Skip to content

Commit

Permalink
[WFLY-4582] Move to Remoting 5 based APIs
Browse files Browse the repository at this point in the history
  • Loading branch information
@fjuma @kabir
fjuma authored and kabir committed Nov 9, 2016
1 parent dd1a9ba commit a9d099c
Show file tree
Hide file tree
Showing 8 changed files with 80 additions and 77 deletions.
23 changes: 15 additions & 8 deletions appclient/src/main/java/org/jboss/as/appclient/service/LazyConnectionContextSelector.java
View file
Expand Up @@ -22,6 +22,8 @@


package org.jboss.as.appclient.service; package org.jboss.as.appclient.service;


import static java.security.AccessController.doPrivileged;

import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
Expand All @@ -36,9 +38,10 @@
import org.jboss.ejb.client.remoting.IoFutureHelper; import org.jboss.ejb.client.remoting.IoFutureHelper;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.Endpoint; import org.jboss.remoting3.Endpoint;
import org.jboss.remoting3.Remoting; import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.jboss.remoting3.remote.HttpUpgradeConnectionProviderFactory; import org.wildfly.security.auth.client.AuthenticationContext;
import org.jboss.remoting3.remote.RemoteConnectionProviderFactory; import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
import org.wildfly.security.auth.client.MatchRule;
import org.wildfly.security.manager.WildFlySecurityManager; import org.wildfly.security.manager.WildFlySecurityManager;
import org.xnio.IoFuture; import org.xnio.IoFuture;
import org.xnio.IoUtils; import org.xnio.IoUtils;
Expand All @@ -54,6 +57,8 @@
*/ */
public class LazyConnectionContextSelector implements ContextSelector<EJBClientContext> { public class LazyConnectionContextSelector implements ContextSelector<EJBClientContext> {


private static final AuthenticationContextConfigurationClient AUTH_CONFIGURATION_CLIENT = doPrivileged(AuthenticationContextConfigurationClient.ACTION);

private final String hostUrl; private final String hostUrl;
private final CallbackHandler callbackHandler; private final CallbackHandler callbackHandler;
private final ClassLoader classLoader; private final ClassLoader classLoader;
Expand All @@ -73,13 +78,15 @@ public LazyConnectionContextSelector(final String hostUrl, final CallbackHandler


private synchronized void createConnection() { private synchronized void createConnection() {
try { try {
endpoint = Remoting.createEndpoint("endpoint", OptionMap.EMPTY); final URI uri = new URI(hostUrl);
endpoint.addConnectionProvider("remote", new RemoteConnectionProviderFactory(), OptionMap.create(Options.SSL_ENABLED, Boolean.FALSE)); AuthenticationContext captured = AuthenticationContext.captureCurrent();
endpoint.addConnectionProvider("http-remoting", new HttpUpgradeConnectionProviderFactory(), OptionMap.create(Options.SSL_ENABLED, Boolean.FALSE)); AuthenticationConfiguration mergedConfiguration = AUTH_CONFIGURATION_CLIENT.getAuthenticationConfiguration(uri, captured);
endpoint.addConnectionProvider("https-remoting", new HttpUpgradeConnectionProviderFactory(), OptionMap.create(Options.SSL_ENABLED, Boolean.TRUE)); if (callbackHandler != null) mergedConfiguration = mergedConfiguration.useCallbackHandler(callbackHandler);
final AuthenticationContext context = AuthenticationContext.empty().with(MatchRule.ALL, mergedConfiguration);


// open a connection // open a connection
final IoFuture<Connection> futureConnection = endpoint.connect(new URI(hostUrl), OptionMap.create(Options.SASL_POLICY_NOANONYMOUS, Boolean.FALSE, Options.SASL_POLICY_NOPLAINTEXT, Boolean.FALSE), callbackHandler); endpoint = Endpoint.getCurrent();
final IoFuture<Connection> futureConnection = endpoint.connect(uri, OptionMap.create(Options.SASL_POLICY_NOANONYMOUS, Boolean.FALSE, Options.SASL_POLICY_NOPLAINTEXT, Boolean.FALSE), context);
connection = IoFutureHelper.get(futureConnection, 30L, TimeUnit.SECONDS); connection = IoFutureHelper.get(futureConnection, 30L, TimeUnit.SECONDS);


final EJBClientContext ejbClientContext = EJBClientContext.create(classLoader); final EJBClientContext ejbClientContext = EJBClientContext.create(classLoader);
Expand Down
21 changes: 15 additions & 6 deletions security/api/src/main/java/org/jboss/as/security/api/ConnectionSecurityContext.java
View file
Expand Up @@ -25,16 +25,20 @@
import java.security.Principal; import java.security.Principal;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet;
import java.util.stream.StreamSupport;


import javax.security.auth.Subject; import javax.security.auth.Subject;


import org.jboss.as.core.security.SubjectUserInfo; import org.jboss.as.core.security.RealmGroup;
import org.jboss.as.core.security.RealmRole;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.security.remoting.RemotingContext; import org.jboss.as.security.remoting.RemotingContext;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.security.UserInfo;
import org.jboss.security.SecurityContext; import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation; import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory; import org.jboss.security.SecurityContextFactory;
import org.wildfly.security.auth.server.SecurityIdentity;


/** /**
* Utility class to allow inspection and replacement of identity associated with the Connection. * Utility class to allow inspection and replacement of identity associated with the Connection.
Expand Down Expand Up @@ -63,10 +67,15 @@ public static Collection<Principal> getConnectionPrincipals() {
Connection con = RemotingContext.getConnection(); Connection con = RemotingContext.getConnection();


if (con != null) { if (con != null) {
UserInfo userInfo = con.getUserInfo(); Collection<Principal> principals = new HashSet<>();
if (userInfo instanceof SubjectUserInfo) { SecurityIdentity localIdentity = con.getLocalIdentity();
SubjectUserInfo sinfo = (SubjectUserInfo) userInfo; if (localIdentity != null) {
return sinfo.getPrincipals(); principals.add(new RealmUser(localIdentity.getPrincipal().getName()));
StreamSupport.stream(localIdentity.getRoles().spliterator(), true).forEach((String role) -> {
principals.add(new RealmGroup(role));
principals.add(new RealmRole(role));
});
return principals;
} else { } else {
return Collections.emptySet(); return Collections.emptySet();
} }
Expand Down
23 changes: 17 additions & 6 deletions .../subsystem/src/main/java/org/jboss/as/security/remoting/RemotingConnectionCredential.java
View file
Expand Up @@ -24,11 +24,17 @@


package org.jboss.as.security.remoting; package org.jboss.as.security.remoting;


import java.security.Principal;
import java.util.Set;
import java.util.stream.StreamSupport;

import javax.security.auth.Subject; import javax.security.auth.Subject;


import org.jboss.as.core.security.SubjectUserInfo; import org.jboss.as.core.security.RealmGroup;
import org.jboss.as.core.security.RealmRole;
import org.jboss.as.core.security.RealmUser;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.security.UserInfo; import org.wildfly.security.auth.server.SecurityIdentity;


/** /**
* A Credential wrapping a Remoting {@link Connection}. * A Credential wrapping a Remoting {@link Connection}.
Expand All @@ -42,10 +48,15 @@ public final class RemotingConnectionCredential {


public RemotingConnectionCredential(final Connection connection) { public RemotingConnectionCredential(final Connection connection) {
this.connection = connection; this.connection = connection;
Subject subject = null; Subject subject = new Subject();
UserInfo userInfo = connection.getUserInfo(); SecurityIdentity localIdentity = connection.getLocalIdentity();
if (userInfo instanceof SubjectUserInfo) { if (localIdentity != null) {
subject = ((SubjectUserInfo) userInfo).getSubject(); Set<Principal> principals = subject.getPrincipals();
principals.add(new RealmUser(localIdentity.getPrincipal().getName()));
StreamSupport.stream(localIdentity.getRoles().spliterator(), true).forEach((String role) -> {
principals.add(new RealmGroup(role));
principals.add(new RealmRole(role));
});
} }
this.subject = subject; this.subject = subject;
} }
Expand Down
12 changes: 4 additions & 8 deletions ...y/subsystem/src/main/java/org/jboss/as/security/remoting/RemotingConnectionPrincipal.java
View file
Expand Up @@ -23,11 +23,10 @@
package org.jboss.as.security.remoting; package org.jboss.as.security.remoting;


import java.security.Principal; import java.security.Principal;
import java.util.Collection;


import org.jboss.as.security.logging.SecurityLogger; import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.security.UserPrincipal; import org.wildfly.security.auth.server.SecurityIdentity;


/** /**
* A {@link Principal} implementation to wrap a Remoting {@link Connection} and represent the identity authenticated against that Connection. * A {@link Principal} implementation to wrap a Remoting {@link Connection} and represent the identity authenticated against that Connection.
Expand All @@ -42,13 +41,10 @@ public final class RemotingConnectionPrincipal implements Principal {


public RemotingConnectionPrincipal(final Connection connection) { public RemotingConnectionPrincipal(final Connection connection) {
this.connection = connection; this.connection = connection;
Collection<Principal> principals = connection.getPrincipals(); SecurityIdentity localIdentity = connection.getLocalIdentity();
String userName = null; String userName = null;
for (Principal current : principals) { if (localIdentity != null) {
if (current instanceof UserPrincipal) { userName = localIdentity.getPrincipal().getName();
userName = current.getName();
break;
}
} }
if (userName == null) { if (userName == null) {
throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound(); throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
Expand Down
24 changes: 4 additions & 20 deletions security/subsystem/src/main/java/org/jboss/as/security/remoting/RemotingLoginModule.java
View file
Expand Up @@ -37,13 +37,11 @@
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;


import org.jboss.as.core.security.RealmUser; import org.jboss.as.core.security.RealmUser;
import org.jboss.as.core.security.SubjectUserInfo;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.security.UserInfo;
import org.jboss.remoting3.security.UserPrincipal;
import org.jboss.security.SimpleGroup; import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.callback.ObjectCallback; import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.spi.AbstractServerLoginModule; import org.jboss.security.auth.spi.AbstractServerLoginModule;
import org.wildfly.security.auth.server.SecurityIdentity;


/** /**
* A simple LoginModule to take the UserPrincipal from the inbound Remoting connection and to use it as an already authenticated * A simple LoginModule to take the UserPrincipal from the inbound Remoting connection and to use it as an already authenticated
Expand Down Expand Up @@ -103,23 +101,9 @@ public boolean login() throws LoginException {
Connection con = ((RemotingConnectionCredential) credential).getConnection(); Connection con = ((RemotingConnectionCredential) credential).getConnection();
Principal up = null; Principal up = null;


UserInfo userInfo = con.getUserInfo(); SecurityIdentity localIdentity = con.getLocalIdentity();
if (userInfo instanceof SubjectUserInfo) { if (localIdentity != null) {
for (Principal current : ((SubjectUserInfo) userInfo).getPrincipals()) { up = new RealmUser(localIdentity.getPrincipal().getName());
if (current instanceof RealmUser) {
up = current;
break;
}
}
}

if (up == null) {
for (Principal current : con.getPrincipals()) {
if (current instanceof UserPrincipal) {
up = current;
break;
}
}
} }


// If we found a principal from the connection then authentication succeeded. // If we found a principal from the connection then authentication succeeded.
Expand Down
24 changes: 11 additions & 13 deletions security/subsystem/src/main/java/org/jboss/as/security/service/SimpleSecurityManager.java
View file
Expand Up @@ -40,14 +40,11 @@
import javax.security.jacc.PolicyContext; import javax.security.jacc.PolicyContext;


import org.jboss.as.core.security.ServerSecurityManager; import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.core.security.SubjectUserInfo;
import org.jboss.as.domain.management.security.PasswordCredential;
import org.jboss.as.security.logging.SecurityLogger; import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.as.security.remoting.RemotingConnectionCredential; import org.jboss.as.security.remoting.RemotingConnectionCredential;
import org.jboss.as.security.remoting.RemotingConnectionPrincipal; import org.jboss.as.security.remoting.RemotingConnectionPrincipal;
import org.jboss.metadata.javaee.spec.SecurityRolesMetaData; import org.jboss.metadata.javaee.spec.SecurityRolesMetaData;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.security.UserInfo;
import org.jboss.security.AuthenticationManager; import org.jboss.security.AuthenticationManager;
import org.jboss.security.ISecurityManagement; import org.jboss.security.ISecurityManagement;
import org.jboss.security.RunAs; import org.jboss.security.RunAs;
Expand All @@ -69,6 +66,10 @@
import org.jboss.security.javaee.AbstractEJBAuthorizationHelper; import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
import org.jboss.security.javaee.SecurityHelperFactory; import org.jboss.security.javaee.SecurityHelperFactory;
import org.jboss.security.javaee.SecurityRoleRef; import org.jboss.security.javaee.SecurityRoleRef;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.password.interfaces.ClearPassword;


/** /**
* @author <a href="mailto:cdewolf@redhat.com">Carlo de Wolf</a> * @author <a href="mailto:cdewolf@redhat.com">Carlo de Wolf</a>
Expand Down Expand Up @@ -298,19 +299,16 @@ public void push(final String securityDomain) {
SecurityContextUtil util = current.getUtil(); SecurityContextUtil util = current.getUtil();


Connection connection = SecurityActions.remotingContextGetConnection(); Connection connection = SecurityActions.remotingContextGetConnection();
UserInfo userInfo = connection.getUserInfo();
Principal p = null; Principal p = null;
Object credential = null; Object credential = null;


if (userInfo instanceof SubjectUserInfo) { SecurityIdentity localIdentity = connection.getLocalIdentity();
SubjectUserInfo sinfo = (SubjectUserInfo) userInfo; if (localIdentity != null) {
Subject subject = sinfo.getSubject(); p = new SimplePrincipal(localIdentity.getPrincipal().getName());

IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
Set<PasswordCredential> pcSet = subject.getPrivateCredentials(PasswordCredential.class); PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
if (pcSet.size() > 0) { if (passwordCredential != null) {
PasswordCredential pc = pcSet.iterator().next(); credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
p = new SimplePrincipal(pc.getUserName());
credential = new String(pc.getCredential());
} }
} }


Expand Down
15 changes: 4 additions & 11 deletions ...oss/as/test/integration/ejb/container/interceptor/security/ServerSecurityInterceptor.java
View file
Expand Up @@ -30,15 +30,14 @@
import java.util.Map; import java.util.Map;


import org.jboss.as.core.security.RealmUser; import org.jboss.as.core.security.RealmUser;
import org.jboss.as.core.security.SubjectUserInfo;
import org.jboss.as.security.remoting.RemotingContext; import org.jboss.as.security.remoting.RemotingContext;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.security.UserInfo;
import org.jboss.security.SecurityContext; import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation; import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory; import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SimplePrincipal; import org.jboss.security.SimplePrincipal;
import org.wildfly.security.auth.server.SecurityIdentity;


/** /**
* The server side security interceptor responsible for handling any security identity propagated from the client. * The server side security interceptor responsible for handling any security identity propagated from the client.
Expand All @@ -64,15 +63,9 @@ public Object aroundInvoke(final InvocationContext invocationContext) throws Exc
Connection con = RemotingContext.getConnection(); Connection con = RemotingContext.getConnection();


if (con != null) { if (con != null) {
UserInfo userInfo = con.getUserInfo(); SecurityIdentity localIdentity = con.getLocalIdentity();
if (userInfo instanceof SubjectUserInfo) { if (localIdentity != null) {
SubjectUserInfo sinfo = (SubjectUserInfo) userInfo; connectionUser = new RealmUser(localIdentity.getPrincipal().getName());
for (Principal current : sinfo.getPrincipals()) {
if (current instanceof RealmUser) {
connectionUser = (RealmUser) current;
break;
}
}
} }


} else { } else {
Expand Down
15 changes: 10 additions & 5 deletions ...integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/AnnSBTest.java
View file
Expand Up @@ -52,13 +52,15 @@
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.remoting3.Connection; import org.jboss.remoting3.Connection;
import org.jboss.remoting3.Endpoint; import org.jboss.remoting3.Endpoint;
import org.jboss.remoting3.Remoting;
import org.jboss.remoting3.remote.HttpUpgradeConnectionProviderFactory; import org.jboss.remoting3.remote.HttpUpgradeConnectionProviderFactory;
import org.jboss.remoting3.remote.RemoteConnectionProviderFactory; import org.jboss.remoting3.remote.RemoteConnectionProviderFactory;
import org.jboss.shrinkwrap.api.Archive; import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.ShrinkWrap; import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.JavaArchive; import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.Assert; import org.junit.Assert;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.MatchRule;
import org.xnio.IoFuture; import org.xnio.IoFuture;
import org.xnio.OptionMap; import org.xnio.OptionMap;
import org.xnio.Options; import org.xnio.Options;
Expand Down Expand Up @@ -286,9 +288,7 @@ public void testSingleMethodAnnotationsUser2Template(final String MODULE, final


protected ContextSelector<EJBClientContext> setupEJBClientContextSelector(String username, String password) throws IOException { protected ContextSelector<EJBClientContext> setupEJBClientContextSelector(String username, String password) throws IOException {
// create the endpoint // create the endpoint
final Endpoint endpoint = Remoting.createEndpoint("remoting-test", OptionMap.create(Options.THREAD_DAEMON, true)); final Endpoint endpoint = Endpoint.getCurrent();
endpoint.addConnectionProvider("remote", new RemoteConnectionProviderFactory(), OptionMap.create(Options.SSL_ENABLED, false));
endpoint.addConnectionProvider("http-remoting", new HttpUpgradeConnectionProviderFactory(), OptionMap.create(Options.SSL_ENABLED, false));
final URI connectionURI = managementClient.getRemoteEjbURL(); final URI connectionURI = managementClient.getRemoteEjbURL();


OptionMap.Builder builder = OptionMap.builder().set(Options.SASL_POLICY_NOANONYMOUS, true); OptionMap.Builder builder = OptionMap.builder().set(Options.SASL_POLICY_NOANONYMOUS, true);
Expand All @@ -299,7 +299,12 @@ protected ContextSelector<EJBClientContext> setupEJBClientContextSelector(String
builder.set(Options.SASL_MECHANISMS, Sequence.of("JBOSS-LOCAL-USER")); builder.set(Options.SASL_MECHANISMS, Sequence.of("JBOSS-LOCAL-USER"));
} }


final IoFuture<Connection> futureConnection = endpoint.connect(connectionURI, builder.getMap(), new AuthenticationCallbackHandler(username, password)); final AuthenticationContext authenticationContext = AuthenticationContext.empty()
.with(
MatchRule.ALL,
AuthenticationConfiguration.EMPTY
.useCallbackHandler(new AuthenticationCallbackHandler(username, password)));
final IoFuture<Connection> futureConnection = endpoint.connect(connectionURI, builder.getMap(), authenticationContext);
// wait for the connection to be established // wait for the connection to be established
final Connection connection = IoFutureHelper.get(futureConnection, 5000, TimeUnit.MILLISECONDS); final Connection connection = IoFutureHelper.get(futureConnection, 5000, TimeUnit.MILLISECONDS);
// create a remoting EJB receiver for this connection // create a remoting EJB receiver for this connection
Expand Down

0 comments on commit a9d099c

Please sign in to comment.