Search in sources :

Example 1 with GSSKerberosCredential

use of org.wildfly.security.credential.GSSKerberosCredential in project wildfly by wildfly.

the class ElytronSubjectFactory method createSubject.

/**
 * Create a {@link Subject} with the principal and password credential obtained from the authentication configuration
 * that matches the target {@link URI}.
 *
 * @param authenticationContext the {@link AuthenticationContext} used to select a configuration that matches the
 *                              target {@link URI}.
 * @return the constructed {@link Subject}. It contains a single principal and a {@link PasswordCredential}.
 */
private Subject createSubject(final AuthenticationContext authenticationContext) {
    final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(this.targetURI, authenticationContext);
    final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
    final NameCallback nameCallback = new NameCallback("Username: ");
    final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
    final CredentialCallback credentialCallback = new CredentialCallback(GSSKerberosCredential.class);
    try {
        handler.handle(new Callback[] { nameCallback, passwordCallback, credentialCallback });
        Subject subject = new Subject();
        // if a GSSKerberosCredential was found, add the enclosed GSSCredential and KerberosTicket to the private set in the Subject.
        if (credentialCallback.getCredential() != null) {
            GSSKerberosCredential kerberosCredential = GSSKerberosCredential.class.cast(credentialCallback.getCredential());
            this.addPrivateCredential(subject, kerberosCredential.getKerberosTicket());
            this.addPrivateCredential(subject, kerberosCredential.getGssCredential());
            // use the GSSName to build a kerberos principal and set it in the Subject.
            GSSName gssName = kerberosCredential.getGssCredential().getName();
            subject.getPrincipals().add(new KerberosPrincipal(gssName.toString()));
        }
        // use the name from the callback, if available, to build a principal and set it in the Subject.
        if (nameCallback.getName() != null) {
            subject.getPrincipals().add(new NamePrincipal(nameCallback.getName()));
        }
        // use the password from the callback, if available, to build a credential and set it as a private credential in the Subject.
        if (passwordCallback.getPassword() != null) {
            this.addPrivateCredential(subject, new PasswordCredential(nameCallback.getName(), passwordCallback.getPassword()));
        }
        return subject;
    } catch (Exception e) {
        throw new SecurityException(e);
    }
}
Also used : AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration) GSSName(org.ietf.jgss.GSSName) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) CallbackHandler(javax.security.auth.callback.CallbackHandler) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) PasswordCredential(javax.resource.spi.security.PasswordCredential) CredentialCallback(org.wildfly.security.auth.callback.CredentialCallback) Subject(javax.security.auth.Subject) GSSKerberosCredential(org.wildfly.security.credential.GSSKerberosCredential) NameCallback(javax.security.auth.callback.NameCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback)

Example 2 with GSSKerberosCredential

use of org.wildfly.security.credential.GSSKerberosCredential in project wildfly by wildfly.

the class DataSourceService method start.

@Override
public void start(StartContext context) throws StartException {
    Class<?> providerClass = driverInjector.getOptionalValue();
    if (xa) {
        if (!XADataSource.class.isAssignableFrom(providerClass)) {
            throw AgroalLogger.SERVICE_LOGGER.invalidXAConnectionProvider();
        }
    } else {
        if (providerClass != null && !DataSource.class.isAssignableFrom(providerClass) && !Driver.class.isAssignableFrom(providerClass)) {
            throw AgroalLogger.SERVICE_LOGGER.invalidConnectionProvider();
        }
    }
    dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().connectionProviderClass(providerClass);
    if (jta || xa) {
        TransactionManager transactionManager = ContextTransactionManager.getInstance();
        TransactionSynchronizationRegistry transactionSynchronizationRegistry = transactionSynchronizationRegistryInjector.getValue();
        if (transactionManager == null || transactionSynchronizationRegistry == null) {
            throw AgroalLogger.SERVICE_LOGGER.missingTransactionManager();
        }
        TransactionIntegration txIntegration = new NarayanaTransactionIntegration(transactionManager, transactionSynchronizationRegistry, jndiName, connectable);
        dataSourceConfiguration.connectionPoolConfiguration().transactionIntegration(txIntegration);
    }
    AuthenticationContext authenticationContext = authenticationContextInjector.getOptionalValue();
    if (authenticationContext != null) {
        try {
            // Probably some other thing should be used as URI. Using jndiName for consistency with the datasources subsystem (simplicity as a bonus)
            URI targetURI = new URI(jndiName);
            NameCallback nameCallback = new NameCallback("Username: ");
            PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
            CredentialCallback credentialCallback = new CredentialCallback(GSSKerberosCredential.class);
            AuthenticationConfiguration authenticationConfiguration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(targetURI, authenticationContext, -1, "jdbc", "jboss");
            AUTH_CONFIG_CLIENT.getCallbackHandler(authenticationConfiguration).handle(new Callback[] { nameCallback, passwordCallback, credentialCallback });
            // if a GSSKerberosCredential was found, add the enclosed GSSCredential and KerberosTicket to the private set in the Subject.
            if (credentialCallback.getCredential() != null) {
                GSSKerberosCredential kerberosCredential = credentialCallback.getCredential(GSSKerberosCredential.class);
                // use the GSSName to build a kerberos principal
                dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().principal(new NamePrincipal(kerberosCredential.getGssCredential().getName().toString()));
                dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(kerberosCredential.getKerberosTicket());
                dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(kerberosCredential.getGssCredential());
            }
            // use the name / password from the callbacks
            if (nameCallback.getName() != null) {
                dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().principal(new NamePrincipal(nameCallback.getName()));
            }
            if (passwordCallback.getPassword() != null) {
                dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(new SimplePassword(new String(passwordCallback.getPassword())));
            }
        } catch (URISyntaxException | UnsupportedCallbackException | IOException | GSSException e) {
            throw AgroalLogger.SERVICE_LOGGER.invalidAuthentication(e, dataSourceName);
        }
    }
    ExceptionSupplier<CredentialSource, Exception> credentialSourceExceptionExceptionSupplier = credentialSourceSupplierInjector.getOptionalValue();
    if (credentialSourceExceptionExceptionSupplier != null) {
        try {
            String password = new String(credentialSourceExceptionExceptionSupplier.get().getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword());
            dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(new SimplePassword(password));
        } catch (Exception e) {
            throw AgroalLogger.SERVICE_LOGGER.invalidCredentialSourceSupplier(e, dataSourceName);
        }
    }
    try {
        agroalDataSource = AgroalDataSource.from(dataSourceConfiguration, new LoggingDataSourceListener(dataSourceName));
        ContextNames.BindInfo bindInfo = ContextNames.bindInfoFor(jndiName);
        BinderService binderService = new BinderService(bindInfo.getBindName());
        binderService.getManagedObjectInjector().inject(new ImmediateManagedReferenceFactory(agroalDataSource));
        context.getChildTarget().addService(bindInfo.getBinderServiceName(), binderService).addDependency(bindInfo.getParentContextServiceName(), ServiceBasedNamingStore.class, binderService.getNamingStoreInjector()).install();
        if (xa) {
            AgroalLogger.SERVICE_LOGGER.startedXADataSource(dataSourceName, jndiName);
        } else {
            AgroalLogger.SERVICE_LOGGER.startedDataSource(dataSourceName, jndiName);
        }
    } catch (SQLException e) {
        agroalDataSource = null;
        if (xa) {
            throw AgroalLogger.SERVICE_LOGGER.xaDatasourceStartException(e, dataSourceName);
        } else {
            throw AgroalLogger.SERVICE_LOGGER.datasourceStartException(e, dataSourceName);
        }
    }
}
Also used : TransactionIntegration(io.agroal.api.transaction.TransactionIntegration) NarayanaTransactionIntegration(io.agroal.narayana.NarayanaTransactionIntegration) AuthenticationContext(org.wildfly.security.auth.client.AuthenticationContext) SQLException(java.sql.SQLException) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) PasswordCredential(org.wildfly.security.credential.PasswordCredential) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) GSSKerberosCredential(org.wildfly.security.credential.GSSKerberosCredential) BinderService(org.jboss.as.naming.service.BinderService) GSSException(org.ietf.jgss.GSSException) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) CredentialSource(org.wildfly.security.credential.source.CredentialSource) ContextNames(org.jboss.as.naming.deployment.ContextNames) ImmediateManagedReferenceFactory(org.jboss.as.naming.ImmediateManagedReferenceFactory) AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration) XADataSource(javax.sql.XADataSource) LoggingDataSourceListener(org.wildfly.extension.datasources.agroal.logging.LoggingDataSourceListener) CredentialCallback(org.wildfly.security.auth.callback.CredentialCallback) IOException(java.io.IOException) NarayanaTransactionIntegration(io.agroal.narayana.NarayanaTransactionIntegration) URISyntaxException(java.net.URISyntaxException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) SQLException(java.sql.SQLException) StartException(org.jboss.msc.service.StartException) IOException(java.io.IOException) GSSException(org.ietf.jgss.GSSException) XADataSource(javax.sql.XADataSource) DataSource(javax.sql.DataSource) AgroalDataSource(io.agroal.api.AgroalDataSource) NameCallback(javax.security.auth.callback.NameCallback) ServiceBasedNamingStore(org.jboss.as.naming.ServiceBasedNamingStore) ContextTransactionManager(org.wildfly.transaction.client.ContextTransactionManager) TransactionManager(javax.transaction.TransactionManager) TransactionSynchronizationRegistry(javax.transaction.TransactionSynchronizationRegistry) SimplePassword(io.agroal.api.security.SimplePassword)

Aggregations

NameCallback (javax.security.auth.callback.NameCallback)2 PasswordCallback (javax.security.auth.callback.PasswordCallback)2 CredentialCallback (org.wildfly.security.auth.callback.CredentialCallback)2 AuthenticationConfiguration (org.wildfly.security.auth.client.AuthenticationConfiguration)2 NamePrincipal (org.wildfly.security.auth.principal.NamePrincipal)2 GSSKerberosCredential (org.wildfly.security.credential.GSSKerberosCredential)2 AgroalDataSource (io.agroal.api.AgroalDataSource)1 SimplePassword (io.agroal.api.security.SimplePassword)1 TransactionIntegration (io.agroal.api.transaction.TransactionIntegration)1 NarayanaTransactionIntegration (io.agroal.narayana.NarayanaTransactionIntegration)1 IOException (java.io.IOException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 SQLException (java.sql.SQLException)1 PasswordCredential (javax.resource.spi.security.PasswordCredential)1 Subject (javax.security.auth.Subject)1 CallbackHandler (javax.security.auth.callback.CallbackHandler)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1 DataSource (javax.sql.DataSource)1