Skip to content

Commit

Permalink
[WFLY-8323] Don't require legacy security for datasources unless ds c…
Browse files Browse the repository at this point in the history 
…onfig needs it
  • Loading branch information
@bstansberry
bstansberry committed Mar 9, 2017
1 parent bebcbdf commit ba5acb1
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 47 deletions.
45 changes: 21 additions & 24 deletions ...java/org/jboss/as/connector/deployers/datasource/DataSourceDefinitionInjectionSource.java
View file
Expand Up @@ -22,6 +22,16 @@

package org.jboss.as.connector.deployers.datasource;

import static org.jboss.as.connector.logging.ConnectorLogger.SUBSYSTEM_DATASOURCES_LOGGER;
import static org.jboss.as.connector.subsystems.jca.Constants.DEFAULT_NAME;

import java.lang.reflect.Method;
import java.sql.Connection;
import java.util.Iterator;
import java.util.Map;

import javax.sql.XADataSource;

import org.jboss.as.connector.logging.ConnectorLogger;
import org.jboss.as.connector.metadata.ds.DsSecurityImpl;
import org.jboss.as.connector.services.driver.registry.DriverRegistry;
Expand All @@ -32,7 +42,6 @@
import org.jboss.as.connector.subsystems.datasources.ModifiableXaDataSource;
import org.jboss.as.connector.subsystems.datasources.XaDataSourceService;
import org.jboss.as.connector.util.ConnectorServices;
import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.ee.component.Attachments;
import org.jboss.as.ee.component.EEModuleDescription;
import org.jboss.as.ee.resource.definition.ResourceDefinitionInjectionSource;
Expand All @@ -41,9 +50,6 @@
import org.jboss.as.naming.deployment.ContextNames;
import org.jboss.as.naming.service.BinderService;
import org.jboss.as.naming.service.NamingService;
import org.jboss.as.security.deployment.SecurityAttachments;
import org.jboss.as.security.service.SimpleSecurityManagerService;
import org.jboss.as.security.service.SubjectFactoryService;
import org.jboss.as.server.Services;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.DeploymentUnit;
Expand All @@ -67,17 +73,6 @@
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.jboss.security.SubjectFactory;

import javax.sql.XADataSource;

import java.lang.reflect.Method;
import java.sql.Connection;
import java.util.Iterator;
import java.util.Map;

import static org.jboss.as.connector.logging.ConnectorLogger.SUBSYSTEM_DATASOURCES_LOGGER;
import static org.jboss.as.connector.subsystems.jca.Constants.DEFAULT_NAME;

/**
* A binding description for DataSourceDefinition annotations.
Expand Down Expand Up @@ -139,7 +134,6 @@ public void getResourceValue(final ResolutionContext context, final ServiceBuild
final String poolName = uniqueName(context, jndiName);
final ContextNames.BindInfo bindInfo = ContextNames.bindInfoForEnvEntry(context.getApplicationName(), context.getModuleName(), context.getComponentName(), !context.isCompUsesModule(), jndiName);
final DeploymentReflectionIndex reflectionIndex = deploymentUnit.getAttachment(org.jboss.as.server.deployment.Attachments.REFLECTION_INDEX);
final boolean securityEnabled = phaseContext.getDeploymentUnit().hasAttachment(SecurityAttachments.SECURITY_ENABLED);
try {
final Class<?> clazz = module.getClassLoader().loadClass(className);

Expand All @@ -162,7 +156,7 @@ public void getResourceValue(final ResolutionContext context, final ServiceBuild
xaPool, null);
final XaDataSourceService xds = new XaDataSourceService(bindInfo.getBinderServiceName().getCanonicalName(), bindInfo, module.getClassLoader());
xds.getDataSourceConfigInjector().inject(dataSource);
startDataSource(xds, bindInfo, eeModuleDescription, context, phaseContext.getServiceTarget(), serviceBuilder, injector, securityEnabled);
startDataSource(xds, bindInfo, eeModuleDescription, context, phaseContext.getServiceTarget(), serviceBuilder, injector);
} else {
final DsPoolImpl commonPool = new DsPoolImpl(minPoolSize < 0 ? Defaults.MIN_POOL_SIZE : Integer.valueOf(minPoolSize),
initialPoolSize < 0 ? Defaults.INITIAL_POOL_SIZE : Integer.valueOf(initialPoolSize),
Expand All @@ -173,7 +167,7 @@ public void getResourceValue(final ResolutionContext context, final ServiceBuild
transactional, Defaults.CONNECTABLE, Defaults.TRACKING, Defaults.MCP, Defaults.ENLISTMENT_TRACE, commonPool);
final LocalDataSourceService ds = new LocalDataSourceService(bindInfo.getBinderServiceName().getCanonicalName(), bindInfo, module.getClassLoader());
ds.getDataSourceConfigInjector().inject(dataSource);
startDataSource(ds, bindInfo, eeModuleDescription, context, phaseContext.getServiceTarget(), serviceBuilder, injector, securityEnabled);
startDataSource(ds, bindInfo, eeModuleDescription, context, phaseContext.getServiceTarget(), serviceBuilder, injector);
}

} catch (Exception e) {
Expand Down Expand Up @@ -220,7 +214,7 @@ private void startDataSource(final AbstractDataSourceService dataSourceService,
final EEModuleDescription moduleDescription,
final ResolutionContext context,
final ServiceTarget serviceTarget,
final ServiceBuilder valueSourceServiceBuilder, final Injector<ManagedReferenceFactory> injector, boolean securityEnabled) {
final ServiceBuilder valueSourceServiceBuilder, final Injector<ManagedReferenceFactory> injector) {

final ServiceName dataSourceServiceName = AbstractDataSourceService.getServiceName(bindInfo);
final ServiceBuilder<?> dataSourceServiceBuilder =
Expand All @@ -229,7 +223,6 @@ private void startDataSource(final AbstractDataSourceService dataSourceService,
dataSourceService.getExecutorServiceInjector(), false)
.addDependency(ConnectorServices.IRONJACAMAR_MDR, MetadataRepository.class, dataSourceService.getMdrInjector())
.addDependency(ConnectorServices.RA_REPOSITORY_SERVICE, ResourceAdapterRepository.class, dataSourceService.getRaRepositoryInjector())
.addDependency(SimpleSecurityManagerService.SERVICE_NAME, ServerSecurityManager.class, dataSourceService.getServerSecurityManager())
.addDependency(ConnectorServices.BOOTSTRAP_CONTEXT_SERVICE.append(DEFAULT_NAME))
.addDependency(ConnectorServices.TRANSACTION_INTEGRATION_SERVICE, TransactionIntegration.class,
dataSourceService.getTransactionIntegrationInjector())
Expand All @@ -239,10 +232,14 @@ private void startDataSource(final AbstractDataSourceService dataSourceService,
.addDependency(ConnectorServices.JDBC_DRIVER_REGISTRY_SERVICE, DriverRegistry.class,
dataSourceService.getDriverRegistryInjector()).addDependency(NamingService.SERVICE_NAME);

if(securityEnabled) {
dataSourceServiceBuilder.addDependency(SubjectFactoryService.SERVICE_NAME, SubjectFactory.class,
dataSourceService.getSubjectFactoryInjector());
}
// We don't need to inject legacy security subsystem services. They are only used with a configured legacy
// security domain, and the annotation does not support configuring that
// if(securityEnabled) {
// dataSourceServiceBuilder.addDependency(SimpleSecurityManagerService.SERVICE_NAME, ServerSecurityManager.class,
// dataSourceService.getServerSecurityManager());
// dataSourceServiceBuilder.addDependency(SubjectFactoryService.SERVICE_NAME, SubjectFactory.class,
// dataSourceService.getSubjectFactoryInjector());
// }


final DataSourceReferenceFactoryService referenceFactoryService = new DataSourceReferenceFactoryService();
Expand Down
29 changes: 21 additions & 8 deletions .../java/org/jboss/as/connector/deployers/ds/processors/DsXmlDeploymentInstallProcessor.java
View file
Expand Up @@ -31,6 +31,7 @@
import java.util.Map;

import org.jboss.as.connector.logging.ConnectorLogger;
import org.jboss.as.connector.metadata.api.common.SecurityMetadata;
import org.jboss.as.connector.metadata.api.ds.DsSecurity;
import org.jboss.as.connector.services.datasources.statistics.DataSourceStatisticsService;
import org.jboss.as.connector.services.driver.registry.DriverRegistry;
Expand Down Expand Up @@ -124,7 +125,7 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro

final List<DataSources> dataSourcesList = deploymentUnit.getAttachmentList(DsXmlDeploymentParsingProcessor.DATA_SOURCES_ATTACHMENT_KEY);

final boolean securityEnabled = phaseContext.getDeploymentUnit().hasAttachment(SecurityAttachments.SECURITY_ENABLED);
final boolean legacySecurityPresent = phaseContext.getDeploymentUnit().hasAttachment(SecurityAttachments.SECURITY_ENABLED);

for(DataSources dataSources : dataSourcesList) {
if (dataSources.getDrivers() != null && dataSources.getDrivers().size() > 0) {
Expand All @@ -144,8 +145,10 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro
final String dsName = ds.getJndiName();
final PathAddress addr = getDataSourceAddress(dsName, deploymentUnit, false);
installManagementModel(ds, deploymentUnit, addr);
// TODO why have we been ignoring a configured legacy security domain but no legacy security present?
boolean useLegacySecurity = legacySecurityPresent && isLegacySecurityRequired(ds.getSecurity());
startDataSource(lds, jndiName, ds.getDriver(), serviceTarget,
getRegistration(false, deploymentUnit), getResource(dsName, false, deploymentUnit), dsName, securityEnabled, ds.isJTA());
getRegistration(false, deploymentUnit), getResource(dsName, false, deploymentUnit), dsName, useLegacySecurity, ds.isJTA());
} catch (Exception e) {
throw ConnectorLogger.ROOT_LOGGER.exceptionDeployingDatasource(e, ds.getJndiName());
}
Expand All @@ -166,8 +169,10 @@ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitPro
final String dsName = xads.getJndiName();
final PathAddress addr = getDataSourceAddress(dsName, deploymentUnit, true);
installManagementModel(xads, deploymentUnit, addr);
// TODO why have we been ignoring a configured legacy security domain but no legacy security present?
boolean useLegacySecurity = legacySecurityPresent && isLegacySecurityRequired(xads.getSecurity());
startDataSource(xds, jndiName, xads.getDriver(), serviceTarget,
getRegistration(true, deploymentUnit), getResource(dsName, true, deploymentUnit), dsName, securityEnabled, true);
getRegistration(true, deploymentUnit), getResource(dsName, true, deploymentUnit), dsName, useLegacySecurity, true);

} catch (Exception e) {
throw ConnectorLogger.ROOT_LOGGER.exceptionDeployingDatasource(e, xads.getJndiName());
Expand Down Expand Up @@ -284,7 +289,8 @@ private void startDataSource(final AbstractDataSourceService dataSourceService,
final ServiceTarget serviceTarget,
final ManagementResourceRegistration registration,
final Resource resource,
final String managementName, boolean securityEnabled,
final String managementName,
boolean requireLegacySecurity,
final boolean isTransactional) {

final ContextNames.BindInfo bindInfo = ContextNames.bindInfoFor(jndiName);
Expand All @@ -296,7 +302,6 @@ private void startDataSource(final AbstractDataSourceService dataSourceService,
dataSourceService.getExecutorServiceInjector(), false)
.addDependency(ConnectorServices.IRONJACAMAR_MDR, MetadataRepository.class, dataSourceService.getMdrInjector())
.addDependency(ConnectorServices.RA_REPOSITORY_SERVICE, ResourceAdapterRepository.class, dataSourceService.getRaRepositoryInjector())
.addDependency(SimpleSecurityManagerService.SERVICE_NAME, ServerSecurityManager.class, dataSourceService.getServerSecurityManager())
.addDependency(ConnectorServices.BOOTSTRAP_CONTEXT_SERVICE.append(DEFAULT_NAME))
.addDependency(ConnectorServices.TRANSACTION_INTEGRATION_SERVICE, TransactionIntegration.class,
dataSourceService.getTransactionIntegrationInjector())
Expand All @@ -306,8 +311,9 @@ private void startDataSource(final AbstractDataSourceService dataSourceService,
.addDependency(ConnectorServices.JDBC_DRIVER_REGISTRY_SERVICE, DriverRegistry.class,
dataSourceService.getDriverRegistryInjector()).addDependency(NamingService.SERVICE_NAME);

if(securityEnabled) {
// FIXME
if (requireLegacySecurity) {
dataSourceServiceBuilder.addDependency(SimpleSecurityManagerService.SERVICE_NAME, ServerSecurityManager.class,
dataSourceService.getServerSecurityManager());
dataSourceServiceBuilder.addDependency(SubjectFactoryService.SERVICE_NAME, SubjectFactory.class,
dataSourceService.getSubjectFactoryInjector());
}
Expand Down Expand Up @@ -432,5 +438,12 @@ private ManagementResourceRegistration getRegistration(final boolean xa, final D
}
}


private static boolean isLegacySecurityRequired(org.jboss.jca.common.api.metadata.ds.DsSecurity config) {
boolean result = config instanceof SecurityMetadata && !((SecurityMetadata) config).isElytronEnabled();
if (result) {
String domain = config.getSecurityDomain();
result = domain != null && domain.trim().length() > 0;
}
return result;
}
}
40 changes: 25 additions & 15 deletions ...or/src/main/java/org/jboss/as/connector/subsystems/datasources/AbstractDataSourceAdd.java
View file
Expand Up @@ -31,6 +31,7 @@
import static org.jboss.as.connector.subsystems.datasources.Constants.JTA;
import static org.jboss.as.connector.subsystems.datasources.Constants.RECOVERY_AUTHENTICATION_CONTEXT;
import static org.jboss.as.connector.subsystems.datasources.Constants.RECOVERY_ELYTRON_ENABLED;
import static org.jboss.as.connector.subsystems.datasources.Constants.RECOVERY_SECURITY_DOMAIN;
import static org.jboss.as.connector.subsystems.datasources.Constants.SECURITY_DOMAIN;
import static org.jboss.as.connector.subsystems.datasources.Constants.STATISTICS_ENABLED;
import static org.jboss.as.connector.subsystems.datasources.Constants.USERNAME;
Expand Down Expand Up @@ -206,6 +207,7 @@ void firstRuntimeStep(OperationContext context, ModelNode operation, ModelNode m
dataSourceService.getDriverInjector());

// If the authentication context is defined, add the capability
boolean requireLegacySecurity = false;
if (ELYTRON_ENABLED.resolveModelAttribute(context, model).asBoolean()) {
if (model.hasDefined(AUTHENTICATION_CONTEXT.getName())) {
dataSourceServiceBuilder.addDependency(
Expand All @@ -218,25 +220,33 @@ void firstRuntimeStep(OperationContext context, ModelNode operation, ModelNode m
);
}
} else {
dataSourceServiceBuilder.addDependency(SubjectFactoryService.SERVICE_NAME, SubjectFactory.class,
dataSourceService.getSubjectFactoryInjector())
.addDependency(SimpleSecurityManagerService.SERVICE_NAME, ServerSecurityManager.class, dataSourceService.getServerSecurityManager());


String secDomain = SECURITY_DOMAIN.resolveModelAttribute(context, model).asStringOrNull();
requireLegacySecurity = (secDomain != null && secDomain.length() > 0) ;
}
if (isXa() && RECOVERY_ELYTRON_ENABLED.resolveModelAttribute(context, model).asBoolean()) {
if (model.hasDefined(RECOVERY_AUTHENTICATION_CONTEXT.getName())) {
dataSourceServiceBuilder.addDependency(
context.getCapabilityServiceName(
Capabilities.AUTHENTICATION_CONTEXT_CAPABILITY,
RECOVERY_AUTHENTICATION_CONTEXT.resolveModelAttribute(context, model).asString(),
AuthenticationContext.class),
AuthenticationContext.class,
dataSourceService.getRecoveryAuthenticationContext()
);

if (isXa()) {
if (RECOVERY_ELYTRON_ENABLED.resolveModelAttribute(context, model).asBoolean()) {
if (model.hasDefined(RECOVERY_AUTHENTICATION_CONTEXT.getName())) {
dataSourceServiceBuilder.addDependency(
context.getCapabilityServiceName(
Capabilities.AUTHENTICATION_CONTEXT_CAPABILITY,
RECOVERY_AUTHENTICATION_CONTEXT.resolveModelAttribute(context, model).asString(),
AuthenticationContext.class),
AuthenticationContext.class,
dataSourceService.getRecoveryAuthenticationContext()
);
}
} else if (!requireLegacySecurity) {
String secDomain = RECOVERY_SECURITY_DOMAIN.resolveModelAttribute(context, model).asStringOrNull();
requireLegacySecurity = (secDomain != null && secDomain.length() > 0);
}
}

if (requireLegacySecurity) {
dataSourceServiceBuilder.addDependency(SubjectFactoryService.SERVICE_NAME, SubjectFactory.class, dataSourceService.getSubjectFactoryInjector())
.addDependency(SimpleSecurityManagerService.SERVICE_NAME, ServerSecurityManager.class, dataSourceService.getServerSecurityManager());
}

ModelNode credentialReference = Constants.CREDENTIAL_REFERENCE.resolveModelAttribute(context, model);
if (credentialReference.isDefined()) {
dataSourceService.getCredentialSourceSupplierInjector()
Expand Down

0 comments on commit ba5acb1

Please sign in to comment.