Example 1 with IORSecurityConfigMetaData
use of org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData in project wildfly by wildfly.
the class EjbIIOPService method start.
public synchronized void start(final StartContext startContext) throws StartException {
try {
final RiverMarshallerFactory factory = new RiverMarshallerFactory();
final MarshallingConfiguration configuration = new MarshallingConfiguration();
configuration.setClassResolver(ModularClassResolver.getInstance(serviceModuleLoaderInjectedValue.getValue()));
this.configuration = configuration;
this.factory = factory;
final TransactionManager jtsTransactionManager = transactionManagerInjectedValue.getValue().getTransactionManager();
assert !(jtsTransactionManager instanceof ContextTransactionManager);
// Should create a CORBA interface repository?
final boolean interfaceRepositorySupported = false;
// Build binding name of the bean.
final EJBComponent component = ejbComponentInjectedValue.getValue();
final String earApplicationName = component.getEarApplicationName();
if (iiopMetaData != null && iiopMetaData.getBindingName() != null) {
name = iiopMetaData.getBindingName();
} else if (useQualifiedName) {
if (component.getDistinctName() == null || component.getDistinctName().isEmpty()) {
name = earApplicationName == null || earApplicationName.isEmpty() ? "" : earApplicationName + "/";
name = name + component.getModuleName() + "/" + component.getComponentName();
} else {
name = earApplicationName == null || earApplicationName.isEmpty() ? "" : earApplicationName + "/";
name = name + component.getModuleName() + "/" + component.getDistinctName() + "/" + component.getComponentName();
}
} else {
name = component.getComponentName();
}
name = name.replace(".", "_");
final ORB orb = this.orb.getValue();
if (interfaceRepositorySupported) {
// Create a CORBA interface repository for the enterprise bean
iri = new InterfaceRepository(orb, irPoa.getValue(), name);
// Add bean interface info to the interface repository
iri.mapClass(remoteView.getValue().getViewClass());
iri.mapClass(homeView.getValue().getViewClass());
iri.finishBuild();
EjbLogger.ROOT_LOGGER.cobraInterfaceRepository(name, orb.object_to_string(iri.getReference()));
}
IORSecurityConfigMetaData iorSecurityConfigMetaData = this.iorSecConfigMetaData.getOptionalValue();
if (this.iiopMetaData != null && this.iiopMetaData.getIorSecurityConfigMetaData() != null)
iorSecurityConfigMetaData = this.iiopMetaData.getIorSecurityConfigMetaData();
// Create security policies if security metadata has been provided.
List<Policy> policyList = new ArrayList<Policy>();
if (iorSecurityConfigMetaData != null) {
// Create csiv2Policy for both home and remote containing IorSecurityConfigMetadata.
final Any secPolicy = orb.create_any();
secPolicy.insert_Value(iorSecurityConfigMetaData);
Policy csiv2Policy = orb.create_policy(CSIv2Policy.TYPE, secPolicy);
policyList.add(csiv2Policy);
// Add ZeroPortPolicy if ssl is required (it ensures home and remote IORs will have port 0 in the primary address).
boolean sslRequired = false;
if (iorSecurityConfigMetaData != null && iorSecurityConfigMetaData.getTransportConfig() != null) {
IORTransportConfigMetaData tc = iorSecurityConfigMetaData.getTransportConfig();
sslRequired = IORTransportConfigMetaData.INTEGRITY_REQUIRED.equals(tc.getIntegrity()) || IORTransportConfigMetaData.CONFIDENTIALITY_REQUIRED.equals(tc.getConfidentiality()) || IORTransportConfigMetaData.ESTABLISH_TRUST_IN_CLIENT_REQUIRED.equals(tc.getEstablishTrustInClient());
}
if (sslRequired) {
policyList.add(ZeroPortPolicy.getPolicy());
}
}
//TODO: what should this default to
String securityDomain = "CORBA_REMOTE";
if (component.getSecurityMetaData() != null) {
securityDomain = component.getSecurityMetaData().getSecurityDomain();
}
Policy[] policies = policyList.toArray(new Policy[policyList.size()]);
// If there is an interface repository, then get the homeInterfaceDef from the IR
InterfaceDef homeInterfaceDef = null;
if (iri != null) {
Repository ir = iri.getReference();
homeInterfaceDef = InterfaceDefHelper.narrow(ir.lookup_id(homeRepositoryIds[0]));
}
// Get the POACurrent object
Current poaCurrent = CurrentHelper.narrow(orb.resolve_initial_references("POACurrent"));
// Instantiate home servant, bind it to the servant registry, and create CORBA reference to the EJBHome.
final EjbCorbaServant homeServant = new EjbCorbaServant(poaCurrent, homeMethodMap, homeRepositoryIds, homeInterfaceDef, orb, homeView.getValue(), factory, configuration, jtsTransactionManager, module.getClassLoader(), true, securityDomain, component.getSecurityDomain());
homeServantRegistry = poaRegistry.getValue().getRegistryWithPersistentPOAPerServant();
ReferenceFactory homeReferenceFactory = homeServantRegistry.bind(homeServantName(name), homeServant, policies);
final org.omg.CORBA.Object corbaRef = homeReferenceFactory.createReference(homeRepositoryIds[0]);
//we do this twice to force eager dynamic stub creation
ejbHome = (EJBHome) PortableRemoteObject.narrow(corbaRef, EJBHome.class);
final HomeHandleImplIIOP homeHandle = new HomeHandleImplIIOP(orb.object_to_string(corbaRef));
homeServant.setHomeHandle(homeHandle);
// Initialize beanPOA and create metadata
// This is a session bean (lifespan: transient)
beanServantRegistry = poaRegistry.getValue().getRegistryWithTransientPOAPerServant();
if (component instanceof StatelessSessionComponent) {
// Stateless session bean
ejbMetaData = new EJBMetaDataImplIIOP(remoteView.getValue().getViewClass(), homeView.getValue().getViewClass(), null, true, true, homeHandle);
} else {
// Stateful session bean
ejbMetaData = new EJBMetaDataImplIIOP(remoteView.getValue().getViewClass(), homeView.getValue().getViewClass(), null, true, false, homeHandle);
}
homeServant.setEjbMetaData(ejbMetaData);
// If there is an interface repository, then get the beanInterfaceDef from the IR
InterfaceDef beanInterfaceDef = null;
if (iri != null) {
final Repository ir = iri.getReference();
beanInterfaceDef = InterfaceDefHelper.narrow(ir.lookup_id(beanRepositoryIds[0]));
}
// Instantiate the ejb object servant and bind it to the servant registry.
final EjbCorbaServant beanServant = new EjbCorbaServant(poaCurrent, beanMethodMap, beanRepositoryIds, beanInterfaceDef, orb, remoteView.getValue(), factory, configuration, jtsTransactionManager, module.getClassLoader(), false, securityDomain, component.getSecurityDomain());
beanReferenceFactory = beanServantRegistry.bind(beanServantName(name), beanServant, policies);
// Register bean home in local CORBA naming context
rebind(corbaNamingContext.getValue(), name, corbaRef);
EjbLogger.ROOT_LOGGER.debugf("Home IOR for %s bound to %s in CORBA naming service", component.getComponentName(), this.name);
//now eagerly force stub creation, so de-serialization of stubs will work correctly
final ClassLoader cl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged();
try {
WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(module.getClassLoader());
try {
DynamicStubFactoryFactory.makeStubClass(homeView.getValue().getViewClass());
} catch (Exception e) {
EjbLogger.ROOT_LOGGER.dynamicStubCreationFailed(homeView.getValue().getViewClass().getName(), e);
}
try {
DynamicStubFactoryFactory.makeStubClass(remoteView.getValue().getViewClass());
} catch (Exception e) {
EjbLogger.ROOT_LOGGER.dynamicStubCreationFailed(remoteView.getValue().getViewClass().getName(), e);
}
} finally {
WildFlySecurityManager.setCurrentContextClassLoaderPrivileged(cl);
}
} catch (Exception e) {
throw new StartException(e);
}
}
Also used :
ZeroPortPolicy(com.sun.corba.se.spi.extension.ZeroPortPolicy)
CSIv2Policy(org.wildfly.iiop.openjdk.csiv2.CSIv2Policy)
Policy(org.omg.CORBA.Policy)
ContextTransactionManager(org.wildfly.transaction.client.ContextTransactionManager)
ArrayList(java.util.ArrayList)
InterfaceRepository(org.wildfly.iiop.openjdk.rmi.ir.InterfaceRepository)
Any(org.omg.CORBA.Any)
StatelessSessionComponent(org.jboss.as.ejb3.component.stateless.StatelessSessionComponent)
MarshallingConfiguration(org.jboss.marshalling.MarshallingConfiguration)
EJBMetaDataImplIIOP(org.jboss.ejb.iiop.EJBMetaDataImplIIOP)
StartException(org.jboss.msc.service.StartException)
IORTransportConfigMetaData(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData)
EJBComponent(org.jboss.as.ejb3.component.EJBComponent)
StartException(org.jboss.msc.service.StartException)
InterfaceDef(org.omg.CORBA.InterfaceDef)
InterfaceRepository(org.wildfly.iiop.openjdk.rmi.ir.InterfaceRepository)
Repository(org.omg.CORBA.Repository)
IORSecurityConfigMetaData(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData)
ContextTransactionManager(org.wildfly.transaction.client.ContextTransactionManager)
TransactionManager(javax.transaction.TransactionManager)
RiverMarshallerFactory(org.jboss.marshalling.river.RiverMarshallerFactory)
Current(org.omg.PortableServer.Current)
ORB(org.omg.CORBA.ORB)
HomeHandleImplIIOP(org.jboss.ejb.iiop.HomeHandleImplIIOP)
Example 2 with IORSecurityConfigMetaData
use of org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData in project wildfly by wildfly.
the class IIOPSubsystemAdd method createIORSecurityConfigMetaData.
private IORSecurityConfigMetaData createIORSecurityConfigMetaData(final OperationContext context, final ModelNode resourceModel, final boolean sslConfigured) throws OperationFailedException {
final IORSecurityConfigMetaData securityConfigMetaData = new IORSecurityConfigMetaData();
final IORSASContextMetaData sasContextMetaData = new IORSASContextMetaData();
sasContextMetaData.setCallerPropagation(IIOPRootDefinition.CALLER_PROPAGATION.resolveModelAttribute(context, resourceModel).asString());
securityConfigMetaData.setSasContext(sasContextMetaData);
final IORASContextMetaData asContextMetaData = new IORASContextMetaData();
asContextMetaData.setAuthMethod(IIOPRootDefinition.AUTH_METHOD.resolveModelAttribute(context, resourceModel).asString());
if (resourceModel.hasDefined(IIOPRootDefinition.REALM.getName())) {
asContextMetaData.setRealm(IIOPRootDefinition.REALM.resolveModelAttribute(context, resourceModel).asString());
}
asContextMetaData.setRequired(IIOPRootDefinition.REQUIRED.resolveModelAttribute(context, resourceModel).asBoolean());
securityConfigMetaData.setAsContext(asContextMetaData);
final boolean serverRequiresSsl = IIOPRootDefinition.SERVER_REQUIRES_SSL.resolveModelAttribute(context, resourceModel).asBoolean();
final IORTransportConfigMetaData transportConfigMetaData = new IORTransportConfigMetaData();
final ModelNode integrityNode = IIOPRootDefinition.INTEGRITY.resolveModelAttribute(context, resourceModel);
if (integrityNode.isDefined()) {
transportConfigMetaData.setIntegrity(integrityNode.asString());
} else {
transportConfigMetaData.setIntegrity(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
}
final ModelNode confidentialityNode = IIOPRootDefinition.CONFIDENTIALITY.resolveModelAttribute(context, resourceModel);
if (confidentialityNode.isDefined()) {
transportConfigMetaData.setConfidentiality(confidentialityNode.asString());
} else {
transportConfigMetaData.setConfidentiality(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.IOR_NONE);
}
final ModelNode establishTrustInTargetNode = IIOPRootDefinition.TRUST_IN_TARGET.resolveModelAttribute(context, resourceModel);
if (establishTrustInTargetNode.isDefined()) {
transportConfigMetaData.setEstablishTrustInTarget(confidentialityNode.asString());
} else {
transportConfigMetaData.setEstablishTrustInTarget(sslConfigured ? Constants.IOR_SUPPORTED : Constants.NONE);
}
final ModelNode establishTrustInClientNode = IIOPRootDefinition.TRUST_IN_CLIENT.resolveModelAttribute(context, resourceModel);
if (establishTrustInClientNode.isDefined()) {
transportConfigMetaData.setEstablishTrustInClient(establishTrustInClientNode.asString());
} else {
transportConfigMetaData.setEstablishTrustInClient(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE);
}
transportConfigMetaData.setDetectMisordering(Constants.IOR_SUPPORTED);
transportConfigMetaData.setDetectReplay(Constants.IOR_SUPPORTED);
securityConfigMetaData.setTransportConfig(transportConfigMetaData);
return securityConfigMetaData;
}
Also used :
IORSecurityConfigMetaData(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData)
IORSASContextMetaData(org.jboss.metadata.ejb.jboss.IORSASContextMetaData)
IORASContextMetaData(org.jboss.metadata.ejb.jboss.IORASContextMetaData)
IORTransportConfigMetaData(org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData)
ModelNode(org.jboss.dmr.ModelNode)
Example 3 with IORSecurityConfigMetaData
use of org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData in project wildfly by wildfly.
the class IIOPSubsystemAdd method launchServices.
protected void launchServices(final OperationContext context, final ModelNode model) throws OperationFailedException {
IIOPLogger.ROOT_LOGGER.activatingSubsystem();
// set the ORBUseDynamicStub system property.
WildFlySecurityManager.setPropertyPrivileged("org.jboss.com.sun.CORBA.ORBUseDynamicStub", "true");
// we set the same stub factory to both the static and dynamic stub factory. As there is no way to dynamically change
// the userDynamicStubs's property at runtime it is possible for the ORB class's <clinit> method to be
// called before this property is set.
// TODO: investigate a better way to handle this
com.sun.corba.se.spi.orb.ORB.getPresentationManager().setStubFactoryFactory(true, new DelegatingStubFactoryFactory());
com.sun.corba.se.spi.orb.ORB.getPresentationManager().setStubFactoryFactory(false, new DelegatingStubFactoryFactory());
// setup naming.
InitialContext.addUrlContextFactory("corbaloc", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("corbaname", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("IOR", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("iiopname", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("iiop", JBossCNCtxFactory.INSTANCE);
context.addStep(new AbstractDeploymentChainStep() {
public void execute(DeploymentProcessorTarget processorTarget) {
processorTarget.addDeploymentProcessor(IIOPExtension.SUBSYSTEM_NAME, Phase.DEPENDENCIES, Phase.DEPENDENCIES_JDKORB, new IIOPDependencyProcessor());
processorTarget.addDeploymentProcessor(IIOPExtension.SUBSYSTEM_NAME, Phase.PARSE, Phase.PARSE_JDKORB, new IIOPMarkerProcessor());
}
}, OperationContext.Stage.RUNTIME);
// get the configured ORB properties.
Properties props = this.getConfigurationProperties(context, model);
// setup the ORB initializers using the configured properties.
this.setupInitializers(props);
// setup the SSL socket factories, if necessary.
final boolean sslConfigured = this.setupSSLFactories(props);
// create the service that initializes and starts the CORBA ORB.
CorbaORBService orbService = new CorbaORBService(props);
final ServiceBuilder<ORB> builder = context.getServiceTarget().addService(CorbaORBService.SERVICE_NAME, orbService);
org.jboss.as.server.Services.addServerExecutorDependency(builder, orbService.getExecutorInjector(), false);
// if a security domain has been specified, add a dependency to the domain service.
String securityDomain = props.getProperty(Constants.SECURITY_SECURITY_DOMAIN);
if (securityDomain != null)
builder.addDependency(SECURITY_DOMAIN_SERVICE_NAME.append(securityDomain));
// add dependencies to the ssl context services if needed.
final String serverSSLContextName = props.getProperty(Constants.SERVER_SSL_CONTEXT);
if (serverSSLContextName != null) {
ServiceName serverContextServiceName = context.getCapabilityServiceName(SSL_CONTEXT_CAPABILITY, serverSSLContextName, SSLContext.class);
builder.addDependency(serverContextServiceName);
}
final String clientSSLContextName = props.getProperty(Constants.CLIENT_SSL_CONTEXT);
if (clientSSLContextName != null) {
ServiceName clientContextServiceName = context.getCapabilityServiceName(SSL_CONTEXT_CAPABILITY, clientSSLContextName, SSLContext.class);
builder.addDependency(clientContextServiceName);
}
// if an authentication context has ben specified, add a dependency to its service.
final String authContext = props.getProperty(Constants.ORB_INIT_AUTH_CONTEXT);
if (authContext != null) {
ServiceName authContextServiceName = context.getCapabilityServiceName(AUTH_CONTEXT_CAPABILITY, authContext, AuthenticationContext.class);
builder.addDependency(authContextServiceName);
}
// inject the socket bindings that specify IIOP and IIOP/SSL ports.
String socketBinding = props.getProperty(Constants.ORB_SOCKET_BINDING);
builder.addDependency(SocketBinding.JBOSS_BINDING_NAME.append(socketBinding), SocketBinding.class, orbService.getIIOPSocketBindingInjector());
String sslSocketBinding = props.getProperty(Constants.ORB_SSL_SOCKET_BINDING);
if (sslSocketBinding != null) {
if (!sslConfigured) {
throw IIOPLogger.ROOT_LOGGER.sslPortWithoutSslConfiguration();
}
builder.addDependency(SocketBinding.JBOSS_BINDING_NAME.append(sslSocketBinding), SocketBinding.class, orbService.getIIOPSSLSocketBindingInjector());
}
// create the IOR security config metadata service.
final IORSecurityConfigMetaData securityConfigMetaData = this.createIORSecurityConfigMetaData(context, model, sslConfigured);
final IORSecConfigMetaDataService securityConfigMetaDataService = new IORSecConfigMetaDataService(securityConfigMetaData);
context.getServiceTarget().addService(IORSecConfigMetaDataService.SERVICE_NAME, securityConfigMetaDataService).setInitialMode(ServiceController.Mode.ACTIVE).install();
builder.addDependency(IORSecConfigMetaDataService.SERVICE_NAME);
// set the initial mode and install the service.
builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the service the initializes the Root POA.
CorbaPOAService rootPOAService = new CorbaPOAService("RootPOA", "poa");
context.getServiceTarget().addService(CorbaPOAService.ROOT_SERVICE_NAME, rootPOAService).addDependency(CorbaORBService.SERVICE_NAME, ORB.class, rootPOAService.getORBInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the service the initializes the interface repository POA.
final CorbaPOAService irPOAService = new CorbaPOAService("IRPOA", "irpoa", IdAssignmentPolicyValue.USER_ID, null, null, LifespanPolicyValue.PERSISTENT, null, null, null);
context.getServiceTarget().addService(CorbaPOAService.INTERFACE_REPOSITORY_SERVICE_NAME, irPOAService).addDependency(CorbaPOAService.ROOT_SERVICE_NAME, POA.class, irPOAService.getParentPOAInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the service that initializes the naming service POA.
final CorbaPOAService namingPOAService = new CorbaPOAService("Naming", null, IdAssignmentPolicyValue.USER_ID, null, null, LifespanPolicyValue.PERSISTENT, null, null, null);
context.getServiceTarget().addService(CorbaPOAService.SERVICE_NAME.append("namingpoa"), namingPOAService).addDependency(CorbaPOAService.ROOT_SERVICE_NAME, POA.class, namingPOAService.getParentPOAInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the CORBA naming service.
final CorbaNamingService namingService = new CorbaNamingService(props);
context.getServiceTarget().addService(CorbaNamingService.SERVICE_NAME, namingService).addDependency(CorbaORBService.SERVICE_NAME, ORB.class, namingService.getORBInjector()).addDependency(CorbaPOAService.ROOT_SERVICE_NAME, POA.class, namingService.getRootPOAInjector()).addDependency(CorbaPOAService.SERVICE_NAME.append("namingpoa"), POA.class, namingService.getNamingPOAInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
configureClientSecurity(props);
}
Also used :
CorbaNamingService(org.wildfly.iiop.openjdk.service.CorbaNamingService)
IIOPDependencyProcessor(org.wildfly.iiop.openjdk.deployment.IIOPDependencyProcessor)
CorbaORBService(org.wildfly.iiop.openjdk.service.CorbaORBService)
POA(org.omg.PortableServer.POA)
IIOPMarkerProcessor(org.wildfly.iiop.openjdk.deployment.IIOPMarkerProcessor)
CorbaPOAService(org.wildfly.iiop.openjdk.service.CorbaPOAService)
Properties(java.util.Properties)
IORSecurityConfigMetaData(org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData)
DeploymentProcessorTarget(org.jboss.as.server.DeploymentProcessorTarget)
ServiceName(org.jboss.msc.service.ServiceName)
IORSecConfigMetaDataService(org.wildfly.iiop.openjdk.service.IORSecConfigMetaDataService)
DelegatingStubFactoryFactory(org.wildfly.iiop.openjdk.rmi.DelegatingStubFactoryFactory)
AbstractDeploymentChainStep(org.jboss.as.server.AbstractDeploymentChainStep)
ORB(org.omg.CORBA.ORB)
Aggregations
IORSecurityConfigMetaData (org.jboss.metadata.ejb.jboss.IORSecurityConfigMetaData)3
IORTransportConfigMetaData (org.jboss.metadata.ejb.jboss.IORTransportConfigMetaData)2
ORB (org.omg.CORBA.ORB)2
ZeroPortPolicy (com.sun.corba.se.spi.extension.ZeroPortPolicy)1
ArrayList (java.util.ArrayList)1
Properties (java.util.Properties)1
TransactionManager (javax.transaction.TransactionManager)1
EJBComponent (org.jboss.as.ejb3.component.EJBComponent)1
StatelessSessionComponent (org.jboss.as.ejb3.component.stateless.StatelessSessionComponent)1
AbstractDeploymentChainStep (org.jboss.as.server.AbstractDeploymentChainStep)1
DeploymentProcessorTarget (org.jboss.as.server.DeploymentProcessorTarget)1
ModelNode (org.jboss.dmr.ModelNode)1
EJBMetaDataImplIIOP (org.jboss.ejb.iiop.EJBMetaDataImplIIOP)1
HomeHandleImplIIOP (org.jboss.ejb.iiop.HomeHandleImplIIOP)1
MarshallingConfiguration (org.jboss.marshalling.MarshallingConfiguration)1
RiverMarshallerFactory (org.jboss.marshalling.river.RiverMarshallerFactory)1
IORASContextMetaData (org.jboss.metadata.ejb.jboss.IORASContextMetaData)1
IORSASContextMetaData (org.jboss.metadata.ejb.jboss.IORSASContextMetaData)1
ServiceName (org.jboss.msc.service.ServiceName)1
StartException (org.jboss.msc.service.StartException)1
