Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PAYARA-3658 ejb-invoker endpoint BASIC_AUTH security support
- Loading branch information
1 parent
aa770aa
commit d677f08
Showing
15 changed files
with
899 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
53 changes: 53 additions & 0 deletions
53
...erver/ejb/ejb-http-remoting/admin/src/main/java/fish/payara/ejb/http/admin/Constants.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
/* | ||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | ||
* | ||
* Copyright (c) [2019] Payara Foundation and/or its affiliates. All rights reserved. | ||
* | ||
* The contents of this file are subject to the terms of either the GNU | ||
* General Public License Version 2 only ("GPL") or the Common Development | ||
* and Distribution License("CDDL") (collectively, the "License"). You | ||
* may not use this file except in compliance with the License. You can | ||
* obtain a copy of the License at | ||
* https://github.com/payara/Payara/blob/master/LICENSE.txt | ||
* See the License for the specific | ||
* language governing permissions and limitations under the License. | ||
* | ||
* When distributing the software, include this License Header Notice in each | ||
* file and include the License file at glassfish/legal/LICENSE.txt. | ||
* | ||
* GPL Classpath Exception: | ||
* The Payara Foundation designates this particular file as subject to the "Classpath" | ||
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License | ||
* file that accompanied this code. | ||
* | ||
* Modifications: | ||
* If applicable, add the following below the License Header, with the fields | ||
* enclosed by brackets [] replaced by your own identifying information: | ||
* "Portions Copyright [year] [name of copyright owner]" | ||
* | ||
* Contributor(s): | ||
* If you wish your version of this file to be governed by only the CDDL or | ||
* only the GPL Version 2, indicate your decision by adding "[Contributor] | ||
* elects to include this software in this distribution under the [CDDL or GPL | ||
* Version 2] license." If you don't indicate a single choice of license, a | ||
* recipient has the option to distribute your version of this file under | ||
* either the CDDL, the GPL Version 2 or to extend the choice of license to | ||
* its licensees as provided above. However, if you add GPL Version 2 code | ||
* and therefore, elected the GPL Version 2 license, then the option applies | ||
* only if the new code is made subject to such option by the copyright | ||
* holder. | ||
*/ | ||
package fish.payara.ejb.http.admin; | ||
|
||
/** | ||
* | ||
* @author Gaurav Gupta | ||
*/ | ||
public interface Constants { | ||
|
||
String DEFAULT_USER_NAME = "invoker"; | ||
|
||
String DEFAULT_GROUP_NAME = "invoker"; | ||
|
||
String DEFAULT_ENDPOINT = "ejb-invoker"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
121 changes: 121 additions & 0 deletions
121
...http-remoting/admin/src/main/java/fish/payara/ejb/http/admin/EjbInvokerConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
/* | ||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | ||
* | ||
* Copyright (c) [2019] Payara Foundation and/or its affiliates. All rights reserved. | ||
* | ||
* The contents of this file are subject to the terms of either the GNU | ||
* General Public License Version 2 only ("GPL") or the Common Development | ||
* and Distribution License("CDDL") (collectively, the "License"). You | ||
* may not use this file except in compliance with the License. You can | ||
* obtain a copy of the License at | ||
* https://github.com/payara/Payara/blob/master/LICENSE.txt | ||
* See the License for the specific | ||
* language governing permissions and limitations under the License. | ||
* | ||
* When distributing the software, include this License Header Notice in each | ||
* file and include the License file at glassfish/legal/LICENSE.txt. | ||
* | ||
* GPL Classpath Exception: | ||
* The Payara Foundation designates this particular file as subject to the "Classpath" | ||
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License | ||
* file that accompanied this code. | ||
* | ||
* Modifications: | ||
* If applicable, add the following below the License Header, with the fields | ||
* enclosed by brackets [] replaced by your own identifying information: | ||
* "Portions Copyright [year] [name of copyright owner]" | ||
* | ||
* Contributor(s): | ||
* If you wish your version of this file to be governed by only the CDDL or | ||
* only the GPL Version 2, indicate your decision by adding "[Contributor] | ||
* elects to include this software in this distribution under the [CDDL or GPL | ||
* Version 2] license." If you don't indicate a single choice of license, a | ||
* recipient has the option to distribute your version of this file under | ||
* either the CDDL, the GPL Version 2 or to extend the choice of license to | ||
* its licensees as provided above. However, if you add GPL Version 2 code | ||
* and therefore, elected the GPL Version 2 license, then the option applies | ||
* only if the new code is made subject to such option by the copyright | ||
* holder. | ||
*/ | ||
|
||
package fish.payara.ejb.http.admin; | ||
|
||
import static fish.payara.ejb.http.admin.Constants.DEFAULT_ENDPOINT; | ||
import static fish.payara.ejb.http.admin.Constants.DEFAULT_GROUP_NAME; | ||
import java.beans.PropertyVetoException; | ||
import static javax.servlet.http.HttpServletRequest.BASIC_AUTH; | ||
import org.glassfish.api.admin.config.ConfigExtension; | ||
import org.jvnet.hk2.config.Attribute; | ||
import org.jvnet.hk2.config.ConfigBeanProxy; | ||
import org.jvnet.hk2.config.Configured; | ||
|
||
/** | ||
* Configuration for the EJB Invoker Service. | ||
* | ||
* @author Gaurav Gupta | ||
*/ | ||
@Configured(name = "ejb-invoker-configuration") | ||
public interface EjbInvokerConfiguration extends ConfigBeanProxy, ConfigExtension { | ||
|
||
/** | ||
* @return a Boolean value determining if the ejb-invoker service is enabled | ||
* or disabled. | ||
*/ | ||
@Attribute(defaultValue = "false", dataType = Boolean.class) | ||
String getEnabled(); | ||
|
||
void setEnabled(String value) throws PropertyVetoException; | ||
|
||
/** | ||
* @return a String value defines the endpoint of ejb-invoker service. | ||
*/ | ||
@Attribute(defaultValue = DEFAULT_ENDPOINT) | ||
String getEndpoint(); | ||
|
||
void setEndpoint(String value) throws PropertyVetoException; | ||
|
||
/** | ||
* @return a String value defines the attached virtual servers. | ||
*/ | ||
@Attribute(dataType = String.class) | ||
String getVirtualServers(); | ||
|
||
void setVirtualServers(String value) throws PropertyVetoException; | ||
|
||
/** | ||
* @return a Boolean value determining if the security is enabled or not. | ||
*/ | ||
@Attribute(defaultValue = "false", dataType = Boolean.class) | ||
String getSecurityEnabled(); | ||
|
||
void setSecurityEnabled(String value) throws PropertyVetoException; | ||
|
||
/** | ||
* @return a String value defines the realm name. | ||
* | ||
* By default, file realm is used as default value fetched from | ||
* {@code com.sun.enterprise.config.serverbeans.SecurityService#getDefaultRealm}. | ||
*/ | ||
@Attribute(dataType = String.class) | ||
String getRealmName(); | ||
|
||
void setRealmName(String value) throws PropertyVetoException; | ||
|
||
/** | ||
* @return a String value defines the name of the authentication mechanism | ||
* used to protect the ejb-invoker endpoint. | ||
*/ | ||
@Attribute(defaultValue = BASIC_AUTH, dataType = String.class) | ||
String getAuthType(); | ||
|
||
void setAuthType(String value) throws PropertyVetoException; | ||
|
||
/** | ||
* @return a String value defines the roles. | ||
*/ | ||
@Attribute(defaultValue = DEFAULT_GROUP_NAME, dataType = String.class) | ||
String getRoles(); | ||
|
||
void setRoles(String value) throws PropertyVetoException; | ||
|
||
} |
87 changes: 87 additions & 0 deletions
87
...moting/admin/src/main/java/fish/payara/ejb/http/admin/EjbInvokerContainerInitializer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
/* | ||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | ||
* | ||
* Copyright (c) [2019] Payara Foundation and/or its affiliates. All rights reserved. | ||
* | ||
* The contents of this file are subject to the terms of either the GNU | ||
* General Public License Version 2 only ("GPL") or the Common Development | ||
* and Distribution License("CDDL") (collectively, the "License"). You | ||
* may not use this file except in compliance with the License. You can | ||
* obtain a copy of the License at | ||
* https://github.com/payara/Payara/blob/master/LICENSE.txt | ||
* See the License for the specific | ||
* language governing permissions and limitations under the License. | ||
* | ||
* When distributing the software, include this License Header Notice in each | ||
* file and include the License file at glassfish/legal/LICENSE.txt. | ||
* | ||
* GPL Classpath Exception: | ||
* The Payara Foundation designates this particular file as subject to the "Classpath" | ||
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License | ||
* file that accompanied this code. | ||
* | ||
* Modifications: | ||
* If applicable, add the following below the License Header, with the fields | ||
* enclosed by brackets [] replaced by your own identifying information: | ||
* "Portions Copyright [year] [name of copyright owner]" | ||
* | ||
* Contributor(s): | ||
* If you wish your version of this file to be governed by only the CDDL or | ||
* only the GPL Version 2, indicate your decision by adding "[Contributor] | ||
* elects to include this software in this distribution under the [CDDL or GPL | ||
* Version 2] license." If you don't indicate a single choice of license, a | ||
* recipient has the option to distribute your version of this file under | ||
* either the CDDL, the GPL Version 2 or to extend the choice of license to | ||
* its licensees as provided above. However, if you add GPL Version 2 code | ||
* and therefore, elected the GPL Version 2 license, then the option applies | ||
* only if the new code is made subject to such option by the copyright | ||
* holder. | ||
*/ | ||
package fish.payara.ejb.http.admin; | ||
|
||
import java.util.Set; | ||
import javax.servlet.HttpConstraintElement; | ||
import javax.servlet.ServletContainerInitializer; | ||
import javax.servlet.ServletContext; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.ServletRegistration; | ||
import javax.servlet.ServletSecurityElement; | ||
import static javax.servlet.annotation.ServletSecurity.TransportGuarantee.NONE; | ||
import org.glassfish.internal.api.Globals; | ||
import java.util.logging.Logger; | ||
|
||
/** | ||
* | ||
* @author Gaurav Gupta | ||
*/ | ||
public class EjbInvokerContainerInitializer implements ServletContainerInitializer { | ||
|
||
private static final Logger LOGGER = Logger.getLogger(EjbInvokerContainerInitializer.class.getName()); | ||
|
||
@Override | ||
public void onStartup(Set<Class<?>> set, ServletContext ctx) throws ServletException { | ||
|
||
EjbInvokerConfiguration configuration = Globals.getDefaultBaseServiceLocator() | ||
.getService(EjbInvokerConfiguration.class); | ||
String endpoint = ctx.getContextPath(); | ||
if(endpoint.startsWith("/")){ | ||
endpoint = endpoint.substring(1); | ||
} | ||
if (!configuration.getEndpoint().equals(endpoint)) { | ||
return; | ||
} | ||
|
||
if (Boolean.parseBoolean(configuration.getSecurityEnabled())) { | ||
String[] roles = configuration.getRoles().split(","); | ||
ServletRegistration.Dynamic reg = (ServletRegistration.Dynamic) ctx.getServletRegistration("fish.payara.ejb.http.endpoint.EjbOverHttpApplication"); | ||
if (reg != null) { | ||
reg.setServletSecurity(new ServletSecurityElement(new HttpConstraintElement(NONE, roles))); | ||
} else { | ||
LOGGER.warning("ejb-invoker endpoint not initialized"); | ||
} | ||
ctx.declareRoles(roles); | ||
} | ||
|
||
} | ||
|
||
} |
94 changes: 94 additions & 0 deletions
94
...b/ejb-http-remoting/admin/src/main/java/fish/payara/ejb/http/admin/EjbInvokerService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
/* | ||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | ||
* | ||
* Copyright (c) [2019] Payara Foundation and/or its affiliates. All rights reserved. | ||
* | ||
* The contents of this file are subject to the terms of either the GNU | ||
* General Public License Version 2 only ("GPL") or the Common Development | ||
* and Distribution License("CDDL") (collectively, the "License"). You | ||
* may not use this file except in compliance with the License. You can | ||
* obtain a copy of the License at | ||
* https://github.com/payara/Payara/blob/master/LICENSE.txt | ||
* See the License for the specific | ||
* language governing permissions and limitations under the License. | ||
* | ||
* When distributing the software, include this License Header Notice in each | ||
* file and include the License file at glassfish/legal/LICENSE.txt. | ||
* | ||
* GPL Classpath Exception: | ||
* The Payara Foundation designates this particular file as subject to the "Classpath" | ||
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License | ||
* file that accompanied this code. | ||
* | ||
* Modifications: | ||
* If applicable, add the following below the License Header, with the fields | ||
* enclosed by brackets [] replaced by your own identifying information: | ||
* "Portions Copyright [year] [name of copyright owner]" | ||
* | ||
* Contributor(s): | ||
* If you wish your version of this file to be governed by only the CDDL or | ||
* only the GPL Version 2, indicate your decision by adding "[Contributor] | ||
* elects to include this software in this distribution under the [CDDL or GPL | ||
* Version 2] license." If you don't indicate a single choice of license, a | ||
* recipient has the option to distribute your version of this file under | ||
* either the CDDL, the GPL Version 2 or to extend the choice of license to | ||
* its licensees as provided above. However, if you add GPL Version 2 code | ||
* and therefore, elected the GPL Version 2 license, then the option applies | ||
* only if the new code is made subject to such option by the copyright | ||
* holder. | ||
*/ | ||
package fish.payara.ejb.http.admin; | ||
|
||
import com.sun.enterprise.config.serverbeans.SecurityService; | ||
import com.sun.enterprise.deployment.Application; | ||
import com.sun.enterprise.deployment.WebBundleDescriptor; | ||
import com.sun.enterprise.deployment.web.LoginConfiguration; | ||
import com.sun.enterprise.util.StringUtils; | ||
import javax.annotation.PostConstruct; | ||
import javax.inject.Inject; | ||
import org.glassfish.api.StartupRunLevel; | ||
import org.glassfish.api.deployment.DeploymentContext; | ||
import org.glassfish.api.event.EventListener; | ||
import org.glassfish.api.event.Events; | ||
import org.glassfish.hk2.runlevel.RunLevel; | ||
import org.glassfish.internal.api.Globals; | ||
import org.glassfish.internal.deployment.Deployment; | ||
import org.jvnet.hk2.annotations.Service; | ||
/** | ||
* | ||
* @author Gaurav Gupta | ||
*/ | ||
@Service(name = "ejb-invoker-service") | ||
@RunLevel(StartupRunLevel.VAL) | ||
public class EjbInvokerService implements EventListener { | ||
|
||
@Inject | ||
private Events events; | ||
|
||
@Inject | ||
private SecurityService securityService; | ||
|
||
@Inject | ||
private EjbInvokerConfiguration config; | ||
|
||
@PostConstruct | ||
public void init() { | ||
if (events == null) { | ||
events = Globals.getDefaultBaseServiceLocator().getService(Events.class); | ||
} | ||
events.register(this); | ||
} | ||
|
||
@Override | ||
public void event(EventListener.Event event) {//event.type().type() | ||
if (event.is(Deployment.APPLICATION_PREPARED)) { | ||
DeploymentContext context = (DeploymentContext) event.hook(); | ||
Application app = context.getModuleMetaData(Application.class); | ||
for (WebBundleDescriptor descriptor : app.getBundleDescriptors(WebBundleDescriptor.class)) { | ||
LoginConfiguration loginConf = descriptor.getLoginConfiguration(); | ||
loginConf.setAuthenticationMethod(config.getAuthType()); | ||
loginConf.setRealmName(StringUtils.ok(config.getRealmName()) ? securityService.getDefaultRealm() : config.getRealmName()); | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.