Search in sources :

Example 1 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronTrustManagersResourceDefinition.

/**
     * Defines a resource that represents Elytron-compatible trust managers that can be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the trust managers the resource uses a {@code BasicAddHandler} implementation that registers the elytron
     * trust-managers capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses
     * the injected {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its
     * configured trust manager array is obtained and returned.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a trust store configuration that can be used to build the trust managers.
     *
     * NOTE: The {@code PicketBox} implementation of a {@code JSSESecurityDomain} returns a reference to the key store if
     * a trust store was not configured. This means that the trust managers that it builds will use the configured key store
     * instead of throwing an exception to alert about a missing trust store configuration. So extra care must be taken
     * to ensure that the exported trust managers are being built using the correct trust stores.
     */
public static ResourceDefinition getElytronTrustManagersResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<TrustManager[]>(attributes, TRUST_MANAGERS_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<TrustManager[]> getValueSupplier(ServiceBuilder<TrustManager[]> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final TrustManager[] trustManagers = jsseDomain.getTrustManagers();
                if (trustManagers == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("trust manager", legacyJSSEConfig);
                }
                return trustManagers;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_TRUST_MANAGER, addHandler, attributes, TRUST_MANAGERS_RUNTIME_CAPABILITY);
}
Also used : OperationContext(org.jboss.as.controller.OperationContext) InjectedValue(org.jboss.msc.value.InjectedValue) JSSESecurityDomain(org.jboss.security.JSSESecurityDomain) AttributeDefinition(org.jboss.as.controller.AttributeDefinition) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext) TrustManager(javax.net.ssl.TrustManager) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler) ModelNode(org.jboss.dmr.ModelNode)

Example 2 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronTrustStoreResourceDefinition.

/**
     * Defines a resource that represents an Elytron-compatible trust store that will be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the trust store the resource uses a {@code BasicAddHandler} implementation that registers the elytron key-store
     * capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses the injected
     * {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its configured trust
     * store is obtained and returned.
     *
     * NOTE 1: In the Elytron subsystem, both key stores and trust stores are registered using the same capability. This
     * means that the name of the trust store must be unique across all configured trust stores and key stores. If a trust
     * store resource is registered with the same name of a key store resource, an error will occur.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a trust store configuration.
     *
     * NOTE 2: The {@code PicketBox} implementation of a {@code JSSESecurityDomain} returns a reference to the key store if
     * a trust store was not configured. So extra care must be taken when that implementation is used (default) as the code
     * will silently export the key store as a trust store instead of throwing an exception to alert about a missing trust
     * store configuration in the legacy JSSE-enabled domain.
     */
public static ResourceDefinition getElytronTrustStoreResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyStore>(attributes, KEY_STORE_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<KeyStore> getValueSupplier(ServiceBuilder<KeyStore> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final KeyStore trustStore = jsseDomain.getTrustStore();
                if (trustStore == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("trust store", legacyJSSEConfig);
                }
                return trustStore;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_TRUST_STORE, addHandler, attributes, KEY_STORE_RUNTIME_CAPABILITY);
}
Also used : OperationContext(org.jboss.as.controller.OperationContext) InjectedValue(org.jboss.msc.value.InjectedValue) JSSESecurityDomain(org.jboss.security.JSSESecurityDomain) AttributeDefinition(org.jboss.as.controller.AttributeDefinition) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) KeyStore(java.security.KeyStore) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler) ModelNode(org.jboss.dmr.ModelNode)

Example 3 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronKeyManagersResourceDefinition.

/**
     * Defines a resource that represents Elytron-compatible key managers that can be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the key managers the resource uses a {@code BasicAddHandler} implementation that registers the elytron
     * key-managers capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses
     * the injected {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its
     * configured key manager array is obtained and returned.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a key store configuration that can be used to build the key managers.
     */
public static ResourceDefinition getElytronKeyManagersResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyManager[]>(attributes, KEY_MANAGERS_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<KeyManager[]> getValueSupplier(ServiceBuilder<KeyManager[]> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final KeyManager[] keyManagers = jsseDomain.getKeyManagers();
                if (keyManagers == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("key manager", legacyJSSEConfig);
                }
                return keyManagers;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_KEY_MANAGER, addHandler, attributes, KEY_MANAGERS_RUNTIME_CAPABILITY);
}
Also used : OperationContext(org.jboss.as.controller.OperationContext) InjectedValue(org.jboss.msc.value.InjectedValue) JSSESecurityDomain(org.jboss.security.JSSESecurityDomain) AttributeDefinition(org.jboss.as.controller.AttributeDefinition) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler) ModelNode(org.jboss.dmr.ModelNode) KeyManager(javax.net.ssl.KeyManager)

Example 4 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class SecurityDomainAdd method launchServices.

public void launchServices(OperationContext context, String securityDomain, ModelNode model) throws OperationFailedException {
    final ApplicationPolicy applicationPolicy = createApplicationPolicy(context, securityDomain, model);
    final JSSESecurityDomain jsseSecurityDomain = createJSSESecurityDomain(context, securityDomain, model);
    final String cacheType = getAuthenticationCacheType(model);
    final SecurityDomainService securityDomainService = new SecurityDomainService(securityDomain, applicationPolicy, jsseSecurityDomain, cacheType);
    final ServiceTarget target = context.getServiceTarget();
    ServiceBuilder<SecurityDomainContext> builder = target.addService(SecurityDomainService.SERVICE_NAME.append(securityDomain), securityDomainService).addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class, securityDomainService.getSecurityManagementInjector()).addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class, securityDomainService.getConfigurationInjector());
    if (SecurityDomainResourceDefinition.INFINISPAN_CACHE_TYPE.equals(cacheType)) {
        builder.addDependency(InfinispanRequirement.CONTAINER.getServiceName(context.getCapabilityServiceSupport(), SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME), Object.class, securityDomainService.getCacheManagerInjector());
        builder.addDependency(InfinispanDefaultCacheRequirement.CONFIGURATION.getServiceName(context, SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME));
    }
    builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
}
Also used : SecurityDomainService(org.jboss.as.security.service.SecurityDomainService) ISecurityManagement(org.jboss.security.ISecurityManagement) ApplicationPolicy(org.jboss.security.config.ApplicationPolicy) JBossJSSESecurityDomain(org.jboss.security.JBossJSSESecurityDomain) JSSESecurityDomain(org.jboss.security.JSSESecurityDomain) ServiceTarget(org.jboss.msc.service.ServiceTarget) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext)

Example 5 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronKeyStoreResourceDefinition.

/**
     * Defines a resource that represents an Elytron-compatible key store that can be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the key store the resource uses a {@code BasicAddHandler} implementation that registers the elytron key-store
     * capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses the injected
     * {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its configured key
     * store is obtained and returned.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a key store configuration.
     */
public static ResourceDefinition getElytronKeyStoreResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyStore>(attributes, KEY_STORE_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<KeyStore> getValueSupplier(ServiceBuilder<KeyStore> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final KeyStore keyStore = jsseDomain.getKeyStore();
                if (keyStore == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("key store", legacyJSSEConfig);
                }
                return keyStore;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_KEY_STORE, addHandler, attributes, KEY_STORE_RUNTIME_CAPABILITY);
}
Also used : OperationContext(org.jboss.as.controller.OperationContext) InjectedValue(org.jboss.msc.value.InjectedValue) JSSESecurityDomain(org.jboss.security.JSSESecurityDomain) AttributeDefinition(org.jboss.as.controller.AttributeDefinition) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) KeyStore(java.security.KeyStore) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler) ModelNode(org.jboss.dmr.ModelNode)

Aggregations

JSSESecurityDomain (org.jboss.security.JSSESecurityDomain)6 SecurityDomainContext (org.jboss.as.security.plugins.SecurityDomainContext)5 AbstractAddStepHandler (org.jboss.as.controller.AbstractAddStepHandler)4 AttributeDefinition (org.jboss.as.controller.AttributeDefinition)4 OperationContext (org.jboss.as.controller.OperationContext)4 SimpleAttributeDefinition (org.jboss.as.controller.SimpleAttributeDefinition)4 ModelNode (org.jboss.dmr.ModelNode)4 ServiceBuilder (org.jboss.msc.service.ServiceBuilder)4 InjectedValue (org.jboss.msc.value.InjectedValue)4 KeyStore (java.security.KeyStore)2 KeyManager (javax.net.ssl.KeyManager)1 TrustManager (javax.net.ssl.TrustManager)1 SecurityDomainService (org.jboss.as.security.service.SecurityDomainService)1 ServiceTarget (org.jboss.msc.service.ServiceTarget)1 ISecurityManagement (org.jboss.security.ISecurityManagement)1 JBossJSSESecurityDomain (org.jboss.security.JBossJSSESecurityDomain)1 ApplicationPolicy (org.jboss.security.config.ApplicationPolicy)1