use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.
the class ElytronIntegrationResourceDefinitions method getElytronTrustManagersResourceDefinition.
/**
* Defines a resource that represents Elytron-compatible trust managers that can be exported by a JSSE-enabled domain
* in the legacy security subsystem.
*
* To export the trust managers the resource uses a {@code BasicAddHandler} implementation that registers the elytron
* trust-managers capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses
* the injected {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its
* configured trust manager array is obtained and returned.
*
* The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
* domain or if the domain doesn't contain a trust store configuration that can be used to build the trust managers.
*
* NOTE: The {@code PicketBox} implementation of a {@code JSSESecurityDomain} returns a reference to the key store if
* a trust store was not configured. This means that the trust managers that it builds will use the configured key store
* instead of throwing an exception to alert about a missing trust store configuration. So extra care must be taken
* to ensure that the exported trust managers are being built using the correct trust stores.
*/
public static ResourceDefinition getElytronTrustManagersResourceDefinition() {
final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
final AbstractAddStepHandler addHandler = new BasicAddHandler<TrustManager[]>(attributes, TRUST_MANAGERS_RUNTIME_CAPABILITY) {
@Override
protected BasicService.ValueSupplier<TrustManager[]> getValueSupplier(ServiceBuilder<TrustManager[]> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
if (legacyJSSEConfig != null) {
serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
}
return () -> {
final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
if (jsseDomain == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
}
final TrustManager[] trustManagers = jsseDomain.getTrustManagers();
if (trustManagers == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("trust manager", legacyJSSEConfig);
}
return trustManagers;
};
}
};
return new BasicResourceDefinition(Constants.ELYTRON_TRUST_MANAGER, addHandler, attributes, TRUST_MANAGERS_RUNTIME_CAPABILITY);
}
use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.
the class ElytronIntegrationResourceDefinitions method getElytronTrustStoreResourceDefinition.
/**
* Defines a resource that represents an Elytron-compatible trust store that will be exported by a JSSE-enabled domain
* in the legacy security subsystem.
*
* To export the trust store the resource uses a {@code BasicAddHandler} implementation that registers the elytron key-store
* capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses the injected
* {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its configured trust
* store is obtained and returned.
*
* NOTE 1: In the Elytron subsystem, both key stores and trust stores are registered using the same capability. This
* means that the name of the trust store must be unique across all configured trust stores and key stores. If a trust
* store resource is registered with the same name of a key store resource, an error will occur.
*
* The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
* domain or if the domain doesn't contain a trust store configuration.
*
* NOTE 2: The {@code PicketBox} implementation of a {@code JSSESecurityDomain} returns a reference to the key store if
* a trust store was not configured. So extra care must be taken when that implementation is used (default) as the code
* will silently export the key store as a trust store instead of throwing an exception to alert about a missing trust
* store configuration in the legacy JSSE-enabled domain.
*/
public static ResourceDefinition getElytronTrustStoreResourceDefinition() {
final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyStore>(attributes, KEY_STORE_RUNTIME_CAPABILITY) {
@Override
protected BasicService.ValueSupplier<KeyStore> getValueSupplier(ServiceBuilder<KeyStore> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
if (legacyJSSEConfig != null) {
serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
}
return () -> {
final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
if (jsseDomain == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
}
final KeyStore trustStore = jsseDomain.getTrustStore();
if (trustStore == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("trust store", legacyJSSEConfig);
}
return trustStore;
};
}
};
return new BasicResourceDefinition(Constants.ELYTRON_TRUST_STORE, addHandler, attributes, KEY_STORE_RUNTIME_CAPABILITY);
}
use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.
the class ElytronIntegrationResourceDefinitions method getElytronKeyManagersResourceDefinition.
/**
* Defines a resource that represents Elytron-compatible key managers that can be exported by a JSSE-enabled domain
* in the legacy security subsystem.
*
* To export the key managers the resource uses a {@code BasicAddHandler} implementation that registers the elytron
* key-managers capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses
* the injected {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its
* configured key manager array is obtained and returned.
*
* The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
* domain or if the domain doesn't contain a key store configuration that can be used to build the key managers.
*/
public static ResourceDefinition getElytronKeyManagersResourceDefinition() {
final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyManager[]>(attributes, KEY_MANAGERS_RUNTIME_CAPABILITY) {
@Override
protected BasicService.ValueSupplier<KeyManager[]> getValueSupplier(ServiceBuilder<KeyManager[]> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
if (legacyJSSEConfig != null) {
serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
}
return () -> {
final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
if (jsseDomain == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
}
final KeyManager[] keyManagers = jsseDomain.getKeyManagers();
if (keyManagers == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("key manager", legacyJSSEConfig);
}
return keyManagers;
};
}
};
return new BasicResourceDefinition(Constants.ELYTRON_KEY_MANAGER, addHandler, attributes, KEY_MANAGERS_RUNTIME_CAPABILITY);
}
use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.
the class SecurityDomainAdd method launchServices.
public void launchServices(OperationContext context, String securityDomain, ModelNode model) throws OperationFailedException {
final ApplicationPolicy applicationPolicy = createApplicationPolicy(context, securityDomain, model);
final JSSESecurityDomain jsseSecurityDomain = createJSSESecurityDomain(context, securityDomain, model);
final String cacheType = getAuthenticationCacheType(model);
final SecurityDomainService securityDomainService = new SecurityDomainService(securityDomain, applicationPolicy, jsseSecurityDomain, cacheType);
final ServiceTarget target = context.getServiceTarget();
ServiceBuilder<SecurityDomainContext> builder = target.addService(SecurityDomainService.SERVICE_NAME.append(securityDomain), securityDomainService).addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class, securityDomainService.getSecurityManagementInjector()).addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class, securityDomainService.getConfigurationInjector());
if (SecurityDomainResourceDefinition.INFINISPAN_CACHE_TYPE.equals(cacheType)) {
builder.addDependency(InfinispanRequirement.CONTAINER.getServiceName(context.getCapabilityServiceSupport(), SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME), Object.class, securityDomainService.getCacheManagerInjector());
builder.addDependency(InfinispanDefaultCacheRequirement.CONFIGURATION.getServiceName(context, SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME));
}
builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
}
use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.
the class ElytronIntegrationResourceDefinitions method getElytronKeyStoreResourceDefinition.
/**
* Defines a resource that represents an Elytron-compatible key store that can be exported by a JSSE-enabled domain
* in the legacy security subsystem.
*
* To export the key store the resource uses a {@code BasicAddHandler} implementation that registers the elytron key-store
* capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses the injected
* {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its configured key
* store is obtained and returned.
*
* The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
* domain or if the domain doesn't contain a key store configuration.
*/
public static ResourceDefinition getElytronKeyStoreResourceDefinition() {
final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyStore>(attributes, KEY_STORE_RUNTIME_CAPABILITY) {
@Override
protected BasicService.ValueSupplier<KeyStore> getValueSupplier(ServiceBuilder<KeyStore> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
if (legacyJSSEConfig != null) {
serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
}
return () -> {
final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
if (jsseDomain == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
}
final KeyStore keyStore = jsseDomain.getKeyStore();
if (keyStore == null) {
throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("key store", legacyJSSEConfig);
}
return keyStore;
};
}
};
return new BasicResourceDefinition(Constants.ELYTRON_KEY_STORE, addHandler, attributes, KEY_STORE_RUNTIME_CAPABILITY);
}
Aggregations