@Override protected void addExtraServices(ServiceTarget target) { super.addExtraServices(target); target .addService(Services.JBOSS_SERVICE_MODULE_LOADER, new ServiceModuleLoader(null)) .install(); target .addService(ContextNames.JAVA_CONTEXT_SERVICE_NAME, new NamingStoreService()) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); target .addService(ContextNames.JBOSS_CONTEXT_SERVICE_NAME, new NamingStoreService()) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); target .addService( IOServices.WORKER.append("default"), new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap())) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); target .addService( IOServices.WORKER.append("non-default"), new WorkerService(OptionMap.builder().set(Options.WORKER_IO_THREADS, 2).getMap())) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); target .addService( IOServices.BUFFER_POOL.append("default"), new BufferPoolService(2048, 2048, true)) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); // ListenerRegistry.Listener listener = new ListenerRegistry.Listener("http", "default", // "default", // InetSocketAddress.createUnresolved("localhost",8080)); target .addService(HttpListenerAdd.REGISTRY_SERVICE_NAME, new HttpListenerRegistryService()) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); target .addService( SecurityRealm.ServiceUtil.createServiceName("UndertowRealm"), new SecurityRealmService("UndertowRealm", false)) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); target .addService( SecurityRealm.ServiceUtil.createServiceName("other"), new SecurityRealmService("other", false)) .setInitialMode(ServiceController.Mode.ACTIVE) .install(); }
/** * Utility method to create the ServiceName for services that provide {@code LdapSearcherCache} * instances. * * @param realmName - The name of the realm the {@code LdapUserSearcher} is associated with. * @param forAuthentication - Is this for user loading during authentication or during * authorization for user / group loading. * @param forUserSearch - Is this for user searching or group loading. * @return The constructed ServiceName. */ public static ServiceName createServiceName( final boolean forAuthentication, final boolean forUserSearch, final String realmName) { return SecurityRealm.ServiceUtil.createServiceName(realmName) .append( String.format( SERVICE_SUFFIX, forAuthentication ? AUTHENTICATION : AUTHORIZATION, forUserSearch ? USER : GROUP)); }
private AuthorizingCallbackHandler getAuthorizingCallbackHandler(final String realmName) { SecurityRealm realm; if (TEST_REALM.equals(realmName)) { realm = securityRealm; } else { ServiceContainer container = getContainer(); ServiceController<?> service = container.getRequiredService(SecurityRealm.ServiceUtil.createServiceName(realmName)); realm = (SecurityRealm) service.getValue(); } return realm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN); }
public static ServiceName createServiceName(final String realmName) { return SecurityRealm.ServiceUtil.createServiceName(realmName).append(SERVICE_SUFFIX); }
protected void installServices( final OperationContext context, final String realmName, final ModelNode model, final ServiceVerificationHandler verificationHandler, final List<ServiceController<?>> newControllers) throws OperationFailedException { final ModelNode plugIns = model.hasDefined(PLUG_IN) ? model.get(PLUG_IN) : null; final ModelNode authentication = model.hasDefined(AUTHENTICATION) ? model.get(AUTHENTICATION) : null; final ModelNode authorization = model.hasDefined(AUTHORIZATION) ? model.get(AUTHORIZATION) : null; final ModelNode serverIdentities = model.hasDefined(SERVER_IDENTITY) ? model.get(SERVER_IDENTITY) : null; final ServiceTarget serviceTarget = context.getServiceTarget(); final boolean mapGroupsToRoles = SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES .resolveModelAttribute(context, model) .asBoolean(); final SecurityRealmService securityRealmService = new SecurityRealmService(realmName, mapGroupsToRoles); final ServiceName realmServiceName = SecurityRealm.ServiceUtil.createServiceName(realmName); ServiceBuilder<?> realmBuilder = serviceTarget.addService(realmServiceName, securityRealmService); final boolean shareLdapConnections = shareLdapConnection(context, authentication, authorization); ModelNode authTruststore = null; if (plugIns != null) { addPlugInLoaderService(realmName, plugIns, serviceTarget, newControllers); } InjectedSetValue<CallbackHandlerService> injectorSet = securityRealmService.getCallbackHandlerService(); if (authentication != null) { // Authentication can have a truststore defined at the same time as a username/password based // mechanism. // // In this case it is expected certificate based authentication will first occur with a // fallback to username/password // based authentication. if (authentication.hasDefined(TRUSTSTORE)) { authTruststore = authentication.require(TRUSTSTORE); addClientCertService( realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector()); } if (authentication.hasDefined(LOCAL)) { addLocalService( context, authentication.require(LOCAL), realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector()); } if (authentication.hasDefined(JAAS)) { addJaasService( context, authentication.require(JAAS), realmName, serviceTarget, newControllers, context.isNormalServer(), realmBuilder, injectorSet.injector()); } else if (authentication.hasDefined(LDAP)) { addLdapService( context, authentication.require(LDAP), realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector(), shareLdapConnections); } else if (authentication.hasDefined(PLUG_IN)) { addPlugInAuthenticationService( context, authentication.require(PLUG_IN), realmName, securityRealmService, serviceTarget, newControllers, realmBuilder, injectorSet.injector()); } else if (authentication.hasDefined(PROPERTIES)) { addPropertiesAuthenticationService( context, authentication.require(PROPERTIES), realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector()); } else if (authentication.hasDefined(USERS)) { addUsersService( context, authentication.require(USERS), realmName, serviceTarget, newControllers, realmBuilder, injectorSet.injector()); } } if (authorization != null) { if (authorization.hasDefined(PROPERTIES)) { addPropertiesAuthorizationService( context, authorization.require(PROPERTIES), realmName, serviceTarget, newControllers, realmBuilder, securityRealmService.getSubjectSupplementalInjector()); } else if (authorization.hasDefined(PLUG_IN)) { addPlugInAuthorizationService( context, authorization.require(PLUG_IN), realmName, serviceTarget, newControllers, realmBuilder, securityRealmService.getSubjectSupplementalInjector()); } else if (authorization.hasDefined(LDAP)) { addLdapAuthorizationService( context, authorization.require(LDAP), realmName, serviceTarget, newControllers, realmBuilder, securityRealmService.getSubjectSupplementalInjector(), shareLdapConnections); } } ModelNode ssl = null; if (serverIdentities != null) { if (serverIdentities.hasDefined(SSL)) { ssl = serverIdentities.require(SSL); } if (serverIdentities.hasDefined(SECRET)) { addSecretService( context, serverIdentities.require(SECRET), realmName, serviceTarget, newControllers, realmBuilder, securityRealmService.getSecretCallbackFactory()); } } if (ssl != null || authTruststore != null) { addSSLService( context, ssl, authTruststore, realmName, serviceTarget, newControllers, realmBuilder, securityRealmService.getSSLIdentityInjector()); } realmBuilder.setInitialMode(Mode.ACTIVE); ServiceController<?> sc = realmBuilder.install(); if (newControllers != null) { newControllers.add(sc); } }