use of org.wildfly.security.http.HttpServerAuthenticationMechanismFactory in project wildfly by wildfly.
the class VirtualHttpServerMechanismFactoryProcessor method deploy.
@Override
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
if (deploymentUnit.getParent() != null || !isVirtualMechanismFactoryRequired(deploymentUnit)) {
// Only interested in installation if this is really the root deployment.
return;
}
ServiceName virtualMechanismFactoryName = virtualMechanismFactoryName(deploymentUnit);
ServiceTarget serviceTarget = phaseContext.getServiceTarget();
ServiceBuilder<?> serviceBuilder = serviceTarget.addService(virtualMechanismFactoryName);
final HttpServerAuthenticationMechanismFactory virtualMechanismFactory = new OidcMechanismFactory();
final Consumer<HttpServerAuthenticationMechanismFactory> mechanismFactoryConsumer = serviceBuilder.provides(virtualMechanismFactoryName);
serviceBuilder.setInstance(Service.newInstance(mechanismFactoryConsumer, virtualMechanismFactory));
serviceBuilder.setInitialMode(Mode.ON_DEMAND);
serviceBuilder.install();
ServiceName virtualDomainName = VirtualDomainMarkerUtility.virtualDomainName(deploymentUnit);
serviceBuilder = serviceTarget.addService(virtualDomainName);
SecurityDomain virtualDomain = SecurityDomain.builder().addRealm(VIRTUAL_REALM, new OidcSecurityRealm()).build().setDefaultRealmName(VIRTUAL_REALM).setPermissionMapper((permissionMappable, roles) -> LoginPermission.getInstance()).build();
Consumer<SecurityDomain> securityDomainConsumer = serviceBuilder.provides(new ServiceName[] { virtualDomainName });
serviceBuilder.setInstance(Service.newInstance(securityDomainConsumer, virtualDomain));
serviceBuilder.setInitialMode(Mode.ON_DEMAND);
serviceBuilder.install();
}
use of org.wildfly.security.http.HttpServerAuthenticationMechanismFactory in project wildfly by wildfly.
the class UndertowDeploymentInfoService method applyElytronSecurity.
private void applyElytronSecurity(final DeploymentInfo deploymentInfo, Function<String, RunAsIdentityMetaData> runAsMapping) {
BiFunction<DeploymentInfo, Function<String, RunAsIdentityMetaData>, Registration> securityFunction = applySecurityFunction != null ? applySecurityFunction.get() : null;
if (securityFunction != null) {
registration = securityFunction.apply(deploymentInfo, runAsMapping);
} else {
HttpServerAuthenticationMechanismFactory mechanismFactory = rawMechanismFactory == null ? null : rawMechanismFactory.get();
SecurityDomain securityDomain = rawSecurityDomain.get();
org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager.Builder builder = org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager.builder();
if (mechanismFactory != null) {
HttpAuthenticationFactory httpAuthenticationFactory = HttpAuthenticationFactory.builder().setFactory(mechanismFactory).setSecurityDomain(securityDomain).setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY)).build();
builder.setHttpAuthenticationFactory(httpAuthenticationFactory);
builder.setOverrideDeploymentConfig(true).setRunAsMapper(runAsMapping);
} else {
builder = builder.setSecurityDomain(securityDomain);
builder.setOverrideDeploymentConfig(true).setRunAsMapper(runAsMapping).setIntegratedJaspi(false).setEnableJaspi(true);
}
org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager authenticationManager = builder.build();
authenticationManager.configure(deploymentInfo);
}
deploymentInfo.addOuterHandlerChainWrapper(JACCContextIdHandler.wrapper(jaccContextId));
if (mergedMetaData.isUseJBossAuthorization()) {
UndertowLogger.ROOT_LOGGER.configurationOptionIgnoredWhenUsingElytron("use-jboss-authorization");
}
}
use of org.wildfly.security.http.HttpServerAuthenticationMechanismFactory in project wildfly by wildfly.
the class UndertowDeploymentProcessor method processDeployment.
private void processDeployment(final WarMetaData warMetaData, final DeploymentUnit deploymentUnit, final ServiceTarget serviceTarget, final String deploymentName, final String hostName, final String serverInstanceName, final boolean isDefaultWebModule) throws DeploymentUnitProcessingException {
ResourceRoot deploymentResourceRoot = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_ROOT);
final VirtualFile deploymentRoot = deploymentResourceRoot.getRoot();
final Module module = deploymentUnit.getAttachment(Attachments.MODULE);
if (module == null) {
throw new DeploymentUnitProcessingException(UndertowLogger.ROOT_LOGGER.failedToResolveModule(deploymentUnit));
}
final JBossWebMetaData metaData = warMetaData.getMergedJBossWebMetaData();
final List<SetupAction> setupActions = deploymentUnit.getAttachmentList(org.jboss.as.ee.component.Attachments.WEB_SETUP_ACTIONS);
CapabilityServiceSupport capabilitySupport = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT);
ScisMetaData scisMetaData = deploymentUnit.getAttachment(ScisMetaData.ATTACHMENT_KEY);
final Set<ServiceName> dependentComponents = new HashSet<>();
// see AS7-2077
// basically we want to ignore components that have failed for whatever reason
// if they are important they will be picked up when the web deployment actually starts
final List<ServiceName> components = deploymentUnit.getAttachmentList(WebComponentDescription.WEB_COMPONENTS);
final Set<ServiceName> failed = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.FAILED_COMPONENTS);
for (final ServiceName component : components) {
if (!failed.contains(component)) {
dependentComponents.add(component);
}
}
String servletContainerName = metaData.getServletContainerName();
if (servletContainerName == null) {
servletContainerName = defaultContainer;
}
final boolean componentRegistryExists = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.COMPONENT_REGISTRY) != null;
final ComponentRegistry componentRegistry = componentRegistryExists ? deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.COMPONENT_REGISTRY) : new ComponentRegistry(null);
final ClassLoader loader = module.getClassLoader();
final WebInjectionContainer injectionContainer = (metaData.getDistributable() == null) ? new CachingWebInjectionContainer(loader, componentRegistry) : new SimpleWebInjectionContainer(loader, componentRegistry);
String jaccContextId = metaData.getJaccContextID();
if (jaccContextId == null) {
jaccContextId = deploymentUnit.getName();
}
if (deploymentUnit.getParent() != null) {
jaccContextId = deploymentUnit.getParent().getName() + "!" + jaccContextId;
}
String pathName = pathNameOfDeployment(deploymentUnit, metaData, isDefaultWebModule);
final Set<ServiceName> additionalDependencies = new HashSet<>();
for (final SetupAction setupAction : setupActions) {
Set<ServiceName> dependencies = setupAction.dependencies();
if (dependencies != null) {
additionalDependencies.addAll(dependencies);
}
}
SharedSessionManagerConfig sharedSessionManagerConfig = deploymentUnit.getParent() != null ? deploymentUnit.getParent().getAttachment(SharedSessionManagerConfig.ATTACHMENT_KEY) : null;
if (!deploymentResourceRoot.isUsePhysicalCodeSource()) {
try {
deploymentUnit.addToAttachmentList(ServletContextAttribute.ATTACHMENT_KEY, new ServletContextAttribute(Constants.CODE_SOURCE_ATTRIBUTE_NAME, deploymentRoot.toURL()));
} catch (MalformedURLException e) {
throw new DeploymentUnitProcessingException(e);
}
}
deploymentUnit.addToAttachmentList(ServletContextAttribute.ATTACHMENT_KEY, new ServletContextAttribute(Constants.PERMISSION_COLLECTION_ATTRIBUTE_NAME, deploymentUnit.getAttachment(Attachments.MODULE_PERMISSIONS)));
additionalDependencies.addAll(warMetaData.getAdditionalDependencies());
try {
String capability = HostSingleSignOnDefinition.HOST_SSO_CAPABILITY.fromBaseCapability(serverInstanceName, hostName).getName();
capabilitySupport.getCapabilityRuntimeAPI(capability, Object.class);
additionalDependencies.add(capabilitySupport.getCapabilityServiceName(capability));
} catch (CapabilityServiceSupport.NoSuchCapabilityException e) {
// ignore
}
final ServiceName hostServiceName = UndertowService.virtualHostName(serverInstanceName, hostName);
final ServiceName legacyDeploymentServiceName = UndertowService.deploymentServiceName(serverInstanceName, hostName, pathName);
final ServiceName deploymentServiceName = UndertowService.deploymentServiceName(deploymentUnit.getServiceName());
StartupCountdown countDown = deploymentUnit.getAttachment(STARTUP_COUNTDOWN);
if (countDown != null) {
deploymentUnit.addToAttachmentList(UndertowAttachments.UNDERTOW_INITIAL_HANDLER_CHAIN_WRAPPERS, handler -> new ComponentStartupCountdownHandler(handler, countDown));
}
String securityDomain = deploymentUnit.getAttachment(UndertowAttachments.RESOLVED_SECURITY_DOMAIN);
TldsMetaData tldsMetaData = deploymentUnit.getAttachment(TldsMetaData.ATTACHMENT_KEY);
final ServiceName deploymentInfoServiceName = deploymentServiceName.append(UndertowDeploymentInfoService.SERVICE_NAME);
final ServiceName legacyDeploymentInfoServiceName = legacyDeploymentServiceName.append(UndertowDeploymentInfoService.SERVICE_NAME);
final ServiceBuilder<?> udisBuilder = serviceTarget.addService(deploymentInfoServiceName);
final Consumer<DeploymentInfo> diConsumer = udisBuilder.provides(deploymentInfoServiceName, legacyDeploymentInfoServiceName);
final Supplier<UndertowService> usSupplier = udisBuilder.requires(UndertowService.UNDERTOW);
final Supplier<SessionManagerFactory> smfSupplier;
final Supplier<SessionIdentifierCodec> sicSupplier;
final Supplier<ServletContainerService> scsSupplier = udisBuilder.requires(UndertowService.SERVLET_CONTAINER.append(servletContainerName));
final Supplier<ComponentRegistry> crSupplier = componentRegistryExists ? udisBuilder.requires(ComponentRegistry.serviceName(deploymentUnit)) : new Supplier<ComponentRegistry>() {
@Override
public ComponentRegistry get() {
return componentRegistry;
}
};
final Supplier<Host> hostSupplier = udisBuilder.requires(hostServiceName);
Supplier<ControlPoint> cpSupplier = null;
final Supplier<SuspendController> scSupplier = udisBuilder.requires(capabilitySupport.getCapabilityServiceName(Capabilities.REF_SUSPEND_CONTROLLER));
final Supplier<ServerEnvironment> serverEnvSupplier = udisBuilder.requires(ServerEnvironmentService.SERVICE_NAME);
Supplier<SecurityDomain> sdSupplier = null;
Supplier<HttpServerAuthenticationMechanismFactory> mechanismFactorySupplier = null;
Supplier<BiFunction> bfSupplier = null;
for (final ServiceName additionalDependency : additionalDependencies) {
udisBuilder.requires(additionalDependency);
}
final SecurityMetaData securityMetaData = deploymentUnit.getAttachment(ATTACHMENT_KEY);
if (isVirtualDomainRequired(deploymentUnit) || isVirtualMechanismFactoryRequired(deploymentUnit)) {
sdSupplier = udisBuilder.requires(securityMetaData.getSecurityDomain());
} else if (securityDomain != null) {
if (mappedSecurityDomain.test(securityDomain)) {
bfSupplier = udisBuilder.requires(deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT).getCapabilityServiceName(Capabilities.CAPABILITY_APPLICATION_SECURITY_DOMAIN, securityDomain));
} else {
throw ROOT_LOGGER.deploymentConfiguredForLegacySecurity();
}
}
if (isVirtualMechanismFactoryRequired(deploymentUnit)) {
if (securityMetaData instanceof AdvancedSecurityMetaData) {
mechanismFactorySupplier = udisBuilder.requires(((AdvancedSecurityMetaData) securityMetaData).getHttpServerAuthenticationMechanismFactory());
}
}
if (RequestControllerActivationMarker.isRequestControllerEnabled(deploymentUnit)) {
String topLevelName;
if (deploymentUnit.getParent() == null) {
topLevelName = deploymentUnit.getName();
} else {
topLevelName = deploymentUnit.getParent().getName();
}
cpSupplier = udisBuilder.requires(ControlPointService.serviceName(topLevelName, UndertowExtension.SUBSYSTEM_NAME));
}
if (sharedSessionManagerConfig != null) {
final ServiceName parentSN = deploymentUnit.getParent().getServiceName();
smfSupplier = udisBuilder.requires(parentSN.append(SharedSessionManagerConfig.SHARED_SESSION_MANAGER_SERVICE_NAME));
sicSupplier = udisBuilder.requires(parentSN.append(SharedSessionManagerConfig.SHARED_SESSION_IDENTIFIER_CODEC_SERVICE_NAME));
} else {
ServletContainerService servletContainer = deploymentUnit.getAttachment(UndertowAttachments.SERVLET_CONTAINER_SERVICE);
Integer maxActiveSessions = (metaData.getMaxActiveSessions() != null) ? metaData.getMaxActiveSessions() : (servletContainer != null) ? servletContainer.getMaxSessions() : null;
SessionConfigMetaData sessionConfig = metaData.getSessionConfig();
int defaultSessionTimeout = ((sessionConfig != null) && sessionConfig.getSessionTimeoutSet()) ? sessionConfig.getSessionTimeout() : (servletContainer != null) ? servletContainer.getDefaultSessionTimeout() : Integer.valueOf(30);
ServiceName factoryServiceName = deploymentServiceName.append("session");
ServiceName codecServiceName = deploymentServiceName.append("codec");
SessionManagementProvider provider = this.getDistributableWebDeploymentProvider(deploymentUnit, metaData);
SessionManagerFactoryConfiguration configuration = new SessionManagerFactoryConfiguration() {
@Override
public String getServerName() {
return serverInstanceName;
}
@Override
public String getDeploymentName() {
return deploymentName;
}
@Override
public Module getModule() {
return module;
}
@Override
public Integer getMaxActiveSessions() {
return maxActiveSessions;
}
@Override
public Duration getDefaultSessionTimeout() {
return Duration.ofMinutes(defaultSessionTimeout);
}
};
CapabilityServiceConfigurator factoryConfigurator = provider.getSessionManagerFactoryServiceConfigurator(factoryServiceName, configuration);
CapabilityServiceConfigurator codecConfigurator = provider.getSessionIdentifierCodecServiceConfigurator(codecServiceName, configuration);
smfSupplier = udisBuilder.requires(factoryConfigurator.getServiceName());
sicSupplier = udisBuilder.requires(codecConfigurator.getServiceName());
CapabilityServiceSupport support = deploymentUnit.getAttachment(Attachments.CAPABILITY_SERVICE_SUPPORT);
factoryConfigurator.configure(support).build(serviceTarget).install();
codecConfigurator.configure(support).build(serviceTarget).install();
}
UndertowDeploymentInfoService undertowDeploymentInfoService = UndertowDeploymentInfoService.builder().setAttributes(deploymentUnit.getAttachmentList(ServletContextAttribute.ATTACHMENT_KEY)).setContextPath(pathName).setDeploymentName(// todo: is this deployment name concept really applicable?
deploymentName).setDeploymentRoot(deploymentRoot).setMergedMetaData(warMetaData.getMergedJBossWebMetaData()).setModule(module).setScisMetaData(scisMetaData).setJaccContextId(jaccContextId).setSecurityDomain(securityDomain).setTldInfo(createTldsInfo(tldsMetaData, tldsMetaData == null ? null : tldsMetaData.getSharedTlds(deploymentUnit))).setSetupActions(setupActions).setSharedSessionManagerConfig(sharedSessionManagerConfig).setOverlays(warMetaData.getOverlays()).setExpressionFactoryWrappers(deploymentUnit.getAttachmentList(ExpressionFactoryWrapper.ATTACHMENT_KEY)).setPredicatedHandlers(deploymentUnit.getAttachment(UndertowHandlersDeploymentProcessor.PREDICATED_HANDLERS)).setInitialHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_INITIAL_HANDLER_CHAIN_WRAPPERS)).setInnerHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_INNER_HANDLER_CHAIN_WRAPPERS)).setOuterHandlerChainWrappers(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_OUTER_HANDLER_CHAIN_WRAPPERS)).setThreadSetupActions(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_THREAD_SETUP_ACTIONS)).setServletExtensions(deploymentUnit.getAttachmentList(UndertowAttachments.UNDERTOW_SERVLET_EXTENSIONS)).setExplodedDeployment(ExplodedDeploymentMarker.isExplodedDeployment(deploymentUnit)).setWebSocketDeploymentInfo(deploymentUnit.getAttachment(UndertowAttachments.WEB_SOCKET_DEPLOYMENT_INFO)).setTempDir(warMetaData.getTempDir()).setExternalResources(deploymentUnit.getAttachmentList(UndertowAttachments.EXTERNAL_RESOURCES)).setAllowSuspendedRequests(deploymentUnit.getAttachmentList(UndertowAttachments.ALLOW_REQUEST_WHEN_SUSPENDED)).createUndertowDeploymentInfoService(diConsumer, usSupplier, smfSupplier, sicSupplier, scsSupplier, crSupplier, hostSupplier, cpSupplier, scSupplier, serverEnvSupplier, sdSupplier, mechanismFactorySupplier, bfSupplier);
udisBuilder.setInstance(undertowDeploymentInfoService);
final Set<String> seenExecutors = new HashSet<String>();
if (metaData.getExecutorName() != null) {
final Supplier<Executor> executor = udisBuilder.requires(IOServices.WORKER.append(metaData.getExecutorName()));
undertowDeploymentInfoService.addInjectedExecutor(metaData.getExecutorName(), executor);
seenExecutors.add(metaData.getExecutorName());
}
if (metaData.getServlets() != null) {
for (JBossServletMetaData servlet : metaData.getServlets()) {
if (servlet.getExecutorName() != null && !seenExecutors.contains(servlet.getExecutorName())) {
final Supplier<Executor> executor = udisBuilder.requires(IOServices.WORKER.append(servlet.getExecutorName()));
undertowDeploymentInfoService.addInjectedExecutor(servlet.getExecutorName(), executor);
seenExecutors.add(servlet.getExecutorName());
}
}
}
try {
udisBuilder.install();
} catch (DuplicateServiceException e) {
throw UndertowLogger.ROOT_LOGGER.duplicateHostContextDeployments(deploymentInfoServiceName, e.getMessage());
}
final ServiceBuilder<?> udsBuilder = serviceTarget.addService(deploymentServiceName);
final Consumer<UndertowDeploymentService> sConsumer = udsBuilder.provides(deploymentServiceName, legacyDeploymentServiceName);
final Supplier<ServletContainerService> cSupplier = udsBuilder.requires(UndertowService.SERVLET_CONTAINER.append(defaultContainer));
final Supplier<ExecutorService> seSupplier = Services.requireServerExecutor(udsBuilder);
final Supplier<Host> hSupplier = udsBuilder.requires(hostServiceName);
final Supplier<DeploymentInfo> diSupplier = udsBuilder.requires(deploymentInfoServiceName);
for (final ServiceName webDependency : deploymentUnit.getAttachmentList(Attachments.WEB_DEPENDENCIES)) {
udsBuilder.requires(webDependency);
}
for (final ServiceName dependentComponent : dependentComponents) {
udsBuilder.requires(dependentComponent);
}
udsBuilder.setInstance(new UndertowDeploymentService(sConsumer, cSupplier, seSupplier, hSupplier, diSupplier, injectionContainer, true));
udsBuilder.install();
deploymentUnit.addToAttachmentList(Attachments.DEPLOYMENT_COMPLETE_SERVICES, deploymentServiceName);
// adding Jakarta Authorization service
final boolean elytronJacc = capabilitySupport.hasCapability(ELYTRON_JACC_CAPABILITY_NAME);
final boolean legacyJacc = !elytronJacc && legacySecurityInstalled(deploymentUnit);
if (legacyJacc || elytronJacc) {
WarJACCDeployer deployer = new WarJACCDeployer();
JaccService<WarMetaData> jaccService = deployer.deploy(deploymentUnit, jaccContextId);
if (jaccService != null) {
final ServiceName jaccServiceName = deploymentUnit.getServiceName().append(JaccService.SERVICE_NAME);
ServiceBuilder<?> jaccBuilder = serviceTarget.addService(jaccServiceName, jaccService);
if (deploymentUnit.getParent() != null) {
// add dependency to parent policy
final DeploymentUnit parentDU = deploymentUnit.getParent();
jaccBuilder.addDependency(parentDU.getServiceName().append(JaccService.SERVICE_NAME), PolicyConfiguration.class, jaccService.getParentPolicyInjector());
}
jaccBuilder.addDependency(capabilitySupport.getCapabilityServiceName(elytronJacc ? ELYTRON_JACC_CAPABILITY_NAME : LEGACY_JACC_CAPABILITY_NAME));
// add dependency to web deployment service
jaccBuilder.requires(deploymentServiceName);
jaccBuilder.setInitialMode(Mode.PASSIVE).install();
}
}
// Process the web related mgmt information
final DeploymentResourceSupport deploymentResourceSupport = deploymentUnit.getAttachment(Attachments.DEPLOYMENT_RESOURCE_SUPPORT);
final ModelNode node = deploymentResourceSupport.getDeploymentSubsystemModel(UndertowExtension.SUBSYSTEM_NAME);
node.get(DeploymentDefinition.CONTEXT_ROOT.getName()).set("".equals(pathName) ? "/" : pathName);
node.get(DeploymentDefinition.VIRTUAL_HOST.getName()).set(hostName);
node.get(DeploymentDefinition.SERVER.getName()).set(serverInstanceName);
processManagement(deploymentUnit, metaData);
}
Aggregations