@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { super.execute(context, operation); // Add a step validating that we have the correct authentication and authorization child resources ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); validationOp = AuthorizationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthorizationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { String realmName = PathAddress.pathAddress(operation.require(ModelDescriptionConstants.OP_ADDR)).getLastElement().getValue(); if(!hasResource(context)) {//realm has been deleted, who cares :) return; } final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS); Set<String> children = resource.getChildrenNames(ModelDescriptionConstants.AUTHENTICATION); if (children.contains(KERBEROS)) { Resource kerberosIdentity = resource.getChild(PathElement.pathElement(SERVER_IDENTITY, KERBEROS)); if (kerberosIdentity == null || kerberosIdentity.getChildrenNames(KEYTAB).size() < 1) { throw DomainManagementLogger.ROOT_LOGGER.kerberosWithoutKeytab(realmName); } } /* * Truststore, Local, and Kerberos can be defined in addition to the username/password mechanism so exclude these from the * validation check. */ children.remove(ModelDescriptionConstants.TRUSTSTORE); children.remove(ModelDescriptionConstants.LOCAL); children.remove(KERBEROS); if (children.size() > 1) { Set<String> invalid = new HashSet<String>(children); invalid.remove(ModelDescriptionConstants.TRUSTSTORE); throw DomainManagementLogger.ROOT_LOGGER.multipleAuthenticationMechanismsDefined(realmName, invalid); } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { super.execute(context, operation); // Add a step validating that we have the correct authentication and authorization child resources ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); validationOp = AuthorizationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthorizationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { String realmName = PathAddress.pathAddress(operation.require(ModelDescriptionConstants.OP_ADDR)).getLastElement().getValue(); if(!hasResource(context)) {//realm has been deleted, who cares :) return; } final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS); Set<String> children = resource.getChildrenNames(ModelDescriptionConstants.AUTHENTICATION); if (children.contains(KERBEROS)) { Resource kerberosIdentity = resource.getChild(PathElement.pathElement(SERVER_IDENTITY, KERBEROS)); if (kerberosIdentity == null || kerberosIdentity.getChildrenNames(KEYTAB).size() < 1) { throw DomainManagementLogger.ROOT_LOGGER.kerberosWithoutKeytab(realmName); } } /* * Truststore, Local, and Kerberos can be defined in addition to the username/password mechanism so exclude these from the * validation check. */ children.remove(ModelDescriptionConstants.TRUSTSTORE); children.remove(ModelDescriptionConstants.LOCAL); children.remove(KERBEROS); if (children.size() > 1) { Set<String> invalid = new HashSet<String>(children); invalid.remove(ModelDescriptionConstants.TRUSTSTORE); throw DomainManagementLogger.ROOT_LOGGER.multipleAuthenticationMechanismsDefined(realmName, invalid); } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); }
@Override protected void updateModel(OperationContext context, ModelNode operation) throws OperationFailedException { // verify that the resource exist before removing it context.readResource(PathAddress.EMPTY_ADDRESS, false); Resource resource = context.removeResource(PathAddress.EMPTY_ADDRESS); recordCapabilitiesAndRequirements(context, operation, resource); if (validateAuthentication && !context.isBooting()) { ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); } // else we know the SecurityRealmAddHandler is part of this overall set of ops and it added AuthenticationValidatingHandler }
@Override protected void updateModel(OperationContext context, ModelNode operation) throws OperationFailedException { // verify that the resource exist before removing it context.readResource(PathAddress.EMPTY_ADDRESS, false); Resource resource = context.removeResource(PathAddress.EMPTY_ADDRESS); recordCapabilitiesAndRequirements(context, operation, resource); if (validateAuthentication && !context.isBooting()) { ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); } // else we know the SecurityRealmAddHandler is part of this overall set of ops and it added AuthenticationValidatingHandler }
@Override protected void updateModel(OperationContext context, ModelNode operation) throws OperationFailedException { final Resource resource = context.createResource(PathAddress.EMPTY_ADDRESS); final ModelNode model = resource.getModel(); for (AttributeDefinition attr : attributeDefinitions) { attr.validateAndSet(operation, model); } if (!context.isBooting()) { if (validateAuthentication) { ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); } if (validateAuthorization) { ModelNode validationOp = AuthorizationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthorizationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); } } // else we know the SecurityRealmAddHandler is part of this overall set of ops and it added the handlers. recordCapabilitiesAndRequirements(context, operation, resource); }
@Override protected void updateModel(OperationContext context, ModelNode operation) throws OperationFailedException { final Resource resource = context.createResource(PathAddress.EMPTY_ADDRESS); final ModelNode model = resource.getModel(); for (AttributeDefinition attr : attributeDefinitions) { attr.validateAndSet(operation, model); } if (!context.isBooting()) { if (validateAuthentication) { ModelNode validationOp = AuthenticationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); } if (validateAuthorization) { ModelNode validationOp = AuthorizationValidatingHandler.createOperation(operation); context.addStep(validationOp, AuthorizationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL); } } // else we know the SecurityRealmAddHandler is part of this overall set of ops and it added the handlers. recordCapabilitiesAndRequirements(context, operation, resource); }