/** * <p> * Sets the {@link JACCAuthorizationManager} in the specified {@link DeploymentInfo} if the webapp security domain * has defined a JACC authorization module. * </p> * * @param deploymentInfo the {@link DeploymentInfo} instance. */ private void handleJACCAuthorization(final DeploymentInfo deploymentInfo) { // TODO make the authorization manager implementation configurable in Undertow or jboss-web.xml ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain); if (applicationPolicy != null) { AuthorizationInfo authzInfo = applicationPolicy.getAuthorizationInfo(); if (authzInfo != null) { for (AuthorizationModuleEntry entry : authzInfo.getModuleEntries()) { if (JACCAuthorizationModule.class.getName().equals(entry.getPolicyModuleName())) { deploymentInfo.setAuthorizationManager(JACCAuthorizationManager.INSTANCE); break; } } } } }
private boolean processIdentityTrust(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, IDENTITY_TRUST, CLASSIC, TRUST_MODULE); if (node == null) { return false; } IdentityTrustInfo identityTrustInfo = new IdentityTrustInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = LoginModuleResourceDefinition.CODE.resolveModelAttribute(context, module).asString(); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(codeName, options); entry.setControlFlag(controlFlag); identityTrustInfo.add(entry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { identityTrustInfo.addJBossModuleName(moduleName.asString()); } else { identityTrustInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setIdentityTrustInfo(identityTrustInfo); return true; }
private boolean processACL(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, ACL, CLASSIC, ACL_MODULE); if (node == null) { return false; } ACLInfo aclInfo = new ACLInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = LoginModuleResourceDefinition.CODE.resolveModelAttribute(context, module).asString(); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); ACLProviderEntry entry = new ACLProviderEntry(codeName, options); entry.setControlFlag(controlFlag); aclInfo.add(entry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { aclInfo.addJBossModuleName(moduleName.asString()); } else { aclInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAclInfo(aclInfo); return true; }
private boolean processAuthorization(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHORIZATION, CLASSIC, POLICY_MODULE); if (node == null) { return false; } AuthorizationInfo authzInfo = new AuthorizationInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = extractCode(context, module, ModulesMap.AUTHORIZATION_MAP); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); ControlFlag controlFlag = ControlFlag.valueOf(flag); Map<String, Object> options = extractOptions(context, module); AuthorizationModuleEntry authzModuleEntry = new AuthorizationModuleEntry(codeName, options); authzModuleEntry.setControlFlag(controlFlag); authzInfo.add(authzModuleEntry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { authzInfo.addJBossModuleName(moduleName.asString()); } else { authzInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAuthorizationInfo(authzInfo); return true; }
private boolean processAudit(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUDIT, CLASSIC, PROVIDER_MODULE); if (node == null) { return false; } AuditInfo auditInfo = new AuditInfo(securityDomain); for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = MappingProviderModuleDefinition.CODE.resolveModelAttribute(context, module).asString(); Map<String, Object> options = extractOptions(context, module); AuditProviderEntry entry = new AuditProviderEntry(codeName, options); auditInfo.add(entry); ModelNode moduleName = MappingProviderModuleDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { auditInfo.addJBossModuleName(moduleName.asString()); } else { auditInfo.addJBossModuleName(DEFAULT_MODULE); } } applicationPolicy.setAuditInfo(auditInfo); return true; }
private boolean processMapping(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, MAPPING, CLASSIC, MAPPING_MODULE); if (node == null) { return false; } for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); MappingInfo mappingInfo = new MappingInfo(securityDomain); String codeName = extractCode(context, module, ModulesMap.MAPPING_MAP); String mappingType; if (module.hasDefined(TYPE)) { mappingType = MappingModuleDefinition.TYPE.resolveModelAttribute(context, module).asString(); } else { mappingType = MappingType.ROLE.toString(); } Map<String, Object> options = extractOptions(context, module); MappingModuleEntry entry = new MappingModuleEntry(codeName, options, mappingType); mappingInfo.add(entry); applicationPolicy.setMappingInfo(mappingType, mappingInfo); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { mappingInfo.addJBossModuleName(moduleName.asString()); } else { mappingInfo.addJBossModuleName(DEFAULT_MODULE); } } return true; }
if (authModule.hasDefined(FLAG)) { String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, authModule).asString(); entry.setControlFlag(ControlFlag.valueOf(flag)); applicationPolicy.setAuthenticationInfo(authenticationInfo); return true;
final ApplicationPolicyRegistration applicationPolicyRegistration = (ApplicationPolicyRegistration) configurationValue .getValue(); applicationPolicyRegistration.addApplicationPolicy(applicationPolicy.getName(), applicationPolicy);
/** * <p>Adds to the deployment the {@link org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism}, if necessary. The handler will be added if the security domain * is configured with JASPI authentication.</p> * * @param deploymentInfo */ private void handleJASPIMechanism(final DeploymentInfo deploymentInfo) { ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain); if (applicationPolicy != null && JASPIAuthenticationInfo.class.isInstance(applicationPolicy.getAuthenticationInfo())) { String authMethod = null; LoginConfig loginConfig = deploymentInfo.getLoginConfig(); if (loginConfig != null && loginConfig.getAuthMethods().size() > 0) { authMethod = loginConfig.getAuthMethods().get(0).getName(); } deploymentInfo.setJaspiAuthenticationMechanism(new JASPICAuthenticationMechanism(securityDomain, authMethod)); deploymentInfo.setSecurityContextFactory(new JASPICSecurityContextFactory(this.securityDomain)); deploymentInfo.addOuterHandlerChainWrapper(next -> new JASPICSecureResponseHandler(next)); } }
public AuthorizationInfo getAuthorizationInfo() { AuthorizationInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getAuthorizationInfo(); if (bai != null && authorizationInfo == null) return bai; else if (bai != null) return (AuthorizationInfo) authorizationInfo.merge(bai); else return authorizationInfo; }
private boolean processClassicAuth(OperationContext context, String securityDomain, ModelNode node, ApplicationPolicy applicationPolicy) throws OperationFailedException { node = peek(node, AUTHENTICATION, CLASSIC); if (node == null) { return false; } final AuthenticationInfo authenticationInfo = new AuthenticationInfo(securityDomain); if (node.hasDefined(Constants.LOGIN_MODULE)) { processLoginModules(context, node.get(LOGIN_MODULE), authenticationInfo, new LoginModuleContainer() { public void addAppConfigurationEntry(AppConfigurationEntry entry) { authenticationInfo.add(entry); } }); } //Check for module applicationPolicy.setAuthenticationInfo(authenticationInfo); return true; }
private ApplicationPolicy createApplicationPolicy(OperationContext context, String securityDomain, final ModelNode model) throws OperationFailedException { final ApplicationPolicy applicationPolicy = new ApplicationPolicy(securityDomain); boolean create; create = processClassicAuth(context, securityDomain, model, applicationPolicy); create |= processJASPIAuth(context, securityDomain, model, applicationPolicy); create |= processAuthorization(context, securityDomain, model, applicationPolicy); create |= processACL(context, securityDomain, model, applicationPolicy); create |= processAudit(context, securityDomain, model, applicationPolicy); create |= processIdentityTrust(context, securityDomain, model, applicationPolicy); create |= processMapping(context, securityDomain, model, applicationPolicy); return create ? applicationPolicy : null; }
public AuditInfo getAuditInfo() { AuditInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getAuditInfo(); if (bai != null && auditInfo == null) return bai; else if (bai != null) return (AuditInfo) auditInfo.merge(bai); else return auditInfo; }
public IdentityTrustInfo getIdentityTrustInfo() { IdentityTrustInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getIdentityTrustInfo(); if (bai != null && identityTrustInfo == null) return bai; else if (bai != null) return (IdentityTrustInfo) identityTrustInfo.merge(bai); else return identityTrustInfo; }
private ApplicationPolicy getBaseApplicationPolicy() { ApplicationPolicy ap = null; if (this.baseApplicationPolicyName != null) { ap = this.policyConfig.get(this.baseApplicationPolicyName); // The base application policy may exist in a different location if (ap == null) ap = SecurityConfiguration.getApplicationPolicy(this.baseApplicationPolicyName); } return ap; }
public ACLInfo getAclInfo() { ACLInfo info = null; ApplicationPolicy basePolicy = this.getBaseApplicationPolicy(); if (basePolicy != null) info = basePolicy.getAclInfo(); if (info != null && this.aclInfo == null) return info; else if (info != null) return (ACLInfo) this.aclInfo.merge(info); else return aclInfo; }
/** {@inheritDoc} */ @Override public void stop(StopContext context) { SecurityLogger.ROOT_LOGGER.debugf("Stopping security domain service %s", name); final JNDIBasedSecurityManagement securityManagement = (JNDIBasedSecurityManagement) securityManagementValue.getValue(); securityManagement.removeSecurityDomain(name); // TODO clear auth cache? final ApplicationPolicyRegistration applicationPolicyRegistration = (ApplicationPolicyRegistration) configurationValue .getValue(); applicationPolicyRegistration.removeApplicationPolicy(name); }
public AuthorizationInfo getAuthorizationInfo() { AuthorizationInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getAuthorizationInfo(); if (bai != null && authorizationInfo == null) return bai; else if (bai != null) return (AuthorizationInfo) authorizationInfo.merge(bai); else return authorizationInfo; }
public AuditInfo getAuditInfo() { AuditInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getAuditInfo(); if (bai != null && auditInfo == null) return bai; else if (bai != null) return (AuditInfo) auditInfo.merge(bai); else return auditInfo; }
public IdentityTrustInfo getIdentityTrustInfo() { IdentityTrustInfo bai = null; ApplicationPolicy ap = this.getBaseApplicationPolicy(); if (ap != null) bai = ap.getIdentityTrustInfo(); if (bai != null && identityTrustInfo == null) return bai; else if (bai != null) return (IdentityTrustInfo) identityTrustInfo.merge(bai); else return identityTrustInfo; }