Skip to content

Commit

Permalink
[JBWS-4048] Misc improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
@asoldano
asoldano committed Jan 11, 2017
1 parent 20fa7e3 commit e5a7915
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 108 deletions.
103 changes: 6 additions & 97 deletions ...ion/src/main/java/org/jboss/as/webservices/security/ElytronSecurityDomainContextImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,7 @@
*/
package org.jboss.as.webservices.security;

import java.io.Serializable;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.Callable;

Expand All @@ -43,8 +38,8 @@

public class ElytronSecurityDomainContextImpl implements SecurityDomainContext {

private SecurityDomain securityDomain;
private ThreadLocal<SecurityIdentity> currentIdentity = new ThreadLocal<SecurityIdentity>();
private final SecurityDomain securityDomain;
private final ThreadLocal<SecurityIdentity> currentIdentity = new ThreadLocal<SecurityIdentity>();

public ElytronSecurityDomainContextImpl(SecurityDomain securityDomain) {
this.securityDomain = securityDomain;
Expand Down Expand Up @@ -85,9 +80,11 @@ public boolean isValid(Principal principal, Object password, Subject subject) {
}

public void runAs(Callable<Void> action) throws Exception {
if (currentIdentity.get() != null) {
final SecurityIdentity ci = currentIdentity.get();
if (ci != null) {
//there is no security constrains in servlet and directly with jaas
currentIdentity.get().runAs(action);
ci.runAs(action);
currentIdentity.set(null);
} else {
//undertow's ElytronRunAsHandler will propagate the SecurityIndentity to SecurityDomain and directly run this action
action.call();
Expand Down Expand Up @@ -124,92 +121,4 @@ private SecurityIdentity authenticate(final String username, final String passwo
}
return null;
}
//TODO:create a util to build subject from SecurityIdentity
public class SimplePrincipal implements Principal, Serializable {
private static final long serialVersionUID = -7703975471290155466L;
private String name;

public SimplePrincipal(String name) {
if (name == null) {
throw new IllegalArgumentException("Principal name can not be null");
}
this.name = name;
}

public String getName() {
return name;
}

public boolean equals(Object obj) {
if (!(obj instanceof SimplePrincipal)) {
return false;
}

return name.equals(((SimplePrincipal) obj).name);
}

public int hashCode() {
return name.hashCode();
}

public String toString() {
return name;
}
}

public class SimpleGroup extends SimplePrincipal implements Group {
private static final long serialVersionUID = -6684520988041121094L;
private Set<Principal> members = new HashSet<Principal>();

public SimpleGroup(String groupName) {
super(groupName);
}

public SimpleGroup(String groupName, Principal member) {
super(groupName);
members.add(member);
}

public boolean isMember(Principal p) {
return members.contains(p);
}

public boolean addMember(Principal p) {
return members.add(p);
}

public Enumeration<? extends Principal> members() {

final Iterator<Principal> it = members.iterator();

return new Enumeration<Principal>() {

public boolean hasMoreElements() {
return it.hasNext();
}

public Principal nextElement() {
return it.next();
}

};
}

public boolean removeMember(Principal p) {
return members.remove(p);
}

public boolean equals(Object obj) {
if (!(obj instanceof SimpleGroup)) {
return false;
}
SimpleGroup other = (SimpleGroup) obj;
return getName().equals(other.getName()) && members.equals(other.members);
}

public int hashCode() {
return getName().hashCode() + 37 * members.hashCode();
}
}

}
28 changes: 17 additions & 11 deletions ...es/server-integration/src/main/java/org/jboss/as/webservices/service/EndpointService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,24 +83,28 @@
* @author <a href="mailto:ema@redhat.com">Jim Ma</a>
*/
public final class EndpointService implements Service<Endpoint> {

static final String ELYTRON_DOMAIN_CAPABILITY_NAME = "org.wildfly.security.security-domain";
static final RuntimeCapability<Void> ELYTRON_DOMAIN_CAPABILITY =
RuntimeCapability.Builder.of(ELYTRON_DOMAIN_CAPABILITY_NAME, true, SecurityDomain.class).build();
public static final String APPLICATION_SECURITY_DOMAIN_CAPABILITY = "org.wildfly.ejb3.application-security-domain";
static final String APPLICATION_SECURITY_DOMAIN_CAPABILITY = "org.wildfly.ejb3.application-security-domain";
static final RuntimeCapability<Void> APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY = RuntimeCapability
.Builder.of(APPLICATION_SECURITY_DOMAIN_CAPABILITY, true, ApplicationSecurityDomain.class)
.build();

private final Endpoint endpoint;
private final ServiceName name;
private final InjectedValue<SecurityDomainContext> securityDomainContextValue = new InjectedValue<SecurityDomainContext>();
private final InjectedValue<AbstractServerConfig> serverConfigServiceValue = new InjectedValue<AbstractServerConfig>();
private final InjectedValue<ApplicationSecurityDomainService.ApplicationSecurityDomain> ejbApplicationSecurityDomainValue = new InjectedValue<ApplicationSecurityDomainService.ApplicationSecurityDomain>();
private final InjectedValue<EJBViewMethodSecurityAttributesService> ejbMethodSecurityAttributeServiceValue = new InjectedValue<EJBViewMethodSecurityAttributesService>();
private final InjectedValue<SecurityDomain> elytronSecurityDomain = new InjectedValue<>();

private EndpointService(final Endpoint endpoint, final ServiceName name) {
this.endpoint = endpoint;
this.name = name;
}

@Override
public Endpoint getValue() {
return endpoint;
Expand All @@ -117,7 +121,8 @@ public static ServiceName getServiceName(final DeploymentUnit unit, final String
@Override
public void start(final StartContext context) throws StartException {
WSLogger.ROOT_LOGGER.starting(name);
if (isElytronSecurityDomain(endpoint)) {
final String domainName = getDeploymentSecurityDomainName(endpoint);
if (isElytronSecurityDomain(endpoint, domainName)) {
if (EndpointType.JAXWS_EJB3.equals(endpoint.getType())) {
endpoint.setSecurityDomainContext(new ElytronSecurityDomainContextImpl(this.ejbApplicationSecurityDomainValue.getValue().getSecurityDomain()));
} else {
Expand Down Expand Up @@ -242,23 +247,23 @@ public static void install(final ServiceTarget serviceTarget, final Endpoint end
final ServiceBuilder<Endpoint> builder = serviceTarget.addService(serviceName, service);
final ServiceName alias = WSServices.ENDPOINT_SERVICE.append(context.toString()).append(propEndpoint);
builder.addAliases(alias);
if (isElytronSecurityDomain(endpoint)) {
final String domainName = getDeploymentSecurityDomainName(endpoint);
if (isElytronSecurityDomain(endpoint, domainName)) {
if (EndpointType.JAXWS_EJB3.equals(endpoint.getType())) {
ServiceName ejbSecurityDomainServiceName = APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY
.getCapabilityServiceName(getDeploymentSecurityDomainName(endpoint),
ApplicationSecurityDomainService.ApplicationSecurityDomain.class);
.getCapabilityServiceName(domainName, ApplicationSecurityDomainService.ApplicationSecurityDomain.class);
builder.addDependency(ejbSecurityDomainServiceName,
ApplicationSecurityDomainService.ApplicationSecurityDomain.class,
service.getEjbApplicationSeruityDomainInjector());
} else {
ServiceName elytronDomainName = ELYTRON_DOMAIN_CAPABILITY.getCapabilityServiceName(
getDeploymentSecurityDomainName(endpoint), SecurityDomain.class);
domainName, SecurityDomain.class);
builder.addDependency(elytronDomainName, SecurityDomain.class, service.getElytronSecurityDomainInjector());
}
} else {
// This is still picketbox jaas securityDomainContext
builder.addDependency(
SecurityDomainService.SERVICE_NAME.append(getDeploymentSecurityDomainName(endpoint)),
SecurityDomainService.SERVICE_NAME.append(domainName),
SecurityDomainContext.class, service.getSecurityDomainContextInjector());
}
builder.addDependency(DependencyType.REQUIRED, WSServices.CONFIG_SERVICE, AbstractServerConfig.class,
Expand Down Expand Up @@ -320,11 +325,12 @@ private static ServiceContainer currentServiceContainer() {
return AccessController.doPrivileged(CurrentServiceContainer.GET_ACTION);
}

private static boolean isElytronSecurityDomain(Endpoint endpoint) {
String domianName = getDeploymentSecurityDomainName(endpoint);
ServiceName serviceName = ELYTRON_DOMAIN_CAPABILITY.getCapabilityServiceName(domianName, SecurityDomain.class);
private static boolean isElytronSecurityDomain(Endpoint endpoint, String domainName) {
final ServiceName serviceName;
if (EndpointType.JAXWS_EJB3.equals(endpoint.getType())) {
serviceName = APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName(domianName, ApplicationSecurityDomainService.ApplicationSecurityDomain.class);
serviceName = APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY.getCapabilityServiceName(domainName, ApplicationSecurityDomainService.ApplicationSecurityDomain.class);
} else {
serviceName = ELYTRON_DOMAIN_CAPABILITY.getCapabilityServiceName(domainName, SecurityDomain.class);
}
return currentServiceContainer().getService(serviceName) != null;
}
Expand Down

0 comments on commit e5a7915

Please sign in to comment.