Example 1 with SecurityMetaData
use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.
the class UndertowDeploymentProcessor method processDeployment.
private void processDeployment(final WarMetaData warMetaData, final DeploymentUnit deploymentUnit, final ServiceTarget serviceTarget, final String deploymentName, final String hostName, final String serverInstanceName, final boolean isDefaultWebModule) throws DeploymentUnitProcessingException {
ResourceRoot deploymentResourceRoot = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_ROOT);
final VirtualFile deploymentRoot = deploymentResourceRoot.getRoot();
final Module module = deploymentUnit.getAttachment(Attachments.MODULE);
if (module == null) {
throw new DeploymentUnitProcessingException(UndertowLogger.ROOT_LOGGER.failedToResolveModule(deploymentUnit));
}
final JBossWebMetaData metaData = warMetaData.getMergedJBossWebMetaData();
final List<SetupAction> setupActions = deploymentUnit.getAttachmentList(org.jboss.as.ee.component.Attachments.WEB_SETUP_ACTIONS);
CapabilityServiceSupport capabilitySupport = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT);
ScisMetaData scisMetaData = deploymentUnit.getAttachment(ScisMetaData.ATTACHMENT_KEY);
final Set<ServiceName> dependentComponents = new HashSet<>();
// see AS7-2077
// basically we want to ignore components that have failed for whatever reason
// if they are important they will be picked up when the web deployment actually starts
final List<ServiceName> components = deploymentUnit.getAttachmentList(WebComponentDescription.WEB_COMPONENTS);
final Set<ServiceName> failed = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.FAILED_COMPONENTS);
for (final ServiceName component : components) {
if (!failed.contains(component)) {
dependentComponents.add(component);
}
}
String servletContainerName = metaData.getServletContainerName();
if (servletContainerName == null) {
servletContainerName = defaultContainer;
}
final boolean componentRegistryExists = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.COMPONENT_REGISTRY) != null;
final ComponentRegistry componentRegistry = componentRegistryExists ? deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.COMPONENT_REGISTRY) : new ComponentRegistry(null);
final ClassLoader loader = module.getClassLoader();
final WebInjectionContainer injectionContainer = (metaData.getDistributable() == null) ? new CachingWebInjectionContainer(loader, componentRegistry) : new SimpleWebInjectionContainer(loader, componentRegistry);
String jaccContextId = metaData.getJaccContextID();
if (jaccContextId == null) {
jaccContextId = deploymentUnit.getName();
}
if (deploymentUnit.getParent() != null) {
jaccContextId = deploymentUnit.getParent().getName() + "!" + jaccContextId;
}
String pathName = pathNameOfDeployment(deploymentUnit, metaData, isDefaultWebModule);
final Set<ServiceName> additionalDependencies = new HashSet<>();
for (final SetupAction setupAction : setupActions) {
Set<ServiceName> dependencies = setupAction.dependencies();
if (dependencies != null) {
additionalDependencies.addAll(dependencies);
}
}
SharedSessionManagerConfig sharedSessionManagerConfig = deploymentUnit.getParent() != null ? deploymentUnit.getParent().getAttachment(SharedSessionManagerConfig.ATTACHMENT_KEY) : null;
if (!deploymentResourceRoot.isUsePhysicalCodeSource()) {
try {
deploymentUnit.addToAttachmentList(ServletContextAttribute.ATTACHMENT_KEY, new ServletContextAttribute(Constants.CODE_SOURCE_ATTRIBUTE_NAME, deploymentRoot.toURL()));
} catch (MalformedURLException e) {
throw new DeploymentUnitProcessingException(e);
}
}
deploymentUnit.addToAttachmentList(ServletContextAttribute.ATTACHMENT_KEY, new ServletContextAttribute(Constants.PERMISSION_COLLECTION_ATTRIBUTE_NAME, deploymentUnit.getAttachment(Attachments.MODULE_PERMISSIONS)));
additionalDependencies.addAll(warMetaData.getAdditionalDependencies());
try {
String capability = HostSingleSignOnDefinition.HOST_SSO_CAPABILITY.fromBaseCapability(serverInstanceName, hostName).getName();
capabilitySupport.getCapabilityRuntimeAPI(capability, Object.class);
additionalDependencies.add(capabilitySupport.getCapabilityServiceName(capability));
} catch (CapabilityServiceSupport.NoSuchCapabilityException e) {
// ignore
}
final ServiceName hostServiceName = UndertowService.virtualHostName(serverInstanceName, hostName);
final ServiceName legacyDeploymentServiceName = UndertowService.deploymentServiceName(serverInstanceName, hostName, pathName);
final ServiceName deploymentServiceName = UndertowService.deploymentServiceName(deploymentUnit.getServiceName());
StartupCountdown countDown = deploymentUnit.getAttachment(STARTUP_COUNTDOWN);
if (countDown != null) {
deploymentUnit.addToAttachmentList(UndertowAttachments.UNDERTOW_INITIAL_HANDLER_CHAIN_WRAPPERS, handler -> new ComponentStartupCountdownHandler(handler, countDown));
}
String securityDomain = deploymentUnit.getAttachment(UndertowAttachments.RESOLVED_SECURITY_DOMAIN);
TldsMetaData tldsMetaData = deploymentUnit.getAttachment(TldsMetaData.ATTACHMENT_KEY);
final ServiceName deploymentInfoServiceName = deploymentServiceName.append(UndertowDeploymentInfoService.SERVICE_NAME);
final ServiceName legacyDeploymentInfoServiceName = legacyDeploymentServiceName.append(UndertowDeploymentInfoService.SERVICE_NAME);
final ServiceBuilder<?> udisBuilder = serviceTarget.addService(deploymentInfoServiceName);
final Consumer<DeploymentInfo> diConsumer = udisBuilder.provides(deploymentInfoServiceName, legacyDeploymentInfoServiceName);
final Supplier<UndertowService> usSupplier = udisBuilder.requires(UndertowService.UNDERTOW);
final Supplier<SessionManagerFactory> smfSupplier;
final Supplier<SessionIdentifierCodec> sicSupplier;
final Supplier<ServletContainerService> scsSupplier = udisBuilder.requires(UndertowService.SERVLET_CONTAINER.append(servletContainerName));
final Supplier<ComponentRegistry> crSupplier = componentRegistryExists ? udisBuilder.requires(ComponentRegistry.serviceName(deploymentUnit)) : new Supplier<ComponentRegistry>() {
@Override
public ComponentRegistry get() {
return componentRegistry;
}
};
final Supplier<Host> hostSupplier = udisBuilder.requires(hostServiceName);
Supplier<ControlPoint> cpSupplier = null;
final Supplier<SuspendController> scSupplier = udisBuilder.requires(capabilitySupport.getCapabilityServiceName(Capabilities.REF_SUSPEND_CONTROLLER));
final Supplier<ServerEnvironment> serverEnvSupplier = udisBuilder.requires(ServerEnvironmentService.SERVICE_NAME);
Supplier<SecurityDomain> sdSupplier = null;
Supplier<HttpServerAuthenticationMechanismFactory> mechanismFactorySupplier = null;
Supplier<BiFunction> bfSupplier = null;
for (final ServiceName additionalDependency : additionalDependencies) {
udisBuilder.requires(additionalDependency);
}
final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
if (isVirtualDomainRequired(deploymentUnit) || isVirtualMechanismFactoryRequired(deploymentUnit)) {
sdSupplier = udisBuilder.requires(securityMetaData.getSecurityDomain());
} else if (securityDomain != null) {
if (mappedSecurityDomain.test(securityDomain)) {
bfSupplier = udisBuilder.requires(deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT).getCapabilityServiceName(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN, securityDomain));
} else {
throw ROOT_LOGGER.deploymentConfiguredForLegacySecurity();
}
}
if (isVirtualMechanismFactoryRequired(deploymentUnit)) {
if (securityMetaData instanceof AdvancedSecurityMetaData) {
mechanismFactorySupplier = udisBuilder.requires(((AdvancedSecurityMetaData) securityMetaData).getHttpServerAuthenticationMechanismFactory());
}
}
if (RequestControllerActivationMarker.isRequestControllerEnabled(deploymentUnit)) {
String topLevelName;
if (deploymentUnit.getParent() == null) {
topLevelName = deploymentUnit.getName();
} else {
topLevelName = deploymentUnit.getParent().getName();
}
cpSupplier = udisBuilder.requires(ControlPointService.serviceName(topLevelName, UndertowExtension.SUBSYSTEM_NAME));
}
if (sharedSessionManagerConfig != null) {
final ServiceName parentSN = deploymentUnit.getParent().getServiceName();
smfSupplier = udisBuilder.requires(parentSN.append(SharedSessionManagerConfig.SHARED_SESSION_MANAGER_SERVICE_NAME));
sicSupplier = udisBuilder.requires(parentSN.append(SharedSessionManagerConfig.SHARED_SESSION_IDENTIFIER_CODEC_SERVICE_NAME));
} else {
ServletContainerService servletContainer = deploymentUnit.getAttachment(UndertowAttachments.SERVLET_CONTAINER_SERVICE);
Integer maxActiveSessions = (metaData.getMaxActiveSessions() != null) ? metaData.getMaxActiveSessions() : (servletContainer != null) ? servletContainer.getMaxSessions() : null;
SessionConfigMetaData sessionConfig = metaData.getSessionConfig();
int defaultSessionTimeout = ((sessionConfig != null) && sessionConfig.getSessionTimeoutSet()) ? sessionConfig.getSessionTimeout() : (servletContainer != null) ? servletContainer.getDefaultSessionTimeout() : Integer.valueOf(30);
ServiceName factoryServiceName = deploymentServiceName.append("session");
ServiceName codecServiceName = deploymentServiceName.append("codec");
SessionManagementProvider provider = this.getDistributableWebDeploymentProvider(deploymentUnit, metaData);
SessionManagerFactoryConfiguration configuration = new SessionManagerFactoryConfiguration() {
@Override
public String getServerName() {
return serverInstanceName;
}
@Override
public String getDeploymentName() {
return deploymentName;
}
@Override
public Module getModule() {
return module;
}
@Override
public Integer getMaxActiveSessions() {
return maxActiveSessions;
}
@Override
public Duration getDefaultSessionTimeout() {
return Duration.ofMinutes(defaultSessionTimeout);
}
};
CapabilityServiceConfigurator factoryConfigurator = provider.getSessionManagerFactoryServiceConfigurator(factoryServiceName, configuration);
CapabilityServiceConfigurator codecConfigurator = provider.getSessionIdentifierCodecServiceConfigurator(codecServiceName, configuration);
smfSupplier = udisBuilder.requires(factoryConfigurator.getServiceName());
sicSupplier = udisBuilder.requires(codecConfigurator.getServiceName());
CapabilityServiceSupport support = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT);
factoryConfigurator.configure(support).build(serviceTarget).install();
codecConfigurator.configure(support).build(serviceTarget).install();
}
UndertowDeploymentInfoService undertowDeploymentInfoService = UndertowDeploymentInfoService.builder().setAttributes(deploymentUnit.getAttachmentList(ServletContextAttribute.ATTACHMENT_KEY)).setContextPath(pathName).setDeploymentName(// todo: is this deployment name concept really applicable?
deploymentName).setDeploymentRoot(deploymentRoot).setMergedMetaData(warMetaData.getMergedJBossWebMetaData()).setModule(module).setScisMetaData(scisMetaData).setJaccContextId(jaccContextId).setSecurityDomain(securityDomain).setTldInfo(createTldsInfo(tldsMetaData, tldsMetaData == null ? null : tldsMetaData.getSharedTlds(deploymentUnit))).setSetupActions(setupActions).setSharedSessionManagerConfig(sharedSessionManagerConfig).setOverlays(warMetaData.getOverlays()).setExpressionFactoryWrappers(deploymentUnit.getAttachmentList(ExpressionFactoryWrapper.ATTACHMENT_KEY)).setPredicatedHandlers(deploymentUnit.getAttachment(UndertowHandlersDeploymentProcessor.PREDICATED_HANDLERS)).setInitialHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_INITIAL_HANDLER_CHAIN_WRAPPERS)).setInnerHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_INNER_HANDLER_CHAIN_WRAPPERS)).setOuterHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_OUTER_HANDLER_CHAIN_WRAPPERS)).setThreadSetupActions(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_THREAD_SETUP_ACTIONS)).setServletExtensions(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_SERVLET_EXTENSIONS)).setExplodedDeployment(ExplodedDeploymentMarker.isExplodedDeployment(deploymentUnit)).setWebSocketDeploymentInfo(deploymentUnit.getAttachment(UndertowAttachments.WEB_SOCKET_DEPLOYMENT_INFO)).setTempDir(warMetaData.getTempDir()).setExternalResources(deploymentUnit.getAttachmentList(UndertowAttachments.EXTERNAL_RESOURCES)).setAllowSuspendedRequests(deploymentUnit.getAttachmentList(UndertowAttachments.ALLOW_REQUEST_WHEN_SUSPENDED)).createUndertowDeploymentInfoService(diConsumer, usSupplier, smfSupplier, sicSupplier, scsSupplier, crSupplier, hostSupplier, cpSupplier, scSupplier, serverEnvSupplier, sdSupplier, mechanismFactorySupplier, bfSupplier);
udisBuilder.setInstance(undertowDeploymentInfoService);
final Set<String> seenExecutors = new HashSet<String>();
if (metaData.getExecutorName() != null) {
final Supplier<Executor> executor = udisBuilder.requires(IOServices.WORKER.append(metaData.getExecutorName()));
undertowDeploymentInfoService.addInjectedExecutor(metaData.getExecutorName(), executor);
seenExecutors.add(metaData.getExecutorName());
}
if (metaData.getServlets() != null) {
for (JBossServletMetaData servlet : metaData.getServlets()) {
if (servlet.getExecutorName() != null && !seenExecutors.contains(servlet.getExecutorName())) {
final Supplier<Executor> executor = udisBuilder.requires(IOServices.WORKER.append(servlet.getExecutorName()));
undertowDeploymentInfoService.addInjectedExecutor(servlet.getExecutorName(), executor);
seenExecutors.add(servlet.getExecutorName());
}
}
}
try {
udisBuilder.install();
} catch (DuplicateServiceException e) {
throw UndertowLogger.ROOT_LOGGER.duplicateHostContextDeployments(deploymentInfoServiceName, e.getMessage());
}
final ServiceBuilder<?> udsBuilder = serviceTarget.addService(deploymentServiceName);
final Consumer<UndertowDeploymentService> sConsumer = udsBuilder.provides(deploymentServiceName, legacyDeploymentServiceName);
final Supplier<ServletContainerService> cSupplier = udsBuilder.requires(UndertowService.SERVLET_CONTAINER.append(defaultContainer));
final Supplier<ExecutorService> seSupplier = Services.requireServerExecutor(udsBuilder);
final Supplier<Host> hSupplier = udsBuilder.requires(hostServiceName);
final Supplier<DeploymentInfo> diSupplier = udsBuilder.requires(deploymentInfoServiceName);
for (final ServiceName webDependency : deploymentUnit.getAttachmentList(Attachments.WEB_DEPENDENCIES)) {
udsBuilder.requires(webDependency);
}
for (final ServiceName dependentComponent : dependentComponents) {
udsBuilder.requires(dependentComponent);
}
udsBuilder.setInstance(new UndertowDeploymentService(sConsumer, cSupplier, seSupplier, hSupplier, diSupplier, injectionContainer, true));
udsBuilder.install();
deploymentUnit.addToAttachmentList(Attachments.DEPLOYMENT_COMPLETE_SERVICES, deploymentServiceName);
// adding Jakarta Authorization service
final boolean elytronJacc = capabilitySupport.hasCapability(ELYTRON_JACC_CAPABILITY_NAME);
final boolean legacyJacc = !elytronJacc && legacySecurityInstalled(deploymentUnit);
if (legacyJacc || elytronJacc) {
WarJACCDeployer deployer = new WarJACCDeployer();
JaccService<WarMetaData> jaccService = deployer.deploy(deploymentUnit, jaccContextId);
if (jaccService != null) {
final ServiceName jaccServiceName = deploymentUnit.getServiceName().append(JaccService.SERVICE_NAME);
ServiceBuilder<?> jaccBuilder = serviceTarget.addService(jaccServiceName, jaccService);
if (deploymentUnit.getParent() != null) {
// add dependency to parent policy
final DeploymentUnit parentDU = deploymentUnit.getParent();
jaccBuilder.addDependency(parentDU.getServiceName().append(JaccService.SERVICE_NAME), PolicyConfiguration.class, jaccService.getParentPolicyInjector());
}
jaccBuilder.addDependency(capabilitySupport.getCapabilityServiceName(elytronJacc ? ELYTRON_JACC_CAPABILITY_NAME : LEGACY_JACC_CAPABILITY_NAME));
// add dependency to web deployment service
jaccBuilder.requires(deploymentServiceName);
jaccBuilder.setInitialMode(Mode.PASSIVE).install();
}
}
// Process the web related mgmt information
final DeploymentResourceSupport deploymentResourceSupport = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_RESOURCE_SUPPORT);
final ModelNode node = deploymentResourceSupport.getDeploymentSubsystemModel(UndertowExtension.SUBSYSTEM_NAME);
node.get(DeploymentDefinition.CONTEXT_ROOT.getName()).set("".equals(pathName) ? "/" : pathName);
node.get(DeploymentDefinition.VIRTUAL_HOST.getName()).set(hostName);
node.get(DeploymentDefinition.SERVER.getName()).set(serverInstanceName);
processManagement(deploymentUnit, metaData);
}
Also used :
JBossWebMetaData(org.jboss.metadata.web.jboss.JBossWebMetaData)
MalformedURLException(java.net.MalformedURLException)
SimpleWebInjectionContainer(org.jboss.as.web.common.SimpleWebInjectionContainer)
CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
SharedSessionManagerConfig(org.jboss.as.web.session.SharedSessionManagerConfig)
DuplicateServiceException(org.jboss.msc.service.DuplicateServiceException)
ServerEnvironment(org.jboss.as.server.ServerEnvironment)
StartupCountdown(org.jboss.as.ee.component.deployers.StartupCountdown)
HashSet(java.util.HashSet)
SessionManagerFactoryConfiguration(org.wildfly.clustering.web.container.SessionManagerFactoryConfiguration)
AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData)
SetupAction(org.jboss.as.server.deployment.SetupAction)
UndertowService(org.wildfly.extension.undertow.UndertowService)
ServiceName(org.jboss.msc.service.ServiceName)
InMemorySessionManagerFactory(io.undertow.servlet.core.InMemorySessionManagerFactory)
SessionManagerFactory(io.undertow.servlet.api.SessionManagerFactory)
Module(org.jboss.modules.Module)
ModelNode(org.jboss.dmr.ModelNode)
VirtualFile(org.jboss.vfs.VirtualFile)
DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException)
SessionManagementProvider(org.wildfly.clustering.web.container.SessionManagementProvider)
NonDistributableSessionManagementProvider(org.wildfly.extension.undertow.session.NonDistributableSessionManagementProvider)
JBossServletMetaData(org.jboss.metadata.web.jboss.JBossServletMetaData)
WarMetaData(org.jboss.as.web.common.WarMetaData)
AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData)
SecurityMetaData(org.jboss.as.server.security.SecurityMetaData)
ServletContextAttribute(org.jboss.as.web.common.ServletContextAttribute)
ResourceRoot(org.jboss.as.server.deployment.module.ResourceRoot)
DeploymentResourceSupport(org.jboss.as.server.deployment.DeploymentResourceSupport)
Executor(java.util.concurrent.Executor)
SuspendController(org.jboss.as.server.suspend.SuspendController)
DeploymentInfo(io.undertow.servlet.api.DeploymentInfo)
CachingWebInjectionContainer(org.jboss.as.web.common.CachingWebInjectionContainer)
SessionConfigMetaData(org.jboss.metadata.web.spec.SessionConfigMetaData)
HttpServerAuthenticationMechanismFactory(org.wildfly.security.http.HttpServerAuthenticationMechanismFactory)
CapabilityServiceConfigurator(org.jboss.as.clustering.controller.CapabilityServiceConfigurator)
ServletContainerService(org.wildfly.extension.undertow.ServletContainerService)
Host(org.wildfly.extension.undertow.Host)
ControlPoint(org.wildfly.extension.requestcontroller.ControlPoint)
ControlPoint(org.wildfly.extension.requestcontroller.ControlPoint)
SessionIdentifierCodec(org.jboss.as.web.session.SessionIdentifierCodec)
ComponentRegistry(org.jboss.as.ee.component.ComponentRegistry)
BiFunction(java.util.function.BiFunction)
SimpleWebInjectionContainer(org.jboss.as.web.common.SimpleWebInjectionContainer)
WebInjectionContainer(org.jboss.as.web.common.WebInjectionContainer)
CachingWebInjectionContainer(org.jboss.as.web.common.CachingWebInjectionContainer)
ExecutorService(java.util.concurrent.ExecutorService)
WarJACCDeployer(org.wildfly.extension.undertow.security.jacc.WarJACCDeployer)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
Example 2 with SecurityMetaData
use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.
the class SecurityDomainResolvingProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
final WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
if (warMetaData == null) {
return;
}
final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
if (securityMetaData != null && securityMetaData.getSecurityDomain() != null) {
// The SecurityDomain is already defined.
return;
}
final JBossWebMetaData metaData = warMetaData.getMergedJBossWebMetaData();
String securityDomain = metaData.getSecurityDomain();
if (securityDomain == null) {
securityDomain = getJBossAppSecurityDomain(deploymentUnit);
}
securityDomain = securityDomain == null ? defaultSecurityDomain : unprefixSecurityDomain(securityDomain);
if (securityDomain != null) {
if (mappedSecurityDomain.test(securityDomain)) {
ServiceName securityDomainName = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT).getCapabilityServiceName(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN, securityDomain).append(Constants.SECURITY_DOMAIN);
if (securityMetaData != null) {
securityMetaData.setSecurityDomain(securityDomainName);
}
deploymentUnit.putAttachment(RESOLVED_SECURITY_DOMAIN, securityDomain);
} else if (legacySecurityInstalled(deploymentUnit)) {
deploymentUnit.putAttachment(RESOLVED_SECURITY_DOMAIN, securityDomain);
}
}
}
Also used :
JBossWebMetaData(org.jboss.metadata.web.jboss.JBossWebMetaData)
ServiceName(org.jboss.msc.service.ServiceName)
WarMetaData(org.jboss.as.web.common.WarMetaData)
SecurityMetaData(org.jboss.as.server.security.SecurityMetaData)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
Example 3 with SecurityMetaData
use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.
the class VirtualHttpServerMechanismFactoryNameProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
if (securityMetaData != null && isVirtualMechanismFactoryRequired(deploymentUnit)) {
AdvancedSecurityMetaData advancedSecurityMetaData = new AdvancedSecurityMetaData();
advancedSecurityMetaData.setHttpServerAuthenticationMechanismFactory(virtualMechanismFactoryName(deploymentUnit));
// virtual mechanism factory implies virtual security domain
advancedSecurityMetaData.setSecurityDomain(virtualDomainName(deploymentUnit));
deploymentUnit.putAttachment(ATTACHMENT_KEY, advancedSecurityMetaData);
}
}
Also used :
AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData)
SecurityMetaData(org.jboss.as.server.security.SecurityMetaData)
AdvancedSecurityMetaData(org.jboss.as.web.common.AdvancedSecurityMetaData)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
Example 4 with SecurityMetaData
use of org.jboss.as.server.security.SecurityMetaData in project wildfly by wildfly.
the class EJBDefaultSecurityDomainProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
final EEModuleDescription eeModuleDescription = deploymentUnit.getAttachment(EE_MODULE_DESCRIPTION);
if (eeModuleDescription == null) {
return;
}
final Collection<ComponentDescription> componentDescriptions = eeModuleDescription.getComponentDescriptions();
if (componentDescriptions == null || componentDescriptions.isEmpty()) {
return;
}
final String defaultSecurityDomain;
if (eeModuleDescription.getDefaultSecurityDomain() == null) {
defaultSecurityDomain = this.defaultSecurityDomainName;
} else {
defaultSecurityDomain = eeModuleDescription.getDefaultSecurityDomain();
}
final CapabilityServiceSupport support = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.CAPABILITY_SERVICE_SUPPORT);
final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
// If we have a ServiceName for a security domain it should be used for all components.
ServiceName elytronDomainServiceName = securityMetaData != null ? securityMetaData.getSecurityDomain() : null;
final ServiceName ejbSecurityDomainServiceName = deploymentUnit.getServiceName().append(EJBSecurityDomainService.SERVICE_NAME);
final ApplicationSecurityDomainConfig defaultDomainMapping = knownSecurityDomain.apply(defaultSecurityDomain);
final ServiceName defaultElytronDomainServiceName;
if (defaultDomainMapping != null) {
defaultElytronDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, defaultSecurityDomain).append("security-domain");
} else {
defaultElytronDomainServiceName = null;
}
ApplicationSecurityDomainConfig selectedElytronDomainConfig = null;
if (elytronDomainServiceName == null) {
String selectedElytronDomainName = null;
boolean legacyDomainDefined = false;
boolean defaultRequired = false;
for (ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
ejbComponentDescription.setDefaultSecurityDomain(defaultSecurityDomain);
// Ensure the Jakarta Enterprise Beans components within a deployment are associated with at most one Elytron security domain
String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
defaultRequired = defaultRequired || definedSecurityDomain == null;
ApplicationSecurityDomainConfig definedDomainMapping = definedSecurityDomain != null ? knownSecurityDomain.apply(definedSecurityDomain) : null;
if (definedDomainMapping != null) {
if (selectedElytronDomainName == null) {
selectedElytronDomainName = definedSecurityDomain;
selectedElytronDomainConfig = definedDomainMapping;
} else if (selectedElytronDomainName.equals(definedSecurityDomain) == false) {
throw EjbLogger.ROOT_LOGGER.multipleSecurityDomainsDetected();
}
} else if (definedSecurityDomain != null) {
legacyDomainDefined = true;
}
}
}
final boolean useDefaultElytronMapping;
/*
* We only need to fall into the default handling if at least one Jakarta Enterprise Beans Component has no defined
* security domain.
*/
if (defaultRequired && selectedElytronDomainName == null && defaultDomainMapping != null) {
selectedElytronDomainName = defaultSecurityDomain;
selectedElytronDomainConfig = defaultDomainMapping;
elytronDomainServiceName = defaultElytronDomainServiceName;
// Only apply a default domain to the whole deployment if no legacy domain was defined.
useDefaultElytronMapping = !legacyDomainDefined;
} else {
useDefaultElytronMapping = false;
}
// If this Jakarta Enterprise Beans deployment is associated with an Elytron security domain, set up the security domain mapping
if (selectedElytronDomainConfig != null) {
final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
ServiceName applicationSecurityDomainServiceName = support.getCapabilityServiceName(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_CAPABILITY_NAME, selectedElytronDomainName);
elytronDomainServiceName = applicationSecurityDomainServiceName.append("security-domain");
final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(applicationSecurityDomainServiceName, ApplicationSecurityDomain.class, ejbSecurityDomainService.getApplicationSecurityDomainInjector());
builder.install();
for (final ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
String definedSecurityDomain = ejbComponentDescription.getDefinedSecurityDomain();
// The component may have had a legacy SecurityDomain defined.
if (useDefaultElytronMapping || selectedElytronDomainName.equals(definedSecurityDomain)) {
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
ejbComponentDescription.setRequiresJacc(selectedElytronDomainConfig.isEnableJacc());
ejbComponentDescription.setLegacyCompliantPrincipalPropagation(selectedElytronDomainConfig.isLegacyCompliantPrincipalPropagation());
ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
} else if (definedSecurityDomain == null && defaultDomainMapping != null) {
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
ejbComponentDescription.setSecurityDomainServiceName(defaultElytronDomainServiceName);
ejbComponentDescription.setRequiresJacc(defaultDomainMapping.isEnableJacc());
ejbComponentDescription.setLegacyCompliantPrincipalPropagation(defaultDomainMapping.isLegacyCompliantPrincipalPropagation());
ejbComponentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
}
}
}
}
} else {
// We will use the defined Elytron domain for all Jakarta Enterprise Beans and ignore individual configuration.
// Bean level activation remains dependent on configuration of bean - i.e. does it actually need security?
final EJBSecurityDomainService ejbSecurityDomainService = new EJBSecurityDomainService(deploymentUnit);
final ServiceBuilder<Void> builder = phaseContext.getServiceTarget().addService(ejbSecurityDomainServiceName, ejbSecurityDomainService).addDependency(elytronDomainServiceName, SecurityDomain.class, ejbSecurityDomainService.getSecurityDomainInjector());
builder.install();
for (ComponentDescription componentDescription : componentDescriptions) {
if (componentDescription instanceof EJBComponentDescription) {
EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentDescription;
ejbComponentDescription.setSecurityDomainServiceName(elytronDomainServiceName);
ejbComponentDescription.setOutflowSecurityDomainsConfigured(outflowSecurityDomainsConfigured);
componentDescription.getConfigurators().add((context, description, configuration) -> configuration.getCreateDependencies().add((serviceBuilder, service) -> serviceBuilder.requires(ejbSecurityDomainServiceName)));
}
}
}
}
Also used :
CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport)
ATTACHMENT_KEY(org.jboss.as.server.security.SecurityMetaData.ATTACHMENT_KEY)
EE_MODULE_DESCRIPTION(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION)
EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription)
Collection(java.util.Collection)
DeploymentPhaseContext(org.jboss.as.server.deployment.DeploymentPhaseContext)
ServiceBuilder(org.jboss.msc.service.ServiceBuilder)
EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription)
Function(java.util.function.Function)
ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
BooleanSupplier(java.util.function.BooleanSupplier)
ComponentDescription(org.jboss.as.ee.component.ComponentDescription)
SecurityMetaData(org.jboss.as.server.security.SecurityMetaData)
EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService)
ApplicationSecurityDomainDefinition(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainDefinition)
EjbLogger(org.jboss.as.ejb3.logging.EjbLogger)
ServiceName(org.jboss.msc.service.ServiceName)
DeploymentUnitProcessor(org.jboss.as.server.deployment.DeploymentUnitProcessor)
DeploymentUnitProcessingException(org.jboss.as.server.deployment.DeploymentUnitProcessingException)
ApplicationSecurityDomain(org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService.ApplicationSecurityDomain)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription)
ComponentDescription(org.jboss.as.ee.component.ComponentDescription)
SecurityMetaData(org.jboss.as.server.security.SecurityMetaData)
ApplicationSecurityDomainConfig(org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig)
EJBComponentDescription(org.jboss.as.ejb3.component.EJBComponentDescription)
CapabilityServiceSupport(org.jboss.as.controller.capability.CapabilityServiceSupport)
EEModuleDescription(org.jboss.as.ee.component.EEModuleDescription)
ServiceName(org.jboss.msc.service.ServiceName)
EJBSecurityDomainService(org.jboss.as.ejb3.deployment.EJBSecurityDomainService)
DeploymentUnit(org.jboss.as.server.deployment.DeploymentUnit)
Aggregations
DeploymentUnit (org.jboss.as.server.deployment.DeploymentUnit)4
SecurityMetaData (org.jboss.as.server.security.SecurityMetaData)4
ServiceName (org.jboss.msc.service.ServiceName)3
CapabilityServiceSupport (org.jboss.as.controller.capability.CapabilityServiceSupport)2
DeploymentUnitProcessingException (org.jboss.as.server.deployment.DeploymentUnitProcessingException)2
AdvancedSecurityMetaData (org.jboss.as.web.common.AdvancedSecurityMetaData)2
WarMetaData (org.jboss.as.web.common.WarMetaData)2
JBossWebMetaData (org.jboss.metadata.web.jboss.JBossWebMetaData)2
DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)1
SessionManagerFactory (io.undertow.servlet.api.SessionManagerFactory)1
InMemorySessionManagerFactory (io.undertow.servlet.core.InMemorySessionManagerFactory)1
MalformedURLException (java.net.MalformedURLException)1
Collection (java.util.Collection)1
HashSet (java.util.HashSet)1
Executor (java.util.concurrent.Executor)1
ExecutorService (java.util.concurrent.ExecutorService)1
BiFunction (java.util.function.BiFunction)1
BooleanSupplier (java.util.function.BooleanSupplier)1
Function (java.util.function.Function)1
CapabilityServiceConfigurator (org.jboss.as.clustering.controller.CapabilityServiceConfigurator)1
