From d47cdb8e68d43dca22bd4dff939f4b197fd61034 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 21 Dec 2011 11:32:44 +0000 Subject: [PATCH] [AS7-3002] Enable the association of a security-realm with the remoting connector to allow use of security realms for authentication of incomming requests. --- .../resources/docs/schema/jboss-as-remoting_1_1.xsd | 1 + .../main/java/org/jboss/as/remoting/Attribute.java | 1 + .../org/jboss/as/remoting/CommonAttributes.java | 1 + .../java/org/jboss/as/remoting/ConnectorAdd.java | 9 ++++++++- .../as/remoting/RemotingSubsystem11Parser.java | 13 +++++++++++++ 5 files changed, 24 insertions(+), 1 deletion(-) diff --git a/build/src/main/resources/docs/schema/jboss-as-remoting_1_1.xsd b/build/src/main/resources/docs/schema/jboss-as-remoting_1_1.xsd index 10dc716b022..8661b514938 100644 --- a/build/src/main/resources/docs/schema/jboss-as-remoting_1_1.xsd +++ b/build/src/main/resources/docs/schema/jboss-as-remoting_1_1.xsd @@ -92,6 +92,7 @@ + diff --git a/remoting/src/main/java/org/jboss/as/remoting/Attribute.java b/remoting/src/main/java/org/jboss/as/remoting/Attribute.java index 3f2e04d19aa..3a41ed9df25 100644 --- a/remoting/src/main/java/org/jboss/as/remoting/Attribute.java +++ b/remoting/src/main/java/org/jboss/as/remoting/Attribute.java @@ -33,6 +33,7 @@ public enum Attribute { /* Remoting 1.0 attributes, in alpha order */ NAME("name"), OUTBOUND_SOCKET_BINDING_REF("outbound-socket-binding-ref"), + SECURITY_REALM(CommonAttributes.SECURITY_REALM), SOCKET_BINDING(CommonAttributes.SOCKET_BINDING), URI("uri"), VALUE(CommonAttributes.VALUE), diff --git a/remoting/src/main/java/org/jboss/as/remoting/CommonAttributes.java b/remoting/src/main/java/org/jboss/as/remoting/CommonAttributes.java index d442bf1b7ef..985c060fd63 100644 --- a/remoting/src/main/java/org/jboss/as/remoting/CommonAttributes.java +++ b/remoting/src/main/java/org/jboss/as/remoting/CommonAttributes.java @@ -50,6 +50,7 @@ interface CommonAttributes { String SASL = "sasl"; String SASL_POLICY = "sasl-policy"; String SECURITY = "security"; + String SECURITY_REALM = "security-realm"; String SERVER_AUTH = "server-auth"; String SOCKET_BINDING = "socket-binding"; String STRENGTH = "strength"; diff --git a/remoting/src/main/java/org/jboss/as/remoting/ConnectorAdd.java b/remoting/src/main/java/org/jboss/as/remoting/ConnectorAdd.java index 99bb04166fb..418f2e2ff03 100644 --- a/remoting/src/main/java/org/jboss/as/remoting/ConnectorAdd.java +++ b/remoting/src/main/java/org/jboss/as/remoting/ConnectorAdd.java @@ -33,6 +33,7 @@ import static org.jboss.as.remoting.CommonAttributes.POLICY; import static org.jboss.as.remoting.CommonAttributes.QOP; import static org.jboss.as.remoting.CommonAttributes.SASL; +import static org.jboss.as.remoting.CommonAttributes.SECURITY_REALM; import static org.jboss.as.remoting.CommonAttributes.SERVER_AUTH; import static org.jboss.as.remoting.CommonAttributes.STRENGTH; @@ -50,6 +51,7 @@ import org.jboss.as.controller.ServiceVerificationHandler; import org.jboss.as.controller.registry.Resource; import org.jboss.as.controller.registry.Resource.ResourceEntry; +import org.jboss.as.domain.management.security.SecurityRealmService; import org.jboss.as.network.SocketBinding; import org.jboss.dmr.ModelNode; import org.jboss.msc.service.ServiceController; @@ -76,13 +78,18 @@ public class ConnectorAdd extends AbstractAddStepHandler { protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException{ ConnectorResource.SOCKET_BINDING.validateAndSet(operation, model); ConnectorResource.AUTHENTICATION_PROVIDER.validateAndSet(operation, model); + if (operation.hasDefined(SECURITY_REALM)) { + model.get(SECURITY_REALM).set(operation.get(SECURITY_REALM).asString()); + } } protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model, ServiceVerificationHandler verificationHandler, List> newControllers) throws OperationFailedException { final PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR)); final String connectorName = address.getLastElement().getValue(); ServiceName tmpDirPath = ServiceName.JBOSS.append("server", "path", "jboss.controller.temp.dir"); - RemotingServices.installSecurityServices(context.getServiceTarget(), connectorName, null, null, tmpDirPath, verificationHandler, newControllers); + final ServiceName securityRealm = model.hasDefined(SECURITY_REALM) ? SecurityRealmService.BASE_SERVICE_NAME + .append(model.require(SECURITY_REALM).asString()) : null; + RemotingServices.installSecurityServices(context.getServiceTarget(), connectorName, securityRealm, null, tmpDirPath, verificationHandler, newControllers); launchServices(context, address, connectorName, model, verificationHandler, newControllers); } diff --git a/remoting/src/main/java/org/jboss/as/remoting/RemotingSubsystem11Parser.java b/remoting/src/main/java/org/jboss/as/remoting/RemotingSubsystem11Parser.java index 5ac50f3aa03..9197af497ab 100644 --- a/remoting/src/main/java/org/jboss/as/remoting/RemotingSubsystem11Parser.java +++ b/remoting/src/main/java/org/jboss/as/remoting/RemotingSubsystem11Parser.java @@ -59,6 +59,7 @@ import static org.jboss.as.remoting.CommonAttributes.SASL; import static org.jboss.as.remoting.CommonAttributes.SASL_POLICY; import static org.jboss.as.remoting.CommonAttributes.SECURITY; +import static org.jboss.as.remoting.CommonAttributes.SECURITY_REALM; import static org.jboss.as.remoting.CommonAttributes.SERVER_AUTH; import static org.jboss.as.remoting.CommonAttributes.SOCKET_BINDING; import static org.jboss.as.remoting.CommonAttributes.STRENGTH; @@ -192,6 +193,7 @@ void parseWorkerThreadPool(final XMLExtendedStreamReader reader, final ModelNode void parseConnector(final XMLExtendedStreamReader reader, final ModelNode address, final List list) throws XMLStreamException { String name = null; + String securityRealm = null; String socketBinding = null; final EnumSet required = EnumSet.of(Attribute.NAME, Attribute.SOCKET_BINDING); final int count = reader.getAttributeCount(); @@ -205,6 +207,10 @@ void parseConnector(final XMLExtendedStreamReader reader, final ModelNode addres name = value; break; } + case SECURITY_REALM: { + securityRealm = value; + break; + } case SOCKET_BINDING: { socketBinding = value; break; @@ -224,6 +230,9 @@ void parseConnector(final XMLExtendedStreamReader reader, final ModelNode addres connector.get(OP_ADDR).set(address).add(CONNECTOR, name); // requestProperties.get(NAME).set(name); // Name is part of the address connector.get(SOCKET_BINDING).set(socketBinding); + if (securityRealm != null) { + connector.get(SECURITY_REALM).set(securityRealm); + } list.add(connector); // Handle nested elements. @@ -709,8 +718,12 @@ private void writeConnector(final XMLExtendedStreamWriter writer, final ModelNod writer.writeAttribute(Attribute.NAME.getLocalName(), name); ConnectorResource.SOCKET_BINDING.marshallAsAttribute(node, writer); + if (node.hasDefined(SECURITY_REALM)) { + writer.writeAttribute(Attribute.SECURITY_REALM.getLocalName(), node.require(SECURITY_REALM).asString()); + } ConnectorResource.AUTHENTICATION_PROVIDER.marshallAsElement(node, writer); + if (node.hasDefined(PROPERTY)) { writeProperties(writer, node.get(PROPERTY)); }