use of org.jboss.msc.service.ServiceName in project wildfly by wildfly.
the class JaccEjbDeploymentProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
boolean securityEnabled = deploymentUnit.hasAttachment(SecurityAttachments.SECURITY_ENABLED);
if (!securityEnabled) {
return;
}
AbstractSecurityDeployer<?> deployer = null;
deployer = new EjbSecurityDeployer();
JaccService<?> service = deployer.deploy(deploymentUnit);
if (service != null) {
final DeploymentUnit parentDU = deploymentUnit.getParent();
// EJBs maybe included directly in war deployment
ServiceName jaccServiceName = getJaccServiceName(deploymentUnit);
final ServiceTarget serviceTarget = phaseContext.getServiceTarget();
ServiceBuilder<?> builder = serviceTarget.addService(jaccServiceName, service);
if (parentDU != null) {
// add dependency to parent policy
builder.addDependency(parentDU.getServiceName().append(JaccService.SERVICE_NAME), PolicyConfiguration.class, service.getParentPolicyInjector());
}
builder.setInitialMode(Mode.ACTIVE).install();
}
}
use of org.jboss.msc.service.ServiceName in project wildfly by wildfly.
the class EJBSecurityViewConfigurator method configure.
@Override
public void configure(DeploymentPhaseContext context, ComponentConfiguration componentConfiguration, ViewDescription viewDescription, ViewConfiguration viewConfiguration) throws DeploymentUnitProcessingException {
if (componentConfiguration.getComponentDescription() instanceof EJBComponentDescription == false) {
throw EjbLogger.ROOT_LOGGER.invalidEjbComponent(componentConfiguration.getComponentName(), componentConfiguration.getComponentClass());
}
final DeploymentUnit deploymentUnit = context.getDeploymentUnit();
final EJBComponentDescription ejbComponentDescription = (EJBComponentDescription) componentConfiguration.getComponentDescription();
final boolean isSecurityDomainKnown = ejbComponentDescription.isSecurityDomainKnown();
if ((!deploymentUnit.hasAttachment(SecurityAttachments.SECURITY_ENABLED)) && (!isSecurityDomainKnown)) {
// the security subsystem is not present and Elytron is not being used for security, we don't apply any security settings
return;
}
final DeploymentReflectionIndex deploymentReflectionIndex = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.REFLECTION_INDEX);
// In such cases, we do *not* apply any security interceptors
if (ejbComponentDescription.getSecurityDomain() == null || ejbComponentDescription.getSecurityDomain().isEmpty()) {
if (ROOT_LOGGER.isDebugEnabled()) {
ROOT_LOGGER.debug("Security is *not* enabled on EJB: " + ejbComponentDescription.getEJBName() + ", since no explicit security domain is configured for the bean, nor is there any default security domain configured in the EJB3 subsystem");
}
return;
}
final String viewClassName = viewDescription.getViewClassName();
final EJBViewDescription ejbViewDescription = (EJBViewDescription) viewDescription;
// setup the JACC contextID.
String contextID = deploymentUnit.getName();
if (deploymentUnit.getParent() != null) {
contextID = deploymentUnit.getParent().getName() + "!" + contextID;
}
final EJBViewMethodSecurityAttributesService.Builder viewMethodSecurityAttributesServiceBuilder;
final ServiceName viewMethodSecurityAttributesServiceName;
// for both these views. So here we skip the @WebService view if the bean also has a @LocalBean (no-interface) view and let the EJBViewMethodSecurityAttributesService be built when the no-interface view is processed
if (ejbComponentDescription instanceof SessionBeanComponentDescription && MethodIntf.SERVICE_ENDPOINT == ejbViewDescription.getMethodIntf() && ((SessionBeanComponentDescription) ejbComponentDescription).hasNoInterfaceView()) {
viewMethodSecurityAttributesServiceBuilder = null;
viewMethodSecurityAttributesServiceName = null;
} else {
viewMethodSecurityAttributesServiceBuilder = new EJBViewMethodSecurityAttributesService.Builder();
viewMethodSecurityAttributesServiceName = EJBViewMethodSecurityAttributesService.getServiceName(ejbComponentDescription.getApplicationName(), ejbComponentDescription.getModuleName(), ejbComponentDescription.getEJBName(), viewClassName);
}
// setup the method specific security interceptor(s)
boolean beanHasMethodLevelSecurityMetadata = false;
final List<Method> viewMethods = viewConfiguration.getProxyFactory().getCachedMethods();
final List<Method> methodsWithoutExplicitSecurityConfiguration = new ArrayList<Method>();
for (final Method viewMethod : viewMethods) {
// TODO: proxy factory exposes non-public methods, is this a bug in the no-interface view?
if (!Modifier.isPublic(viewMethod.getModifiers())) {
continue;
}
if (viewMethod.getDeclaringClass() == WriteReplaceInterface.class) {
continue;
}
// setup the authorization interceptor
final ApplicableMethodInformation<EJBMethodSecurityAttribute> permissions = ejbComponentDescription.getDescriptorMethodPermissions();
boolean methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, permissions, false, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription);
if (!methodHasSecurityMetadata) {
//if it was not handled by the descriptor processor we look for annotation basic info
methodHasSecurityMetadata = handlePermissions(contextID, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, ejbViewDescription, viewMethod, ejbComponentDescription.getAnnotationMethodPermissions(), true, viewMethodSecurityAttributesServiceBuilder, ejbComponentDescription);
}
// if any method has security metadata then the bean has method level security metadata
if (methodHasSecurityMetadata) {
beanHasMethodLevelSecurityMetadata = true;
} else {
// make a note that this method didn't have any explicit method permissions configured
methodsWithoutExplicitSecurityConfiguration.add(viewMethod);
}
}
final boolean securityRequired = beanHasMethodLevelSecurityMetadata || ejbComponentDescription.hasBeanLevelSecurityMetadata();
// setup the security context interceptor
if (isSecurityDomainKnown) {
final HashMap<Integer, InterceptorFactory> elytronInterceptorFactories = ejbComponentDescription.getElytronInterceptorFactories(contextID, ejbComponentDescription.isEnableJacc());
elytronInterceptorFactories.forEach((priority, elytronInterceptorFactory) -> viewConfiguration.addViewInterceptor(elytronInterceptorFactory, priority));
} else {
viewConfiguration.addViewInterceptor(new SecurityContextInterceptorFactory(securityRequired, true, contextID), InterceptorOrder.View.SECURITY_CONTEXT);
}
// now add the authorization interceptor if the bean has *any* security metadata applicable
if (securityRequired) {
// check the missing-method-permissions-deny-access configuration and add the authorization interceptor
// to methods which don't have explicit method permissions.
// (@see http://anil-identity.blogspot.in/2010/02/tip-interpretation-of-missing-ejb.html for details)
final Boolean denyAccessToMethodsMissingPermissions = ((EJBComponentDescription) componentConfiguration.getComponentDescription()).isMissingMethodPermissionsDeniedAccess();
// default to "deny access"
if (denyAccessToMethodsMissingPermissions != Boolean.FALSE) {
for (final Method viewMethod : methodsWithoutExplicitSecurityConfiguration) {
if (viewMethodSecurityAttributesServiceBuilder != null) {
// build the EJBViewMethodSecurityAttributesService to expose these security attributes to other components like WS (@see https://issues.jboss.org/browse/WFLY-308)
viewMethodSecurityAttributesServiceBuilder.addMethodSecurityMetadata(viewMethod, EJBMethodSecurityAttribute.denyAll());
}
// "deny access" implies we need the authorization interceptor to be added so that it can nuke the invocation
if (isSecurityDomainKnown) {
viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(RolesAllowedInterceptor.DENY_ALL), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
} else {
final Interceptor authorizationInterceptor = new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, viewMethod, contextID);
viewConfiguration.addViewInterceptor(viewMethod, new ImmediateInterceptorFactory(authorizationInterceptor), InterceptorOrder.View.EJB_SECURITY_AUTHORIZATION_INTERCEPTOR);
}
}
}
}
if (viewMethodSecurityAttributesServiceBuilder != null) {
final EJBViewMethodSecurityAttributesService viewMethodSecurityAttributesService = viewMethodSecurityAttributesServiceBuilder.build();
context.getServiceTarget().addService(viewMethodSecurityAttributesServiceName, viewMethodSecurityAttributesService).install();
}
}
use of org.jboss.msc.service.ServiceName in project wildfly by wildfly.
the class DatabaseDataStoreAdd method installRuntimeServices.
public ServiceController<DatabaseTimerPersistence> installRuntimeServices(final OperationContext context, final ModelNode operation, final ModelNode model, final ServiceVerificationHandler verificationHandler) throws OperationFailedException {
final String jndiName = DatabaseDataStoreResourceDefinition.DATASOURCE_JNDI_NAME.resolveModelAttribute(context, model).asString();
final ModelNode dataBaseValue = DatabaseDataStoreResourceDefinition.DATABASE.resolveModelAttribute(context, model);
final String database;
if (dataBaseValue.isDefined()) {
database = dataBaseValue.asString();
} else {
database = null;
}
final String partition = DatabaseDataStoreResourceDefinition.PARTITION.resolveModelAttribute(context, model).asString();
final String name = PathAddress.pathAddress(operation.get(OP_ADDR)).getLastElement().getValue();
int refreshInterval = DatabaseDataStoreResourceDefinition.REFRESH_INTERVAL.resolveModelAttribute(context, model).asInt();
boolean allowExecution = DatabaseDataStoreResourceDefinition.ALLOW_EXECUTION.resolveModelAttribute(context, model).asBoolean();
final String nodeName = WildFlySecurityManager.getPropertyPrivileged(ServerEnvironment.NODE_NAME, null);
final DatabaseTimerPersistence databaseTimerPersistence = new DatabaseTimerPersistence(database, partition, nodeName, refreshInterval, allowExecution);
final ServiceName serviceName = TimerPersistence.SERVICE_NAME.append(name);
final ServiceBuilder<DatabaseTimerPersistence> builder = context.getServiceTarget().addService(serviceName, databaseTimerPersistence);
if (verificationHandler != null) {
builder.addListener(verificationHandler);
}
return builder.addDependency(Services.JBOSS_SERVICE_MODULE_LOADER, ModuleLoader.class, databaseTimerPersistence.getModuleLoader()).addDependency(ContextNames.bindInfoFor(jndiName).getBinderServiceName(), ManagedReferenceFactory.class, databaseTimerPersistence.getDataSourceInjectedValue()).addDependency(TimerServiceDeploymentProcessor.TIMER_SERVICE_NAME, java.util.Timer.class, databaseTimerPersistence.getTimerInjectedValue()).install();
}
use of org.jboss.msc.service.ServiceName in project wildfly by wildfly.
the class IIOPSubsystemAdd method launchServices.
protected void launchServices(final OperationContext context, final ModelNode model) throws OperationFailedException {
IIOPLogger.ROOT_LOGGER.activatingSubsystem();
// set the ORBUseDynamicStub system property.
WildFlySecurityManager.setPropertyPrivileged("org.jboss.com.sun.CORBA.ORBUseDynamicStub", "true");
// we set the same stub factory to both the static and dynamic stub factory. As there is no way to dynamically change
// the userDynamicStubs's property at runtime it is possible for the ORB class's <clinit> method to be
// called before this property is set.
// TODO: investigate a better way to handle this
com.sun.corba.se.spi.orb.ORB.getPresentationManager().setStubFactoryFactory(true, new DelegatingStubFactoryFactory());
com.sun.corba.se.spi.orb.ORB.getPresentationManager().setStubFactoryFactory(false, new DelegatingStubFactoryFactory());
// setup naming.
InitialContext.addUrlContextFactory("corbaloc", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("corbaname", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("IOR", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("iiopname", JBossCNCtxFactory.INSTANCE);
InitialContext.addUrlContextFactory("iiop", JBossCNCtxFactory.INSTANCE);
context.addStep(new AbstractDeploymentChainStep() {
public void execute(DeploymentProcessorTarget processorTarget) {
processorTarget.addDeploymentProcessor(IIOPExtension.SUBSYSTEM_NAME, Phase.DEPENDENCIES, Phase.DEPENDENCIES_JDKORB, new IIOPDependencyProcessor());
processorTarget.addDeploymentProcessor(IIOPExtension.SUBSYSTEM_NAME, Phase.PARSE, Phase.PARSE_JDKORB, new IIOPMarkerProcessor());
}
}, OperationContext.Stage.RUNTIME);
// get the configured ORB properties.
Properties props = this.getConfigurationProperties(context, model);
// setup the ORB initializers using the configured properties.
this.setupInitializers(props);
// setup the SSL socket factories, if necessary.
final boolean sslConfigured = this.setupSSLFactories(props);
// create the service that initializes and starts the CORBA ORB.
CorbaORBService orbService = new CorbaORBService(props);
final ServiceBuilder<ORB> builder = context.getServiceTarget().addService(CorbaORBService.SERVICE_NAME, orbService);
org.jboss.as.server.Services.addServerExecutorDependency(builder, orbService.getExecutorInjector(), false);
// if a security domain has been specified, add a dependency to the domain service.
String securityDomain = props.getProperty(Constants.SECURITY_SECURITY_DOMAIN);
if (securityDomain != null)
builder.addDependency(SECURITY_DOMAIN_SERVICE_NAME.append(securityDomain));
// add dependencies to the ssl context services if needed.
final String serverSSLContextName = props.getProperty(Constants.SERVER_SSL_CONTEXT);
if (serverSSLContextName != null) {
ServiceName serverContextServiceName = context.getCapabilityServiceName(SSL_CONTEXT_CAPABILITY, serverSSLContextName, SSLContext.class);
builder.addDependency(serverContextServiceName);
}
final String clientSSLContextName = props.getProperty(Constants.CLIENT_SSL_CONTEXT);
if (clientSSLContextName != null) {
ServiceName clientContextServiceName = context.getCapabilityServiceName(SSL_CONTEXT_CAPABILITY, clientSSLContextName, SSLContext.class);
builder.addDependency(clientContextServiceName);
}
// if an authentication context has ben specified, add a dependency to its service.
final String authContext = props.getProperty(Constants.ORB_INIT_AUTH_CONTEXT);
if (authContext != null) {
ServiceName authContextServiceName = context.getCapabilityServiceName(AUTH_CONTEXT_CAPABILITY, authContext, AuthenticationContext.class);
builder.addDependency(authContextServiceName);
}
// inject the socket bindings that specify IIOP and IIOP/SSL ports.
String socketBinding = props.getProperty(Constants.ORB_SOCKET_BINDING);
builder.addDependency(SocketBinding.JBOSS_BINDING_NAME.append(socketBinding), SocketBinding.class, orbService.getIIOPSocketBindingInjector());
String sslSocketBinding = props.getProperty(Constants.ORB_SSL_SOCKET_BINDING);
if (sslSocketBinding != null) {
if (!sslConfigured) {
throw IIOPLogger.ROOT_LOGGER.sslPortWithoutSslConfiguration();
}
builder.addDependency(SocketBinding.JBOSS_BINDING_NAME.append(sslSocketBinding), SocketBinding.class, orbService.getIIOPSSLSocketBindingInjector());
}
// create the IOR security config metadata service.
final IORSecurityConfigMetaData securityConfigMetaData = this.createIORSecurityConfigMetaData(context, model, sslConfigured);
final IORSecConfigMetaDataService securityConfigMetaDataService = new IORSecConfigMetaDataService(securityConfigMetaData);
context.getServiceTarget().addService(IORSecConfigMetaDataService.SERVICE_NAME, securityConfigMetaDataService).setInitialMode(ServiceController.Mode.ACTIVE).install();
builder.addDependency(IORSecConfigMetaDataService.SERVICE_NAME);
// set the initial mode and install the service.
builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the service the initializes the Root POA.
CorbaPOAService rootPOAService = new CorbaPOAService("RootPOA", "poa");
context.getServiceTarget().addService(CorbaPOAService.ROOT_SERVICE_NAME, rootPOAService).addDependency(CorbaORBService.SERVICE_NAME, ORB.class, rootPOAService.getORBInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the service the initializes the interface repository POA.
final CorbaPOAService irPOAService = new CorbaPOAService("IRPOA", "irpoa", IdAssignmentPolicyValue.USER_ID, null, null, LifespanPolicyValue.PERSISTENT, null, null, null);
context.getServiceTarget().addService(CorbaPOAService.INTERFACE_REPOSITORY_SERVICE_NAME, irPOAService).addDependency(CorbaPOAService.ROOT_SERVICE_NAME, POA.class, irPOAService.getParentPOAInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the service that initializes the naming service POA.
final CorbaPOAService namingPOAService = new CorbaPOAService("Naming", null, IdAssignmentPolicyValue.USER_ID, null, null, LifespanPolicyValue.PERSISTENT, null, null, null);
context.getServiceTarget().addService(CorbaPOAService.SERVICE_NAME.append("namingpoa"), namingPOAService).addDependency(CorbaPOAService.ROOT_SERVICE_NAME, POA.class, namingPOAService.getParentPOAInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
// create the CORBA naming service.
final CorbaNamingService namingService = new CorbaNamingService(props);
context.getServiceTarget().addService(CorbaNamingService.SERVICE_NAME, namingService).addDependency(CorbaORBService.SERVICE_NAME, ORB.class, namingService.getORBInjector()).addDependency(CorbaPOAService.ROOT_SERVICE_NAME, POA.class, namingService.getRootPOAInjector()).addDependency(CorbaPOAService.SERVICE_NAME.append("namingpoa"), POA.class, namingService.getNamingPOAInjector()).setInitialMode(ServiceController.Mode.ACTIVE).install();
configureClientSecurity(props);
}
use of org.jboss.msc.service.ServiceName in project wildfly by wildfly.
the class RaXmlDependencyProcessor method deploy.
/**
* Add dependencies for modules required for ra deployments
*
* @param phaseContext the deployment unit context
* @throws org.jboss.as.server.deployment.DeploymentUnitProcessingException
*/
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
if (phaseContext.getDeploymentUnit().getAttachment(ConnectorXmlDescriptor.ATTACHMENT_KEY) == null) {
// Skip non ra deployments
return;
}
CopyOnWriteArrayListMultiMap<String, ServiceName> resourceAdaptersMap = phaseContext.getDeploymentUnit().getAttachment(ResourceAdaptersSubsystemService.ATTACHMENT_KEY);
String deploymentUnitPrefix = "";
if (deploymentUnit.getParent() != null) {
deploymentUnitPrefix = deploymentUnit.getParent().getName() + "#";
}
final String deploymentUnitName = deploymentUnitPrefix + deploymentUnit.getName();
if (resourceAdaptersMap != null && resourceAdaptersMap.get(deploymentUnitName) != null) {
for (ServiceName serviceName : resourceAdaptersMap.get(deploymentUnitName)) {
phaseContext.addDeploymentDependency(serviceName, AttachmentKey.create(ModifiableResourceAdapter.class));
}
}
}
Aggregations