Permalink
Comparing changes
Open a pull request
- 2 commits
- 5 files changed
- 0 commit comments
- 2 contributors
Unified
Split
Showing
with
185 additions
and 286 deletions.
- +9 −0 domain-management/src/main/java/org/jboss/as/domain/management/SecurityRealm.java
- +29 −36 host-controller/src/main/java/org/jboss/as/host/controller/operations/HttpManagementAddHandler.java
- +19 −27 server/src/main/java/org/jboss/as/server/mgmt/HttpShutdownService.java
- +97 −182 server/src/main/java/org/jboss/as/server/mgmt/UndertowHttpManagementService.java
- +31 −41 server/src/main/java/org/jboss/as/server/operations/HttpManagementAddHandler.java
| @@ -24,6 +24,7 @@ | ||
|
|
||
| import java.util.Map; | ||
| import java.util.Set; | ||
| import java.util.function.Supplier; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
| import javax.security.auth.Subject; | ||
| @@ -40,6 +41,7 @@ | ||
| * Interface to the security realm. | ||
| * | ||
| * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> | ||
| * @author <a href="mailto:ropalka@redhat.com">Richard Opalka</a> | ||
| */ | ||
| public interface SecurityRealm { | ||
|
|
||
| @@ -134,10 +136,17 @@ public static ServiceName createServiceName(final String realmName) { | ||
| return SecurityRealmResourceDefinition.MANAGEMENT_SECURITY_REALM_CAPABILITY.getCapabilityServiceName(realmName); | ||
| } | ||
|
|
||
| /** | ||
| * @deprecated use {@link #requires(ServiceBuilder, String)} method instead | ||
| */ | ||
| @Deprecated | ||
| public static ServiceBuilder<?> addDependency(ServiceBuilder<?> sb, Injector<SecurityRealm> injector, String realmName) { | ||
| return sb.addDependency(createServiceName(realmName), SecurityRealm.class, injector); | ||
| } | ||
|
|
||
| public static Supplier<SecurityRealm> requires(final ServiceBuilder<?> sb, final String realmName) { | ||
| return sb.requires(createServiceName(realmName)); | ||
| } | ||
| } | ||
|
|
||
| } | ||
| @@ -31,6 +31,8 @@ | ||
| import java.util.Collections; | ||
| import java.util.List; | ||
| import java.util.concurrent.Executor; | ||
| import java.util.function.Consumer; | ||
| import java.util.function.Supplier; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
|
|
||
| @@ -64,6 +66,7 @@ | ||
| import org.jboss.as.server.mgmt.HttpShutdownService; | ||
| import org.jboss.as.server.mgmt.ManagementWorkerService; | ||
| import org.jboss.as.server.mgmt.UndertowHttpManagementService; | ||
| import org.jboss.as.server.mgmt.domain.HttpManagement; | ||
| import org.jboss.dmr.ModelNode; | ||
| import org.jboss.msc.service.ServiceBuilder; | ||
| import org.jboss.msc.service.ServiceController; | ||
| @@ -77,6 +80,7 @@ | ||
| * | ||
| * @author Jason T. Greene | ||
| * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> | ||
| * @author <a href="mailto:ropalka@redhat.com">Richard Opalka</a> | ||
| */ | ||
| public class HttpManagementAddHandler extends BaseHttpInterfaceAddStepHandler { | ||
|
|
||
| @@ -138,49 +142,38 @@ protected boolean requiresRuntime(OperationContext context) { | ||
| final ServiceName requestProcessorName = UndertowHttpManagementService.SERVICE_NAME.append("requests"); | ||
| HttpManagementRequestsService.installService(requestProcessorName, serviceTarget); | ||
|
|
||
| final UndertowHttpManagementService service = new UndertowHttpManagementService(consoleMode, environment.getProductConfig().getConsoleSlot()); | ||
| service.getPortInjector().inject(port); | ||
| service.getSecurePortInjector().inject(securePort); | ||
| service.getAllowedOriginsInjector().inject(commonPolicy.getAllowedOrigins()); | ||
| CapabilityServiceBuilder<?> builder = serviceTarget.addCapability(EXTENSIBLE_HTTP_MANAGEMENT_CAPABILITY) | ||
| .setInstance(service) | ||
| .addCapabilityRequirement("org.wildfly.network.interface", | ||
| NetworkInterfaceBinding.class, service.getInterfaceInjector(), interfaceName) | ||
| .addCapabilityRequirement("org.wildfly.network.interface", | ||
| NetworkInterfaceBinding.class, service.getSecureInterfaceInjector(), secureInterfaceName) | ||
| .addDependency(DomainModelControllerService.SERVICE_NAME, ModelController.class, service.getModelControllerInjector()) | ||
| .addDependency(ControlledProcessStateService.SERVICE_NAME, ControlledProcessStateService.class, service.getControlledProcessStateServiceInjector()) | ||
| .addDependency(RemotingServices.HTTP_LISTENER_REGISTRY, ListenerRegistry.class, service.getListenerRegistry()) | ||
| .addDependency(requestProcessorName, ManagementHttpRequestProcessor.class, service.getRequestProcessorValue()) | ||
| .addDependency(ManagementWorkerService.SERVICE_NAME, XnioWorker.class, service.getWorker()) | ||
| .addDependency(ExternalManagementRequestExecutor.SERVICE_NAME, Executor.class, service.getManagementExecutor()); | ||
|
|
||
| String httpAuthenticationFactory = commonPolicy.getHttpAuthenticationFactory(); | ||
| String securityRealm = commonPolicy.getSecurityRealm(); | ||
| if (httpAuthenticationFactory != null) { | ||
| builder.addCapabilityRequirement(HTTP_AUTHENTICATION_FACTORY_CAPABILITY, HttpAuthenticationFactory.class, | ||
| service.getHttpAuthenticationFactoryInjector(), httpAuthenticationFactory); | ||
| } else if (securityRealm != null) { | ||
| SecurityRealm.ServiceUtil.addDependency(builder, service.getSecurityRealmInjector(), securityRealm); | ||
| } else { | ||
| final String httpAuthenticationFactory = commonPolicy.getHttpAuthenticationFactory(); | ||
| final String securityRealm = commonPolicy.getSecurityRealm(); | ||
| final String sslContext = commonPolicy.getSSLContext(); | ||
| if (httpAuthenticationFactory == null && securityRealm == null) { | ||
| ROOT_LOGGER.httpManagementInterfaceIsUnsecured(); | ||
| } | ||
| String sslContext = commonPolicy.getSSLContext(); | ||
| if (sslContext != null) { | ||
| builder.addCapabilityRequirement(SSL_CONTEXT_CAPABILITY, SSLContext.class, service.getSSLContextInjector(), sslContext); | ||
| } | ||
|
|
||
| builder.setInitialMode(onDemand ? ServiceController.Mode.ON_DEMAND : ServiceController.Mode.ACTIVE) | ||
| .install(); | ||
| final CapabilityServiceBuilder<?> builder = serviceTarget.addCapability(EXTENSIBLE_HTTP_MANAGEMENT_CAPABILITY); | ||
| final Consumer<HttpManagement> hmConsumer = builder.provides(EXTENSIBLE_HTTP_MANAGEMENT_CAPABILITY.getCapabilityServiceName()); | ||
| final Supplier<ListenerRegistry> lrSupplier = builder.requires(RemotingServices.HTTP_LISTENER_REGISTRY); | ||
| final Supplier<ModelController> mcSupplier = builder.requires(DomainModelControllerService.SERVICE_NAME); | ||
| final Supplier<NetworkInterfaceBinding> ibSupplier = builder.requiresCapability("org.wildfly.network.interface", NetworkInterfaceBinding.class, interfaceName); | ||
| final Supplier<NetworkInterfaceBinding> sibSupplier = builder.requiresCapability("org.wildfly.network.interface", NetworkInterfaceBinding.class, secureInterfaceName); | ||
| final Supplier<ControlledProcessStateService> cpssSupplier = builder.requires(ControlledProcessStateService.SERVICE_NAME); | ||
| final Supplier<ManagementHttpRequestProcessor> rpSupplier = builder.requires(requestProcessorName); | ||
| final Supplier<XnioWorker> xwSupplier = builder.requires(ManagementWorkerService.SERVICE_NAME); | ||
| final Supplier<Executor> eSupplier = builder.requires(ExternalManagementRequestExecutor.SERVICE_NAME); | ||
| final Supplier<HttpAuthenticationFactory> hafSupplier = httpAuthenticationFactory != null ? builder.requiresCapability(HTTP_AUTHENTICATION_FACTORY_CAPABILITY, HttpAuthenticationFactory.class, httpAuthenticationFactory) : null; | ||
| final Supplier<SecurityRealm> srSupplier = securityRealm != null ? SecurityRealm.ServiceUtil.requires(builder, securityRealm) : null; | ||
| final Supplier<SSLContext> scSupplier = sslContext != null ? builder.requiresCapability(SSL_CONTEXT_CAPABILITY, SSLContext.class, sslContext) : null; | ||
| final UndertowHttpManagementService service = new UndertowHttpManagementService(hmConsumer, lrSupplier, mcSupplier, null, null, null, ibSupplier, sibSupplier, cpssSupplier, rpSupplier, xwSupplier, eSupplier, hafSupplier, srSupplier, scSupplier, port, securePort, commonPolicy.getAllowedOrigins(), consoleMode, environment.getProductConfig().getConsoleSlot()); | ||
| builder.setInstance(service); | ||
| builder.setInitialMode(onDemand ? ServiceController.Mode.ON_DEMAND : ServiceController.Mode.ACTIVE).install(); | ||
|
|
||
| // Add service preventing the server from shutting down | ||
| final HttpShutdownService shutdownService = new HttpShutdownService(); | ||
| final ServiceName shutdownName = UndertowHttpManagementService.SERVICE_NAME.append("shutdown"); | ||
| final ServiceBuilder sb = serviceTarget.addService(shutdownName, shutdownService); | ||
| sb.addDependency(requestProcessorName, ManagementHttpRequestProcessor.class, shutdownService.getProcessorValue()); | ||
| sb.addDependency(HostControllerService.HC_EXECUTOR_SERVICE_NAME, Executor.class, shutdownService.getExecutorValue()); | ||
| sb.addDependency(ManagementChannelRegistryService.SERVICE_NAME, ManagementChannelRegistryService.class, shutdownService.getMgmtChannelRegistry()); | ||
| final ServiceBuilder<?> sb = serviceTarget.addService(shutdownName); | ||
| final Supplier<Executor> executorSupplier = sb.requires(HostControllerService.HC_EXECUTOR_SERVICE_NAME); | ||
| final Supplier<ManagementHttpRequestProcessor> processorSupplier = sb.requires(requestProcessorName); | ||
| final Supplier<ManagementChannelRegistryService> registrySupplier = sb.requires(ManagementChannelRegistryService.SERVICE_NAME); | ||
| sb.requires(UndertowHttpManagementService.SERVICE_NAME); | ||
| sb.setInstance(new HttpShutdownService(executorSupplier, processorSupplier, registrySupplier)); | ||
| sb.install(); | ||
|
|
||
| if (commonPolicy.isHttpUpgradeEnabled()) { | ||
| @@ -25,15 +25,15 @@ | ||
| import java.util.concurrent.Executor; | ||
| import java.util.concurrent.RejectedExecutionException; | ||
| import java.util.concurrent.TimeUnit; | ||
| import java.util.function.Supplier; | ||
|
|
||
| import org.jboss.as.domain.http.server.ManagementHttpRequestProcessor; | ||
| import org.jboss.as.remoting.management.ManagementChannelRegistryService; | ||
| import org.jboss.as.remoting.management.ManagementRequestTracker; | ||
| import org.jboss.msc.service.Service; | ||
| import org.jboss.msc.Service; | ||
| import org.jboss.msc.service.StartContext; | ||
| import org.jboss.msc.service.StartException; | ||
| import org.jboss.msc.service.StopContext; | ||
| import org.jboss.msc.value.InjectedValue; | ||
|
|
||
| /** | ||
| * Service preventing the http service from shutting down and closing the channels before | ||
| @@ -47,23 +47,32 @@ | ||
| * was used mgmt operations are now tracked using the {@linkplain ManagementChannelOpenListenerService}. | ||
| * | ||
| * @author Emanuel Muckenhuber | ||
| * @author <a href="mailto:ropalka@redhat.com">Richard Opalka</a> | ||
| */ | ||
| public class HttpShutdownService implements Service<Void> { | ||
| public class HttpShutdownService implements Service { | ||
|
|
||
| private static final long SHUTDOWN_TIMEOUT = 15; | ||
| private static final TimeUnit TIME_UNIT = TimeUnit.SECONDS; | ||
|
|
||
| private final InjectedValue<Executor> executorValue = new InjectedValue<>(); | ||
| private final InjectedValue<ManagementHttpRequestProcessor> processorValue = new InjectedValue<>(); | ||
| private final InjectedValue<ManagementChannelRegistryService> mgmtChannelRegistry = new InjectedValue<>(); | ||
| private final Supplier<Executor> executorSupplier; | ||
| private final Supplier<ManagementHttpRequestProcessor> processorSupplier; | ||
| private final Supplier<ManagementChannelRegistryService> registrySupplier; | ||
|
|
||
| private volatile ManagementRequestTracker trackerService; | ||
|
|
||
| public HttpShutdownService(final Supplier<Executor> executorSupplier, | ||
| final Supplier<ManagementHttpRequestProcessor> processorSupplier, | ||
| final Supplier<ManagementChannelRegistryService> registrySupplier) { | ||
| this.executorSupplier = executorSupplier; | ||
| this.processorSupplier = processorSupplier; | ||
| this.registrySupplier = registrySupplier; | ||
| } | ||
|
|
||
| @Override | ||
| public synchronized void start(StartContext context) throws StartException { | ||
| public synchronized void start(final StartContext context) throws StartException { | ||
| // Register the http request processor on the mgmt request tracker | ||
| final ManagementHttpRequestProcessor processor = processorValue.getValue(); | ||
| trackerService = mgmtChannelRegistry.getValue().getTrackerService(); | ||
| final ManagementHttpRequestProcessor processor = processorSupplier.get(); | ||
| trackerService = registrySupplier.get().getTrackerService(); | ||
| trackerService.registerTracker(processor); | ||
| processor.addShutdownListener(new ManagementHttpRequestProcessor.ShutdownListener() { | ||
| @Override | ||
| @@ -79,7 +88,7 @@ public synchronized void stop(final StopContext context) { | ||
| trackerService.prepareShutdown(); | ||
| context.asynchronous(); | ||
| try { | ||
| executorValue.getValue().execute(new Runnable() { | ||
| executorSupplier.get().execute(new Runnable() { | ||
| @Override | ||
| public void run() { | ||
| try { | ||
| @@ -96,21 +105,4 @@ public void run() { | ||
| context.complete(); | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| public Void getValue() throws IllegalStateException, IllegalArgumentException { | ||
| return null; | ||
| } | ||
|
|
||
| public InjectedValue<Executor> getExecutorValue() { | ||
| return executorValue; | ||
| } | ||
|
|
||
| public InjectedValue<ManagementHttpRequestProcessor> getProcessorValue() { | ||
| return processorValue; | ||
| } | ||
|
|
||
| public InjectedValue<ManagementChannelRegistryService> getMgmtChannelRegistry() { | ||
| return mgmtChannelRegistry; | ||
| } | ||
| } | ||
Oops, something went wrong.