Example 1 with GSSKerberosCredential
use of org.wildfly.security.credential.GSSKerberosCredential in project wildfly by wildfly.
the class ElytronSubjectFactory method createSubject.
/**
* Create a {@link Subject} with the principal and password credential obtained from the authentication configuration
* that matches the target {@link URI}.
*
* @param authenticationContext the {@link AuthenticationContext} used to select a configuration that matches the
* target {@link URI}.
* @return the constructed {@link Subject}. It contains a single principal and a {@link PasswordCredential}.
*/
private Subject createSubject(final AuthenticationContext authenticationContext) {
final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(this.targetURI, authenticationContext);
final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
final NameCallback nameCallback = new NameCallback("Username: ");
final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
final CredentialCallback credentialCallback = new CredentialCallback(GSSKerberosCredential.class);
try {
handler.handle(new Callback[] { nameCallback, passwordCallback, credentialCallback });
Subject subject = new Subject();
// if a GSSKerberosCredential was found, add the enclosed GSSCredential and KerberosTicket to the private set in the Subject.
if (credentialCallback.getCredential() != null) {
GSSKerberosCredential kerberosCredential = GSSKerberosCredential.class.cast(credentialCallback.getCredential());
this.addPrivateCredential(subject, kerberosCredential.getKerberosTicket());
this.addPrivateCredential(subject, kerberosCredential.getGssCredential());
// use the GSSName to build a kerberos principal and set it in the Subject.
GSSName gssName = kerberosCredential.getGssCredential().getName();
subject.getPrincipals().add(new KerberosPrincipal(gssName.toString()));
}
// use the name from the callback, if available, to build a principal and set it in the Subject.
if (nameCallback.getName() != null) {
subject.getPrincipals().add(new NamePrincipal(nameCallback.getName()));
}
// use the password from the callback, if available, to build a credential and set it as a private credential in the Subject.
if (passwordCallback.getPassword() != null) {
this.addPrivateCredential(subject, new PasswordCredential(nameCallback.getName(), passwordCallback.getPassword()));
}
return subject;
} catch (Exception e) {
throw new SecurityException(e);
}
}
Also used :
AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration)
GSSName(org.ietf.jgss.GSSName)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal)
PasswordCredential(javax.resource.spi.security.PasswordCredential)
CredentialCallback(org.wildfly.security.auth.callback.CredentialCallback)
Subject(javax.security.auth.Subject)
GSSKerberosCredential(org.wildfly.security.credential.GSSKerberosCredential)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Example 2 with GSSKerberosCredential
use of org.wildfly.security.credential.GSSKerberosCredential in project wildfly by wildfly.
the class DataSourceService method start.
@Override
public void start(StartContext context) throws StartException {
Class<?> providerClass = driverInjector.getOptionalValue();
if (xa) {
if (!XADataSource.class.isAssignableFrom(providerClass)) {
throw AgroalLogger.SERVICE_LOGGER.invalidXAConnectionProvider();
}
} else {
if (providerClass != null && !DataSource.class.isAssignableFrom(providerClass) && !Driver.class.isAssignableFrom(providerClass)) {
throw AgroalLogger.SERVICE_LOGGER.invalidConnectionProvider();
}
}
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().connectionProviderClass(providerClass);
if (jta || xa) {
TransactionManager transactionManager = ContextTransactionManager.getInstance();
TransactionSynchronizationRegistry transactionSynchronizationRegistry = transactionSynchronizationRegistryInjector.getValue();
if (transactionManager == null || transactionSynchronizationRegistry == null) {
throw AgroalLogger.SERVICE_LOGGER.missingTransactionManager();
}
TransactionIntegration txIntegration = new NarayanaTransactionIntegration(transactionManager, transactionSynchronizationRegistry, jndiName, connectable);
dataSourceConfiguration.connectionPoolConfiguration().transactionIntegration(txIntegration);
}
AuthenticationContext authenticationContext = authenticationContextInjector.getOptionalValue();
if (authenticationContext != null) {
try {
// Probably some other thing should be used as URI. Using jndiName for consistency with the datasources subsystem (simplicity as a bonus)
URI targetURI = new URI(jndiName);
NameCallback nameCallback = new NameCallback("Username: ");
PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
CredentialCallback credentialCallback = new CredentialCallback(GSSKerberosCredential.class);
AuthenticationConfiguration authenticationConfiguration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(targetURI, authenticationContext, -1, "jdbc", "jboss");
AUTH_CONFIG_CLIENT.getCallbackHandler(authenticationConfiguration).handle(new Callback[] { nameCallback, passwordCallback, credentialCallback });
// if a GSSKerberosCredential was found, add the enclosed GSSCredential and KerberosTicket to the private set in the Subject.
if (credentialCallback.getCredential() != null) {
GSSKerberosCredential kerberosCredential = credentialCallback.getCredential(GSSKerberosCredential.class);
// use the GSSName to build a kerberos principal
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().principal(new NamePrincipal(kerberosCredential.getGssCredential().getName().toString()));
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(kerberosCredential.getKerberosTicket());
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(kerberosCredential.getGssCredential());
}
// use the name / password from the callbacks
if (nameCallback.getName() != null) {
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().principal(new NamePrincipal(nameCallback.getName()));
}
if (passwordCallback.getPassword() != null) {
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(new SimplePassword(new String(passwordCallback.getPassword())));
}
} catch (URISyntaxException | UnsupportedCallbackException | IOException | GSSException e) {
throw AgroalLogger.SERVICE_LOGGER.invalidAuthentication(e, dataSourceName);
}
}
ExceptionSupplier<CredentialSource, Exception> credentialSourceExceptionExceptionSupplier = credentialSourceSupplierInjector.getOptionalValue();
if (credentialSourceExceptionExceptionSupplier != null) {
try {
String password = new String(credentialSourceExceptionExceptionSupplier.get().getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword());
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().credential(new SimplePassword(password));
} catch (Exception e) {
throw AgroalLogger.SERVICE_LOGGER.invalidCredentialSourceSupplier(e, dataSourceName);
}
}
try {
agroalDataSource = AgroalDataSource.from(dataSourceConfiguration, new LoggingDataSourceListener(dataSourceName));
ContextNames.BindInfo bindInfo = ContextNames.bindInfoFor(jndiName);
BinderService binderService = new BinderService(bindInfo.getBindName());
binderService.getManagedObjectInjector().inject(new ImmediateManagedReferenceFactory(agroalDataSource));
context.getChildTarget().addService(bindInfo.getBinderServiceName(), binderService).addDependency(bindInfo.getParentContextServiceName(), ServiceBasedNamingStore.class, binderService.getNamingStoreInjector()).install();
if (xa) {
AgroalLogger.SERVICE_LOGGER.startedXADataSource(dataSourceName, jndiName);
} else {
AgroalLogger.SERVICE_LOGGER.startedDataSource(dataSourceName, jndiName);
}
} catch (SQLException e) {
agroalDataSource = null;
if (xa) {
throw AgroalLogger.SERVICE_LOGGER.xaDatasourceStartException(e, dataSourceName);
} else {
throw AgroalLogger.SERVICE_LOGGER.datasourceStartException(e, dataSourceName);
}
}
}
Also used :
TransactionIntegration(io.agroal.api.transaction.TransactionIntegration)
NarayanaTransactionIntegration(io.agroal.narayana.NarayanaTransactionIntegration)
AuthenticationContext(org.wildfly.security.auth.client.AuthenticationContext)
SQLException(java.sql.SQLException)
NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
GSSKerberosCredential(org.wildfly.security.credential.GSSKerberosCredential)
BinderService(org.jboss.as.naming.service.BinderService)
GSSException(org.ietf.jgss.GSSException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
ContextNames(org.jboss.as.naming.deployment.ContextNames)
ImmediateManagedReferenceFactory(org.jboss.as.naming.ImmediateManagedReferenceFactory)
AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration)
XADataSource(javax.sql.XADataSource)
LoggingDataSourceListener(org.wildfly.extension.datasources.agroal.logging.LoggingDataSourceListener)
CredentialCallback(org.wildfly.security.auth.callback.CredentialCallback)
IOException(java.io.IOException)
NarayanaTransactionIntegration(io.agroal.narayana.NarayanaTransactionIntegration)
URISyntaxException(java.net.URISyntaxException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
SQLException(java.sql.SQLException)
StartException(org.jboss.msc.service.StartException)
IOException(java.io.IOException)
GSSException(org.ietf.jgss.GSSException)
XADataSource(javax.sql.XADataSource)
DataSource(javax.sql.DataSource)
AgroalDataSource(io.agroal.api.AgroalDataSource)
NameCallback(javax.security.auth.callback.NameCallback)
ServiceBasedNamingStore(org.jboss.as.naming.ServiceBasedNamingStore)
ContextTransactionManager(org.wildfly.transaction.client.ContextTransactionManager)
TransactionManager(javax.transaction.TransactionManager)
TransactionSynchronizationRegistry(javax.transaction.TransactionSynchronizationRegistry)
SimplePassword(io.agroal.api.security.SimplePassword)
Aggregations
NameCallback (javax.security.auth.callback.NameCallback)2
PasswordCallback (javax.security.auth.callback.PasswordCallback)2
CredentialCallback (org.wildfly.security.auth.callback.CredentialCallback)2
AuthenticationConfiguration (org.wildfly.security.auth.client.AuthenticationConfiguration)2
NamePrincipal (org.wildfly.security.auth.principal.NamePrincipal)2
GSSKerberosCredential (org.wildfly.security.credential.GSSKerberosCredential)2
AgroalDataSource (io.agroal.api.AgroalDataSource)1
SimplePassword (io.agroal.api.security.SimplePassword)1
TransactionIntegration (io.agroal.api.transaction.TransactionIntegration)1
NarayanaTransactionIntegration (io.agroal.narayana.NarayanaTransactionIntegration)1
IOException (java.io.IOException)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
SQLException (java.sql.SQLException)1
PasswordCredential (javax.resource.spi.security.PasswordCredential)1
Subject (javax.security.auth.Subject)1
CallbackHandler (javax.security.auth.callback.CallbackHandler)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1
DataSource (javax.sql.DataSource)1
