Search in sources :

Example 1 with FilterMechanismSaslServerFactory

use of org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory in project wildfly-core by wildfly.

the class SaslServerDefinitions method getConfigurableSaslServerFactoryDefinition.

static ResourceDefinition getConfigurableSaslServerFactoryDefinition() {
    AttributeDefinition[] attributes = new AttributeDefinition[] { SASL_SERVER_FACTORY, SERVER_NAME, PROTOCOL, PROPERTIES, CONFIGURED_FILTERS };
    AbstractAddStepHandler add = new SaslServerAddHandler(attributes) {

        @Override
        protected ServiceBuilder<SaslServerFactory> installService(OperationContext context, ServiceName saslServerFactoryName, ModelNode model) throws OperationFailedException {
            final String saslServerFactory = SASL_SERVER_FACTORY.resolveModelAttribute(context, model).asString();
            final String protocol = PROTOCOL.resolveModelAttribute(context, model).asStringOrNull();
            final String serverName = SERVER_NAME.resolveModelAttribute(context, model).asStringOrNull();
            final Map<String, String> propertiesMap;
            ModelNode properties = PROPERTIES.resolveModelAttribute(context, model);
            if (properties.isDefined()) {
                propertiesMap = new HashMap<String, String>();
                for (String s : properties.keys()) {
                    propertiesMap.put(s, properties.require(s).asString());
                }
            } else {
                propertiesMap = null;
            }
            final Predicate<String> finalFilter;
            if (model.hasDefined(ElytronDescriptionConstants.FILTERS)) {
                Predicate<String> filter = null;
                List<ModelNode> nodes = model.require(ElytronDescriptionConstants.FILTERS).asList();
                for (ModelNode current : nodes) {
                    Predicate<String> currentFilter = (String s) -> true;
                    String predefinedFilter = PREDEFINED_FILTER.resolveModelAttribute(context, current).asStringOrNull();
                    if (predefinedFilter != null) {
                        currentFilter = NamePredicate.valueOf(predefinedFilter).predicate;
                    } else {
                        String patternFilter = PATTERN_FILTER.resolveModelAttribute(context, current).asStringOrNull();
                        if (patternFilter != null) {
                            final Pattern pattern = Pattern.compile(patternFilter);
                            currentFilter = (String s) -> pattern.matcher(s).find();
                        }
                    }
                    currentFilter = ENABLING.resolveModelAttribute(context, current).asBoolean() ? currentFilter : currentFilter.negate();
                    filter = filter == null ? currentFilter : filter.or(currentFilter);
                }
                finalFilter = filter;
            } else {
                finalFilter = null;
            }
            final InjectedValue<SaslServerFactory> saslServerFactoryInjector = new InjectedValue<SaslServerFactory>();
            TrivialService<SaslServerFactory> saslServiceFactoryService = new TrivialService<SaslServerFactory>(() -> {
                SaslServerFactory theFactory = saslServerFactoryInjector.getValue();
                theFactory = new SetMechanismInformationSaslServerFactory(theFactory);
                theFactory = protocol != null ? new ProtocolSaslServerFactory(theFactory, protocol) : theFactory;
                theFactory = serverName != null ? new ServerNameSaslServerFactory(theFactory, serverName) : theFactory;
                theFactory = propertiesMap != null ? new PropertiesSaslServerFactory(theFactory, propertiesMap) : theFactory;
                theFactory = finalFilter != null ? new FilterMechanismSaslServerFactory(theFactory, finalFilter) : theFactory;
                return theFactory;
            });
            ServiceTarget serviceTarget = context.getServiceTarget();
            ServiceBuilder<SaslServerFactory> serviceBuilder = serviceTarget.addService(saslServerFactoryName, saslServiceFactoryService);
            serviceBuilder.addDependency(context.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(SASL_SERVER_FACTORY_CAPABILITY, saslServerFactory), SaslServerFactory.class), SaslServerFactory.class, saslServerFactoryInjector);
            return serviceBuilder;
        }
    };
    return wrap(new SaslServerResourceDefinition(ElytronDescriptionConstants.CONFIGURABLE_SASL_SERVER_FACTORY, add, attributes), SaslServerDefinitions::getSaslServerAvailableMechanisms);
}
Also used : InjectedValue(org.jboss.msc.value.InjectedValue) ObjectListAttributeDefinition(org.jboss.as.controller.ObjectListAttributeDefinition) ObjectTypeAttributeDefinition(org.jboss.as.controller.ObjectTypeAttributeDefinition) AttributeDefinition(org.jboss.as.controller.AttributeDefinition) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) ProtocolSaslServerFactory(org.wildfly.security.sasl.util.ProtocolSaslServerFactory) OperationContext(org.jboss.as.controller.OperationContext) Pattern(java.util.regex.Pattern) SetMechanismInformationSaslServerFactory(org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory) MechanismProviderFilteringSaslServerFactory(org.wildfly.security.sasl.util.MechanismProviderFilteringSaslServerFactory) FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory) SecurityProviderSaslServerFactory(org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory) PropertiesSaslServerFactory(org.wildfly.security.sasl.util.PropertiesSaslServerFactory) SaslServerFactory(javax.security.sasl.SaslServerFactory) ProtocolSaslServerFactory(org.wildfly.security.sasl.util.ProtocolSaslServerFactory) AggregateSaslServerFactory(org.wildfly.security.sasl.util.AggregateSaslServerFactory) ServiceLoaderSaslServerFactory(org.wildfly.security.sasl.util.ServiceLoaderSaslServerFactory) SetMechanismInformationSaslServerFactory(org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory) ServerNameSaslServerFactory(org.wildfly.security.sasl.util.ServerNameSaslServerFactory) ServiceTarget(org.jboss.msc.service.ServiceTarget) AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler) ServiceName(org.jboss.msc.service.ServiceName) FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory) ModelNode(org.jboss.dmr.ModelNode) ServerNameSaslServerFactory(org.wildfly.security.sasl.util.ServerNameSaslServerFactory) PropertiesSaslServerFactory(org.wildfly.security.sasl.util.PropertiesSaslServerFactory)

Example 2 with FilterMechanismSaslServerFactory

use of org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory in project wildfly-core by wildfly.

the class AuthenticationFactoryDefinitions method getSaslAuthenticationFactory.

static ResourceDefinition getSaslAuthenticationFactory() {
    SimpleAttributeDefinition securityDomainAttribute = new SimpleAttributeDefinitionBuilder(BASE_SECURITY_DOMAIN_REF).setCapabilityReference(SECURITY_DOMAIN_CAPABILITY, SASL_AUTHENTICATION_FACTORY_CAPABILITY).setRestartAllServices().build();
    AttributeDefinition mechanismConfigurationAttribute = getMechanismConfiguration(SASL_AUTHENTICATION_FACTORY_CAPABILITY);
    AttributeDefinition[] attributes = new AttributeDefinition[] { securityDomainAttribute, SASL_SERVER_FACTORY, mechanismConfigurationAttribute };
    AbstractAddStepHandler add = new TrivialAddHandler<SaslAuthenticationFactory>(SaslAuthenticationFactory.class, ServiceController.Mode.ACTIVE, ServiceController.Mode.PASSIVE, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY) {

        @Override
        protected ValueSupplier<SaslAuthenticationFactory> getValueSupplier(ServiceBuilder<SaslAuthenticationFactory> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
            String securityDomain = securityDomainAttribute.resolveModelAttribute(context, model).asString();
            String saslServerFactory = SASL_SERVER_FACTORY.resolveModelAttribute(context, model).asString();
            final InjectedValue<SecurityDomain> securityDomainInjector = new InjectedValue<SecurityDomain>();
            final InjectedValue<SaslServerFactory> saslServerFactoryInjector = new InjectedValue<SaslServerFactory>();
            serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SECURITY_DOMAIN_CAPABILITY, securityDomain), SecurityDomain.class), SecurityDomain.class, securityDomainInjector);
            serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SASL_SERVER_FACTORY_CAPABILITY, saslServerFactory), SaslServerFactory.class), SaslServerFactory.class, saslServerFactoryInjector);
            final Set<String> supportedMechanisms = getConfiguredMechanismNames(mechanismConfigurationAttribute, context, model);
            final List<ResolvedMechanismConfiguration> resolvedMechanismConfigurations = getResolvedMechanismConfiguration(mechanismConfigurationAttribute, serviceBuilder, context, model);
            return () -> {
                SaslServerFactory serverFactory = saslServerFactoryInjector.getValue();
                if (!supportedMechanisms.isEmpty()) {
                    // filter non-configured mechanisms out (when we are sure they are not configured)
                    serverFactory = new FilterMechanismSaslServerFactory(serverFactory, true, supportedMechanisms);
                    // sort mechanisms using the configured order
                    serverFactory = new SortedMechanismSaslServerFactory(serverFactory, supportedMechanisms.toArray(new String[supportedMechanisms.size()]));
                } else {
                    // no mechanisms were configured, sort mechanisms by strength
                    serverFactory = new SortedMechanismSaslServerFactory(serverFactory, AuthenticationFactoryDefinitions::compareSasl);
                }
                SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder().setSecurityDomain(securityDomainInjector.getValue()).setFactory(serverFactory);
                buildMechanismConfiguration(resolvedMechanismConfigurations, builder);
                return builder.build();
            };
        }
    };
    return wrap(new TrivialResourceDefinition(ElytronDescriptionConstants.SASL_AUTHENTICATION_FACTORY, add, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY), AuthenticationFactoryDefinitions::getAvailableSaslMechanisms);
}
Also used : OperationContext(org.jboss.as.controller.OperationContext) InjectedValue(org.jboss.msc.value.InjectedValue) SortedMechanismSaslServerFactory(org.wildfly.security.sasl.util.SortedMechanismSaslServerFactory) FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory) SaslServerFactory(javax.security.sasl.SaslServerFactory) SimpleAttributeDefinitionBuilder(org.jboss.as.controller.SimpleAttributeDefinitionBuilder) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) ObjectListAttributeDefinition(org.jboss.as.controller.ObjectListAttributeDefinition) ObjectTypeAttributeDefinition(org.jboss.as.controller.ObjectTypeAttributeDefinition) AttributeDefinition(org.jboss.as.controller.AttributeDefinition) SimpleAttributeDefinition(org.jboss.as.controller.SimpleAttributeDefinition) SortedMechanismSaslServerFactory(org.wildfly.security.sasl.util.SortedMechanismSaslServerFactory) ServiceBuilder(org.jboss.msc.service.ServiceBuilder) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SaslAuthenticationFactory(org.wildfly.security.auth.server.SaslAuthenticationFactory) AbstractAddStepHandler(org.jboss.as.controller.AbstractAddStepHandler) FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory) ModelNode(org.jboss.dmr.ModelNode) SimpleAttributeDefinitionBuilder(org.jboss.as.controller.SimpleAttributeDefinitionBuilder)

Example 3 with FilterMechanismSaslServerFactory

use of org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory in project infinispan by infinispan.

the class ElytronSASLAuthenticationProvider method init.

public void init(ServerConfiguration serverConfiguration, ScheduledExecutorService timeoutExecutor) {
    Provider[] providers = new Provider[] { WildFlyElytronSaslPlainProvider.getInstance(), WildFlyElytronSaslDigestProvider.getInstance(), WildFlyElytronSaslScramProvider.getInstance(), WildFlyElytronSaslExternalProvider.getInstance(), WildFlyElytronSaslLocalUserProvider.getInstance(), WildFlyElytronSaslOAuth2Provider.getInstance(), WildFlyElytronSaslGssapiProvider.getInstance(), WildFlyElytronSaslGs2Provider.getInstance() };
    SecurityProviderSaslServerFactory securityProviderSaslServerFactory = new SecurityProviderSaslServerFactory(() -> providers);
    ServerSecurityRealm realm = serverConfiguration.security().realms().getRealm(name).serverSecurityRealm();
    SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder();
    AggregateSaslServerFactory factory = new AggregateSaslServerFactory(new FilterMechanismSaslServerFactory(securityProviderSaslServerFactory, true, mechanisms));
    builder.setFactory(factory);
    builder.setSecurityDomain(realm.getSecurityDomain());
    MechanismConfiguration.Builder mechConfigurationBuilder = MechanismConfiguration.builder();
    realm.applyServerCredentials(mechConfigurationBuilder, serverPrincipal);
    final MechanismRealmConfiguration.Builder mechRealmBuilder = MechanismRealmConfiguration.builder();
    mechRealmBuilder.setRealmName(name);
    mechConfigurationBuilder.addMechanismRealm(mechRealmBuilder.build());
    builder.setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(mechConfigurationBuilder.build()));
    builder.setScheduledExecutorService(timeoutExecutor);
    saslAuthenticationFactory = builder.build();
}
Also used : SaslAuthenticationFactory(org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory) MechanismRealmConfiguration(org.wildfly.security.auth.server.MechanismRealmConfiguration) MechanismConfiguration(org.wildfly.security.auth.server.MechanismConfiguration) FilterMechanismSaslServerFactory(org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory) SecurityProviderSaslServerFactory(org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory) AggregateSaslServerFactory(org.wildfly.security.sasl.util.AggregateSaslServerFactory) ServerAuthenticationProvider(org.infinispan.server.core.security.ServerAuthenticationProvider) WildFlyElytronSaslOAuth2Provider(org.wildfly.security.sasl.oauth2.WildFlyElytronSaslOAuth2Provider) WildFlyElytronSaslGssapiProvider(org.wildfly.security.sasl.gssapi.WildFlyElytronSaslGssapiProvider) WildFlyElytronSaslDigestProvider(org.wildfly.security.sasl.digest.WildFlyElytronSaslDigestProvider) WildFlyElytronSaslLocalUserProvider(org.wildfly.security.sasl.localuser.WildFlyElytronSaslLocalUserProvider) WildFlyElytronSaslExternalProvider(org.wildfly.security.sasl.external.WildFlyElytronSaslExternalProvider) WildFlyElytronSaslScramProvider(org.wildfly.security.sasl.scram.WildFlyElytronSaslScramProvider) Provider(java.security.Provider) WildFlyElytronSaslPlainProvider(org.wildfly.security.sasl.plain.WildFlyElytronSaslPlainProvider) WildFlyElytronSaslGs2Provider(org.wildfly.security.sasl.gs2.WildFlyElytronSaslGs2Provider)

Aggregations

FilterMechanismSaslServerFactory (org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory)3 SaslServerFactory (javax.security.sasl.SaslServerFactory)2 AbstractAddStepHandler (org.jboss.as.controller.AbstractAddStepHandler)2 AttributeDefinition (org.jboss.as.controller.AttributeDefinition)2 ObjectListAttributeDefinition (org.jboss.as.controller.ObjectListAttributeDefinition)2 ObjectTypeAttributeDefinition (org.jboss.as.controller.ObjectTypeAttributeDefinition)2 OperationContext (org.jboss.as.controller.OperationContext)2 SimpleAttributeDefinition (org.jboss.as.controller.SimpleAttributeDefinition)2 ModelNode (org.jboss.dmr.ModelNode)2 InjectedValue (org.jboss.msc.value.InjectedValue)2 AggregateSaslServerFactory (org.wildfly.security.sasl.util.AggregateSaslServerFactory)2 SecurityProviderSaslServerFactory (org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory)2 Provider (java.security.Provider)1 Pattern (java.util.regex.Pattern)1 ServerAuthenticationProvider (org.infinispan.server.core.security.ServerAuthenticationProvider)1 SimpleAttributeDefinitionBuilder (org.jboss.as.controller.SimpleAttributeDefinitionBuilder)1 ServiceBuilder (org.jboss.msc.service.ServiceBuilder)1 ServiceName (org.jboss.msc.service.ServiceName)1 ServiceTarget (org.jboss.msc.service.ServiceTarget)1 MechanismConfiguration (org.wildfly.security.auth.server.MechanismConfiguration)1