@Override
protected void addExtraServices(ServiceTarget target) {
super.addExtraServices(target);
target
.addService(Services.JBOSS_SERVICE_MODULE_LOADER, new ServiceModuleLoader(null))
.install();
target
.addService(ContextNames.JAVA_CONTEXT_SERVICE_NAME, new NamingStoreService())
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(ContextNames.JBOSS_CONTEXT_SERVICE_NAME, new NamingStoreService())
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
IOServices.WORKER.append("default"),
new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
IOServices.WORKER.append("non-default"),
new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
IOServices.BUFFER_POOL.append("default"), new BufferPoolService(2048, 2048, true))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
// ListenerRegistry.Listener listener = new ListenerRegistry.Listener("http", "default",
// "default",
// InetSocketAddress.createUnresolved("localhost",8080));
target
.addService(HttpListenerAdd.REGISTRY_SERVICE_NAME, new HttpListenerRegistryService())
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
SecurityRealm.ServiceUtil.createServiceName("UndertowRealm"),
new SecurityRealmService("UndertowRealm", false))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
target
.addService(
SecurityRealm.ServiceUtil.createServiceName("other"),
new SecurityRealmService("other", false))
.setInitialMode(ServiceController.Mode.ACTIVE)
.install();
}
/**
* Utility method to create the ServiceName for services that provide {@code LdapSearcherCache}
* instances.
*
* @param realmName - The name of the realm the {@code LdapUserSearcher} is associated with.
* @param forAuthentication - Is this for user loading during authentication or during
* authorization for user / group loading.
* @param forUserSearch - Is this for user searching or group loading.
* @return The constructed ServiceName.
*/
public static ServiceName createServiceName(
final boolean forAuthentication, final boolean forUserSearch, final String realmName) {
return SecurityRealm.ServiceUtil.createServiceName(realmName)
.append(
String.format(
SERVICE_SUFFIX,
forAuthentication ? AUTHENTICATION : AUTHORIZATION,
forUserSearch ? USER : GROUP));
}
private AuthorizingCallbackHandler getAuthorizingCallbackHandler(final String realmName) {
SecurityRealm realm;
if (TEST_REALM.equals(realmName)) {
realm = securityRealm;
} else {
ServiceContainer container = getContainer();
ServiceController<?> service =
container.getRequiredService(SecurityRealm.ServiceUtil.createServiceName(realmName));
realm = (SecurityRealm) service.getValue();
}
return realm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN);
}
@Override
void configureAdditionalDependencies(
OperationContext context,
ServiceBuilder<? extends AbstractListenerService> serviceBuilder,
ModelNode model,
AbstractListenerService service)
throws OperationFailedException {
serviceBuilder.addDependency(
HttpListenerAdd.REGISTRY_SERVICE_NAME,
ListenerRegistry.class,
((HttpListenerService) service).getHttpListenerRegistry());
final String securityRealm =
HttpsListenerResourceDefinition.SECURITY_REALM
.resolveModelAttribute(context, model)
.asString();
SecurityRealm.ServiceUtil.addDependency(
serviceBuilder, ((HttpsListenerService) service).getSecurityRealm(), securityRealm, false);
}
public static ServiceName createServiceName(final String realmName) {
return SecurityRealm.ServiceUtil.createServiceName(realmName).append(SERVICE_SUFFIX);
}
static ServiceController<FilterService> install(
String name, ServiceTarget serviceTarget, ModelNode model, OperationContext operationContext)
throws OperationFailedException {
String securityKey = null;
ModelNode securityKeyNode =
ModClusterDefinition.SECURITY_KEY.resolveModelAttribute(operationContext, model);
if (securityKeyNode.isDefined()) {
securityKey = securityKeyNode.asString();
}
String managementAccessPredicateString = null;
ModelNode managementAccessPredicateNode =
ModClusterDefinition.MANAGEMENT_ACCESS_PREDICATE.resolveModelAttribute(
operationContext, model);
if (managementAccessPredicateNode.isDefined()) {
managementAccessPredicateString = managementAccessPredicateNode.asString();
}
Predicate managementAccessPredicate = null;
if (managementAccessPredicateString != null) {
managementAccessPredicate =
PredicateParser.parse(
managementAccessPredicateString, ModClusterService.class.getClassLoader());
}
final ModelNode securityRealm =
ModClusterDefinition.SECURITY_REALM.resolveModelAttribute(operationContext, model);
ModClusterService service =
new ModClusterService(
model,
ModClusterDefinition.HEALTH_CHECK_INTERVAL
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.MAX_REQUEST_TIME
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.BROKEN_NODE_TIMEOUT
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.ADVERTISE_FREQUENCY
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.ADVERTISE_PATH
.resolveModelAttribute(operationContext, model)
.asString(),
ModClusterDefinition.ADVERTISE_PROTOCOL
.resolveModelAttribute(operationContext, model)
.asString(),
securityKey,
managementAccessPredicate,
ModClusterDefinition.CONNECTIONS_PER_THREAD
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.CACHED_CONNECTIONS_PER_THREAD
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.CONNECTION_IDLE_TIMEOUT
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.REQUEST_QUEUE_SIZE
.resolveModelAttribute(operationContext, model)
.asInt(),
ModClusterDefinition.USE_ALIAS
.resolveModelAttribute(operationContext, model)
.asBoolean());
ServiceBuilder<FilterService> builder =
serviceTarget.addService(UndertowService.FILTER.append(name), service);
builder.addDependency(
SocketBinding.JBOSS_BINDING_NAME.append(
ModClusterDefinition.MANAGEMENT_SOCKET_BINDING
.resolveModelAttribute(operationContext, model)
.asString()),
SocketBinding.class,
service.managementSocketBinding);
builder.addDependency(
SocketBinding.JBOSS_BINDING_NAME.append(
ModClusterDefinition.ADVERTISE_SOCKET_BINDING
.resolveModelAttribute(operationContext, model)
.asString()),
SocketBinding.class,
service.advertiseSocketBinding);
builder.addDependency(
IOServices.WORKER.append(
ModClusterDefinition.WORKER.resolveModelAttribute(operationContext, model).asString()),
XnioWorker.class,
service.workerInjectedValue);
if (securityRealm.isDefined()) {
SecurityRealm.ServiceUtil.addDependency(
builder, service.securityRealm, securityRealm.asString(), false);
}
return builder.install();
}
protected void installServices(
final OperationContext context,
final String realmName,
final ModelNode model,
final ServiceVerificationHandler verificationHandler,
final List<ServiceController<?>> newControllers)
throws OperationFailedException {
final ModelNode plugIns = model.hasDefined(PLUG_IN) ? model.get(PLUG_IN) : null;
final ModelNode authentication =
model.hasDefined(AUTHENTICATION) ? model.get(AUTHENTICATION) : null;
final ModelNode authorization =
model.hasDefined(AUTHORIZATION) ? model.get(AUTHORIZATION) : null;
final ModelNode serverIdentities =
model.hasDefined(SERVER_IDENTITY) ? model.get(SERVER_IDENTITY) : null;
final ServiceTarget serviceTarget = context.getServiceTarget();
final boolean mapGroupsToRoles =
SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES
.resolveModelAttribute(context, model)
.asBoolean();
final SecurityRealmService securityRealmService =
new SecurityRealmService(realmName, mapGroupsToRoles);
final ServiceName realmServiceName = SecurityRealm.ServiceUtil.createServiceName(realmName);
ServiceBuilder<?> realmBuilder =
serviceTarget.addService(realmServiceName, securityRealmService);
final boolean shareLdapConnections =
shareLdapConnection(context, authentication, authorization);
ModelNode authTruststore = null;
if (plugIns != null) {
addPlugInLoaderService(realmName, plugIns, serviceTarget, newControllers);
}
InjectedSetValue<CallbackHandlerService> injectorSet =
securityRealmService.getCallbackHandlerService();
if (authentication != null) {
// Authentication can have a truststore defined at the same time as a username/password based
// mechanism.
//
// In this case it is expected certificate based authentication will first occur with a
// fallback to username/password
// based authentication.
if (authentication.hasDefined(TRUSTSTORE)) {
authTruststore = authentication.require(TRUSTSTORE);
addClientCertService(
realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector());
}
if (authentication.hasDefined(LOCAL)) {
addLocalService(
context,
authentication.require(LOCAL),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
}
if (authentication.hasDefined(JAAS)) {
addJaasService(
context,
authentication.require(JAAS),
realmName,
serviceTarget,
newControllers,
context.isNormalServer(),
realmBuilder,
injectorSet.injector());
} else if (authentication.hasDefined(LDAP)) {
addLdapService(
context,
authentication.require(LDAP),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector(),
shareLdapConnections);
} else if (authentication.hasDefined(PLUG_IN)) {
addPlugInAuthenticationService(
context,
authentication.require(PLUG_IN),
realmName,
securityRealmService,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
} else if (authentication.hasDefined(PROPERTIES)) {
addPropertiesAuthenticationService(
context,
authentication.require(PROPERTIES),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
} else if (authentication.hasDefined(USERS)) {
addUsersService(
context,
authentication.require(USERS),
realmName,
serviceTarget,
newControllers,
realmBuilder,
injectorSet.injector());
}
}
if (authorization != null) {
if (authorization.hasDefined(PROPERTIES)) {
addPropertiesAuthorizationService(
context,
authorization.require(PROPERTIES),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSubjectSupplementalInjector());
} else if (authorization.hasDefined(PLUG_IN)) {
addPlugInAuthorizationService(
context,
authorization.require(PLUG_IN),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSubjectSupplementalInjector());
} else if (authorization.hasDefined(LDAP)) {
addLdapAuthorizationService(
context,
authorization.require(LDAP),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSubjectSupplementalInjector(),
shareLdapConnections);
}
}
ModelNode ssl = null;
if (serverIdentities != null) {
if (serverIdentities.hasDefined(SSL)) {
ssl = serverIdentities.require(SSL);
}
if (serverIdentities.hasDefined(SECRET)) {
addSecretService(
context,
serverIdentities.require(SECRET),
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSecretCallbackFactory());
}
}
if (ssl != null || authTruststore != null) {
addSSLService(
context,
ssl,
authTruststore,
realmName,
serviceTarget,
newControllers,
realmBuilder,
securityRealmService.getSSLIdentityInjector());
}
realmBuilder.setInitialMode(Mode.ACTIVE);
ServiceController<?> sc = realmBuilder.install();
if (newControllers != null) {
newControllers.add(sc);
}
}
