Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ISPN-13019 Distributed security realm
- Loading branch information
1 parent
24ba82a
commit 8966502
Showing
16 changed files
with
387 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
documentation/src/main/asciidoc/topics/config_examples/server_distributed_realm.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<security xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="urn:infinispan:server:{schemaversion} https://infinispan.org/schemas/infinispan-server-{schemaversion}.xsd" | ||
xmlns="urn:infinispan:server:{schemaversion}"> | ||
<security-realms> | ||
<security-realm name="default"> | ||
<ldap-realm> | ||
<!-- ... --> | ||
</ldap-realm> | ||
<properties-realm> | ||
<!-- ... --> | ||
</properties-realm> | ||
<distributed-realm realms="ldap properties"/> | ||
</security-realm> | ||
</security-realms> | ||
</security> |
14 changes: 14 additions & 0 deletions
14
documentation/src/main/asciidoc/topics/ref_server_realm_distributed.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[id='distributed_realm-{context}'] | ||
= Distributed Realms | ||
A security realm definition for authentication and authorization identities distributed between multiple security realms. | ||
|
||
.Distributed realm configuration | ||
|
||
[source,xml,options="nowrap",subs=attributes+] | ||
---- | ||
include::config_examples/server_distributed_realm.xml[] | ||
---- | ||
|
||
.Supported authentication mechanisms | ||
|
||
Distributed realms support the authentication mechanisms of the underlying realms. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
...main/java/org/infinispan/server/configuration/security/DistributedRealmConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
package org.infinispan.server.configuration.security; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
import org.infinispan.commons.configuration.ConfigurationInfo; | ||
import org.infinispan.commons.configuration.attributes.AttributeDefinition; | ||
import org.infinispan.commons.configuration.attributes.AttributeSet; | ||
import org.infinispan.commons.configuration.elements.DefaultElementDefinition; | ||
import org.infinispan.commons.configuration.elements.ElementDefinition; | ||
import org.infinispan.server.configuration.Element; | ||
|
||
/** | ||
* @author Tristan Tarrant <tristan@infinispan.org> | ||
* @since 13.0 | ||
**/ | ||
public class DistributedRealmConfiguration implements ConfigurationInfo { | ||
static final AttributeDefinition<String> NAME = AttributeDefinition.builder("name", null, String.class).build(); | ||
static final AttributeDefinition<List<String>> REALMS = AttributeDefinition.builder("realms", new ArrayList<>(), (Class<List<String>>) (Class<?>) List.class) | ||
.initializer(ArrayList::new).immutable().build(); | ||
|
||
static AttributeSet attributeDefinitionSet() { | ||
return new AttributeSet(DistributedRealmConfiguration.class, NAME, REALMS); | ||
} | ||
|
||
private static ElementDefinition ELEMENT_DEFINITION = new DefaultElementDefinition(Element.TOKEN_REALM.toString()); | ||
private final AttributeSet attributes; | ||
|
||
DistributedRealmConfiguration(AttributeSet attributes) { | ||
this.attributes = attributes.checkProtection(); | ||
} | ||
|
||
public String name() { | ||
return attributes.attribute(NAME).get(); | ||
} | ||
|
||
public List<String> realms() { | ||
return attributes.attribute(REALMS).get(); | ||
} | ||
} |
65 changes: 65 additions & 0 deletions
65
...va/org/infinispan/server/configuration/security/DistributedRealmConfigurationBuilder.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
package org.infinispan.server.configuration.security; | ||
|
||
import static org.infinispan.server.configuration.security.DistributedRealmConfiguration.NAME; | ||
import static org.infinispan.server.configuration.security.DistributedRealmConfiguration.REALMS; | ||
|
||
import java.util.Arrays; | ||
import java.util.List; | ||
import java.util.stream.Collectors; | ||
|
||
import org.infinispan.commons.configuration.Builder; | ||
import org.infinispan.commons.configuration.attributes.AttributeSet; | ||
import org.wildfly.security.auth.realm.DistributedSecurityRealm; | ||
import org.wildfly.security.auth.server.SecurityRealm; | ||
|
||
/** | ||
* @author Tristan Tarrant <tristan@infinispan.org> | ||
* @since 13.0 | ||
**/ | ||
public class DistributedRealmConfigurationBuilder implements Builder<DistributedRealmConfiguration> { | ||
|
||
private final RealmConfigurationBuilder realmBuilder; | ||
private final AttributeSet attributes; | ||
private DistributedSecurityRealm securityRealm; | ||
|
||
|
||
public DistributedRealmConfigurationBuilder(RealmConfigurationBuilder realmConfigurationBuilder) { | ||
this.realmBuilder = realmConfigurationBuilder; | ||
this.attributes = DistributedRealmConfiguration.attributeDefinitionSet(); | ||
} | ||
|
||
public DistributedRealmConfigurationBuilder name(String name) { | ||
attributes.attribute(NAME).set(name); | ||
return this; | ||
} | ||
|
||
public DistributedRealmConfigurationBuilder realms(String[] realms) { | ||
attributes.attribute(REALMS).set(Arrays.asList(realms)); | ||
return this; | ||
} | ||
|
||
@Override | ||
public void validate() { | ||
|
||
} | ||
|
||
@Override | ||
public DistributedRealmConfiguration create() { | ||
return new DistributedRealmConfiguration(attributes.protect()); | ||
} | ||
|
||
@Override | ||
public Builder<?> read(DistributedRealmConfiguration template) { | ||
attributes.read(template.attributes()); | ||
return this; | ||
} | ||
|
||
public void build() { | ||
if (securityRealm == null) { | ||
SecurityRealm realms[] = attributes.attribute(REALMS).get() | ||
.stream().map(name -> realmBuilder.getRealm(name)).toArray(SecurityRealm[]::new); | ||
securityRealm = new DistributedSecurityRealm(realms); | ||
realmBuilder.addRealm(attributes.attribute(NAME).get(), securityRealm); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.