@Override
protected void addExtraServices(ServiceTarget target) {
super.addExtraServices(target);
target
.addService(Services.JBOSS_SERVICE_MODULE_LOADER, new ServiceModuleLoader(null))
.install();
target
.addService(ContextNames.JAVA_CONTEXT_SERVICE_NAME, new NamingStoreService())
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(ContextNames.JBOSS_CONTEXT_SERVICE_NAME, new NamingStoreService())
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
IOServices.WORKER.append("default"),
new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
IOServices.WORKER.append("non-default"),
new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
IOServices.BUFFER_POOL.append("default"), new BufferPoolService(2048, 2048, true))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
// ListenerRegistry.Listener listener = new ListenerRegistry.Listener("http", "default",
// "default",
// InetSocketAddress.createUnresolved("localhost",8080));
target
.addService(HttpListenerAdd.REGISTRY_SERVICE_NAME, new HttpListenerRegistryService())
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
SecurityRealm.ServiceUtil.createServiceName("UndertowRealm"),
new SecurityRealmService("UndertowRealm", false))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
SecurityRealm.ServiceUtil.createServiceName("other"),
new SecurityRealmService("other", false))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
}
/**
* Utility method to create the ServiceName for services that provide {@code LdapSearcherCache}
* instances.
*
* @param realmName - The name of the realm the {@code LdapUserSearcher} is associated with.
* @param forAuthentication - Is this for user loading during authentication or during
* authorization for user / group loading.
* @param forUserSearch - Is this for user searching or group loading.
* @return The constructed ServiceName.
*/
public static ServiceName createServiceName(
final boolean forAuthentication, final boolean forUserSearch, final String realmName) {
return SecurityRealm.ServiceUtil.createServiceName(realmName)
.append(
String.format(
SERVICE_SUFFIX,
forAuthentication ? AUTHENTICATION : AUTHORIZATION,
forUserSearch ? USER : GROUP));
}
private AuthorizingCallbackHandler getAuthorizingCallbackHandler(final String realmName) {
SecurityRealm realm;
if (TEST_REALM.equals(realmName)) {
realm = securityRealm;
} else {
ServiceContainer container = getContainer();
ServiceController<?> service =
container.getRequiredService(SecurityRealm.ServiceUtil.createServiceName(realmName));
realm = (SecurityRealm) service.getValue();
}
return realm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN);
}
public static ServiceName createServiceName(final String realmName) {
return SecurityRealm.ServiceUtil.createServiceName(realmName).append(SERVICE_SUFFIX);
}
protected void installServices(
final OperationContext context,
final String realmName,
final ModelNode model,
final ServiceVerificationHandler verificationHandler,
final List<ServiceController<?>> newControllers)
throws OperationFailedException {
final ModelNode plugIns = model.hasDefined(PLUG_IN) ? model.get(PLUG_IN) : null;
final ModelNode authentication =
model.hasDefined(AUTHENTICATION) ? model.get(AUTHENTICATION) : null;
final ModelNode authorization =
model.hasDefined(AUTHORIZATION) ? model.get(AUTHORIZATION) : null;
final ModelNode serverIdentities =
model.hasDefined(SERVER_IDENTITY) ? model.get(SERVER_IDENTITY) : null;
final ServiceTarget serviceTarget = context.getServiceTarget();
final boolean mapGroupsToRoles =
SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES
.resolveModelAttribute(context, model)
.asBoolean();
final SecurityRealmService securityRealmService =
new SecurityRealmService(realmName, mapGroupsToRoles);
final ServiceName realmServiceName = SecurityRealm.ServiceUtil.createServiceName(realmName);
ServiceBuilder<?> realmBuilder =
serviceTarget.addService(realmServiceName, securityRealmService);
final boolean shareLdapConnections =
shareLdapConnection(context, authentication, authorization);
ModelNode authTruststore = null;
if (plugIns != null) {
addPlugInLoaderService(realmName, plugIns, serviceTarget, newControllers);
}
InjectedSetValue<CallbackHandlerService> injectorSet =
securityRealmService.getCallbackHandlerService();
if (authentication != null) {
// Authentication can have a truststore defined at the same time as a username/password based
// mechanism.
//
// In this case it is expected certificate based authentication will first occur with a
// fallback to username/password
// based authentication.
if (authentication.hasDefined(TRUSTSTORE)) {
authTruststore = authentication.require(TRUSTSTORE);
addClientCertService(
realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector());
}
if (authentication.hasDefined(LOCAL)) {
addLocalService(
context,
authentication.require(LOCAL),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
}
if (authentication.hasDefined(JAAS)) {
addJaasService(
context,
authentication.require(JAAS),
realmName,
serviceTarget,
newControllers,
context.isNormalServer(),
realmBuilder,
injectorSet.injector());
} else if (authentication.hasDefined(LDAP)) {
addLdapService(
context,
authentication.require(LDAP),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector(),
shareLdapConnections);
} else if (authentication.hasDefined(PLUG_IN)) {
addPlugInAuthenticationService(
context,
authentication.require(PLUG_IN),
realmName,
securityRealmService,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
} else if (authentication.hasDefined(PROPERTIES)) {
addPropertiesAuthenticationService(
context,
authentication.require(PROPERTIES),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
} else if (authentication.hasDefined(USERS)) {
addUsersService(
context,
authentication.require(USERS),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
}
}
if (authorization != null) {
if (authorization.hasDefined(PROPERTIES)) {
addPropertiesAuthorizationService(
context,
authorization.require(PROPERTIES),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSubjectSupplementalInjector());
} else if (authorization.hasDefined(PLUG_IN)) {
addPlugInAuthorizationService(
context,
authorization.require(PLUG_IN),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSubjectSupplementalInjector());
} else if (authorization.hasDefined(LDAP)) {
addLdapAuthorizationService(
context,
authorization.require(LDAP),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSubjectSupplementalInjector(),
shareLdapConnections);
}
}
ModelNode ssl = null;
if (serverIdentities != null) {
if (serverIdentities.hasDefined(SSL)) {
ssl = serverIdentities.require(SSL);
}
if (serverIdentities.hasDefined(SECRET)) {
addSecretService(
context,
serverIdentities.require(SECRET),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSecretCallbackFactory());
}
}
if (ssl != null || authTruststore != null) {
addSSLService(
context,
ssl,
authTruststore,
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSSLIdentityInjector());
}
realmBuilder.setInitialMode(Mode.ACTIVE);
ServiceController<?> sc = realmBuilder.install();
if (newControllers != null) {
newControllers.add(sc);
}
}
