use of org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory in project wildfly-core by wildfly.
the class SaslServerDefinitions method getConfigurableSaslServerFactoryDefinition.
static ResourceDefinition getConfigurableSaslServerFactoryDefinition() {
AttributeDefinition[] attributes = new AttributeDefinition[] { SASL_SERVER_FACTORY, SERVER_NAME, PROTOCOL, PROPERTIES, CONFIGURED_FILTERS };
AbstractAddStepHandler add = new SaslServerAddHandler(attributes) {
@Override
protected ServiceBuilder<SaslServerFactory> installService(OperationContext context, ServiceName saslServerFactoryName, ModelNode model) throws OperationFailedException {
final String saslServerFactory = SASL_SERVER_FACTORY.resolveModelAttribute(context, model).asString();
final String protocol = PROTOCOL.resolveModelAttribute(context, model).asStringOrNull();
final String serverName = SERVER_NAME.resolveModelAttribute(context, model).asStringOrNull();
final Map<String, String> propertiesMap;
ModelNode properties = PROPERTIES.resolveModelAttribute(context, model);
if (properties.isDefined()) {
propertiesMap = new HashMap<String, String>();
for (String s : properties.keys()) {
propertiesMap.put(s, properties.require(s).asString());
}
} else {
propertiesMap = null;
}
final Predicate<String> finalFilter;
if (model.hasDefined(ElytronDescriptionConstants.FILTERS)) {
Predicate<String> filter = null;
List<ModelNode> nodes = model.require(ElytronDescriptionConstants.FILTERS).asList();
for (ModelNode current : nodes) {
Predicate<String> currentFilter = (String s) -> true;
String predefinedFilter = PREDEFINED_FILTER.resolveModelAttribute(context, current).asStringOrNull();
if (predefinedFilter != null) {
currentFilter = NamePredicate.valueOf(predefinedFilter).predicate;
} else {
String patternFilter = PATTERN_FILTER.resolveModelAttribute(context, current).asStringOrNull();
if (patternFilter != null) {
final Pattern pattern = Pattern.compile(patternFilter);
currentFilter = (String s) -> pattern.matcher(s).find();
}
}
currentFilter = ENABLING.resolveModelAttribute(context, current).asBoolean() ? currentFilter : currentFilter.negate();
filter = filter == null ? currentFilter : filter.or(currentFilter);
}
finalFilter = filter;
} else {
finalFilter = null;
}
final InjectedValue<SaslServerFactory> saslServerFactoryInjector = new InjectedValue<SaslServerFactory>();
TrivialService<SaslServerFactory> saslServiceFactoryService = new TrivialService<SaslServerFactory>(() -> {
SaslServerFactory theFactory = saslServerFactoryInjector.getValue();
theFactory = new SetMechanismInformationSaslServerFactory(theFactory);
theFactory = protocol != null ? new ProtocolSaslServerFactory(theFactory, protocol) : theFactory;
theFactory = serverName != null ? new ServerNameSaslServerFactory(theFactory, serverName) : theFactory;
theFactory = propertiesMap != null ? new PropertiesSaslServerFactory(theFactory, propertiesMap) : theFactory;
theFactory = finalFilter != null ? new FilterMechanismSaslServerFactory(theFactory, finalFilter) : theFactory;
return theFactory;
});
ServiceTarget serviceTarget = context.getServiceTarget();
ServiceBuilder<SaslServerFactory> serviceBuilder = serviceTarget.addService(saslServerFactoryName, saslServiceFactoryService);
serviceBuilder.addDependency(context.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(SASL_SERVER_FACTORY_CAPABILITY, saslServerFactory), SaslServerFactory.class), SaslServerFactory.class, saslServerFactoryInjector);
return serviceBuilder;
}
};
return wrap(new SaslServerResourceDefinition(ElytronDescriptionConstants.CONFIGURABLE_SASL_SERVER_FACTORY, add, attributes), SaslServerDefinitions::getSaslServerAvailableMechanisms);
}
use of org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory in project wildfly-core by wildfly.
the class AuthenticationFactoryDefinitions method getSaslAuthenticationFactory.
static ResourceDefinition getSaslAuthenticationFactory() {
SimpleAttributeDefinition securityDomainAttribute = new SimpleAttributeDefinitionBuilder(BASE_SECURITY_DOMAIN_REF).setCapabilityReference(SECURITY_DOMAIN_CAPABILITY, SASL_AUTHENTICATION_FACTORY_CAPABILITY).setRestartAllServices().build();
AttributeDefinition mechanismConfigurationAttribute = getMechanismConfiguration(SASL_AUTHENTICATION_FACTORY_CAPABILITY);
AttributeDefinition[] attributes = new AttributeDefinition[] { securityDomainAttribute, SASL_SERVER_FACTORY, mechanismConfigurationAttribute };
AbstractAddStepHandler add = new TrivialAddHandler<SaslAuthenticationFactory>(SaslAuthenticationFactory.class, ServiceController.Mode.ACTIVE, ServiceController.Mode.PASSIVE, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY) {
@Override
protected ValueSupplier<SaslAuthenticationFactory> getValueSupplier(ServiceBuilder<SaslAuthenticationFactory> serviceBuilder, OperationContext context, ModelNode model) throws OperationFailedException {
String securityDomain = securityDomainAttribute.resolveModelAttribute(context, model).asString();
String saslServerFactory = SASL_SERVER_FACTORY.resolveModelAttribute(context, model).asString();
final InjectedValue<SecurityDomain> securityDomainInjector = new InjectedValue<SecurityDomain>();
final InjectedValue<SaslServerFactory> saslServerFactoryInjector = new InjectedValue<SaslServerFactory>();
serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SECURITY_DOMAIN_CAPABILITY, securityDomain), SecurityDomain.class), SecurityDomain.class, securityDomainInjector);
serviceBuilder.addDependency(context.getCapabilityServiceName(buildDynamicCapabilityName(SASL_SERVER_FACTORY_CAPABILITY, saslServerFactory), SaslServerFactory.class), SaslServerFactory.class, saslServerFactoryInjector);
final Set<String> supportedMechanisms = getConfiguredMechanismNames(mechanismConfigurationAttribute, context, model);
final List<ResolvedMechanismConfiguration> resolvedMechanismConfigurations = getResolvedMechanismConfiguration(mechanismConfigurationAttribute, serviceBuilder, context, model);
return () -> {
SaslServerFactory serverFactory = saslServerFactoryInjector.getValue();
if (!supportedMechanisms.isEmpty()) {
// filter non-configured mechanisms out (when we are sure they are not configured)
serverFactory = new FilterMechanismSaslServerFactory(serverFactory, true, supportedMechanisms);
// sort mechanisms using the configured order
serverFactory = new SortedMechanismSaslServerFactory(serverFactory, supportedMechanisms.toArray(new String[supportedMechanisms.size()]));
} else {
// no mechanisms were configured, sort mechanisms by strength
serverFactory = new SortedMechanismSaslServerFactory(serverFactory, AuthenticationFactoryDefinitions::compareSasl);
}
SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder().setSecurityDomain(securityDomainInjector.getValue()).setFactory(serverFactory);
buildMechanismConfiguration(resolvedMechanismConfigurations, builder);
return builder.build();
};
}
};
return wrap(new TrivialResourceDefinition(ElytronDescriptionConstants.SASL_AUTHENTICATION_FACTORY, add, attributes, SASL_AUTHENTICATION_FACTORY_RUNTIME_CAPABILITY), AuthenticationFactoryDefinitions::getAvailableSaslMechanisms);
}
use of org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory in project infinispan by infinispan.
the class ElytronSASLAuthenticationProvider method init.
public void init(ServerConfiguration serverConfiguration, ScheduledExecutorService timeoutExecutor) {
Provider[] providers = new Provider[] { WildFlyElytronSaslPlainProvider.getInstance(), WildFlyElytronSaslDigestProvider.getInstance(), WildFlyElytronSaslScramProvider.getInstance(), WildFlyElytronSaslExternalProvider.getInstance(), WildFlyElytronSaslLocalUserProvider.getInstance(), WildFlyElytronSaslOAuth2Provider.getInstance(), WildFlyElytronSaslGssapiProvider.getInstance(), WildFlyElytronSaslGs2Provider.getInstance() };
SecurityProviderSaslServerFactory securityProviderSaslServerFactory = new SecurityProviderSaslServerFactory(() -> providers);
ServerSecurityRealm realm = serverConfiguration.security().realms().getRealm(name).serverSecurityRealm();
SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder();
AggregateSaslServerFactory factory = new AggregateSaslServerFactory(new FilterMechanismSaslServerFactory(securityProviderSaslServerFactory, true, mechanisms));
builder.setFactory(factory);
builder.setSecurityDomain(realm.getSecurityDomain());
MechanismConfiguration.Builder mechConfigurationBuilder = MechanismConfiguration.builder();
realm.applyServerCredentials(mechConfigurationBuilder, serverPrincipal);
final MechanismRealmConfiguration.Builder mechRealmBuilder = MechanismRealmConfiguration.builder();
mechRealmBuilder.setRealmName(name);
mechConfigurationBuilder.addMechanismRealm(mechRealmBuilder.build());
builder.setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(mechConfigurationBuilder.build()));
builder.setScheduledExecutorService(timeoutExecutor);
saslAuthenticationFactory = builder.build();
}
Aggregations