[AS7-3002] Enable the association of a security-realm with the remoti…

…ng connector to allow use of security realms for authentication of incomming requests.
jbossas · Dec 22, 2011 · d47cdb8 · d47cdb8
1 parent d16c119
commit d47cdb8
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 1 deletion.
diff --git a/build/src/main/resources/docs/schema/jboss-as-remoting_1_1.xsd b/build/src/main/resources/docs/schema/jboss-as-remoting_1_1.xsd
@@ -92,6 +92,7 @@
         </xs:all>
         <xs:attribute name="socket-binding" type="name-list" use="required"/>
         <xs:attribute name="name" type="xs:string" use="required"/>
+        <xs:attribute name="security-realm" type="xs:string" use="optional"/>        
     </xs:complexType>
 
     <xs:complexType name="sasl">

diff --git a/remoting/src/main/java/org/jboss/as/remoting/Attribute.java b/remoting/src/main/java/org/jboss/as/remoting/Attribute.java
@@ -33,6 +33,7 @@ public enum Attribute {
     /* Remoting 1.0 attributes, in alpha order */
     NAME("name"),
     OUTBOUND_SOCKET_BINDING_REF("outbound-socket-binding-ref"),
+    SECURITY_REALM(CommonAttributes.SECURITY_REALM),
     SOCKET_BINDING(CommonAttributes.SOCKET_BINDING),
     URI("uri"),
     VALUE(CommonAttributes.VALUE),

diff --git a/remoting/src/main/java/org/jboss/as/remoting/CommonAttributes.java b/remoting/src/main/java/org/jboss/as/remoting/CommonAttributes.java
@@ -50,6 +50,7 @@ interface CommonAttributes {
     String SASL = "sasl";
     String SASL_POLICY = "sasl-policy";
     String SECURITY = "security";
+    String SECURITY_REALM = "security-realm";
     String SERVER_AUTH = "server-auth";
     String SOCKET_BINDING = "socket-binding";
     String STRENGTH = "strength";

diff --git a/remoting/src/main/java/org/jboss/as/remoting/ConnectorAdd.java b/remoting/src/main/java/org/jboss/as/remoting/ConnectorAdd.java
@@ -33,6 +33,7 @@
 import static org.jboss.as.remoting.CommonAttributes.POLICY;
 import static org.jboss.as.remoting.CommonAttributes.QOP;
 import static org.jboss.as.remoting.CommonAttributes.SASL;
+import static org.jboss.as.remoting.CommonAttributes.SECURITY_REALM;
 import static org.jboss.as.remoting.CommonAttributes.SERVER_AUTH;
 import static org.jboss.as.remoting.CommonAttributes.STRENGTH;
 
@@ -50,6 +51,7 @@
 import org.jboss.as.controller.ServiceVerificationHandler;
 import org.jboss.as.controller.registry.Resource;
 import org.jboss.as.controller.registry.Resource.ResourceEntry;
+import org.jboss.as.domain.management.security.SecurityRealmService;
 import org.jboss.as.network.SocketBinding;
 import org.jboss.dmr.ModelNode;
 import org.jboss.msc.service.ServiceController;
@@ -76,13 +78,18 @@ public class ConnectorAdd extends AbstractAddStepHandler {
     protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException{
         ConnectorResource.SOCKET_BINDING.validateAndSet(operation, model);
         ConnectorResource.AUTHENTICATION_PROVIDER.validateAndSet(operation, model);
+        if (operation.hasDefined(SECURITY_REALM)) {
+            model.get(SECURITY_REALM).set(operation.get(SECURITY_REALM).asString());
+        }
     }
 
     protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) throws OperationFailedException {
         final PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR));
         final String connectorName = address.getLastElement().getValue();
         ServiceName tmpDirPath = ServiceName.JBOSS.append("server", "path", "jboss.controller.temp.dir");
-        RemotingServices.installSecurityServices(context.getServiceTarget(), connectorName, null, null, tmpDirPath, verificationHandler, newControllers);
+        final ServiceName securityRealm = model.hasDefined(SECURITY_REALM) ? SecurityRealmService.BASE_SERVICE_NAME
+                .append(model.require(SECURITY_REALM).asString()) : null;
+        RemotingServices.installSecurityServices(context.getServiceTarget(), connectorName, securityRealm, null, tmpDirPath, verificationHandler, newControllers);
         launchServices(context, address, connectorName, model, verificationHandler, newControllers);
     }
 

diff --git a/remoting/src/main/java/org/jboss/as/remoting/RemotingSubsystem11Parser.java b/remoting/src/main/java/org/jboss/as/remoting/RemotingSubsystem11Parser.java
@@ -59,6 +59,7 @@
 import static org.jboss.as.remoting.CommonAttributes.SASL;
 import static org.jboss.as.remoting.CommonAttributes.SASL_POLICY;
 import static org.jboss.as.remoting.CommonAttributes.SECURITY;
+import static org.jboss.as.remoting.CommonAttributes.SECURITY_REALM;
 import static org.jboss.as.remoting.CommonAttributes.SERVER_AUTH;
 import static org.jboss.as.remoting.CommonAttributes.SOCKET_BINDING;
 import static org.jboss.as.remoting.CommonAttributes.STRENGTH;
@@ -192,6 +193,7 @@ void parseWorkerThreadPool(final XMLExtendedStreamReader reader, final ModelNode
     void parseConnector(final XMLExtendedStreamReader reader, final ModelNode address, final List<ModelNode> list) throws XMLStreamException {
 
         String name = null;
+        String securityRealm = null;
         String socketBinding = null;
         final EnumSet<Attribute> required = EnumSet.of(Attribute.NAME, Attribute.SOCKET_BINDING);
         final int count = reader.getAttributeCount();
@@ -205,6 +207,10 @@ void parseConnector(final XMLExtendedStreamReader reader, final ModelNode addres
                     name = value;
                     break;
                 }
+                case SECURITY_REALM: {
+                    securityRealm = value;
+                    break;
+                }
                 case SOCKET_BINDING: {
                     socketBinding = value;
                     break;
@@ -224,6 +230,9 @@ void parseConnector(final XMLExtendedStreamReader reader, final ModelNode addres
         connector.get(OP_ADDR).set(address).add(CONNECTOR, name);
         // requestProperties.get(NAME).set(name); // Name is part of the address
         connector.get(SOCKET_BINDING).set(socketBinding);
+        if (securityRealm != null) {
+            connector.get(SECURITY_REALM).set(securityRealm);
+        }
         list.add(connector);
 
         // Handle nested elements.
@@ -709,8 +718,12 @@ private void writeConnector(final XMLExtendedStreamWriter writer, final ModelNod
         writer.writeAttribute(Attribute.NAME.getLocalName(), name);
 
         ConnectorResource.SOCKET_BINDING.marshallAsAttribute(node, writer);
+        if (node.hasDefined(SECURITY_REALM)) {
+            writer.writeAttribute(Attribute.SECURITY_REALM.getLocalName(), node.require(SECURITY_REALM).asString());
+        }
         ConnectorResource.AUTHENTICATION_PROVIDER.marshallAsElement(node, writer);
 
+
         if (node.hasDefined(PROPERTY)) {
             writeProperties(writer, node.get(PROPERTY));
         }