Search in sources :

Example 1 with ApplicationPolicy

use of org.jboss.security.config.ApplicationPolicy in project wildfly by wildfly.

the class UndertowDeploymentInfoService method handleJASPIMechanism.

/**
     * <p>Adds to the deployment the {@link org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism}, if necessary. The handler will be added if the security domain
     * is configured with JASPI authentication.</p>
     *
     * @param deploymentInfo
     */
private void handleJASPIMechanism(final DeploymentInfo deploymentInfo) {
    if (securityDomain == null) {
        return;
    }
    ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain);
    if (applicationPolicy != null && JASPIAuthenticationInfo.class.isInstance(applicationPolicy.getAuthenticationInfo())) {
        String authMethod = null;
        LoginConfig loginConfig = deploymentInfo.getLoginConfig();
        if (loginConfig != null && loginConfig.getAuthMethods().size() > 0) {
            authMethod = loginConfig.getAuthMethods().get(0).getName();
        }
        deploymentInfo.setJaspiAuthenticationMechanism(new JASPICAuthenticationMechanism(securityDomain, authMethod));
        deploymentInfo.setSecurityContextFactory(new JASPICSecurityContextFactory(this.securityDomain));
        deploymentInfo.addOuterHandlerChainWrapper(next -> new JASPICSecureResponseHandler(next));
    }
}
Also used : JASPICAuthenticationMechanism(org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism) JASPICSecureResponseHandler(org.wildfly.extension.undertow.security.jaspi.JASPICSecureResponseHandler) ApplicationPolicy(org.jboss.security.config.ApplicationPolicy) JASPIAuthenticationInfo(org.jboss.security.auth.login.JASPIAuthenticationInfo) LoginConfig(io.undertow.servlet.api.LoginConfig) JASPICSecurityContextFactory(org.wildfly.extension.undertow.security.jaspi.JASPICSecurityContextFactory)

Example 2 with ApplicationPolicy

use of org.jboss.security.config.ApplicationPolicy in project wildfly by wildfly.

the class SecurityDomainAdd method launchServices.

public void launchServices(OperationContext context, String securityDomain, ModelNode model) throws OperationFailedException {
    final ApplicationPolicy applicationPolicy = createApplicationPolicy(context, securityDomain, model);
    final JSSESecurityDomain jsseSecurityDomain = createJSSESecurityDomain(context, securityDomain, model);
    final String cacheType = getAuthenticationCacheType(model);
    final SecurityDomainService securityDomainService = new SecurityDomainService(securityDomain, applicationPolicy, jsseSecurityDomain, cacheType);
    final ServiceTarget target = context.getServiceTarget();
    ServiceBuilder<SecurityDomainContext> builder = target.addService(SecurityDomainService.SERVICE_NAME.append(securityDomain), securityDomainService).addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class, securityDomainService.getSecurityManagementInjector()).addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class, securityDomainService.getConfigurationInjector());
    if (SecurityDomainResourceDefinition.INFINISPAN_CACHE_TYPE.equals(cacheType)) {
        builder.addDependency(InfinispanRequirement.CONTAINER.getServiceName(context.getCapabilityServiceSupport(), SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME), Object.class, securityDomainService.getCacheManagerInjector());
        builder.addDependency(InfinispanDefaultCacheRequirement.CONFIGURATION.getServiceName(context, SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME));
    }
    builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
}
Also used : SecurityDomainService(org.jboss.as.security.service.SecurityDomainService) ISecurityManagement(org.jboss.security.ISecurityManagement) ApplicationPolicy(org.jboss.security.config.ApplicationPolicy) JBossJSSESecurityDomain(org.jboss.security.JBossJSSESecurityDomain) JSSESecurityDomain(org.jboss.security.JSSESecurityDomain) ServiceTarget(org.jboss.msc.service.ServiceTarget) SecurityDomainContext(org.jboss.as.security.plugins.SecurityDomainContext)

Example 3 with ApplicationPolicy

use of org.jboss.security.config.ApplicationPolicy in project wildfly by wildfly.

the class SecurityDomainAdd method createApplicationPolicy.

private ApplicationPolicy createApplicationPolicy(OperationContext context, String securityDomain, final ModelNode model) throws OperationFailedException {
    final ApplicationPolicy applicationPolicy = new ApplicationPolicy(securityDomain);
    boolean create;
    create = processClassicAuth(context, securityDomain, model, applicationPolicy);
    create |= processJASPIAuth(context, securityDomain, model, applicationPolicy);
    create |= processAuthorization(context, securityDomain, model, applicationPolicy);
    create |= processACL(context, securityDomain, model, applicationPolicy);
    create |= processAudit(context, securityDomain, model, applicationPolicy);
    create |= processIdentityTrust(context, securityDomain, model, applicationPolicy);
    create |= processMapping(context, securityDomain, model, applicationPolicy);
    return create ? applicationPolicy : null;
}
Also used : ApplicationPolicy(org.jboss.security.config.ApplicationPolicy)

Example 4 with ApplicationPolicy

use of org.jboss.security.config.ApplicationPolicy in project jbossws-cxf by jbossws.

the class DefaultJASPIAuthenticationProvider method enableClientAuthentication.

public boolean enableClientAuthentication(Object target, Map<String, String> properties) {
    if (!(target instanceof Client)) {
        Loggers.ROOT_LOGGER.cannotEnableJASPIAuthentication(target.getClass().getSimpleName());
        return false;
    }
    Client client = (Client) target;
    String securityDomain = properties.get(JaspiClientAuthenticator.JASPI_SECURITY_DOMAIN);
    if (securityDomain == null) {
        return false;
    }
    ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
    if (appPolicy == null) {
        Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain);
        return false;
    }
    BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo();
    if (bai == null || bai instanceof AuthenticationInfo) {
        Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain);
        return false;
    }
    JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
    String contextRoot = client.getEndpoint().getEndpointInfo().getName().toString();
    String appId = "localhost " + contextRoot;
    AuthConfigFactory factory = AuthConfigFactory.getFactory();
    Properties props = new Properties();
    AuthConfigProvider provider = new JBossWSAuthConfigProvider(props, factory);
    provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null);
    JBossCallbackHandler callbackHandler = new JBossCallbackHandler();
    try {
        ClientAuthConfig clientConfig = provider.getClientAuthConfig("soap", appId, callbackHandler);
        JaspiClientAuthenticator clientAuthenticator = new JaspiClientAuthenticator(clientConfig, securityDomain, jai);
        client.getInInterceptors().add(new JaspiClientInInterceptor(clientAuthenticator));
        client.getOutInterceptors().add(new JaspiClientOutInterceptor(clientAuthenticator));
    } catch (Exception e) {
        Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain, e);
    }
    return false;
}
Also used : JBossWSAuthConfigProvider(org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider) AuthConfigProvider(javax.security.auth.message.config.AuthConfigProvider) JASPIAuthenticationInfo(org.jboss.security.auth.login.JASPIAuthenticationInfo) JBossWSAuthConfigProvider(org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider) JaspiClientInInterceptor(org.jboss.wsf.stack.cxf.jaspi.client.JaspiClientInInterceptor) ClientAuthConfig(javax.security.auth.message.config.ClientAuthConfig) Properties(java.util.Properties) BaseAuthenticationInfo(org.jboss.security.auth.login.BaseAuthenticationInfo) JASPIAuthenticationInfo(org.jboss.security.auth.login.JASPIAuthenticationInfo) AuthenticationInfo(org.jboss.security.auth.login.AuthenticationInfo) BaseAuthenticationInfo(org.jboss.security.auth.login.BaseAuthenticationInfo) ApplicationPolicy(org.jboss.security.config.ApplicationPolicy) AuthConfigFactory(javax.security.auth.message.config.AuthConfigFactory) JaspiClientOutInterceptor(org.jboss.wsf.stack.cxf.jaspi.client.JaspiClientOutInterceptor) Client(org.apache.cxf.endpoint.Client) JBossCallbackHandler(org.jboss.security.auth.callback.JBossCallbackHandler) JaspiClientAuthenticator(org.jboss.wsf.stack.cxf.jaspi.client.JaspiClientAuthenticator)

Example 5 with ApplicationPolicy

use of org.jboss.security.config.ApplicationPolicy in project jbossws-cxf by jbossws.

the class DefaultJASPIAuthenticationProvider method enableServerAuthentication.

public boolean enableServerAuthentication(Deployment dep, JBossWebservicesMetaData wsmd) {
    String securityDomain = null;
    if (wsmd != null) {
        securityDomain = wsmd.getProperty(JaspiServerAuthenticator.JASPI_SECURITY_DOMAIN);
    }
    if (securityDomain == null) {
        return false;
    }
    ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
    if (appPolicy == null) {
        Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain);
        return false;
    }
    BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo();
    if (bai == null || bai instanceof AuthenticationInfo) {
        Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain);
        return false;
    }
    JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
    String contextRoot = dep.getService().getContextRoot();
    String appId = "localhost " + contextRoot;
    AuthConfigFactory factory = AuthConfigFactory.getFactory();
    Properties properties = new Properties();
    AuthConfigProvider provider = new JBossWSAuthConfigProvider(properties, factory);
    provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null);
    JBossCallbackHandler callbackHandler = new JBossCallbackHandler();
    try {
        ServerAuthConfig serverConfig = provider.getServerAuthConfig(JBossWSAuthConstants.SOAP_LAYER, appId, callbackHandler);
        Properties serverContextProperties = new Properties();
        serverContextProperties.put("security-domain", securityDomain);
        serverContextProperties.put("jaspi-policy", jai);
        Bus bus = dep.getAttachment(Bus.class);
        serverContextProperties.put(Bus.class, bus);
        String authContextID = dep.getSimpleName();
        ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, null, serverContextProperties);
        JaspiServerAuthenticator serverAuthenticator = new JaspiServerAuthenticator(sctx);
        bus.getInInterceptors().add(new JaspiSeverInInterceptor(serverAuthenticator));
        bus.getOutInterceptors().add(new JaspiSeverOutInterceptor(serverAuthenticator));
        return true;
    } catch (Exception e) {
        Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain, e);
    }
    return false;
}
Also used : Bus(org.apache.cxf.Bus) JBossWSAuthConfigProvider(org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider) AuthConfigProvider(javax.security.auth.message.config.AuthConfigProvider) JASPIAuthenticationInfo(org.jboss.security.auth.login.JASPIAuthenticationInfo) JBossWSAuthConfigProvider(org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider) Properties(java.util.Properties) BaseAuthenticationInfo(org.jboss.security.auth.login.BaseAuthenticationInfo) JASPIAuthenticationInfo(org.jboss.security.auth.login.JASPIAuthenticationInfo) AuthenticationInfo(org.jboss.security.auth.login.AuthenticationInfo) ServerAuthContext(javax.security.auth.message.config.ServerAuthContext) JaspiSeverInInterceptor(org.jboss.wsf.stack.cxf.jaspi.interceptor.JaspiSeverInInterceptor) JaspiSeverOutInterceptor(org.jboss.wsf.stack.cxf.jaspi.interceptor.JaspiSeverOutInterceptor) BaseAuthenticationInfo(org.jboss.security.auth.login.BaseAuthenticationInfo) ApplicationPolicy(org.jboss.security.config.ApplicationPolicy) AuthConfigFactory(javax.security.auth.message.config.AuthConfigFactory) JBossCallbackHandler(org.jboss.security.auth.callback.JBossCallbackHandler) ServerAuthConfig(javax.security.auth.message.config.ServerAuthConfig)

Aggregations

ApplicationPolicy (org.jboss.security.config.ApplicationPolicy)6 JASPIAuthenticationInfo (org.jboss.security.auth.login.JASPIAuthenticationInfo)4 Properties (java.util.Properties)3 AuthConfigFactory (javax.security.auth.message.config.AuthConfigFactory)3 AuthConfigProvider (javax.security.auth.message.config.AuthConfigProvider)3 JBossCallbackHandler (org.jboss.security.auth.callback.JBossCallbackHandler)3 AuthenticationInfo (org.jboss.security.auth.login.AuthenticationInfo)3 BaseAuthenticationInfo (org.jboss.security.auth.login.BaseAuthenticationInfo)3 JBossWSAuthConfigProvider (org.jboss.wsf.stack.cxf.jaspi.config.JBossWSAuthConfigProvider)3 ServerAuthConfig (javax.security.auth.message.config.ServerAuthConfig)2 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)2 JaspiSeverInInterceptor (org.jboss.wsf.stack.cxf.jaspi.interceptor.JaspiSeverInInterceptor)2 JaspiSeverOutInterceptor (org.jboss.wsf.stack.cxf.jaspi.interceptor.JaspiSeverOutInterceptor)2 LoginConfig (io.undertow.servlet.api.LoginConfig)1 ClientAuthConfig (javax.security.auth.message.config.ClientAuthConfig)1 Bus (org.apache.cxf.Bus)1 Client (org.apache.cxf.endpoint.Client)1 EndpointImpl (org.apache.cxf.jaxws.EndpointImpl)1 SecurityDomainContext (org.jboss.as.security.plugins.SecurityDomainContext)1 SecurityDomainService (org.jboss.as.security.service.SecurityDomainService)1