@Override
    protected void addExtraServices(ServiceTarget target) {
      super.addExtraServices(target);
      target
          .addService(Services.JBOSS_SERVICE_MODULE_LOADER, new ServiceModuleLoader(null))
          .install();
      target
          .addService(ContextNames.JAVA_CONTEXT_SERVICE_NAME, new NamingStoreService())
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
      target
          .addService(ContextNames.JBOSS_CONTEXT_SERVICE_NAME, new NamingStoreService())
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              IOServices.WORKER.append("default"),
              new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              IOServices.WORKER.append("non-default"),
              new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              IOServices.BUFFER_POOL.append("default"), new BufferPoolService(2048, 2048, true))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
      // ListenerRegistry.Listener listener = new ListenerRegistry.Listener("http", "default",
      // "default",
      // InetSocketAddress.createUnresolved("localhost",8080));
      target
          .addService(HttpListenerAdd.REGISTRY_SERVICE_NAME, new HttpListenerRegistryService())
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              SecurityRealm.ServiceUtil.createServiceName("UndertowRealm"),
              new SecurityRealmService("UndertowRealm", false))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
      target
          .addService(
              SecurityRealm.ServiceUtil.createServiceName("other"),
              new SecurityRealmService("other", false))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
    }
Esempio n. 2
0
 /**
  * Utility method to create the ServiceName for services that provide {@code LdapSearcherCache}
  * instances.
  *
  * @param realmName - The name of the realm the {@code LdapUserSearcher} is associated with.
  * @param forAuthentication - Is this for user loading during authentication or during
  *     authorization for user / group loading.
  * @param forUserSearch - Is this for user searching or group loading.
  * @return The constructed ServiceName.
  */
 public static ServiceName createServiceName(
     final boolean forAuthentication, final boolean forUserSearch, final String realmName) {
   return SecurityRealm.ServiceUtil.createServiceName(realmName)
       .append(
           String.format(
               SERVICE_SUFFIX,
               forAuthentication ? AUTHENTICATION : AUTHORIZATION,
               forUserSearch ? USER : GROUP));
 }
Esempio n. 3
0
  private AuthorizingCallbackHandler getAuthorizingCallbackHandler(final String realmName) {
    SecurityRealm realm;
    if (TEST_REALM.equals(realmName)) {
      realm = securityRealm;
    } else {
      ServiceContainer container = getContainer();
      ServiceController<?> service =
          container.getRequiredService(SecurityRealm.ServiceUtil.createServiceName(realmName));

      realm = (SecurityRealm) service.getValue();
    }

    return realm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN);
  }
Esempio n. 4
0
  @Override
  void configureAdditionalDependencies(
      OperationContext context,
      ServiceBuilder<? extends AbstractListenerService> serviceBuilder,
      ModelNode model,
      AbstractListenerService service)
      throws OperationFailedException {
    serviceBuilder.addDependency(
        HttpListenerAdd.REGISTRY_SERVICE_NAME,
        ListenerRegistry.class,
        ((HttpListenerService) service).getHttpListenerRegistry());
    final String securityRealm =
        HttpsListenerResourceDefinition.SECURITY_REALM
            .resolveModelAttribute(context, model)
            .asString();

    SecurityRealm.ServiceUtil.addDependency(
        serviceBuilder, ((HttpsListenerService) service).getSecurityRealm(), securityRealm, false);
  }
 public static ServiceName createServiceName(final String realmName) {
   return SecurityRealm.ServiceUtil.createServiceName(realmName).append(SERVICE_SUFFIX);
 }
  static ServiceController<FilterService> install(
      String name, ServiceTarget serviceTarget, ModelNode model, OperationContext operationContext)
      throws OperationFailedException {
    String securityKey = null;
    ModelNode securityKeyNode =
        ModClusterDefinition.SECURITY_KEY.resolveModelAttribute(operationContext, model);
    if (securityKeyNode.isDefined()) {
      securityKey = securityKeyNode.asString();
    }

    String managementAccessPredicateString = null;
    ModelNode managementAccessPredicateNode =
        ModClusterDefinition.MANAGEMENT_ACCESS_PREDICATE.resolveModelAttribute(
            operationContext, model);
    if (managementAccessPredicateNode.isDefined()) {
      managementAccessPredicateString = managementAccessPredicateNode.asString();
    }
    Predicate managementAccessPredicate = null;
    if (managementAccessPredicateString != null) {
      managementAccessPredicate =
          PredicateParser.parse(
              managementAccessPredicateString, ModClusterService.class.getClassLoader());
    }
    final ModelNode securityRealm =
        ModClusterDefinition.SECURITY_REALM.resolveModelAttribute(operationContext, model);

    ModClusterService service =
        new ModClusterService(
            model,
            ModClusterDefinition.HEALTH_CHECK_INTERVAL
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.MAX_REQUEST_TIME
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.BROKEN_NODE_TIMEOUT
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.ADVERTISE_FREQUENCY
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.ADVERTISE_PATH
                .resolveModelAttribute(operationContext, model)
                .asString(),
            ModClusterDefinition.ADVERTISE_PROTOCOL
                .resolveModelAttribute(operationContext, model)
                .asString(),
            securityKey,
            managementAccessPredicate,
            ModClusterDefinition.CONNECTIONS_PER_THREAD
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.CACHED_CONNECTIONS_PER_THREAD
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.CONNECTION_IDLE_TIMEOUT
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.REQUEST_QUEUE_SIZE
                .resolveModelAttribute(operationContext, model)
                .asInt(),
            ModClusterDefinition.USE_ALIAS
                .resolveModelAttribute(operationContext, model)
                .asBoolean());
    ServiceBuilder<FilterService> builder =
        serviceTarget.addService(UndertowService.FILTER.append(name), service);
    builder.addDependency(
        SocketBinding.JBOSS_BINDING_NAME.append(
            ModClusterDefinition.MANAGEMENT_SOCKET_BINDING
                .resolveModelAttribute(operationContext, model)
                .asString()),
        SocketBinding.class,
        service.managementSocketBinding);
    builder.addDependency(
        SocketBinding.JBOSS_BINDING_NAME.append(
            ModClusterDefinition.ADVERTISE_SOCKET_BINDING
                .resolveModelAttribute(operationContext, model)
                .asString()),
        SocketBinding.class,
        service.advertiseSocketBinding);
    builder.addDependency(
        IOServices.WORKER.append(
            ModClusterDefinition.WORKER.resolveModelAttribute(operationContext, model).asString()),
        XnioWorker.class,
        service.workerInjectedValue);

    if (securityRealm.isDefined()) {
      SecurityRealm.ServiceUtil.addDependency(
          builder, service.securityRealm, securityRealm.asString(), false);
    }

    return builder.install();
  }
  protected void installServices(
      final OperationContext context,
      final String realmName,
      final ModelNode model,
      final ServiceVerificationHandler verificationHandler,
      final List<ServiceController<?>> newControllers)
      throws OperationFailedException {
    final ModelNode plugIns = model.hasDefined(PLUG_IN) ? model.get(PLUG_IN) : null;
    final ModelNode authentication =
        model.hasDefined(AUTHENTICATION) ? model.get(AUTHENTICATION) : null;
    final ModelNode authorization =
        model.hasDefined(AUTHORIZATION) ? model.get(AUTHORIZATION) : null;
    final ModelNode serverIdentities =
        model.hasDefined(SERVER_IDENTITY) ? model.get(SERVER_IDENTITY) : null;

    final ServiceTarget serviceTarget = context.getServiceTarget();

    final boolean mapGroupsToRoles =
        SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES
            .resolveModelAttribute(context, model)
            .asBoolean();
    final SecurityRealmService securityRealmService =
        new SecurityRealmService(realmName, mapGroupsToRoles);
    final ServiceName realmServiceName = SecurityRealm.ServiceUtil.createServiceName(realmName);
    ServiceBuilder<?> realmBuilder =
        serviceTarget.addService(realmServiceName, securityRealmService);

    final boolean shareLdapConnections =
        shareLdapConnection(context, authentication, authorization);
    ModelNode authTruststore = null;
    if (plugIns != null) {
      addPlugInLoaderService(realmName, plugIns, serviceTarget, newControllers);
    }
    InjectedSetValue<CallbackHandlerService> injectorSet =
        securityRealmService.getCallbackHandlerService();
    if (authentication != null) {
      // Authentication can have a truststore defined at the same time as a username/password based
      // mechanism.
      //
      // In this case it is expected certificate based authentication will first occur with a
      // fallback to username/password
      // based authentication.
      if (authentication.hasDefined(TRUSTSTORE)) {
        authTruststore = authentication.require(TRUSTSTORE);
        addClientCertService(
            realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector());
      }
      if (authentication.hasDefined(LOCAL)) {
        addLocalService(
            context,
            authentication.require(LOCAL),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      }
      if (authentication.hasDefined(JAAS)) {
        addJaasService(
            context,
            authentication.require(JAAS),
            realmName,
            serviceTarget,
            newControllers,
            context.isNormalServer(),
            realmBuilder,
            injectorSet.injector());
      } else if (authentication.hasDefined(LDAP)) {
        addLdapService(
            context,
            authentication.require(LDAP),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector(),
            shareLdapConnections);
      } else if (authentication.hasDefined(PLUG_IN)) {
        addPlugInAuthenticationService(
            context,
            authentication.require(PLUG_IN),
            realmName,
            securityRealmService,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      } else if (authentication.hasDefined(PROPERTIES)) {
        addPropertiesAuthenticationService(
            context,
            authentication.require(PROPERTIES),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      } else if (authentication.hasDefined(USERS)) {
        addUsersService(
            context,
            authentication.require(USERS),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      }
    }
    if (authorization != null) {
      if (authorization.hasDefined(PROPERTIES)) {
        addPropertiesAuthorizationService(
            context,
            authorization.require(PROPERTIES),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSubjectSupplementalInjector());
      } else if (authorization.hasDefined(PLUG_IN)) {
        addPlugInAuthorizationService(
            context,
            authorization.require(PLUG_IN),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSubjectSupplementalInjector());
      } else if (authorization.hasDefined(LDAP)) {
        addLdapAuthorizationService(
            context,
            authorization.require(LDAP),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSubjectSupplementalInjector(),
            shareLdapConnections);
      }
    }

    ModelNode ssl = null;
    if (serverIdentities != null) {
      if (serverIdentities.hasDefined(SSL)) {
        ssl = serverIdentities.require(SSL);
      }
      if (serverIdentities.hasDefined(SECRET)) {
        addSecretService(
            context,
            serverIdentities.require(SECRET),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSecretCallbackFactory());
      }
    }

    if (ssl != null || authTruststore != null) {
      addSSLService(
          context,
          ssl,
          authTruststore,
          realmName,
          serviceTarget,
          newControllers,
          realmBuilder,
          securityRealmService.getSSLIdentityInjector());
    }

    realmBuilder.setInitialMode(Mode.ACTIVE);
    ServiceController<?> sc = realmBuilder.install();
    if (newControllers != null) {
      newControllers.add(sc);
    }
  }