException (java.net.MalformedURLException)1 Collection (java.util.Collection)1 HashSet (java.util.HashSet)1 Executor (java.util.concurrent.Executor)1 ExecutorService (java.util.concurrent.ExecutorService)1 BiFunction (java.util.function.BiFunction)1 BooleanSupplier (java.util.function.BooleanSupplier)1 Function (java.util.function.Function)1 CapabilityServiceConfigurator (org.jboss.as.clustering.controller.CapabilityServiceConfigurator)1