/** * Creates a CLI script for adding Security-Domain to AS7 * * @param securityDomain object representing migrated security-domain * @return created string containing the CLI script for adding the Security-Domain * @throws CliScriptException if required attributes are missing */ private static String createSecurityDomainScript(SecurityDomainBean securityDomain) throws CliScriptException { String errMsg = " in security-domain must be set."; Utils.throwIfBlank(securityDomain.getSecurityDomainName(), errMsg, "Security name"); CliAddScriptBuilder builder = new CliAddScriptBuilder(); StringBuilder resultScript = new StringBuilder("/subsystem=security/security-domain="); resultScript.append(securityDomain.getSecurityDomainName()).append(":add("); builder.addProperty("cache-type", securityDomain.getCacheType()); resultScript.append(builder.asString()).append(")"); return resultScript.toString(); }
/** * Creates a CLI script for adding a Login-Module of the specific Security-Domain * * @param domain Security-Domain containing Login-Module * @param module Login-Module * @return created string containing the CLI script for adding the Login-Module */ private static String createLoginModuleScript( SecurityDomainBean domain, LoginModuleAS7Bean module) { StringBuilder resultScript = new StringBuilder("/subsystem=security/security-domain=" + domain.getSecurityDomainName()); resultScript.append("/authentication=classic:add(login-modules=[{"); if ((module.getLoginModuleCode() != null) && !(module.getLoginModuleCode().isEmpty())) { resultScript.append("\"code\"=>\"").append(module.getLoginModuleCode()).append("\""); } if ((module.getLoginModuleFlag() != null) && !(module.getLoginModuleFlag().isEmpty())) { resultScript.append(", \"flag\"=>\"").append(module.getLoginModuleFlag()).append("\""); } if ((module.getModuleOptions() != null) && !(module.getModuleOptions().isEmpty())) { StringBuilder modulesBuilder = new StringBuilder(); for (ModuleOptionAS7Bean moduleOptionAS7 : module.getModuleOptions()) { modulesBuilder.append(", (\"").append(moduleOptionAS7.getModuleOptionName()).append("\"=>"); modulesBuilder.append("\"").append(moduleOptionAS7.getModuleOptionValue()).append("\")"); } String modules = modulesBuilder.toString().replaceFirst(",", ""); modules = modules.replaceFirst(" ", ""); if (!modules.isEmpty()) { resultScript.append(", \"module-option\"=>[").append(modules).append("]"); } } return resultScript.toString(); }
/** * Creates CliCommandAction for adding a Login-Module of the specific Security-Domain * * @param domain Security-Domain containing Login-Module * @param module Login-Module * @return created CliCommandAction for adding the Login-Module */ public static CliCommandAction createLoginModuleCliAction( SecurityDomainBean domain, LoginModuleAS7Bean module) { ModelNode request = new ModelNode(); request.get(ClientConstants.OP).set(ClientConstants.ADD); request.get(ClientConstants.OP_ADDR).add("subsystem", "security"); request.get(ClientConstants.OP_ADDR).add("security-domain", domain.getSecurityDomainName()); request.get(ClientConstants.OP_ADDR).add("authentication", "classic"); ModelNode moduleNode = new ModelNode(); ModelNode list = new ModelNode(); if (module.getModuleOptions() != null) { ModelNode optionNode = new ModelNode(); for (ModuleOptionAS7Bean option : module.getModuleOptions()) { optionNode.get(option.getModuleOptionName()).set(option.getModuleOptionValue()); } moduleNode.get("module-options").set(optionNode); } CliApiCommandBuilder builder = new CliApiCommandBuilder(moduleNode); builder.addProperty("flag", module.getLoginModuleFlag()); builder.addProperty("code", module.getLoginModuleCode()); // Needed for CLI because parameter login-modules requires LIST list.add(builder.getCommand()); request.get("login-modules").set(list); return new CliCommandAction( SecurityMigrator.class, createLoginModuleScript(domain, module), request); }
/** * Migrates application-policy from AS5 to AS7 * * @param appPolicy object representing application-policy * @param ctx migration context * @return created security-domain */ public SecurityDomainBean migrateAppPolicy( ApplicationPolicyBean appPolicy, MigrationContext ctx) { Set<LoginModuleAS7Bean> loginModules = new HashSet(); SecurityDomainBean securityDomain = new SecurityDomainBean(); securityDomain.setSecurityDomainName(appPolicy.getApplicationPolicyName()); securityDomain.setCacheType("default"); if (appPolicy.getLoginModules() != null) { for (LoginModuleAS5Bean lmAS5 : appPolicy.getLoginModules()) { loginModules.add(createLoginModule(lmAS5)); } } securityDomain.setLoginModules(loginModules); return securityDomain; }
/** * Creates a list of CliCommandActions for adding a Security-Domain * * @param domain Security-Domain * @return created list containing CliCommandActions for adding the Security-Domain * @throws CliScriptException if required attributes for a creation of the CLI command of the * Security-Domain are missing or are empty (security-domain-name) */ public static List<CliCommandAction> createSecurityDomainCliAction(SecurityDomainBean domain) throws CliScriptException { String errMsg = " in security-domain must be set."; Utils.throwIfBlank(domain.getSecurityDomainName(), errMsg, "Security name"); List<CliCommandAction> actions = new ArrayList(); ModelNode domainCmd = new ModelNode(); domainCmd.get(ClientConstants.OP).set(ClientConstants.ADD); domainCmd.get(ClientConstants.OP_ADDR).add("subsystem", "security"); domainCmd.get(ClientConstants.OP_ADDR).add("security-domain", domain.getSecurityDomainName()); actions.add( new CliCommandAction( SecurityMigrator.class, createSecurityDomainScript(domain), domainCmd)); if (domain.getLoginModules() != null) { for (LoginModuleAS7Bean module : domain.getLoginModules()) { actions.add(createLoginModuleCliAction(domain, module)); } } return actions; }