@Override
    protected void addExtraServices(ServiceTarget target) {
      super.addExtraServices(target);
      target
          .addService(Services.JBOSS_SERVICE_MODULE_LOADER, new ServiceModuleLoader(null))
          .install();
      target
          .addService(ContextNames.JAVA_CONTEXT_SERVICE_NAME, new NamingStoreService())
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
      target
          .addService(ContextNames.JBOSS_CONTEXT_SERVICE_NAME, new NamingStoreService())
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              IOServices.WORKER.append("default"),
              new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              IOServices.WORKER.append("non-default"),
              new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap()))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              IOServices.BUFFER_POOL.append("default"), new BufferPoolService(2048, 2048, true))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
      // ListenerRegistry.Listener listener = new ListenerRegistry.Listener("http", "default",
      // "default",
      // InetSocketAddress.createUnresolved("localhost",8080));
      target
          .addService(HttpListenerAdd.REGISTRY_SERVICE_NAME, new HttpListenerRegistryService())
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();

      target
          .addService(
              SecurityRealm.ServiceUtil.createServiceName("UndertowRealm"),
              new SecurityRealmService("UndertowRealm", false))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
      target
          .addService(
              SecurityRealm.ServiceUtil.createServiceName("other"),
              new SecurityRealmService("other", false))
          .setInitialMode(ServiceController.Mode.ACTIVE)
          .install();
    }
示例#2
0
 /**
  * Utility method to create the ServiceName for services that provide {@code LdapSearcherCache}
  * instances.
  *
  * @param realmName - The name of the realm the {@code LdapUserSearcher} is associated with.
  * @param forAuthentication - Is this for user loading during authentication or during
  *     authorization for user / group loading.
  * @param forUserSearch - Is this for user searching or group loading.
  * @return The constructed ServiceName.
  */
 public static ServiceName createServiceName(
     final boolean forAuthentication, final boolean forUserSearch, final String realmName) {
   return SecurityRealm.ServiceUtil.createServiceName(realmName)
       .append(
           String.format(
               SERVICE_SUFFIX,
               forAuthentication ? AUTHENTICATION : AUTHORIZATION,
               forUserSearch ? USER : GROUP));
 }
示例#3
0
  private AuthorizingCallbackHandler getAuthorizingCallbackHandler(final String realmName) {
    SecurityRealm realm;
    if (TEST_REALM.equals(realmName)) {
      realm = securityRealm;
    } else {
      ServiceContainer container = getContainer();
      ServiceController<?> service =
          container.getRequiredService(SecurityRealm.ServiceUtil.createServiceName(realmName));

      realm = (SecurityRealm) service.getValue();
    }

    return realm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN);
  }
 public static ServiceName createServiceName(final String realmName) {
   return SecurityRealm.ServiceUtil.createServiceName(realmName).append(SERVICE_SUFFIX);
 }
  protected void installServices(
      final OperationContext context,
      final String realmName,
      final ModelNode model,
      final ServiceVerificationHandler verificationHandler,
      final List<ServiceController<?>> newControllers)
      throws OperationFailedException {
    final ModelNode plugIns = model.hasDefined(PLUG_IN) ? model.get(PLUG_IN) : null;
    final ModelNode authentication =
        model.hasDefined(AUTHENTICATION) ? model.get(AUTHENTICATION) : null;
    final ModelNode authorization =
        model.hasDefined(AUTHORIZATION) ? model.get(AUTHORIZATION) : null;
    final ModelNode serverIdentities =
        model.hasDefined(SERVER_IDENTITY) ? model.get(SERVER_IDENTITY) : null;

    final ServiceTarget serviceTarget = context.getServiceTarget();

    final boolean mapGroupsToRoles =
        SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES
            .resolveModelAttribute(context, model)
            .asBoolean();
    final SecurityRealmService securityRealmService =
        new SecurityRealmService(realmName, mapGroupsToRoles);
    final ServiceName realmServiceName = SecurityRealm.ServiceUtil.createServiceName(realmName);
    ServiceBuilder<?> realmBuilder =
        serviceTarget.addService(realmServiceName, securityRealmService);

    final boolean shareLdapConnections =
        shareLdapConnection(context, authentication, authorization);
    ModelNode authTruststore = null;
    if (plugIns != null) {
      addPlugInLoaderService(realmName, plugIns, serviceTarget, newControllers);
    }
    InjectedSetValue<CallbackHandlerService> injectorSet =
        securityRealmService.getCallbackHandlerService();
    if (authentication != null) {
      // Authentication can have a truststore defined at the same time as a username/password based
      // mechanism.
      //
      // In this case it is expected certificate based authentication will first occur with a
      // fallback to username/password
      // based authentication.
      if (authentication.hasDefined(TRUSTSTORE)) {
        authTruststore = authentication.require(TRUSTSTORE);
        addClientCertService(
            realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector());
      }
      if (authentication.hasDefined(LOCAL)) {
        addLocalService(
            context,
            authentication.require(LOCAL),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      }
      if (authentication.hasDefined(JAAS)) {
        addJaasService(
            context,
            authentication.require(JAAS),
            realmName,
            serviceTarget,
            newControllers,
            context.isNormalServer(),
            realmBuilder,
            injectorSet.injector());
      } else if (authentication.hasDefined(LDAP)) {
        addLdapService(
            context,
            authentication.require(LDAP),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector(),
            shareLdapConnections);
      } else if (authentication.hasDefined(PLUG_IN)) {
        addPlugInAuthenticationService(
            context,
            authentication.require(PLUG_IN),
            realmName,
            securityRealmService,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      } else if (authentication.hasDefined(PROPERTIES)) {
        addPropertiesAuthenticationService(
            context,
            authentication.require(PROPERTIES),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      } else if (authentication.hasDefined(USERS)) {
        addUsersService(
            context,
            authentication.require(USERS),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            injectorSet.injector());
      }
    }
    if (authorization != null) {
      if (authorization.hasDefined(PROPERTIES)) {
        addPropertiesAuthorizationService(
            context,
            authorization.require(PROPERTIES),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSubjectSupplementalInjector());
      } else if (authorization.hasDefined(PLUG_IN)) {
        addPlugInAuthorizationService(
            context,
            authorization.require(PLUG_IN),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSubjectSupplementalInjector());
      } else if (authorization.hasDefined(LDAP)) {
        addLdapAuthorizationService(
            context,
            authorization.require(LDAP),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSubjectSupplementalInjector(),
            shareLdapConnections);
      }
    }

    ModelNode ssl = null;
    if (serverIdentities != null) {
      if (serverIdentities.hasDefined(SSL)) {
        ssl = serverIdentities.require(SSL);
      }
      if (serverIdentities.hasDefined(SECRET)) {
        addSecretService(
            context,
            serverIdentities.require(SECRET),
            realmName,
            serviceTarget,
            newControllers,
            realmBuilder,
            securityRealmService.getSecretCallbackFactory());
      }
    }

    if (ssl != null || authTruststore != null) {
      addSSLService(
          context,
          ssl,
          authTruststore,
          realmName,
          serviceTarget,
          newControllers,
          realmBuilder,
          securityRealmService.getSSLIdentityInjector());
    }

    realmBuilder.setInitialMode(Mode.ACTIVE);
    ServiceController<?> sc = realmBuilder.install();
    if (newControllers != null) {
      newControllers.add(sc);
    }
  }