public Map<String, String> getMechanismConfig(final AuthMechanism mechanism) { CallbackHandlerService service = getCallbackHandlerService(mechanism); return service.getConfigurationOptions(); }
if (sharedState.containsKey(LOADED_USERNAME_KEY)) { ru = new RealmUser(getName(), (String) sharedState.get(LOADED_USERNAME_KEY)); } else {
final SecurityRealmService securityRealmService = new SecurityRealmService(realmName, mapGroupsToRoles); final ServiceName realmServiceName = SecurityRealm.ServiceUtil.createServiceName(realmName); ServiceBuilder<?> realmBuilder = serviceTarget addPlugInLoaderService(realmName, plugIns, serviceTarget); InjectedSetValue<CallbackHandlerService> injectorSet = securityRealmService.getCallbackHandlerService(); addPropertiesAuthorizationService(context, authorization.require(PROPERTIES), realmName, serviceTarget, realmBuilder, securityRealmService.getSubjectSupplementalInjector()); } else if (authorization.hasDefined(PLUG_IN)) { addPlugInAuthorizationService(context, authorization.require(PLUG_IN), realmName, serviceTarget, realmBuilder, securityRealmService.getSubjectSupplementalInjector()); } else if (authorization.hasDefined(LDAP)) { addLdapAuthorizationService(context, authorization.require(LDAP), realmName, serviceTarget, realmBuilder, securityRealmService.getSubjectSupplementalInjector(), shareLdapConnections); addSecretService(context, serverIdentities.require(SECRET), realmName,serviceTarget, realmBuilder, securityRealmService.getSecretCallbackFactory()); addKerberosIdentityServices(context, serverIdentities.require(KERBEROS), realmName, serviceTarget, realmBuilder, securityRealmService.getKeytabIdentityFactoryInjector()); addSSLServices(context, ssl, authTruststore, realmName, serviceTarget, realmBuilder, securityRealmService.getSSLContextInjector()); realmBuilder.addDependency(tmpDirPath, String.class, securityRealmService.getTmpDirPathInjector()); realmBuilder.setInitialMode(Mode.ACTIVE); realmBuilder.install();
mechanismConfiguration.put(LOCAL_USER_CHALLENGE_PATH, getAuthDir(tmpDirPath.getValue())); mechanismConfiguration.put(WildFlySasl.ALTERNATIVE_PROTOCOLS, "remoting"); final PermissionVerifier permissionVerifier = createPermissionVerifier(); domainBuilder.setPermissionMapper((permissionMappable, roles) -> permissionVerifier); AuthMechanism mechanism = toAuthMechanism(mi.getMechanismType(), mi.getMechanismName()); if (mechanism != null) { final MechanismConfiguration resolved = configurationMap.get(mechanism); builder.setServerCredential((SecurityFactory<Credential>) () -> getGSSKerberosCredential(protocol, mi.getHostName())); httpServerFactory = new SetMechanismInformationMechanismFactory(httpServerFactory); httpServerFactory = new FilterServerMechanismFactory(httpServerFactory, (s) -> { AuthMechanism mechanism = toAuthMechanism("HTTP", s); return mechanism != null && configurationMap.containsKey(mechanism); }); AuthMechanism mechanism = toAuthMechanism("SASL", s); return mechanism != null && configurationMap.containsKey(mechanism); });
Set<AuthMechanism> authMechanisms = getSupportedAuthenticationMechanisms(); AuthMechanism authMechanism = toAuthMechanism("SASL", iter.next()); if(authMechanism != null && (registeredServices.containsKey(authMechanism) || (authMechanism == AuthMechanism.PLAIN && registeredServices.containsKey(AuthMechanism.DIGEST)))) { iter.remove(); throw ROOT_LOGGER.legacyMechanismsAreNotSupported(requestedMechanisms.stream().collect(Collectors.joining(", ")), getName()); if(getSupportedAuthenticationMechanisms() != null) { tmpMechanismConfiguration.put(Sasl.POLICY_NOANONYMOUS, String.valueOf(policyNoanonymous)); AuthMechanism authMechanism = toAuthMechanism("SASL", mechanismName); CallbackHandlerService currentService = registeredServices.get(authMechanism); return getSaslAuthenticationFactory();
domainBuilder.addRealm("default", SecurityRealm.EMPTY_REALM).build(); domainBuilder.setDefaultRealmName("default"); domainBuilder.setPermissionMapper((permissionMappable, roles) -> SecurityRealmService.createPermissionVerifier()); final SaslAuthenticationFactory.Builder authBuilder = SaslAuthenticationFactory.builder(); authBuilder.setSecurityDomain(domainBuilder.build());
@Override public void start(StartContext startContext) throws StartException { HttpHandler handler = remoteHttpInvokerServiceInjectedValue.getValue(); if(httpAuthenticationFactoryInjectedValue.getOptionalValue() != null) { handler = secureAccess(handler, httpAuthenticationFactoryInjectedValue.getOptionalValue()); } else if(realmService.getOptionalValue() != null) { handler = secureAccess(handler, realmService.getOptionalValue().getHttpAuthenticationFactory()); } handler = setupRoutes(handler); host.getValue().registerHandler(path, handler); host.getValue().registerLocation(path); }
final SecurityRealmService securityRealmService = new SecurityRealmService(realmName, mapGroupsToRoles); final ServiceName realmServiceName = SecurityRealm.ServiceUtil.createServiceName(realmName); ServiceBuilder<?> realmBuilder = serviceTarget addPlugInLoaderService(realmName, plugIns, serviceTarget); InjectedSetValue<CallbackHandlerService> injectorSet = securityRealmService.getCallbackHandlerService(); addPropertiesAuthorizationService(context, authorization.require(PROPERTIES), realmName, serviceTarget, realmBuilder, securityRealmService.getSubjectSupplementalInjector()); } else if (authorization.hasDefined(PLUG_IN)) { addPlugInAuthorizationService(context, authorization.require(PLUG_IN), realmName, serviceTarget, realmBuilder, securityRealmService.getSubjectSupplementalInjector()); } else if (authorization.hasDefined(LDAP)) { addLdapAuthorizationService(context, authorization.require(LDAP), realmName, serviceTarget, realmBuilder, securityRealmService.getSubjectSupplementalInjector(), shareLdapConnections); addSecretService(context, serverIdentities.require(SECRET), realmName,serviceTarget, realmBuilder, securityRealmService.getSecretCallbackFactory()); addKerberosIdentityServices(context, serverIdentities.require(KERBEROS), realmName, serviceTarget, realmBuilder, securityRealmService.getKeytabIdentityFactoryInjector()); addSSLServices(context, ssl, authTruststore, realmName, serviceTarget, realmBuilder, securityRealmService.getSSLContextInjector()); realmBuilder.addDependency(tmpDirPath, String.class, securityRealmService.getTmpDirPathInjector()); realmBuilder.setInitialMode(Mode.ACTIVE); realmBuilder.install();
mechanismConfiguration.put(LOCAL_USER_CHALLENGE_PATH, getAuthDir(tmpDirPath.getValue())); mechanismConfiguration.put(WildFlySasl.ALTERNATIVE_PROTOCOLS, "remoting"); final PermissionVerifier permissionVerifier = createPermissionVerifier(); domainBuilder.setPermissionMapper((permissionMappable, roles) -> permissionVerifier); AuthMechanism mechanism = toAuthMechanism(mi.getMechanismType(), mi.getMechanismName()); if (mechanism != null) { final MechanismConfiguration resolved = configurationMap.get(mechanism); builder.setServerCredential((SecurityFactory<Credential>) () -> getGSSKerberosCredential(protocol, mi.getHostName())); httpServerFactory = new SetMechanismInformationMechanismFactory(httpServerFactory); httpServerFactory = new FilterServerMechanismFactory(httpServerFactory, (s) -> { AuthMechanism mechanism = toAuthMechanism("HTTP", s); return mechanism != null && configurationMap.containsKey(mechanism); }); AuthMechanism mechanism = toAuthMechanism("SASL", s); return mechanism != null && configurationMap.containsKey(mechanism); });
Set<AuthMechanism> authMechanisms = getSupportedAuthenticationMechanisms(); AuthMechanism authMechanism = toAuthMechanism("SASL", iter.next()); if(authMechanism != null && (registeredServices.containsKey(authMechanism) || (authMechanism == AuthMechanism.PLAIN && registeredServices.containsKey(AuthMechanism.DIGEST)))) { iter.remove(); throw ROOT_LOGGER.legacyMechanismsAreNotSupported(requestedMechanisms.stream().collect(Collectors.joining(", ")), getName()); if(getSupportedAuthenticationMechanisms() != null) { tmpMechanismConfiguration.put(Sasl.POLICY_NOANONYMOUS, String.valueOf(policyNoanonymous)); AuthMechanism authMechanism = toAuthMechanism("SASL", mechanismName); CallbackHandlerService currentService = registeredServices.get(authMechanism); return getSaslAuthenticationFactory();
public Map<String, String> getMechanismConfig(final AuthMechanism mechanism) { CallbackHandlerService service = getCallbackHandlerService(mechanism); return service.getConfigurationOptions(); }
if (sharedState.containsKey(LOADED_USERNAME_KEY)) { ru = new RealmUser(getName(), (String) sharedState.get(LOADED_USERNAME_KEY)); } else {
final CallbackHandlerService handlerService = getCallbackHandlerService(mechanism); final Map<String, Object> sharedState = new HashMap<String, Object>(); return new AuthorizingCallbackHandler() {
private void addPlugInAuthenticationService(OperationContext context, ModelNode model, String realmName, SecurityRealmService registry, ServiceTarget serviceTarget, ServiceBuilder<?> realmBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException { ServiceName plugInServiceName = PlugInAuthenticationCallbackHandler.ServiceUtil.createServiceName(realmName); final String pluginName = PlugInAuthorizationResourceDefinition.NAME.resolveModelAttribute(context, model).asString(); final Map<String, String> properties = resolveProperties(context, model); String mechanismName = PlugInAuthenticationResourceDefinition.MECHANISM.resolveModelAttribute(context, model).asString(); AuthMechanism mechanism = AuthMechanism.valueOf(mechanismName); PlugInAuthenticationCallbackHandler plugInService = new PlugInAuthenticationCallbackHandler(registry.getName(), pluginName, properties, mechanism); ServiceBuilder<CallbackHandlerService> plugInBuilder = serviceTarget.addService(plugInServiceName, plugInService); PlugInLoaderService.ServiceUtil.addDependency(plugInBuilder, plugInService.getPlugInLoaderServiceValue(), realmName); plugInBuilder.setInitialMode(ON_DEMAND).install(); CallbackHandlerService.ServiceUtil.addDependency(realmBuilder, injector, plugInServiceName); }
final CallbackHandlerService handlerService = getCallbackHandlerService(mechanism); final Map<String, Object> sharedState = new HashMap<String, Object>(); return new AuthorizingCallbackHandler() {
private void addPlugInAuthenticationService(OperationContext context, ModelNode model, String realmName, SecurityRealmService registry, ServiceTarget serviceTarget, ServiceBuilder<?> realmBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException { ServiceName plugInServiceName = PlugInAuthenticationCallbackHandler.ServiceUtil.createServiceName(realmName); final String pluginName = PlugInAuthorizationResourceDefinition.NAME.resolveModelAttribute(context, model).asString(); final Map<String, String> properties = resolveProperties(context, model); String mechanismName = PlugInAuthenticationResourceDefinition.MECHANISM.resolveModelAttribute(context, model).asString(); AuthMechanism mechanism = AuthMechanism.valueOf(mechanismName); PlugInAuthenticationCallbackHandler plugInService = new PlugInAuthenticationCallbackHandler(registry.getName(), pluginName, properties, mechanism); ServiceBuilder<CallbackHandlerService> plugInBuilder = serviceTarget.addService(plugInServiceName, plugInService); PlugInLoaderService.ServiceUtil.addDependency(plugInBuilder, plugInService.getPlugInLoaderServiceValue(), realmName); plugInBuilder.setInitialMode(ON_DEMAND).install(); CallbackHandlerService.ServiceUtil.addDependency(realmBuilder, injector, plugInServiceName); }