private void addLdapService(
OperationContext context,
ModelNode ldap,
String realmName,
ServiceTarget serviceTarget,
List<ServiceController<?>> newControllers,
ServiceBuilder<?> realmBuilder,
Injector<CallbackHandlerService> injector,
boolean shareConnection)
throws OperationFailedException {
ServiceName ldapServiceName = UserLdapCallbackHandler.ServiceUtil.createServiceName(realmName);
final String baseDn =
LdapAuthenticationResourceDefinition.BASE_DN
.resolveModelAttribute(context, ldap)
.asString();
ModelNode node =
LdapAuthenticationResourceDefinition.USERNAME_FILTER.resolveModelAttribute(context, ldap);
final String usernameAttribute = node.isDefined() ? node.asString() : null;
node =
LdapAuthenticationResourceDefinition.ADVANCED_FILTER.resolveModelAttribute(context, ldap);
final String advancedFilter = node.isDefined() ? node.asString() : null;
final boolean recursive =
LdapAuthenticationResourceDefinition.RECURSIVE
.resolveModelAttribute(context, ldap)
.asBoolean();
final boolean allowEmptyPasswords =
LdapAuthenticationResourceDefinition.ALLOW_EMPTY_PASSWORDS
.resolveModelAttribute(context, ldap)
.asBoolean();
final String userDn =
LdapAuthenticationResourceDefinition.USER_DN
.resolveModelAttribute(context, ldap)
.asString();
UserLdapCallbackHandler ldapCallbackHandler =
new UserLdapCallbackHandler(
baseDn,
usernameAttribute,
advancedFilter,
recursive,
userDn,
allowEmptyPasswords,
shareConnection);
ServiceBuilder<?> ldapBuilder = serviceTarget.addService(ldapServiceName, ldapCallbackHandler);
String connectionManager =
LdapAuthenticationResourceDefinition.CONNECTION
.resolveModelAttribute(context, ldap)
.asString();
LdapConnectionManagerService.ServiceUtil.addDependency(
ldapBuilder, ldapCallbackHandler.getConnectionManagerInjector(), connectionManager, false);
final ServiceController<?> serviceController = ldapBuilder.setInitialMode(ON_DEMAND).install();
if (newControllers != null) {
newControllers.add(serviceController);
}
CallbackHandlerService.ServiceUtil.addDependency(
realmBuilder, injector, ldapServiceName, false);
}
private void addLdapAuthorizationService(
OperationContext context,
ModelNode ldap,
String realmName,
ServiceTarget serviceTarget,
List<ServiceController<?>> controllers,
ServiceBuilder<?> realmBuilder,
InjectedValue<SubjectSupplementalService> injector,
boolean shareConnection)
throws OperationFailedException {
ServiceName ldapName = LdapSubjectSupplementalService.ServiceUtil.createServiceName(realmName);
Service<LdapUserSearcher> userSearcherService = null;
boolean forceUserDnSearch = false;
if (ldap.hasDefined(USERNAME_TO_DN)) {
ModelNode usernameToDn = ldap.require(USERNAME_TO_DN);
if (usernameToDn.hasDefined(USERNAME_IS_DN)) {
ModelNode usernameIsDn = usernameToDn.require(USERNAME_IS_DN);
forceUserDnSearch =
UserIsDnResourceDefintion.FORCE
.resolveModelAttribute(context, usernameIsDn)
.asBoolean();
userSearcherService = LdapUserSearcherService.createForUsernameIsDn();
} else if (usernameToDn.hasDefined(USERNAME_FILTER)) {
ModelNode usernameFilter = usernameToDn.require(USERNAME_FILTER);
forceUserDnSearch =
UserSearchResourceDefintion.FORCE
.resolveModelAttribute(context, usernameFilter)
.asBoolean();
String baseDn =
UserSearchResourceDefintion.BASE_DN
.resolveModelAttribute(context, usernameFilter)
.asString();
boolean recursive =
UserSearchResourceDefintion.RECURSIVE
.resolveModelAttribute(context, usernameFilter)
.asBoolean();
String userDnAttribute =
UserSearchResourceDefintion.USER_DN_ATTRIBUTE
.resolveModelAttribute(context, usernameFilter)
.asString();
String usernameAttribute =
UserSearchResourceDefintion.ATTRIBUTE
.resolveModelAttribute(context, usernameFilter)
.asString();
userSearcherService =
LdapUserSearcherService.createForUsernameFilter(
baseDn, recursive, userDnAttribute, usernameAttribute);
} else if (usernameToDn.hasDefined(ADVANCED_FILTER)) {
ModelNode advancedFilter = usernameToDn.require(ADVANCED_FILTER);
forceUserDnSearch =
AdvancedUserSearchResourceDefintion.FORCE
.resolveModelAttribute(context, advancedFilter)
.asBoolean();
String baseDn =
AdvancedUserSearchResourceDefintion.BASE_DN
.resolveModelAttribute(context, advancedFilter)
.asString();
boolean recursive =
AdvancedUserSearchResourceDefintion.RECURSIVE
.resolveModelAttribute(context, advancedFilter)
.asBoolean();
String userDnAttribute =
AdvancedUserSearchResourceDefintion.USER_DN_ATTRIBUTE
.resolveModelAttribute(context, advancedFilter)
.asString();
String filter =
AdvancedUserSearchResourceDefintion.FILTER
.resolveModelAttribute(context, advancedFilter)
.asString();
userSearcherService =
LdapUserSearcherService.createForAdvancedFilter(
baseDn, recursive, userDnAttribute, filter);
}
}
if (userSearcherService != null) {
ServiceName userSearcherName = LdapUserSearcher.ServiceUtil.createServiceName(realmName);
ServiceController<LdapUserSearcher> userSearcherController =
serviceTarget
.addService(userSearcherName, userSearcherService)
.setInitialMode(ON_DEMAND)
.install();
controllers.add(userSearcherController);
}
ModelNode groupSearch = ldap.require(GROUP_SEARCH);
Service<LdapGroupSearcher> groupSearcherService = null;
boolean iterative = false;
GroupName groupName = GroupName.DISTINGUISHED_NAME;
if (groupSearch.hasDefined(GROUP_TO_PRINCIPAL)) {
ModelNode groupToPrincipal = groupSearch.require(GROUP_TO_PRINCIPAL);
String baseDn =
GroupToPrincipalResourceDefinition.BASE_DN
.resolveModelAttribute(context, groupToPrincipal)
.asString();
String groupDnAttribute =
GroupToPrincipalResourceDefinition.GROUP_DN_ATTRIBUTE
.resolveModelAttribute(context, groupToPrincipal)
.asString();
groupName =
GroupName.valueOf(
GroupToPrincipalResourceDefinition.GROUP_NAME
.resolveModelAttribute(context, groupToPrincipal)
.asString());
String groupNameAttribute =
GroupToPrincipalResourceDefinition.GROUP_NAME_ATTRIBUTE
.resolveModelAttribute(context, groupToPrincipal)
.asString();
iterative =
GroupToPrincipalResourceDefinition.ITERATIVE
.resolveModelAttribute(context, groupToPrincipal)
.asBoolean();
String principalAttribute =
GroupToPrincipalResourceDefinition.PRINCIPAL_ATTRIBUTE
.resolveModelAttribute(context, groupToPrincipal)
.asString();
boolean recursive =
GroupToPrincipalResourceDefinition.RECURSIVE
.resolveModelAttribute(context, groupToPrincipal)
.asBoolean();
GroupName searchBy =
GroupName.valueOf(
GroupToPrincipalResourceDefinition.SEARCH_BY
.resolveModelAttribute(context, groupToPrincipal)
.asString());
groupSearcherService =
LdapGroupSearcherService.createForGroupToPrincipal(
baseDn,
groupDnAttribute,
groupNameAttribute,
principalAttribute,
recursive,
searchBy);
} else {
ModelNode principalToGroup = groupSearch.require(PRINCIPAL_TO_GROUP);
String groupAttribute =
PrincipalToGroupResourceDefinition.GROUP_ATTRIBUTE
.resolveModelAttribute(context, principalToGroup)
.asString();
String groupDnAttribute =
PrincipalToGroupResourceDefinition.GROUP_DN_ATTRIBUTE
.resolveModelAttribute(context, principalToGroup)
.asString();
groupName =
GroupName.valueOf(
PrincipalToGroupResourceDefinition.GROUP_NAME
.resolveModelAttribute(context, principalToGroup)
.asString());
String groupNameAttribute =
PrincipalToGroupResourceDefinition.GROUP_NAME_ATTRIBUTE
.resolveModelAttribute(context, principalToGroup)
.asString();
iterative =
PrincipalToGroupResourceDefinition.ITERATIVE
.resolveModelAttribute(context, principalToGroup)
.asBoolean();
groupSearcherService =
LdapGroupSearcherService.createForPrincipalToGroup(groupAttribute, groupNameAttribute);
}
ServiceName groupSearcherName = LdapGroupSearcher.ServiceUtil.createServiceName(realmName);
ServiceController<LdapGroupSearcher> groupSearcherController =
serviceTarget
.addService(groupSearcherName, groupSearcherService)
.setInitialMode(ON_DEMAND)
.install();
controllers.add(groupSearcherController);
String connectionName =
LdapAuthorizationResourceDefinition.CONNECTION
.resolveModelAttribute(context, ldap)
.asString();
LdapSubjectSupplementalService service =
new LdapSubjectSupplementalService(
realmName, shareConnection, forceUserDnSearch, iterative, groupName);
ServiceBuilder<SubjectSupplementalService> ldapBuilder =
serviceTarget.addService(ldapName, service).setInitialMode(ON_DEMAND);
LdapConnectionManagerService.ServiceUtil.addDependency(
ldapBuilder, service.getConnectionManagerInjector(), connectionName, false);
if (userSearcherService != null) {
LdapUserSearcher.ServiceUtil.addDependency(
ldapBuilder, service.getLdapUserSearcherInjector(), realmName, false);
}
LdapGroupSearcher.ServiceUtil.addDependency(
ldapBuilder, service.getLdapGroupSearcherInjector(), realmName, false);
controllers.add(ldapBuilder.install());
SubjectSupplementalService.ServiceUtil.addDependency(realmBuilder, injector, ldapName, false);
}