Search in sources :

Example 1 with SaslAuthenticationFactory

use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.

the class ChannelServer method create.

public static ChannelServer create(final Configuration configuration) throws IOException {
    checkNotNullParam("configuration", configuration);
    configuration.validate();
    // Hack WFCORE-3302/REM3-303 workaround
    if (firstCreate) {
        firstCreate = false;
    } else {
        try {
            // wait in case the previous socket has not closed
            Thread.sleep(100);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new RuntimeException(e);
        }
    }
    // TODO WFCORE-3302 -- Endpoint.getCurrent() should be ok
    final Endpoint endpoint = Endpoint.builder().setEndpointName(configuration.getEndpointName()).build();
    final NetworkServerProvider networkServerProvider = endpoint.getConnectionProviderInterface(configuration.getUriScheme(), NetworkServerProvider.class);
    final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
    final SimpleMapBackedSecurityRealm realm = new SimpleMapBackedSecurityRealm();
    realm.setPasswordMap("bob", ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "pass".toCharArray()));
    domainBuilder.addRealm("default", realm).build();
    domainBuilder.setDefaultRealmName("default");
    domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL);
    SecurityDomain testDomain = domainBuilder.build();
    SaslAuthenticationFactory saslAuthenticationFactory = SaslAuthenticationFactory.builder().setSecurityDomain(testDomain).setMechanismConfigurationSelector(mechanismInformation -> {
        switch(mechanismInformation.getMechanismName()) {
            case "ANONYMOUS":
            case "PLAIN":
                {
                    return MechanismConfiguration.EMPTY;
                }
            default:
                return null;
        }
    }).setFactory(SaslFactories.getElytronSaslServerFactory()).build();
    AcceptingChannel<StreamConnection> streamServer = networkServerProvider.createServer(configuration.getBindAddress(), OptionMap.EMPTY, saslAuthenticationFactory, null);
    return new ChannelServer(endpoint, streamServer);
}
Also used : SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory) SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) Endpoint(org.jboss.remoting3.Endpoint) NetworkServerProvider(org.jboss.remoting3.spi.NetworkServerProvider) StreamConnection(org.xnio.StreamConnection) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Example 2 with SaslAuthenticationFactory

use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.

the class SaslTestCase method testSaslAuthenticationDigest.

@Test
public void testSaslAuthenticationDigest() throws Exception {
    init();
    ServiceName serviceName = Capabilities.SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY.getCapabilityServiceName("MySaslAuth");
    SaslAuthenticationFactory authFactory = (SaslAuthenticationFactory) services.getContainer().getService(serviceName).getValue();
    SaslServer server = authFactory.createMechanism(SaslMechanismInformation.Names.DIGEST_SHA);
    SaslClient client = Sasl.createSaslClient(new String[] { SaslMechanismInformation.Names.DIGEST_SHA }, "firstUser", "myProtocol", "TestingServer", Collections.<String, Object>emptyMap(), clientCallbackHandler("firstUser", "DigestRealm", "clearPassword"));
    testSaslServerClient(server, client);
}
Also used : SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory) ServiceName(org.jboss.msc.service.ServiceName) SaslServer(javax.security.sasl.SaslServer) SaslClient(javax.security.sasl.SaslClient) AbstractSubsystemTest(org.jboss.as.subsystem.test.AbstractSubsystemTest) Test(org.junit.Test)

Example 3 with SaslAuthenticationFactory

use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.

the class RemotingHttpUpgradeService method start.

@Override
public synchronized void start(final StartContext context) throws StartException {
    final Endpoint endpoint = endpointSupplier.get();
    OptionMap.Builder builder = OptionMap.builder();
    ListenerRegistry.Listener listenerInfo = listenerRegistrySupplier.get().getListener(httpConnectorName);
    assert listenerInfo != null;
    listenerInfo.addHttpUpgradeMetadata(httpUpgradeMetadata = new ListenerRegistry.HttpUpgradeMetadata("jboss-remoting", endpointName));
    RemotingConnectorBindingInfoService.install(context.getChildTarget(), context.getController().getName().getSimpleName(), (SocketBinding) listenerInfo.getContextInformation("socket-binding"), listenerInfo.getProtocol().equals("https") ? REMOTE_HTTPS : REMOTE_HTTP);
    if (connectorPropertiesOptionMap != null) {
        builder.addAll(connectorPropertiesOptionMap);
    }
    OptionMap resultingMap = builder.getMap();
    try {
        final ExternalConnectionProvider provider = endpoint.getConnectionProviderInterface(Protocol.HTTP_REMOTING.toString(), ExternalConnectionProvider.class);
        SaslAuthenticationFactory saslAuthenticationFactory = saslAuthenticationFactorySupplier != null ? saslAuthenticationFactorySupplier.get() : null;
        if (saslAuthenticationFactory == null) {
            // TODO Elytron Inject the sasl server factory.
            RemotingLogger.ROOT_LOGGER.warn("****** All authentication is ANONYMOUS for " + getClass().getName());
            final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
            domainBuilder.addRealm("default", SecurityRealm.EMPTY_REALM).build();
            domainBuilder.setDefaultRealmName("default");
            domainBuilder.setPermissionMapper((permissionMappable, roles) -> createPermissionVerifier());
            final SaslAuthenticationFactory.Builder authBuilder = SaslAuthenticationFactory.builder();
            authBuilder.setSecurityDomain(domainBuilder.build());
            authBuilder.setFactory(new AnonymousServerFactory());
            authBuilder.setMechanismConfigurationSelector(mechanismInformation -> MechanismConfiguration.EMPTY);
            saslAuthenticationFactory = authBuilder.build();
        }
        final Consumer<StreamConnection> adaptor = provider.createConnectionAdaptor(resultingMap, saslAuthenticationFactory);
        upgradeRegistrySupplier.get().addProtocol(JBOSS_REMOTING, new ChannelListener<StreamConnection>() {

            @Override
            public void handleEvent(final StreamConnection channel) {
                adaptor.accept(channel);
            /*if (channel instanceof SslConnection) {
                        adaptor.accept(new AssembledConnectedSslStreamChannel((SslConnection) channel, channel.getSourceChannel(), channel.getSinkChannel()));
                    } else {
                        adaptor.adapt(new AssembledConnectedStreamChannel(channel, channel.getSourceChannel(), channel.getSinkChannel()));
                    }*/
            }
        }, new SimpleHttpUpgradeHandshake(MAGIC_NUMBER, SEC_JBOSS_REMOTING_KEY, SEC_JBOSS_REMOTING_ACCEPT));
        serviceConsumer.accept(this);
    } catch (UnknownURISchemeException e) {
        throw new StartException(e);
    } catch (IOException e) {
        throw new StartException(e);
    }
}
Also used : ListenerRegistry(io.undertow.server.ListenerRegistry) ExternalConnectionProvider(org.jboss.remoting3.spi.ExternalConnectionProvider) UnknownURISchemeException(org.jboss.remoting3.UnknownURISchemeException) IOException(java.io.IOException) StreamConnection(org.xnio.StreamConnection) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory) Endpoint(org.jboss.remoting3.Endpoint) AnonymousServerFactory(org.wildfly.security.sasl.anonymous.AnonymousServerFactory) OptionMap(org.xnio.OptionMap) StartException(org.jboss.msc.service.StartException)

Example 4 with SaslAuthenticationFactory

use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.

the class AuthenticationFactoryDefinitions method getSaslAuthenticationFactory.

static ResourceDefinition getSaslAuthenticationFactory() {
    SimpleAttributeDefinition securityDomainAttribute = new SimpleAttributeDefinitionBuilder(BASE_SECURITY_DOMAIN_REF).setCapabilityReference(SECURITY_DOMAIN_CAPABILITY, SASL_AUTHENTICATION_FACTORY_CAPABILITY).setRestartAllServices().build();
    AttributeDefinition mechanismConfigurationAttribute = getMechanismConfiguration(SASL_AUTHENTICATION_FACTORY_CAPABILITY);
    AttributeDefinition[] attributes = new AttributeDefinition[] { securityDomainAttribute, SASL_SERVER_FACTORY, mechanismConfigurationAttribute };
    AbstractAddStepHandler add = new TrivialAddHandler<SaslAuthenticationFactory>(SaslAuthenticationFactory.class, ServiceController.Mode.ACTIVE, ServiceController.Mode.PASSIVE, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY) {

        @Override
        protected ValueSupplier<SaslAuthenticationFactory> getValueSupplier(ServiceBuilder<SaslAuthenticationFactory> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            String securityDomain = securityDomainAttribute.resolveModelAttribute(context, model).asString();
            String saslServerFactory = SASL_SERVER_FACTORY.resolveModelAttribute(context, model).asString();
            final InjectedValue<SecurityDomain> securityDomainInjector = new InjectedValue<SecurityDomain>();
            final InjectedValue<SaslServerFactory> saslServerFactoryInjector = new InjectedValue<SaslServerFactory>();
            serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SECURITY_DOMAIN_CAPABILITY, securityDomain), SecurityDomain.class), SecurityDomain.class, securityDomainInjector);
            serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SASL_SERVER_FACTORY_CAPABILITY, saslServerFactory), SaslServerFactory.class), SaslServerFactory.class, saslServerFactoryInjector);
            final Set<String> supportedMechanisms = getConfiguredMechanismNames(mechanismConfigurationAttribute, context, model);
            final List<ResolvedMechanismConfiguration> resolvedMechanismConfigurations = getResolvedMechanismConfiguration(mechanismConfigurationAttribute, serviceBuilder, context, model);
            return () -> {
                SaslServerFactory serverFactory = saslServerFactoryInjector.getValue();
                if (!supportedMechanisms.isEmpty()) {
                    // filter non-configured mechanisms out (when we are sure they are not configured)
                    serverFactory = new FilterMechanismSaslServerFactory(serverFactory, true, supportedMechanisms);
                    // sort mechanisms using the configured order
                    serverFactory = new SortedMechanismSaslServerFactory(serverFactory, supportedMechanisms.toArray(new String[supportedMechanisms.size()]));
                } else {
                    // no mechanisms were configured, sort mechanisms by strength
                    serverFactory = new SortedMechanismSaslServerFactory(serverFactory, AuthenticationFactoryDefinitions::compareSasl);
                }
                SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder().setSecurityDomain(securityDomainInjector.getValue()).setFactory(serverFactory);
                buildMechanismConfiguration(resolvedMechanismConfigurations, builder);
                return builder.build();
            };
        }
    };
    return wrap(new TrivialResourceDefinition(ElytronDescriptionConstants.SASL_AUTHENTICATION_FACTORY, add, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY), AuthenticationFactoryDefinitions::getAvailableSaslMechanisms);
}
Also used : OperationContext(org.jboss.as.controller.OperationContext) InjectedValue(org.jboss.msc.value.InjectedValue) SortedMechanismSaslServerFactory(org.wildfly.security.sasl.util.SortedMechanismSaslServerFactory) FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory) SaslServerFactory(javax.security.sasl.SaslServerFactory) SimpleAttributeDefinitionBuilder(org.jboss.as.controller.SimpleAttributeDefinitionBuilder) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) ObjectListAttributeDefinition(org.jboss.as.controller.ObjectListAttributeDefinition) ObjectTypeAttributeDefinition(org.jboss.as.controller.ObjectTypeAttributeDefinition) AttributeDefinition(org.jboss.as.controller.AttributeDefinition) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) SortedMechanismSaslServerFactory(org.wildfly.security.sasl.util.SortedMechanismSaslServerFactory) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory) AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler) FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory) ModelNode(org.jboss.dmr.ModelNode) SimpleAttributeDefinitionBuilder(org.jboss.as.controller.SimpleAttributeDefinitionBuilder)

Example 5 with SaslAuthenticationFactory

use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.

the class ChannelServer method create.

public static ChannelServer create(final Configuration configuration) throws IOException {
    checkNotNullParam("configuration", configuration).validate();
    // Hack WFCORE-3302/REM3-303 workaround
    if (firstCreate) {
        firstCreate = false;
    } else {
        try {
            // wait in case the previous socket has not closed
            Thread.sleep(100);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new RuntimeException(e);
        }
    }
    // TODO WFCORE-3302 -- Endpoint.getCurrent() should be ok
    final Endpoint endpoint = Endpoint.builder().setEndpointName(configuration.getEndpointName()).build();
    final NetworkServerProvider networkServerProvider = endpoint.getConnectionProviderInterface(configuration.getUriScheme(), NetworkServerProvider.class);
    final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
    final SimpleMapBackedSecurityRealm realm = new SimpleMapBackedSecurityRealm();
    domainBuilder.addRealm("default", realm).build();
    domainBuilder.setDefaultRealmName("default");
    domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL);
    SecurityDomain testDomain = domainBuilder.build();
    SaslAuthenticationFactory saslAuthenticationFactory = SaslAuthenticationFactory.builder().setSecurityDomain(testDomain).setMechanismConfigurationSelector(mechanismInformation -> "ANONYMOUS".equals(mechanismInformation.getMechanismName()) ? MechanismConfiguration.EMPTY : null).setFactory(new AnonymousServerFactory()).build();
    System.out.println(configuration.getBindAddress());
    AcceptingChannel<StreamConnection> streamServer = networkServerProvider.createServer(configuration.getBindAddress(), OptionMap.EMPTY, saslAuthenticationFactory, null);
    return new ChannelServer(endpoint, null, streamServer);
}
Also used : SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory) SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm) Endpoint(org.jboss.remoting3.Endpoint) AnonymousServerFactory(org.wildfly.security.sasl.anonymous.AnonymousServerFactory) NetworkServerProvider(org.jboss.remoting3.spi.NetworkServerProvider) StreamConnection(org.xnio.StreamConnection) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Aggregations

SaslAuthenticationFactory (org.wildfly.security.auth.server.SaslAuthenticationFactory)14 ServiceName (org.jboss.msc.service.ServiceName)9 Endpoint (org.jboss.remoting3.Endpoint)7 SSLContext (javax.net.ssl.SSLContext)5 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)5 StreamConnection (org.xnio.StreamConnection)4 SaslClient (javax.security.sasl.SaslClient)3 SaslServer (javax.security.sasl.SaslServer)3 SocketBindingManager (org.jboss.as.network.SocketBindingManager)3 AbstractSubsystemTest (org.jboss.as.subsystem.test.AbstractSubsystemTest)3 ServiceTarget (org.jboss.msc.service.ServiceTarget)3 NetworkServerProvider (org.jboss.remoting3.spi.NetworkServerProvider)3 Test (org.junit.Test)3 AnonymousServerFactory (org.wildfly.security.sasl.anonymous.AnonymousServerFactory)3 OptionMap (org.xnio.OptionMap)3 AcceptingChannel (org.xnio.channels.AcceptingChannel)3 ListenerRegistry (io.undertow.server.ListenerRegistry)2 StartException (org.jboss.msc.service.StartException)2 SimpleMapBackedSecurityRealm (org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm)2 ChannelUpgradeHandler (io.undertow.server.handlers.ChannelUpgradeHandler)1