Permalink
Comparing changes
Open a pull request
- 11 commits
- 10 files changed
- 0 commit comments
- 8 contributors
Commits on Apr 23, 2019
Commits on Apr 24, 2019
Unified
Split
Showing
with
207 additions
and 302 deletions.
- +4 −2 cli/src/main/java/org/jboss/as/cli/embedded/ThreadLocalContextSelector.java
- +12 −6 controller/src/main/java/org/jboss/as/controller/operations/MultistepUtil.java
- +1 −3 controller/src/main/java/org/jboss/as/controller/operations/validation/EnumValidator.java
- +1 −1 domain-http/interface/src/main/java/org/jboss/as/domain/http/server/ManagementHttpServer.java
- +9 −0 domain-management/src/main/java/org/jboss/as/domain/management/SecurityRealm.java
- +29 −36 host-controller/src/main/java/org/jboss/as/host/controller/operations/HttpManagementAddHandler.java
- +4 −4 pom.xml
- +19 −27 server/src/main/java/org/jboss/as/server/mgmt/HttpShutdownService.java
- +97 −182 server/src/main/java/org/jboss/as/server/mgmt/UndertowHttpManagementService.java
- +31 −41 server/src/main/java/org/jboss/as/server/operations/HttpManagementAddHandler.java
| @@ -69,7 +69,8 @@ void restore(Contexts toRestore) { | ||
| @Override | ||
| public StdioContext getStdioContext() { | ||
| // CLI loggers should only use the default stdio context regardless if the thread-local context is set. | ||
| if (WildFlySecurityManager.getCurrentContextClassLoaderPrivileged().equals(cliClassLoader)) { | ||
| final ClassLoader tccl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); | ||
| if (tccl != null && tccl.equals(cliClassLoader)) { | ||
| return defaultContexts.getStdioContext(); | ||
| } | ||
| Contexts threadContext = threadLocal.get(); | ||
| @@ -81,7 +82,8 @@ public StdioContext getStdioContext() { | ||
| public LogContext getLogContext() { | ||
| // CLI loggers should only use the default stdio context regardless if the thread-local context is set This | ||
| // allows the context configured for CLI, e.g. jboss-cli-logging.properties. | ||
| if (WildFlySecurityManager.getCurrentContextClassLoaderPrivileged().equals(cliClassLoader)) { | ||
| final ClassLoader tccl = WildFlySecurityManager.getCurrentContextClassLoaderPrivileged(); | ||
| if (tccl != null && tccl.equals(cliClassLoader)) { | ||
| return defaultContexts.getLogContext(); | ||
| } | ||
| Contexts threadContext = threadLocal.get(); | ||
| @@ -65,7 +65,10 @@ private MultistepUtil() {} | ||
| * in the {@code operations} list. Cannot be {@code null} but may be empty in which case this method will | ||
| * create the response nodes and add them to this list. | ||
| * @throws OperationFailedException if there is a problem registering a step for any of the operations | ||
| * | ||
| * @deprecated Do not use. Will be removed. | ||
| */ | ||
| @Deprecated | ||
| public static void recordOperationSteps(final OperationContext context, final List<ModelNode> operations, | ||
| final List<ModelNode> responses) throws OperationFailedException { | ||
| assert responses.isEmpty() || operations.size() == responses.size(); | ||
| @@ -84,12 +87,10 @@ public static void recordOperationSteps(final OperationContext context, final Li | ||
| } | ||
| i++; | ||
| } | ||
| recordOperationSteps(context, operationMap, responseMap, OperationHandlerResolver.DEFAULT, false); | ||
| recordOperationSteps(context, operationMap, responseMap, OperationHandlerResolver.DEFAULT, false, true); | ||
|
|
||
| if (!responsesProvided) { | ||
| for (ModelNode response : responseMap.values()) { | ||
| responses.add(response); | ||
| } | ||
| responses.addAll(responseMap.values()); | ||
| } | ||
| } | ||
|
|
||
| @@ -110,8 +111,9 @@ public static void recordOperationSteps(final OperationContext context, final Li | ||
| * @param <T> the type of the keys in the maps | ||
| * @throws OperationFailedException if there is a problem registering a step for any of the operations | ||
| */ | ||
| @SuppressWarnings("unused") | ||
| public static <T> void recordOperationSteps(final OperationContext context, final Map<T, ModelNode> operations, | ||
| final Map<T, ModelNode> responses) throws OperationFailedException { | ||
| final Map<T, ModelNode> responses) throws OperationFailedException { | ||
| recordOperationSteps(context, operations, responses, OperationHandlerResolver.DEFAULT, false, true); | ||
| } | ||
|
|
||
| @@ -132,7 +134,9 @@ public static void recordOperationSteps(final OperationContext context, final Li | ||
| * | ||
| * @throws OperationFailedException if there is a problem registering a step for any of the operations | ||
| * | ||
| * @deprecated Do not use. Will be removed. | ||
| */ | ||
| @Deprecated | ||
| public static <T> void recordOperationSteps(final OperationContext context, | ||
| final Map<T, ModelNode> operations, | ||
| final Map<T, ModelNode> responses, | ||
| @@ -155,7 +159,9 @@ public static void recordOperationSteps(final OperationContext context, final Li | ||
| * @param handlerResolver an object that can provide the {@code OperationStepHandler} to use for the operation | ||
| * @param adjustAddresses {@code true} if the address of each operation should be adjusted to become a child of the context's | ||
| * {@link OperationContext#getCurrentAddress() current address} | ||
| * @param rejectPrivateOperations | ||
| * @param rejectPrivateOperations {@code true} if an {@link OperationFailedException} should be thrown if the | ||
| * {@link OperationEntry} for any of the {@code operations} is | ||
| * {@link OperationEntry.EntryType#PRIVATE} | ||
| * | ||
| * @throws OperationFailedException if there is a problem registering a step for any of the operations | ||
| * | ||
| @@ -234,10 +234,8 @@ public void validateParameter(String parameterName, ModelNode value) throws Oper | ||
| throw ControllerLogger.ROOT_LOGGER.invalidEnumValue(tuString, parameterName, toStringMap.keySet()); | ||
| } | ||
| // Hack to store the allowed value in the model, not the user input | ||
| try { | ||
| if (!value.isProtected()) { | ||
| value.set(enumValue.toString()); | ||
| } catch (Exception e) { | ||
| // node must be protected. | ||
| } | ||
| } | ||
| } | ||
| @@ -379,7 +379,7 @@ private static ExtensionHandlers setupOpenListener(HttpOpenListener listener, in | ||
| ROOT_LOGGER.consoleModuleNotFound(builder.consoleSlot == null ? "main" : builder.consoleSlot); | ||
| } | ||
|
|
||
| if (builder.consoleMode.hasConsole()) { | ||
| if (builder.consoleMode != ConsoleMode.NO_CONSOLE) { | ||
| try { | ||
| addErrorContextHandler(pathHandler, builder); | ||
| } catch (ModuleLoadException e) { | ||
| @@ -24,6 +24,7 @@ | ||
|
|
||
| import java.util.Map; | ||
| import java.util.Set; | ||
| import java.util.function.Supplier; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
| import javax.security.auth.Subject; | ||
| @@ -40,6 +41,7 @@ | ||
| * Interface to the security realm. | ||
| * | ||
| * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> | ||
| * @author <a href="mailto:ropalka@redhat.com">Richard Opalka</a> | ||
| */ | ||
| public interface SecurityRealm { | ||
|
|
||
| @@ -134,10 +136,17 @@ public static ServiceName createServiceName(final String realmName) { | ||
| return SecurityRealmResourceDefinition.MANAGEMENT_SECURITY_REALM_CAPABILITY.getCapabilityServiceName(realmName); | ||
| } | ||
|
|
||
| /** | ||
| * @deprecated use {@link #requires(ServiceBuilder, String)} method instead | ||
| */ | ||
| @Deprecated | ||
| public static ServiceBuilder<?> addDependency(ServiceBuilder<?> sb, Injector<SecurityRealm> injector, String realmName) { | ||
| return sb.addDependency(createServiceName(realmName), SecurityRealm.class, injector); | ||
| } | ||
|
|
||
| public static Supplier<SecurityRealm> requires(final ServiceBuilder<?> sb, final String realmName) { | ||
| return sb.requires(createServiceName(realmName)); | ||
| } | ||
| } | ||
|
|
||
| } | ||
| @@ -31,6 +31,8 @@ | ||
| import java.util.Collections; | ||
| import java.util.List; | ||
| import java.util.concurrent.Executor; | ||
| import java.util.function.Consumer; | ||
| import java.util.function.Supplier; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
|
|
||
| @@ -64,6 +66,7 @@ | ||
| import org.jboss.as.server.mgmt.HttpShutdownService; | ||
| import org.jboss.as.server.mgmt.ManagementWorkerService; | ||
| import org.jboss.as.server.mgmt.UndertowHttpManagementService; | ||
| import org.jboss.as.server.mgmt.domain.HttpManagement; | ||
| import org.jboss.dmr.ModelNode; | ||
| import org.jboss.msc.service.ServiceBuilder; | ||
| import org.jboss.msc.service.ServiceController; | ||
| @@ -77,6 +80,7 @@ | ||
| * | ||
| * @author Jason T. Greene | ||
| * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> | ||
| * @author <a href="mailto:ropalka@redhat.com">Richard Opalka</a> | ||
| */ | ||
| public class HttpManagementAddHandler extends BaseHttpInterfaceAddStepHandler { | ||
|
|
||
| @@ -138,49 +142,38 @@ protected boolean requiresRuntime(OperationContext context) { | ||
| final ServiceName requestProcessorName = UndertowHttpManagementService.SERVICE_NAME.append("requests"); | ||
| HttpManagementRequestsService.installService(requestProcessorName, serviceTarget); | ||
|
|
||
| final UndertowHttpManagementService service = new UndertowHttpManagementService(consoleMode, environment.getProductConfig().getConsoleSlot()); | ||
| service.getPortInjector().inject(port); | ||
| service.getSecurePortInjector().inject(securePort); | ||
| service.getAllowedOriginsInjector().inject(commonPolicy.getAllowedOrigins()); | ||
| CapabilityServiceBuilder<?> builder = serviceTarget.addCapability(EXTENSIBLE_HTTP_MANAGEMENT_CAPABILITY) | ||
| .setInstance(service) | ||
| .addCapabilityRequirement("org.wildfly.network.interface", | ||
| NetworkInterfaceBinding.class, service.getInterfaceInjector(), interfaceName) | ||
| .addCapabilityRequirement("org.wildfly.network.interface", | ||
| NetworkInterfaceBinding.class, service.getSecureInterfaceInjector(), secureInterfaceName) | ||
| .addDependency(DomainModelControllerService.SERVICE_NAME, ModelController.class, service.getModelControllerInjector()) | ||
| .addDependency(ControlledProcessStateService.SERVICE_NAME, ControlledProcessStateService.class, service.getControlledProcessStateServiceInjector()) | ||
| .addDependency(RemotingServices.HTTP_LISTENER_REGISTRY, ListenerRegistry.class, service.getListenerRegistry()) | ||
| .addDependency(requestProcessorName, ManagementHttpRequestProcessor.class, service.getRequestProcessorValue()) | ||
| .addDependency(ManagementWorkerService.SERVICE_NAME, XnioWorker.class, service.getWorker()) | ||
| .addDependency(ExternalManagementRequestExecutor.SERVICE_NAME, Executor.class, service.getManagementExecutor()); | ||
|
|
||
| String httpAuthenticationFactory = commonPolicy.getHttpAuthenticationFactory(); | ||
| String securityRealm = commonPolicy.getSecurityRealm(); | ||
| if (httpAuthenticationFactory != null) { | ||
| builder.addCapabilityRequirement(HTTP_AUTHENTICATION_FACTORY_CAPABILITY, HttpAuthenticationFactory.class, | ||
| service.getHttpAuthenticationFactoryInjector(), httpAuthenticationFactory); | ||
| } else if (securityRealm != null) { | ||
| SecurityRealm.ServiceUtil.addDependency(builder, service.getSecurityRealmInjector(), securityRealm); | ||
| } else { | ||
| final String httpAuthenticationFactory = commonPolicy.getHttpAuthenticationFactory(); | ||
| final String securityRealm = commonPolicy.getSecurityRealm(); | ||
| final String sslContext = commonPolicy.getSSLContext(); | ||
| if (httpAuthenticationFactory == null && securityRealm == null) { | ||
| ROOT_LOGGER.httpManagementInterfaceIsUnsecured(); | ||
| } | ||
| String sslContext = commonPolicy.getSSLContext(); | ||
| if (sslContext != null) { | ||
| builder.addCapabilityRequirement(SSL_CONTEXT_CAPABILITY, SSLContext.class, service.getSSLContextInjector(), sslContext); | ||
| } | ||
|
|
||
| builder.setInitialMode(onDemand ? ServiceController.Mode.ON_DEMAND : ServiceController.Mode.ACTIVE) | ||
| .install(); | ||
| final CapabilityServiceBuilder<?> builder = serviceTarget.addCapability(EXTENSIBLE_HTTP_MANAGEMENT_CAPABILITY); | ||
| final Consumer<HttpManagement> hmConsumer = builder.provides(EXTENSIBLE_HTTP_MANAGEMENT_CAPABILITY.getCapabilityServiceName()); | ||
| final Supplier<ListenerRegistry> lrSupplier = builder.requires(RemotingServices.HTTP_LISTENER_REGISTRY); | ||
| final Supplier<ModelController> mcSupplier = builder.requires(DomainModelControllerService.SERVICE_NAME); | ||
| final Supplier<NetworkInterfaceBinding> ibSupplier = builder.requiresCapability("org.wildfly.network.interface", NetworkInterfaceBinding.class, interfaceName); | ||
| final Supplier<NetworkInterfaceBinding> sibSupplier = builder.requiresCapability("org.wildfly.network.interface", NetworkInterfaceBinding.class, secureInterfaceName); | ||
| final Supplier<ControlledProcessStateService> cpssSupplier = builder.requires(ControlledProcessStateService.SERVICE_NAME); | ||
| final Supplier<ManagementHttpRequestProcessor> rpSupplier = builder.requires(requestProcessorName); | ||
| final Supplier<XnioWorker> xwSupplier = builder.requires(ManagementWorkerService.SERVICE_NAME); | ||
| final Supplier<Executor> eSupplier = builder.requires(ExternalManagementRequestExecutor.SERVICE_NAME); | ||
| final Supplier<HttpAuthenticationFactory> hafSupplier = httpAuthenticationFactory != null ? builder.requiresCapability(HTTP_AUTHENTICATION_FACTORY_CAPABILITY, HttpAuthenticationFactory.class, httpAuthenticationFactory) : null; | ||
| final Supplier<SecurityRealm> srSupplier = securityRealm != null ? SecurityRealm.ServiceUtil.requires(builder, securityRealm) : null; | ||
| final Supplier<SSLContext> scSupplier = sslContext != null ? builder.requiresCapability(SSL_CONTEXT_CAPABILITY, SSLContext.class, sslContext) : null; | ||
| final UndertowHttpManagementService service = new UndertowHttpManagementService(hmConsumer, lrSupplier, mcSupplier, null, null, null, ibSupplier, sibSupplier, cpssSupplier, rpSupplier, xwSupplier, eSupplier, hafSupplier, srSupplier, scSupplier, port, securePort, commonPolicy.getAllowedOrigins(), consoleMode, environment.getProductConfig().getConsoleSlot()); | ||
| builder.setInstance(service); | ||
| builder.setInitialMode(onDemand ? ServiceController.Mode.ON_DEMAND : ServiceController.Mode.ACTIVE).install(); | ||
|
|
||
| // Add service preventing the server from shutting down | ||
| final HttpShutdownService shutdownService = new HttpShutdownService(); | ||
| final ServiceName shutdownName = UndertowHttpManagementService.SERVICE_NAME.append("shutdown"); | ||
| final ServiceBuilder sb = serviceTarget.addService(shutdownName, shutdownService); | ||
| sb.addDependency(requestProcessorName, ManagementHttpRequestProcessor.class, shutdownService.getProcessorValue()); | ||
| sb.addDependency(HostControllerService.HC_EXECUTOR_SERVICE_NAME, Executor.class, shutdownService.getExecutorValue()); | ||
| sb.addDependency(ManagementChannelRegistryService.SERVICE_NAME, ManagementChannelRegistryService.class, shutdownService.getMgmtChannelRegistry()); | ||
| final ServiceBuilder<?> sb = serviceTarget.addService(shutdownName); | ||
| final Supplier<Executor> executorSupplier = sb.requires(HostControllerService.HC_EXECUTOR_SERVICE_NAME); | ||
| final Supplier<ManagementHttpRequestProcessor> processorSupplier = sb.requires(requestProcessorName); | ||
| final Supplier<ManagementChannelRegistryService> registrySupplier = sb.requires(ManagementChannelRegistryService.SERVICE_NAME); | ||
| sb.requires(UndertowHttpManagementService.SERVICE_NAME); | ||
| sb.setInstance(new HttpShutdownService(executorSupplier, processorSupplier, registrySupplier)); | ||
| sb.install(); | ||
|
|
||
| if (commonPolicy.isHttpUpgradeEnabled()) { | ||
| @@ -184,10 +184,10 @@ | ||
| <version.org.jboss.logging.jul-to-slf4j-stub>1.0.1.Final</version.org.jboss.logging.jul-to-slf4j-stub> | ||
| <version.org.jboss.logmanager.jboss-logmanager>2.1.10.Final</version.org.jboss.logmanager.jboss-logmanager> | ||
| <version.org.jboss.logmanager.log4j-jboss-logmanager>1.2.0.Final</version.org.jboss.logmanager.log4j-jboss-logmanager> | ||
| <version.org.jboss.marshalling.jboss-marshalling>2.0.6.Final</version.org.jboss.marshalling.jboss-marshalling> | ||
| <version.org.jboss.marshalling.jboss-marshalling>2.0.7.Final</version.org.jboss.marshalling.jboss-marshalling> | ||
| <version.org.jboss.modules.jboss-modules>1.9.1.Final</version.org.jboss.modules.jboss-modules> | ||
| <version.org.jboss.msc.jboss-msc>1.4.5.Final</version.org.jboss.msc.jboss-msc> | ||
| <version.org.jboss.remoting>5.0.8.Final</version.org.jboss.remoting> | ||
| <version.org.jboss.remoting>5.0.9.Final</version.org.jboss.remoting> | ||
| <version.org.jboss.remotingjmx.remoting-jmx>3.0.1.Final</version.org.jboss.remotingjmx.remoting-jmx> | ||
| <version.org.jboss.shrinkwrap.shrinkwrap>1.2.6</version.org.jboss.shrinkwrap.shrinkwrap> | ||
| <version.org.jboss.slf4j.slf4j-jboss-logmanager>1.0.3.GA</version.org.jboss.slf4j.slf4j-jboss-logmanager> | ||
| @@ -219,8 +219,8 @@ | ||
| <version.org.wildfly.openssl.wildfly-openssl-solaris-x86_64>${version.org.wildfly.openssl.natives}</version.org.wildfly.openssl.wildfly-openssl-solaris-x86_64> | ||
| <version.org.wildfly.openssl.wildfly-openssl-windows-i386>${version.org.wildfly.openssl.natives}</version.org.wildfly.openssl.wildfly-openssl-windows-i386> | ||
| <version.org.wildfly.openssl.wildfly-openssl-windows-x86_64>${version.org.wildfly.openssl.natives}</version.org.wildfly.openssl.wildfly-openssl-windows-x86_64> | ||
| <version.org.wildfly.security.elytron>1.9.0.CR3</version.org.wildfly.security.elytron> | ||
| <version.org.wildfly.security.elytron-web>1.5.0.CR1</version.org.wildfly.security.elytron-web> | ||
| <version.org.wildfly.security.elytron>1.9.0.CR4</version.org.wildfly.security.elytron> | ||
| <version.org.wildfly.security.elytron-web>1.5.0.CR2</version.org.wildfly.security.elytron-web> | ||
| <version.xalan>2.7.1.jbossorg-2</version.xalan> | ||
| <version.xml-resolver>1.2</version.xml-resolver> | ||
| </properties> | ||
Oops, something went wrong.