use of org.jboss.security.config.ApplicationPolicy in project wildfly by wildfly.
the class UndertowDeploymentInfoService method handleJASPIMechanism.
/**
* <p>Adds to the deployment the {@link org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism}, if necessary. The handler will be added if the security domain
* is configured with JASPI authentication.</p>
*
* @param deploymentInfo
*/
private void handleJASPIMechanism(final DeploymentInfo deploymentInfo) {
if (securityDomain == null) {
return;
}
ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain);
if (applicationPolicy != null && JASPIAuthenticationInfo.class.isInstance(applicationPolicy.getAuthenticationInfo())) {
String authMethod = null;
LoginConfig loginConfig = deploymentInfo.getLoginConfig();
if (loginConfig != null && loginConfig.getAuthMethods().size() > 0) {
authMethod = loginConfig.getAuthMethods().get(0).getName();
}
deploymentInfo.setJaspiAuthenticationMechanism(new JASPICAuthenticationMechanism(securityDomain, authMethod));
deploymentInfo.setSecurityContextFactory(new JASPICSecurityContextFactory(this.securityDomain));
deploymentInfo.addOuterHandlerChainWrapper(next -> new JASPICSecureResponseHandler(next));
}
}
use of org.jboss.security.config.ApplicationPolicy in project wildfly by wildfly.
the class SecurityDomainAdd method launchServices.
public void launchServices(OperationContext context, String securityDomain, ModelNode model) throws OperationFailedException {
final ApplicationPolicy applicationPolicy = createApplicationPolicy(context, securityDomain, model);
final JSSESecurityDomain jsseSecurityDomain = createJSSESecurityDomain(context, securityDomain, model);
final String cacheType = getAuthenticationCacheType(model);
final SecurityDomainService securityDomainService = new SecurityDomainService(securityDomain, applicationPolicy, jsseSecurityDomain, cacheType);
final ServiceTarget target = context.getServiceTarget();
ServiceBuilder<SecurityDomainContext> builder = target.addService(SecurityDomainService.SERVICE_NAME.append(securityDomain), securityDomainService).addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class, securityDomainService.getSecurityManagementInjector()).addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class, securityDomainService.getConfigurationInjector());
if (SecurityDomainResourceDefinition.INFINISPAN_CACHE_TYPE.equals(cacheType)) {
builder.addDependency(InfinispanRequirement.CONTAINER.getServiceName(context.getCapabilityServiceSupport(), SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME), Object.class, securityDomainService.getCacheManagerInjector());
builder.addDependency(InfinispanDefaultCacheRequirement.CONFIGURATION.getServiceName(context, SecurityDomainResourceDefinition.CACHE_CONTAINER_NAME));
}
builder.setInitialMode(ServiceController.Mode.ACTIVE).install();
}
use of org.jboss.security.config.ApplicationPolicy in project wildfly by wildfly.
the class SecurityDomainAdd method createApplicationPolicy.
private ApplicationPolicy createApplicationPolicy(OperationContext context, String securityDomain, final ModelNode model) throws OperationFailedException {
final ApplicationPolicy applicationPolicy = new ApplicationPolicy(securityDomain);
boolean create;
create = processClassicAuth(context, securityDomain, model, applicationPolicy);
create |= processJASPIAuth(context, securityDomain, model, applicationPolicy);
create |= processAuthorization(context, securityDomain, model, applicationPolicy);
create |= processACL(context, securityDomain, model, applicationPolicy);
create |= processAudit(context, securityDomain, model, applicationPolicy);
create |= processIdentityTrust(context, securityDomain, model, applicationPolicy);
create |= processMapping(context, securityDomain, model, applicationPolicy);
return create ? applicationPolicy : null;
}
use of org.jboss.security.config.ApplicationPolicy in project jbossws-cxf by jbossws.
the class DefaultJASPIAuthenticationProvider method enableClientAuthentication.
public boolean enableClientAuthentication(Object target, Map<String, String> properties) {
if (!(target instanceof Client)) {
Loggers.ROOT_LOGGER.cannotEnableJASPIAuthentication(target.getClass().getSimpleName());
return false;
}
Client client = (Client) target;
String securityDomain = properties.get(JaspiClientAuthenticator.JASPI_SECURITY_DOMAIN);
if (securityDomain == null) {
return false;
}
ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
if (appPolicy == null) {
Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain);
return false;
}
BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo();
if (bai == null || bai instanceof AuthenticationInfo) {
Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain);
return false;
}
JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
String contextRoot = client.getEndpoint().getEndpointInfo().getName().toString();
String appId = "localhost " + contextRoot;
AuthConfigFactory factory = AuthConfigFactory.getFactory();
Properties props = new Properties();
AuthConfigProvider provider = new JBossWSAuthConfigProvider(props, factory);
provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null);
JBossCallbackHandler callbackHandler = new JBossCallbackHandler();
try {
ClientAuthConfig clientConfig = provider.getClientAuthConfig("soap", appId, callbackHandler);
JaspiClientAuthenticator clientAuthenticator = new JaspiClientAuthenticator(clientConfig, securityDomain, jai);
client.getInInterceptors().add(new JaspiClientInInterceptor(clientAuthenticator));
client.getOutInterceptors().add(new JaspiClientOutInterceptor(clientAuthenticator));
} catch (Exception e) {
Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain, e);
}
return false;
}
use of org.jboss.security.config.ApplicationPolicy in project jbossws-cxf by jbossws.
the class DefaultJASPIAuthenticationProvider method enableServerAuthentication.
public boolean enableServerAuthentication(Deployment dep, JBossWebservicesMetaData wsmd) {
String securityDomain = null;
if (wsmd != null) {
securityDomain = wsmd.getProperty(JaspiServerAuthenticator.JASPI_SECURITY_DOMAIN);
}
if (securityDomain == null) {
return false;
}
ApplicationPolicy appPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
if (appPolicy == null) {
Loggers.ROOT_LOGGER.noApplicationPolicy(securityDomain);
return false;
}
BaseAuthenticationInfo bai = appPolicy.getAuthenticationInfo();
if (bai == null || bai instanceof AuthenticationInfo) {
Loggers.ROOT_LOGGER.noJaspiApplicationPolicy(securityDomain);
return false;
}
JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
String contextRoot = dep.getService().getContextRoot();
String appId = "localhost " + contextRoot;
AuthConfigFactory factory = AuthConfigFactory.getFactory();
Properties properties = new Properties();
AuthConfigProvider provider = new JBossWSAuthConfigProvider(properties, factory);
provider = factory.getConfigProvider(JBossWSAuthConstants.SOAP_LAYER, appId, null);
JBossCallbackHandler callbackHandler = new JBossCallbackHandler();
try {
ServerAuthConfig serverConfig = provider.getServerAuthConfig(JBossWSAuthConstants.SOAP_LAYER, appId, callbackHandler);
Properties serverContextProperties = new Properties();
serverContextProperties.put("security-domain", securityDomain);
serverContextProperties.put("jaspi-policy", jai);
Bus bus = dep.getAttachment(Bus.class);
serverContextProperties.put(Bus.class, bus);
String authContextID = dep.getSimpleName();
ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, null, serverContextProperties);
JaspiServerAuthenticator serverAuthenticator = new JaspiServerAuthenticator(sctx);
bus.getInInterceptors().add(new JaspiSeverInInterceptor(serverAuthenticator));
bus.getOutInterceptors().add(new JaspiSeverOutInterceptor(serverAuthenticator));
return true;
} catch (Exception e) {
Loggers.DEPLOYMENT_LOGGER.cannotCreateServerAuthContext(securityDomain, e);
}
return false;
}
Aggregations