Examples with JSSESecurityDomain org.jboss.security.JSSESecurityDomain used on opensource projects

Example 1 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronTrustManagersResourceDefinition.

/**
     * Defines a resource that represents Elytron-compatible trust managers that can be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the trust managers the resource uses a {@code BasicAddHandler} implementation that registers the elytron
     * trust-managers capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses
     * the injected {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its
     * configured trust manager array is obtained and returned.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a trust store configuration that can be used to build the trust managers.
     *
     * NOTE: The {@code PicketBox} implementation of a {@code JSSESecurityDomain} returns a reference to the key store if
     * a trust store was not configured. This means that the trust managers that it builds will use the configured key store
     * instead of throwing an exception to alert about a missing trust store configuration. So extra care must be taken
     * to ensure that the exported trust managers are being built using the correct trust stores.
     */
public static ResourceDefinition getElytronTrustManagersResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<TrustManager[]>(attributes, TRUST_MANAGERS_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<TrustManager[]> getValueSupplier(ServiceBuilder<TrustManager[]> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final TrustManager[] trustManagers = jsseDomain.getTrustManagers();
                if (trustManagers == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("trust manager", legacyJSSEConfig);
                }
                return trustManagers;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_TRUST_MANAGER, addHandler, attributes, TRUST_MANAGERS_RUNTIME_CAPABILITY);
}

Example 2 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronTrustStoreResourceDefinition.

/**
     * Defines a resource that represents an Elytron-compatible trust store that will be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the trust store the resource uses a {@code BasicAddHandler} implementation that registers the elytron key-store
     * capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses the injected
     * {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its configured trust
     * store is obtained and returned.
     *
     * NOTE 1: In the Elytron subsystem, both key stores and trust stores are registered using the same capability. This
     * means that the name of the trust store must be unique across all configured trust stores and key stores. If a trust
     * store resource is registered with the same name of a key store resource, an error will occur.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a trust store configuration.
     *
     * NOTE 2: The {@code PicketBox} implementation of a {@code JSSESecurityDomain} returns a reference to the key store if
     * a trust store was not configured. So extra care must be taken when that implementation is used (default) as the code
     * will silently export the key store as a trust store instead of throwing an exception to alert about a missing trust
     * store configuration in the legacy JSSE-enabled domain.
     */
public static ResourceDefinition getElytronTrustStoreResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyStore>(attributes, KEY_STORE_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<KeyStore> getValueSupplier(ServiceBuilder<KeyStore> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final KeyStore trustStore = jsseDomain.getTrustStore();
                if (trustStore == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("trust store", legacyJSSEConfig);
                }
                return trustStore;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_TRUST_STORE, addHandler, attributes, KEY_STORE_RUNTIME_CAPABILITY);
}

Example 3 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronKeyManagersResourceDefinition.

/**
     * Defines a resource that represents Elytron-compatible key managers that can be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the key managers the resource uses a {@code BasicAddHandler} implementation that registers the elytron
     * key-managers capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses
     * the injected {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its
     * configured key manager array is obtained and returned.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a key store configuration that can be used to build the key managers.
     */
public static ResourceDefinition getElytronKeyManagersResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyManager[]>(attributes, KEY_MANAGERS_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<KeyManager[]> getValueSupplier(ServiceBuilder<KeyManager[]> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final KeyManager[] keyManagers = jsseDomain.getKeyManagers();
                if (keyManagers == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("key manager", legacyJSSEConfig);
                }
                return keyManagers;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_KEY_MANAGER, addHandler, attributes, KEY_MANAGERS_RUNTIME_CAPABILITY);
}

Example 4 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class SecurityDomainAdd method launchServices.

public void launchServices(OperationContext context, String securityDomain, ModelNode model) throws OperationFailedException {
    final ApplicationPolicy applicationPolicy = createApplicationPolicy(context, securityDomain, model);
    final JSSESecurityDomain jsseSecurityDomain = createJSSESecurityDomain(context, securityDomain, model);
    final String cacheType = getAuthenticationCacheType(model);
    final SecurityDomainService securityDomainService = new SecurityDomainService(securityDomain, applicationPolicy, jsseSecurityDomain, cacheType);
    final ServiceTarget target = context.getServiceTarget();
    ServiceBuilder<SecurityDomainContext> builder = target.addService(SecurityDomainService.SERVICE_NAME.append(securityDomain), securityDomainService).addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class, securityDomainService.getSecurityManagementInjector()).addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class, securityDomainService.getConfigurationInjector());
    if (SecurityDomainResourceDefinition.INFINISPAN_CACHE_TYPE.equals(cacheType)) {
        builder.addDependency(InfinispanRequirement.CONTAINER.getServiceName(context.getCapabilityServiceSupport(), SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME), Object.class, securityDomainService.getCacheManagerInjector());
        builder.addDependency(InfinispanDefaultCacheRequirement.CONFIGURATION.getServiceName(context, SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME));
    }
    builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
}

Example 5 with JSSESecurityDomain

use of org.jboss.security.JSSESecurityDomain in project wildfly by wildfly.

the class ElytronIntegrationResourceDefinitions method getElytronKeyStoreResourceDefinition.

/**
     * Defines a resource that represents an Elytron-compatible key store that can be exported by a JSSE-enabled domain
     * in the legacy security subsystem.
     *
     * To export the key store the resource uses a {@code BasicAddHandler} implementation that registers the elytron key-store
     * capability and implements a {@code org.jboss.as.security.elytron.BasicService.ValueSupplier} that uses the injected
     * {@code SecurityDomainContext} to obtain a {@code JSSESecurityDomain}. If such domain is found, its configured key
     * store is obtained and returned.
     *
     * The {@code ValueSupplier} implementation throws an exception if the referenced legacy domain is not a JSSE-enabled
     * domain or if the domain doesn't contain a key store configuration.
     */
public static ResourceDefinition getElytronKeyStoreResourceDefinition() {
    final AttributeDefinition[] attributes = new AttributeDefinition[] { LEGACY_JSSE_CONFIG };
    final AbstractAddStepHandler addHandler = new BasicAddHandler<KeyStore>(attributes, KEY_STORE_RUNTIME_CAPABILITY) {

        @Override
        protected BasicService.ValueSupplier<KeyStore> getValueSupplier(ServiceBuilder<KeyStore> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            final String legacyJSSEConfig = asStringIfDefined(context, LEGACY_JSSE_CONFIG, model);
            final InjectedValue<SecurityDomainContext> securityDomainContextInjector = new InjectedValue<>();
            if (legacyJSSEConfig != null) {
                serviceBuilder.addDependency(SecurityDomainService.SERVICE_NAME.append(legacyJSSEConfig), SecurityDomainContext.class, securityDomainContextInjector);
            }
            return () -> {
                final SecurityDomainContext domainContext = securityDomainContextInjector.getValue();
                final JSSESecurityDomain jsseDomain = domainContext.getJSSE();
                if (jsseDomain == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateJSSEConfig(legacyJSSEConfig);
                }
                final KeyStore keyStore = jsseDomain.getKeyStore();
                if (keyStore == null) {
                    throw SecurityLogger.ROOT_LOGGER.unableToLocateComponentInJSSEDomain("key store", legacyJSSEConfig);
                }
                return keyStore;
            };
        }
    };
    return new BasicResourceDefinition(Constants.ELYTRON_KEY_STORE, addHandler, attributes, KEY_STORE_RUNTIME_CAPABILITY);
}