public IoFuture<Connection> connect( CallbackHandler handler, Map<String, String> saslOptions, SSLContext sslContext) throws IOException { OptionMap.Builder builder = OptionMap.builder(); builder.addAll(configuration.getOptionMap()); builder.set(SASL_POLICY_NOANONYMOUS, Boolean.FALSE); builder.set(SASL_POLICY_NOPLAINTEXT, Boolean.FALSE); if (isLocal() == false) { builder.set(Options.SASL_DISALLOWED_MECHANISMS, Sequence.of(JBOSS_LOCAL_USER)); } List<Property> tempProperties = new ArrayList<Property>(saslOptions != null ? saslOptions.size() : 1); tempProperties.add(Property.of("jboss.sasl.local-user.quiet-auth", "true")); if (saslOptions != null) { for (String currentKey : saslOptions.keySet()) { tempProperties.add(Property.of(currentKey, saslOptions.get(currentKey))); } } builder.set(Options.SASL_PROPERTIES, Sequence.of(tempProperties)); builder.set(Options.SSL_ENABLED, true); builder.set(Options.SSL_STARTTLS, true); CallbackHandler actualHandler = handler != null ? handler : new AnonymousCallbackHandler(); return endpoint.connect(uri, builder.getMap(), actualHandler, sslContext); }
// This duplicates the RealmSecurityProvider of AS7 to mimic the same security set-up private OptionMap createOptionMap() { List<String> mechanisms = new LinkedList<String>(); Set<Property> properties = new HashSet<Property>(); Builder builder = OptionMap.builder(); if (saslMechanisms.contains(JBOSS_LOCAL_USER)) { mechanisms.add(JBOSS_LOCAL_USER); builder.set(SASL_POLICY_NOPLAINTEXT, false); properties.add(Property.of(LOCAL_DEFAULT_USER, DOLLAR_LOCAL)); } if (saslMechanisms.contains(DIGEST_MD5)) { mechanisms.add(DIGEST_MD5); properties.add(Property.of(REALM_PROPERTY, REALM)); } if (saslMechanisms.contains(PLAIN)) { mechanisms.add(PLAIN); builder.set(SASL_POLICY_NOPLAINTEXT, false); } if (saslMechanisms.isEmpty() || saslMechanisms.contains(ANONYMOUS)) { mechanisms.add(ANONYMOUS); builder.set(SASL_POLICY_NOANONYMOUS, false); } // TODO - SSL Options will be added in a subsequent task. builder.set(SSL_ENABLED, false); builder.set(SASL_MECHANISMS, Sequence.of(mechanisms)); builder.set(SASL_PROPERTIES, Sequence.of(properties)); return builder.getMap(); }
public static ChannelServer create(final Configuration configuration) throws IOException { if (configuration == null) { throw new IllegalArgumentException("Null configuration"); } configuration.validate(); final Endpoint endpoint = Remoting.createEndpoint(configuration.getEndpointName(), configuration.getOptionMap()); Registration registration = endpoint.addConnectionProvider( configuration.getUriScheme(), new RemoteConnectionProviderFactory(), OptionMap.create(Options.SSL_ENABLED, Boolean.FALSE)); final NetworkServerProvider networkServerProvider = endpoint.getConnectionProviderInterface( configuration.getUriScheme(), NetworkServerProvider.class); SimpleServerAuthenticationProvider provider = new SimpleServerAuthenticationProvider(); // There is currently a probable bug in jboss remoting, so the user realm name MUST be the same // as // the endpoint name. provider.addUser("bob", configuration.getEndpointName(), "pass".toCharArray()); AcceptingChannel<? extends ConnectedStreamChannel> streamServer = networkServerProvider.createServer( configuration.getBindAddress(), OptionMap.create(Options.SASL_MECHANISMS, Sequence.of("CRAM-MD5")), provider, null); return new ChannelServer(endpoint, registration, streamServer); }
static OptionMap createOptionMap(final ModelNode parameters) { final OptionMap.Builder builder = OptionMap.builder(); if (parameters.hasDefined(SASL)) { final ModelNode sasl = parameters.require(SASL); builder.set(Options.SASL_SERVER_AUTH, sasl.get(SERVER_AUTH).asBoolean()); builder.set(Options.SASL_STRENGTH, SaslStrength.valueOf(sasl.get(STRENGTH).asString())); builder.set(Options.SASL_QOP, Sequence.of(asQopSet(sasl.get(QOP)))); builder.set(Options.SASL_MECHANISMS, Sequence.of(asStringSet(sasl.get(INCLUDE_MECHANISMS)))); if (sasl.hasDefined(POLICY)) { final ModelNode policy = sasl.require(POLICY); builder.set(Options.SASL_POLICY_FORWARD_SECRECY, policy.get(FORWARD_SECRECY).asBoolean()); builder.set(Options.SASL_POLICY_NOACTIVE, policy.get(NO_ACTIVE).asBoolean()); builder.set(Options.SASL_POLICY_NOANONYMOUS, policy.get(NO_ANONYMOUS).asBoolean()); builder.set(Options.SASL_POLICY_NODICTIONARY, policy.get(NO_DICTIONARY).asBoolean()); builder.set(Options.SASL_POLICY_NOPLAINTEXT, policy.get(NO_PLAIN_TEXT).asBoolean()); builder.set(Options.SASL_POLICY_PASS_CREDENTIALS, policy.get(PASS_CREDENTIALS).asBoolean()); } } return builder.getMap(); }