Search in sources :

Example 16 with SimpleMapBackedSecurityRealm

use of org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm in project jboss-remoting by jboss-remoting.

the class TimeOutConnectionTestCase method doTest.

private void doTest(OptionMap connectionProviderOptions) throws Exception {
    try (final ServerSocketChannel channel = ServerSocketChannel.open()) {
        channel.configureBlocking(true);
        channel.socket().bind(new InetSocketAddress("localhost", 30123));
        Thread acceptThread = new Thread(new Accept(channel));
        acceptThread.start();
        // create endpoint, auth provider, etc, create server
        final EndpointBuilder endpointBuilder = Endpoint.builder();
        final XnioWorker.Builder workerBuilder = endpointBuilder.buildXnioWorker(Xnio.getInstance());
        workerBuilder.setCoreWorkerPoolSize(4).setMaxWorkerPoolSize(4).setWorkerIoThreads(4);
        endpointBuilder.setEndpointName("test");
        try (Endpoint ep = endpointBuilder.build()) {
            endpoint = ep;
            final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
            final SimpleMapBackedSecurityRealm mainRealm = new SimpleMapBackedSecurityRealm();
            domainBuilder.addRealm("mainRealm", mainRealm);
            domainBuilder.setDefaultRealmName("mainRealm");
            final PasswordFactory passwordFactory = PasswordFactory.getInstance("clear");
            mainRealm.setPasswordMap("bob", passwordFactory.generatePassword(new ClearPasswordSpec("pass".toCharArray())));
            // create connect and close endpoint threads
            IoFuture<Connection> futureConnection = AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useName("bob").usePassword("pass")).run(new PrivilegedAction<IoFuture<Connection>>() {

                public IoFuture<Connection> run() {
                    try {
                        return ep.connect(new URI("remote://localhost:30123"), OptionMap.EMPTY);
                    } catch (URISyntaxException e) {
                        throw new RuntimeException(e);
                    }
                }
            });
            assertEquals(Status.WAITING, futureConnection.await(500, TimeUnit.MILLISECONDS));
            ep.close();
            assertEquals(Status.CANCELLED, futureConnection.getStatus());
            acceptThread.join();
        } finally {
            endpoint = null;
        }
    }
}
Also used : SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) InetSocketAddress(java.net.InetSocketAddress) XnioWorker(org.xnio.XnioWorker) Connection(org.jboss.remoting3.Connection) EndpointBuilder(org.jboss.remoting3.EndpointBuilder) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) IoFuture(org.xnio.IoFuture) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) PasswordFactory(org.wildfly.security.password.PasswordFactory) Endpoint(org.jboss.remoting3.Endpoint) ServerSocketChannel(java.nio.channels.ServerSocketChannel)

Example 17 with SimpleMapBackedSecurityRealm

use of org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm in project jboss-remoting by jboss-remoting.

the class HeartbeatTestCase method testDefaultHeartbeat.

/**
 * Test that heartbeat can be set and can be disabled by setting it to 0
 *
 * @throws Exception
 */
@Test
public void testDefaultHeartbeat() throws Exception {
    Channel clientChannel = null;
    Channel serverChannel = null;
    Closeable streamServer = null;
    Connection connection = null;
    Registration serviceRegistration = null;
    final Endpoint endpoint = Endpoint.builder().setEndpointName("test").build();
    NetworkServerProvider networkServerProvider = endpoint.getConnectionProviderInterface("remote", NetworkServerProvider.class);
    final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
    final SimpleMapBackedSecurityRealm mainRealm = new SimpleMapBackedSecurityRealm();
    domainBuilder.addRealm("mainRealm", mainRealm).build();
    domainBuilder.setDefaultRealmName("mainRealm");
    domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL);
    final PasswordFactory passwordFactory = PasswordFactory.getInstance("clear");
    mainRealm.setPasswordMap("bob", passwordFactory.generatePassword(new ClearPasswordSpec("pass".toCharArray())));
    final SaslServerFactory saslServerFactory = new ServiceLoaderSaslServerFactory(HeartbeatTestCase.class.getClassLoader());
    final SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder();
    builder.setSecurityDomain(domainBuilder.build());
    builder.setFactory(saslServerFactory);
    builder.setMechanismConfigurationSelector(mechanismInformation -> SaslMechanismInformation.Names.SCRAM_SHA_256.equals(mechanismInformation.getMechanismName()) ? MechanismConfiguration.EMPTY : null);
    final SaslAuthenticationFactory saslAuthenticationFactory = builder.build();
    streamServer = networkServerProvider.createServer(new InetSocketAddress("localhost", 30123), OptionMap.create(Options.SSL_ENABLED, Boolean.FALSE), saslAuthenticationFactory, SSLContext.getDefault());
    final FutureResult<Channel> passer = new FutureResult<Channel>();
    serviceRegistration = endpoint.registerService("org.jboss.test", new OpenListener() {

        public void channelOpened(final Channel channel) {
            passer.setResult(channel);
        }

        public void registrationTerminated() {
        }
    }, OptionMap.EMPTY);
    IoFuture<Connection> futureConnection = AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useName("bob").usePassword("pass").setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("SCRAM-SHA-256"))).run(new PrivilegedAction<IoFuture<Connection>>() {

        public IoFuture<Connection> run() {
            try {
                return endpoint.connect(new URI("remote://localhost:30123"), OptionMap.EMPTY);
            } catch (URISyntaxException e) {
                throw new RuntimeException(e);
            }
        }
    });
    connection = futureConnection.get();
    IoFuture<Channel> futureChannel = connection.openChannel("org.jboss.test", OptionMap.EMPTY);
    clientChannel = futureChannel.get();
    serverChannel = passer.getIoFuture().get();
    assertNotNull(serverChannel);
    RemoteConnectionChannel remoteClientChannel = (RemoteConnectionChannel) clientChannel;
    assertEquals(RemotingOptions.DEFAULT_HEARTBEAT_INTERVAL, Utils.getInstanceValue(remoteClientChannel.getRemoteConnection(), "heartbeatInterval"));
    RemoteWriteListener clientWriteListener = (RemoteWriteListener) Utils.getInstanceValue(remoteClientChannel.getRemoteConnection(), "writeListener");
    assertNotNull(Utils.getInstanceValue(clientWriteListener, "heartKey"));
    afterTest(clientChannel, serverChannel, connection, serviceRegistration);
    destroy(endpoint, streamServer);
}
Also used : RemoteWriteListener(org.jboss.remoting3.remote.RemoteConnection.RemoteWriteListener) InetSocketAddress(java.net.InetSocketAddress) Closeable(java.io.Closeable) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) IoFuture(org.xnio.IoFuture) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) Endpoint(org.jboss.remoting3.Endpoint) FutureResult(org.xnio.FutureResult) Registration(org.jboss.remoting3.Registration) NetworkServerProvider(org.jboss.remoting3.spi.NetworkServerProvider) ServiceLoaderSaslServerFactory(org.wildfly.security.sasl.util.ServiceLoaderSaslServerFactory) SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) SaslServerFactory(javax.security.sasl.SaslServerFactory) ServiceLoaderSaslServerFactory(org.wildfly.security.sasl.util.ServiceLoaderSaslServerFactory) OpenListener(org.jboss.remoting3.OpenListener) Channel(org.jboss.remoting3.Channel) Connection(org.jboss.remoting3.Connection) SaslAuthenticationFactory(org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory) PasswordFactory(org.wildfly.security.password.PasswordFactory) Test(org.junit.Test)

Example 18 with SimpleMapBackedSecurityRealm

use of org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm in project jboss-ejb-client by wildfly.

the class DummyServer method start.

public void start() throws Exception {
    logger.info("Starting " + this);
    // create a Remoting endpoint
    final OptionMap options = OptionMap.EMPTY;
    EndpointBuilder endpointBuilder = Endpoint.builder();
    endpointBuilder.setEndpointName(this.endpointName);
    endpointBuilder.buildXnioWorker(Xnio.getInstance()).populateFromOptions(options);
    endpoint = endpointBuilder.build();
    if (startTxServer) {
        final RemotingTransactionService remotingTransactionService = RemotingTransactionService.builder().setEndpoint(endpoint).setTransactionContext(LocalTransactionContext.getCurrent()).build();
        remotingTransactionService.register();
    }
    // add a connection provider factory for the URI scheme "remote"
    // endpoint.addConnectionProvider("remote", new RemoteConnectionProviderFactory(), OptionMap.create(Options.SSL_ENABLED, Boolean.FALSE));
    final NetworkServerProvider serverProvider = endpoint.getConnectionProviderInterface("remote", NetworkServerProvider.class);
    // set up a security realm called default with a user called test
    final SimpleMapBackedSecurityRealm realm = new SimpleMapBackedSecurityRealm();
    realm.setPasswordMap("test", ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "test".toCharArray()));
    // set up a security domain which has realm "default"
    final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
    // add the security realm called "default" to the security domain
    domainBuilder.addRealm("default", realm).build();
    domainBuilder.setDefaultRealmName("default");
    domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL);
    SecurityDomain testDomain = domainBuilder.build();
    // set up a SaslAuthenticationFactory (i.e. a SaslServerFactory)
    SaslAuthenticationFactory saslAuthenticationFactory = SaslAuthenticationFactory.builder().setSecurityDomain(testDomain).setMechanismConfigurationSelector(mechanismInformation -> {
        switch(mechanismInformation.getMechanismName()) {
            case "ANONYMOUS":
            case "PLAIN":
                {
                    return MechanismConfiguration.EMPTY;
                }
            default:
                return null;
        }
    }).setFactory(SaslFactories.getElytronSaslServerFactory()).build();
    final OptionMap serverOptions = OptionMap.create(Options.SASL_MECHANISMS, Sequence.of("ANONYMOUS"), Options.SASL_POLICY_NOANONYMOUS, Boolean.FALSE);
    final SocketAddress bindAddress = new InetSocketAddress(InetAddress.getByName(host), port);
    this.server = serverProvider.createServer(bindAddress, serverOptions, saslAuthenticationFactory, null);
    // set up an association to handle invocations, session creations and module/toopology listensrs
    // the association makes use of a module deployment repository as well a sa  cluster registry
    Association dummyAssociation = new DummyAssociationImpl(this, deploymentRepository, clusterRegistry);
    // set up a remoting transaction service
    RemotingTransactionService.Builder txnServiceBuilder = RemotingTransactionService.builder();
    txnServiceBuilder.setEndpoint(endpoint);
    txnServiceBuilder.setTransactionContext(LocalTransactionContext.getCurrent());
    RemotingTransactionService transactionService = txnServiceBuilder.build();
    // setup remote EJB service
    RemoteEJBService remoteEJBService = RemoteEJBService.create(dummyAssociation, transactionService, DEFAULT_CLASS_FILTER);
    remoteEJBService.serverUp();
    // Register an EJB channel open listener
    OpenListener channelOpenListener = remoteEJBService.getOpenListener();
    try {
        registration = endpoint.registerService("jboss.ejb", new OpenListener() {

            @Override
            public void channelOpened(Channel channel) {
                currentConnections.add(channel);
                channelOpenListener.channelOpened(channel);
            }

            @Override
            public void registrationTerminated() {
            }
        }, OptionMap.EMPTY);
    } catch (ServiceRegistrationException e) {
        throw new Exception(e);
    }
}
Also used : RemoteEJBService(org.jboss.ejb.protocol.remote.RemoteEJBService) SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) InetSocketAddress(java.net.InetSocketAddress) OpenListener(org.jboss.remoting3.OpenListener) AcceptingChannel(org.xnio.channels.AcceptingChannel) Channel(org.jboss.remoting3.Channel) EndpointBuilder(org.jboss.remoting3.EndpointBuilder) RemotingTransactionService(org.wildfly.transaction.client.provider.remoting.RemotingTransactionService) ServiceRegistrationException(org.jboss.remoting3.ServiceRegistrationException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory) Association(org.jboss.ejb.server.Association) ServiceRegistrationException(org.jboss.remoting3.ServiceRegistrationException) OptionMap(org.xnio.OptionMap) NetworkServerProvider(org.jboss.remoting3.spi.NetworkServerProvider) SocketAddress(java.net.SocketAddress) InetSocketAddress(java.net.InetSocketAddress)

Example 19 with SimpleMapBackedSecurityRealm

use of org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm in project wildfly-core by wildfly.

the class IdentityAddressProtocolUtilTestCase method testSupportedTypes.

@Test
public void testSupportedTypes() throws Exception {
    Set<String> groups = new HashSet<>();
    groups.add("GroupOne");
    groups.add("GroupTwo");
    MapAttributes mapAttributes = new MapAttributes();
    mapAttributes.addAll("GROUPS", groups);
    SimpleMapBackedSecurityRealm smbsr = new SimpleMapBackedSecurityRealm();
    smbsr.setPasswordMap("TestUser", ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "password".toCharArray()), mapAttributes);
    SecurityDomain testDomain = SecurityDomain.builder().setDefaultRealmName("Test").addRealm("Test", smbsr).setRoleDecoder(RoleDecoder.simple("GROUPS")).setPrincipalRewriter(p -> new NamePrincipal(p.getName())).build().setPreRealmRewriter((Function<Principal, Principal>) p -> new NamePrincipal(p.getName())).setPermissionMapper((permissionMappable, roles) -> LoginPermission.getInstance()).build();
    InetAddress testAddress = InetAddress.getByAddress("localhost", new byte[] { 0x7F, 0x00, 0x00, 0x01 });
    ServerAuthenticationContext serverAuthenticationContext = testDomain.createNewAuthenticationContext();
    serverAuthenticationContext.setAuthenticationName("TestUser");
    serverAuthenticationContext.authorize();
    SecurityIdentity securityIdentity = serverAuthenticationContext.getAuthorizedIdentity();
    PropagatedIdentity propagated = writeAndRead(securityIdentity, testAddress);
    securityIdentity = propagated.securityIdentity;
    Principal principal = securityIdentity.getPrincipal();
    assertEquals("Principal Name", "TestUser", principal.getName());
    Set<String> identityRoles = StreamSupport.stream(securityIdentity.getRoles().spliterator(), false).collect(Collectors.toSet());
    assertEquals("Roles Count", 2, identityRoles.size());
    assertTrue("GroupOne Membership", identityRoles.contains("GroupOne"));
    assertTrue("GroupTwo Membership", identityRoles.contains("GroupTwo"));
    assertEquals("Propagated Address", testAddress, propagated.inetAddress);
}
Also used : DataInputStream(java.io.DataInputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) MapAttributes(org.wildfly.security.authz.MapAttributes) Function(java.util.function.Function) InetAddress(java.net.InetAddress) HashSet(java.util.HashSet) PropagatedIdentity(org.jboss.as.controller.remote.IdentityAddressProtocolUtil.PropagatedIdentity) ByteArrayInputStream(java.io.ByteArrayInputStream) DataOutputStream(java.io.DataOutputStream) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) StreamSupport(java.util.stream.StreamSupport) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) Assert.assertTrue(org.junit.Assert.assertTrue) Set(java.util.Set) IOException(java.io.IOException) Test(org.junit.Test) Collectors(java.util.stream.Collectors) Principal(java.security.Principal) LoginPermission(org.wildfly.security.auth.permission.LoginPermission) ServerAuthenticationContext(org.wildfly.security.auth.server.ServerAuthenticationContext) RoleDecoder(org.wildfly.security.authz.RoleDecoder) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) Assert.assertEquals(org.junit.Assert.assertEquals) SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) ServerAuthenticationContext(org.wildfly.security.auth.server.ServerAuthenticationContext) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) MapAttributes(org.wildfly.security.authz.MapAttributes) PropagatedIdentity(org.jboss.as.controller.remote.IdentityAddressProtocolUtil.PropagatedIdentity) InetAddress(java.net.InetAddress) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 20 with SimpleMapBackedSecurityRealm

use of org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm in project quarkus by quarkusio.

the class SecurityRealmsTestCase method testSimpleMapBackedSecurityRealm.

@Test
public void testSimpleMapBackedSecurityRealm() throws RealmUnavailableException {
    SimpleMapBackedSecurityRealm realm = new SimpleMapBackedSecurityRealm();
    Map<String, SimpleRealmEntry> identityMap = new HashMap<>();
    Attributes attributes = new MapAttributes();
    attributes.add("groups", 0, "Admin");
    attributes.add("groups", 1, "Tester");
    ClearPassword clear = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "jb0ss".toCharArray());
    PasswordCredential jb0ss = new PasswordCredential(clear);
    List<Credential> credentials = new ArrayList<>();
    credentials.add(jb0ss);
    SimpleRealmEntry scottEntry = new SimpleRealmEntry(credentials, attributes);
    identityMap.put("scott", scottEntry);
    realm.setIdentityMap(identityMap);
    RealmIdentity scott = realm.getRealmIdentity(new NamePrincipal("scott"));
    AuthorizationIdentity auth = scott.getAuthorizationIdentity();
    Attributes roles = auth.getAttributes();
    Assertions.assertTrue(roles.containsValue("groups", "Admin"));
    Assertions.assertTrue(roles.containsValue("groups", "Tester"));
}
Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) PasswordCredential(org.wildfly.security.credential.PasswordCredential) Credential(org.wildfly.security.credential.Credential) SimpleRealmEntry(org.wildfly.security.auth.realm.SimpleRealmEntry) HashMap(java.util.HashMap) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) MapAttributes(org.wildfly.security.authz.MapAttributes) Attributes(org.wildfly.security.authz.Attributes) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ArrayList(java.util.ArrayList) AuthorizationIdentity(org.wildfly.security.authz.AuthorizationIdentity) MapAttributes(org.wildfly.security.authz.MapAttributes) RealmIdentity(org.wildfly.security.auth.server.RealmIdentity) Test(org.junit.jupiter.api.Test)

Aggregations

SimpleMapBackedSecurityRealm (org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm)27 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)16 NetworkServerProvider (org.jboss.remoting3.spi.NetworkServerProvider)13 InetSocketAddress (java.net.InetSocketAddress)12 BeforeClass (org.junit.BeforeClass)12 PasswordFactory (org.wildfly.security.password.PasswordFactory)12 ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)12 SaslServerFactory (javax.security.sasl.SaslServerFactory)11 SaslAuthenticationFactory (org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory)11 ServiceLoaderSaslServerFactory (org.wildfly.security.sasl.util.ServiceLoaderSaslServerFactory)10 SimpleRealmEntry (org.wildfly.security.auth.realm.SimpleRealmEntry)9 HashMap (java.util.HashMap)8 LoginPermission (org.wildfly.security.auth.permission.LoginPermission)6 Endpoint (org.jboss.remoting3.Endpoint)5 Test (org.junit.Test)5 MapAttributes (org.wildfly.security.authz.MapAttributes)5 IOException (java.io.IOException)4 Map (java.util.Map)4 SecurityRealm (org.wildfly.security.auth.server.SecurityRealm)4 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)4