Example 1 with SaslAuthenticationFactory
use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.
the class ChannelServer method create.
public static ChannelServer create(final Configuration configuration) throws IOException {
checkNotNullParam("configuration", configuration);
configuration.validate();
// Hack WFCORE-3302/REM3-303 workaround
if (firstCreate) {
firstCreate = false;
} else {
try {
// wait in case the previous socket has not closed
Thread.sleep(100);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw new RuntimeException(e);
}
}
// TODO WFCORE-3302 -- Endpoint.getCurrent() should be ok
final Endpoint endpoint = Endpoint.builder().setEndpointName(configuration.getEndpointName()).build();
final NetworkServerProvider networkServerProvider = endpoint.getConnectionProviderInterface(configuration.getUriScheme(), NetworkServerProvider.class);
final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
final SimpleMapBackedSecurityRealm realm = new SimpleMapBackedSecurityRealm();
realm.setPasswordMap("bob", ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "pass".toCharArray()));
domainBuilder.addRealm("default", realm).build();
domainBuilder.setDefaultRealmName("default");
domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL);
SecurityDomain testDomain = domainBuilder.build();
SaslAuthenticationFactory saslAuthenticationFactory = SaslAuthenticationFactory.builder().setSecurityDomain(testDomain).setMechanismConfigurationSelector(mechanismInformation -> {
switch(mechanismInformation.getMechanismName()) {
case "ANONYMOUS":
case "PLAIN":
{
return MechanismConfiguration.EMPTY;
}
default:
return null;
}
}).setFactory(SaslFactories.getElytronSaslServerFactory()).build();
AcceptingChannel<StreamConnection> streamServer = networkServerProvider.createServer(configuration.getBindAddress(), OptionMap.EMPTY, saslAuthenticationFactory, null);
return new ChannelServer(endpoint, streamServer);
}
Also used :
SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory)
SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm)
Endpoint(org.jboss.remoting3.Endpoint)
NetworkServerProvider(org.jboss.remoting3.spi.NetworkServerProvider)
StreamConnection(org.xnio.StreamConnection)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
Example 2 with SaslAuthenticationFactory
use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.
the class SaslTestCase method testSaslAuthenticationDigest.
@Test
public void testSaslAuthenticationDigest() throws Exception {
init();
ServiceName serviceName = Capabilities.SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY.getCapabilityServiceName("MySaslAuth");
SaslAuthenticationFactory authFactory = (SaslAuthenticationFactory) services.getContainer().getService(serviceName).getValue();
SaslServer server = authFactory.createMechanism(SaslMechanismInformation.Names.DIGEST_SHA);
SaslClient client = Sasl.createSaslClient(new String[] { SaslMechanismInformation.Names.DIGEST_SHA }, "firstUser", "myProtocol", "TestingServer", Collections.<String, Object>emptyMap(), clientCallbackHandler("firstUser", "DigestRealm", "clearPassword"));
testSaslServerClient(server, client);
}
Also used :
SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory)
ServiceName(org.jboss.msc.service.ServiceName)
SaslServer(javax.security.sasl.SaslServer)
SaslClient(javax.security.sasl.SaslClient)
AbstractSubsystemTest(org.jboss.as.subsystem.test.AbstractSubsystemTest)
Test(org.junit.Test)
Example 3 with SaslAuthenticationFactory
use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.
the class RemotingHttpUpgradeService method start.
@Override
public synchronized void start(final StartContext context) throws StartException {
final Endpoint endpoint = endpointSupplier.get();
OptionMap.Builder builder = OptionMap.builder();
ListenerRegistry.Listener listenerInfo = listenerRegistrySupplier.get().getListener(httpConnectorName);
assert listenerInfo != null;
listenerInfo.addHttpUpgradeMetadata(httpUpgradeMetadata = new ListenerRegistry.HttpUpgradeMetadata("jboss-remoting", endpointName));
RemotingConnectorBindingInfoService.install(context.getChildTarget(), context.getController().getName().getSimpleName(), (SocketBinding) listenerInfo.getContextInformation("socket-binding"), listenerInfo.getProtocol().equals("https") ? REMOTE_HTTPS : REMOTE_HTTP);
if (connectorPropertiesOptionMap != null) {
builder.addAll(connectorPropertiesOptionMap);
}
OptionMap resultingMap = builder.getMap();
try {
final ExternalConnectionProvider provider = endpoint.getConnectionProviderInterface(Protocol.HTTP_REMOTING.toString(), ExternalConnectionProvider.class);
SaslAuthenticationFactory saslAuthenticationFactory = saslAuthenticationFactorySupplier != null ? saslAuthenticationFactorySupplier.get() : null;
if (saslAuthenticationFactory == null) {
// TODO Elytron Inject the sasl server factory.
RemotingLogger.ROOT_LOGGER.warn("****** All authentication is ANONYMOUS for " + getClass().getName());
final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
domainBuilder.addRealm("default", SecurityRealm.EMPTY_REALM).build();
domainBuilder.setDefaultRealmName("default");
domainBuilder.setPermissionMapper((permissionMappable, roles) -> createPermissionVerifier());
final SaslAuthenticationFactory.Builder authBuilder = SaslAuthenticationFactory.builder();
authBuilder.setSecurityDomain(domainBuilder.build());
authBuilder.setFactory(new AnonymousServerFactory());
authBuilder.setMechanismConfigurationSelector(mechanismInformation -> MechanismConfiguration.EMPTY);
saslAuthenticationFactory = authBuilder.build();
}
final Consumer<StreamConnection> adaptor = provider.createConnectionAdaptor(resultingMap, saslAuthenticationFactory);
upgradeRegistrySupplier.get().addProtocol(JBOSS_REMOTING, new ChannelListener<StreamConnection>() {
@Override
public void handleEvent(final StreamConnection channel) {
adaptor.accept(channel);
/*if (channel instanceof SslConnection) {
adaptor.accept(new AssembledConnectedSslStreamChannel((SslConnection) channel, channel.getSourceChannel(), channel.getSinkChannel()));
} else {
adaptor.adapt(new AssembledConnectedStreamChannel(channel, channel.getSourceChannel(), channel.getSinkChannel()));
}*/
}
}, new SimpleHttpUpgradeHandshake(MAGIC_NUMBER, SEC_JBOSS_REMOTING_KEY, SEC_JBOSS_REMOTING_ACCEPT));
serviceConsumer.accept(this);
} catch (UnknownURISchemeException e) {
throw new StartException(e);
} catch (IOException e) {
throw new StartException(e);
}
}
Also used :
ListenerRegistry(io.undertow.server.ListenerRegistry)
ExternalConnectionProvider(org.jboss.remoting3.spi.ExternalConnectionProvider)
UnknownURISchemeException(org.jboss.remoting3.UnknownURISchemeException)
IOException(java.io.IOException)
StreamConnection(org.xnio.StreamConnection)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory)
Endpoint(org.jboss.remoting3.Endpoint)
AnonymousServerFactory(org.wildfly.security.sasl.anonymous.AnonymousServerFactory)
OptionMap(org.xnio.OptionMap)
StartException(org.jboss.msc.service.StartException)
Example 4 with SaslAuthenticationFactory
use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.
the class AuthenticationFactoryDefinitions method getSaslAuthenticationFactory.
static ResourceDefinition getSaslAuthenticationFactory() {
SimpleAttributeDefinition securityDomainAttribute = new SimpleAttributeDefinitionBuilder(BASE_SECURITY_DOMAIN_REF).setCapabilityReference(SECURITY_DOMAIN_CAPABILITY, SASL_AUTHENTICATION_FACTORY_CAPABILITY).setRestartAllServices().build();
AttributeDefinition mechanismConfigurationAttribute = getMechanismConfiguration(SASL_AUTHENTICATION_FACTORY_CAPABILITY);
AttributeDefinition[] attributes = new AttributeDefinition[] { securityDomainAttribute, SASL_SERVER_FACTORY, mechanismConfigurationAttribute };
AbstractAddStepHandler add = new TrivialAddHandler<SaslAuthenticationFactory>(SaslAuthenticationFactory.class, ServiceController.Mode.ACTIVE, ServiceController.Mode.PASSIVE, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY) {
@Override
protected ValueSupplier<SaslAuthenticationFactory> getValueSupplier(ServiceBuilder<SaslAuthenticationFactory> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
String securityDomain = securityDomainAttribute.resolveModelAttribute(context, model).asString();
String saslServerFactory = SASL_SERVER_FACTORY.resolveModelAttribute(context, model).asString();
final InjectedValue<SecurityDomain> securityDomainInjector = new InjectedValue<SecurityDomain>();
final InjectedValue<SaslServerFactory> saslServerFactoryInjector = new InjectedValue<SaslServerFactory>();
serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SECURITY_DOMAIN_CAPABILITY, securityDomain), SecurityDomain.class), SecurityDomain.class, securityDomainInjector);
serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SASL_SERVER_FACTORY_CAPABILITY, saslServerFactory), SaslServerFactory.class), SaslServerFactory.class, saslServerFactoryInjector);
final Set<String> supportedMechanisms = getConfiguredMechanismNames(mechanismConfigurationAttribute, context, model);
final List<ResolvedMechanismConfiguration> resolvedMechanismConfigurations = getResolvedMechanismConfiguration(mechanismConfigurationAttribute, serviceBuilder, context, model);
return () -> {
SaslServerFactory serverFactory = saslServerFactoryInjector.getValue();
if (!supportedMechanisms.isEmpty()) {
// filter non-configured mechanisms out (when we are sure they are not configured)
serverFactory = new FilterMechanismSaslServerFactory(serverFactory, true, supportedMechanisms);
// sort mechanisms using the configured order
serverFactory = new SortedMechanismSaslServerFactory(serverFactory, supportedMechanisms.toArray(new String[supportedMechanisms.size()]));
} else {
// no mechanisms were configured, sort mechanisms by strength
serverFactory = new SortedMechanismSaslServerFactory(serverFactory, AuthenticationFactoryDefinitions::compareSasl);
}
SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder().setSecurityDomain(securityDomainInjector.getValue()).setFactory(serverFactory);
buildMechanismConfiguration(resolvedMechanismConfigurations, builder);
return builder.build();
};
}
};
return wrap(new TrivialResourceDefinition(ElytronDescriptionConstants.SASL_AUTHENTICATION_FACTORY, add, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY), AuthenticationFactoryDefinitions::getAvailableSaslMechanisms);
}
Also used :
OperationContext(org.jboss.as.controller.OperationContext)
InjectedValue(org.jboss.msc.value.InjectedValue)
SortedMechanismSaslServerFactory(org.wildfly.security.sasl.util.SortedMechanismSaslServerFactory)
FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory)
SaslServerFactory(javax.security.sasl.SaslServerFactory)
SimpleAttributeDefinitionBuilder(org.jboss.as.controller.SimpleAttributeDefinitionBuilder)
ServiceBuilder(org.jboss.msc.service.ServiceBuilder)
SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition)
ObjectListAttributeDefinition(org.jboss.as.controller.ObjectListAttributeDefinition)
ObjectTypeAttributeDefinition(org.jboss.as.controller.ObjectTypeAttributeDefinition)
AttributeDefinition(org.jboss.as.controller.AttributeDefinition)
SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition)
SortedMechanismSaslServerFactory(org.wildfly.security.sasl.util.SortedMechanismSaslServerFactory)
ServiceBuilder(org.jboss.msc.service.ServiceBuilder)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory)
AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler)
FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory)
ModelNode(org.jboss.dmr.ModelNode)
SimpleAttributeDefinitionBuilder(org.jboss.as.controller.SimpleAttributeDefinitionBuilder)
Example 5 with SaslAuthenticationFactory
use of org.wildfly.security.auth.server.SaslAuthenticationFactory in project wildfly-core by wildfly.
the class ChannelServer method create.
public static ChannelServer create(final Configuration configuration) throws IOException {
checkNotNullParam("configuration", configuration).validate();
// Hack WFCORE-3302/REM3-303 workaround
if (firstCreate) {
firstCreate = false;
} else {
try {
// wait in case the previous socket has not closed
Thread.sleep(100);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw new RuntimeException(e);
}
}
// TODO WFCORE-3302 -- Endpoint.getCurrent() should be ok
final Endpoint endpoint = Endpoint.builder().setEndpointName(configuration.getEndpointName()).build();
final NetworkServerProvider networkServerProvider = endpoint.getConnectionProviderInterface(configuration.getUriScheme(), NetworkServerProvider.class);
final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
final SimpleMapBackedSecurityRealm realm = new SimpleMapBackedSecurityRealm();
domainBuilder.addRealm("default", realm).build();
domainBuilder.setDefaultRealmName("default");
domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL);
SecurityDomain testDomain = domainBuilder.build();
SaslAuthenticationFactory saslAuthenticationFactory = SaslAuthenticationFactory.builder().setSecurityDomain(testDomain).setMechanismConfigurationSelector(mechanismInformation -> "ANONYMOUS".equals(mechanismInformation.getMechanismName()) ? MechanismConfiguration.EMPTY : null).setFactory(new AnonymousServerFactory()).build();
System.out.println(configuration.getBindAddress());
AcceptingChannel<StreamConnection> streamServer = networkServerProvider.createServer(configuration.getBindAddress(), OptionMap.EMPTY, saslAuthenticationFactory, null);
return new ChannelServer(endpoint, null, streamServer);
}
Also used :
SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory)
SimpleMapBackedSecurityRealm(org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm)
Endpoint(org.jboss.remoting3.Endpoint)
AnonymousServerFactory(org.wildfly.security.sasl.anonymous.AnonymousServerFactory)
NetworkServerProvider(org.jboss.remoting3.spi.NetworkServerProvider)
StreamConnection(org.xnio.StreamConnection)
SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)
Aggregations
SaslAuthenticationFactory (org.wildfly.security.auth.server.SaslAuthenticationFactory)14
ServiceName (org.jboss.msc.service.ServiceName)9
Endpoint (org.jboss.remoting3.Endpoint)7
SSLContext (javax.net.ssl.SSLContext)5
SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)5
StreamConnection (org.xnio.StreamConnection)4
SaslClient (javax.security.sasl.SaslClient)3
SaslServer (javax.security.sasl.SaslServer)3
SocketBindingManager (org.jboss.as.network.SocketBindingManager)3
AbstractSubsystemTest (org.jboss.as.subsystem.test.AbstractSubsystemTest)3
ServiceTarget (org.jboss.msc.service.ServiceTarget)3
NetworkServerProvider (org.jboss.remoting3.spi.NetworkServerProvider)3
Test (org.junit.Test)3
AnonymousServerFactory (org.wildfly.security.sasl.anonymous.AnonymousServerFactory)3
OptionMap (org.xnio.OptionMap)3
AcceptingChannel (org.xnio.channels.AcceptingChannel)3
ListenerRegistry (io.undertow.server.ListenerRegistry)2
StartException (org.jboss.msc.service.StartException)2
SimpleMapBackedSecurityRealm (org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm)2
ChannelUpgradeHandler (io.undertow.server.handlers.ChannelUpgradeHandler)1
