Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * JBoss, Home of Professional Open Source.
   * Copyright 2011, Red Hat, Inc., and individual contributors
   * as indicated by the @author tags. See the copyright.txt file in the
   * distribution for a full listing of individual contributors.
   *
   * This is free software; you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License as
   * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
 package org.jboss.as.security;
 
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.COMPOSITE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.NAME;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.UNDEFINE_ATTRIBUTE_OPERATION;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.VALUE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.WRITE_ATTRIBUTE_OPERATION;
 
 import java.util.List;
 import java.util.Set;
 
The security extension.

Author(s):
Marcus Moyses
Darran Lofthouse
 public class SecurityExtension implements Extension {
 
     public static final ServiceName JBOSS_SECURITY = ..append("security");
 
     public static final String SUBSYSTEM_NAME = "security";
 
     private static final String RESOURCE_NAME = SecurityExtension.class.getPackage().getName() + ".LocalDescriptions";
 
     private static final int MANAGEMENT_API_MAJOR_VERSION = 1;
     private static final int MANAGEMENT_API_MINOR_VERSION = 3;
     private static final int MANAGEMENT_API_MICRO_VERSION = 0;
 
     private static final SecuritySubsystemParser PARSER = SecuritySubsystemParser.getInstance();
     static final PathElement ACL_PATH = PathElement.pathElement(..);
     static final PathElement PATH_JASPI_AUTH = PathElement.pathElement(..);
     static final PathElement SECURITY_DOMAIN_PATH = PathElement.pathElement(.);
     static final PathElement PATH_MAPPING_CLASSIC = PathElement.pathElement(..);
     static final PathElement PATH_AUDIT_CLASSIC = PathElement.pathElement(..);
     static final PathElement VAULT_PATH = PathElement.pathElement(..);
     static final PathElement JSSE_PATH = PathElement.pathElement(..);
     private static final PathAddressTransformer CURRENT_PATH_TRANSFORMER = new PathAddressTransformer() {
        @Override
        public PathAddress transform(PathElement currentBuilder builder) {
            return builder.getCurrent();
        }
    };
        return new StandardResourceDescriptionResolver(keyPrefixSecurityExtension.class.getClassLoader(), truetrue);
    }
        StringBuilder prefix = new StringBuilder();
        for (String kp : keyPrefix) {
            if (prefix.length() > 0) {
                prefix.append('.');
            }
            prefix.append(kp);
        }
        return new StandardResourceDescriptionResolver(prefix.toString(), SecurityExtension.class.getClassLoader(), truefalse);
    }
    @Override
    public void initialize(ExtensionContext context) {
        final boolean registerRuntimeOnly = context.isRuntimeOnlyRegistrationValid();
        final ManagementResourceRegistration securityDomain = registration.registerSubModel(new SecurityDomainResourceDefinition(registerRuntimeOnly));
        securityDomain.registerSubModel(.);
        securityDomain.registerSubModel(.);
        securityDomain.registerSubModel(.);
        securityDomain.registerSubModel(.);
        subsystem.registerXMLElementWriter();
        if (context.isRegisterTransformers()) {
            registerTransformers(subsystem);
        }
    }
    @Override
    public void initializeParsers(ExtensionParsingContext context) {
    }
    private void registerTransformers(SubsystemRegistration subsystemRegistration) {
        registerTransformers_1_1_0(subsystemRegistration);
        registerTransformers_1_2_0(subsystemRegistration);
    }
    private void registerTransformers_1_1_0(SubsystemRegistration subsystemRegistration) {
        final ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
        final ResourceTransformationDescriptionBuilder securityDomain = builder.addChildResource();
        registerModuleTransformer(securityDomainauthClassicLoginModule,
                ChildResourceTransformersRegistrar.createBuilder()
                .addRejectExpressions(..)
                .build());
        registerModuleTransformer(securityDomainpolicyModule,
                ChildResourceTransformersRegistrar.createBuilder()
                .addRejectExpressions(..)
                .build());
        registerModuleTransformer(securityDomainmappingModule,
                ChildResourceTransformersRegistrar.createBuilder()
                .addRejectExpressions(..)
                .build());
        registerModuleTransformer(securityDomainproviderModule,
                ChildResourceTransformersRegistrar.createBuilder()
                .addRejectExpressions(.)
                .build());
        registerModuleTransformer(securityDomainidentityTrustModule,
                ChildResourceTransformersRegistrar.createBuilder()
                .addRejectExpressions(..)
                .build());
        registerModuleTransformer(securityDomainaclModule,
                ChildResourceTransformersRegistrar.createBuilder()
                .addRejectExpressions(..)
                .build());
        ResourceTransformationDescriptionBuilder jaspiReg = registerModuleTransformer(securityDomainauthModule,
                ChildResourceTransformersRegistrar.createBuilder()
                .addRejectExpressions(..)
                .addRejectIfDefined(.)
                .build());
        registerModuleTransformer(jaspiRegauthLoginModulenull);
        //reject expressions
                .end();
        securityDomain.addChildResource().getAttributeBuilder()
                .end();
        TransformationDescription.Tools.register(builder.build(), subsystemRegistration, ModelVersion.create(1, 1, 0));
    }
    private void registerTransformers_1_2_0(SubsystemRegistration subsystemRegistration) {
        ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
        // Transform any add op that includes the module list attribute into a compsosite of an add w/o that + write-attribute
        registerModuleTransformer(securityDomainloginModule);
        registerModuleTransformer(securityDomainpolicyModule);
        registerModuleTransformer(securityDomainmappingModule);
        registerModuleTransformer(securityDomainproviderModule);
        final AttributeToModulesTransformer identityTrustModule = new AttributeToModulesTransformer(.);
        registerModuleTransformer(securityDomainidentityTrustModule);
        ResourceTransformationDescriptionBuilder aclBuilder = registerModuleTransformer(securityDomainaclModule);
        //https://issues.jboss.org/browse/WFLY-2474 acl-module was wrongly called login-module in 7.2.0
        aclBuilder.addChildRedirection(PathElement.pathElement(.), PathElement.pathElement(.));
        ResourceTransformationDescriptionBuilder jaspiReg = registerModuleTransformer(securityDomainauthModule);
        // the module attribute is not recognized in the 1.2.0 version of the subsystem.
                .end();
        registerModuleTransformer(jaspiRegloginModule);
        TransformationDescription.Tools.register(builder.build(), subsystemRegistration, ModelVersion.create(1, 2, 0));
    }
                                                                               final ModulesToAttributeTransformer transformerfinal ChildResourceTransformersRegistrar childRegistrar) {
        final OperationTransformer addOrWriteTransformer = new OperationTransformer() {
            public TransformedOperation transformOperation(TransformationContext contextPathAddress addressModelNode operation)
                    throws OperationFailedException {
                return transformer.transformParentOperation(contextaddressoperation);
            }
        };
        ResourceTransformationDescriptionBuilder child = parent.addChildResource(childPath)
                .setCustomResourceTransformer(transformer)
                .addOperationTransformationOverride()
                    .setCustomOperationTransformer(new OperationTransformer() {
                        public TransformedOperation transformOperation(TransformationContext contextPathAddress address,
                                ModelNode operationthrows OperationFailedException {
                            //Record that we removed the resource and return the original operation
                            return new TransformedOperation(operation.);
                        }
                    }).end();
        ResourceTransformationDescriptionBuilder childRedirectionBuilder = child.addChildRedirection(
                    PathElement.pathElement(transformer.getResourceName()), )
                .addOperationTransformationOverride()
                .setCustomOperationTransformer(transformer)
                .inheritResourceAttributeDefinitions().end()
                .setCustomOperationTransformer(transformer)
                .inheritResourceAttributeDefinitions().end()
                .addOperationTransformationOverride()
                .setCustomOperationTransformer(transformer)
                .inheritResourceAttributeDefinitions().end();
        if (childRegistrar != null) {
            childRegistrar.registerTransformers(childRedirectionBuilder);
        }
        return child;
    }
                                                                               AttributeToModulesTransformer transformer) {
        return parent.addChildResource(childPath)
            .addOperationTransformationOverride()
                .inheritResourceAttributeDefinitions()
                .setCustomOperationTransformer(transformer)
                .end();
    }
    private static class ModulesToAttributeTransformer implements CombinedTransformer {
        protected final String resourceName;
        protected final String attributeName;
        private ModulesToAttributeTransformer(String resourceNameString oldName) {
            this. = resourceName;
            this. = oldName;
        }
        String getResourceName() {
            return ;
        }
        @Override
        public void transformResource(ResourceTransformationContext contextPathAddress addressResource resourcethrows OperationFailedException {
            ModelNode model = new ModelNode();
            transformModulesToAttributes(addresscontextmodel);
            resource.writeModel(model);
            final ResourceTransformationContext childContext = context.addTransformedResource(.resource);
            childContext.processChildren(resource);
        }
        public TransformedOperation transformOperation(TransformationContext contextPathAddress addressModelNode operationthrows OperationFailedException {
            ModelNode model = new ModelNode();
            transformModulesToAttributes(addresscontextmodel);
            ModelNode modules = model.get();
            int len = modules.asList().size();
            //Here we always remove, and if we have enough information, we overwrite the value
            if (len == 0) {
                return new TransformedOperation(Util.createRemoveOperation(address), .);
            } else {
                ModelNode add = Util.createAddOperation(address);
                add.get().set(modules);
                return new TransformedOperation(createComposite(addressadd), .);
            }
        }
        void transformModulesToAttributes(final PathAddress addressfinal String newNamefinal String oldNamefinal TransformationContext contextfinal ModelNode model) {
            ModelNode modules = model.get(oldName).setEmptyList();
            Set<Resource.ResourceEntrychildren = context.readResourceFromRoot(address).getChildren(newName);
            if (children != null) {
                for (Resource.ResourceEntry entry : children) {
                    Resource moduleResource = context.readResourceFromRoot(address.append(entry.getPathElement()));
                    modules.add(moduleResource.getModel());
                }
            }
        }
        ModelNode createComposite(PathAddress addressModelNode...steps) {
            ModelNode composite = Util.createEmptyOperation(.);
            ModelNode stepsNode = composite.get();
            stepsNode.add(Util.createRemoveOperation(address));
            for (ModelNode step : steps) {
                stepsNode.add(step);
            }
            return composite;
        }
            //If the add is the form which has the attribute set, let it through - otherwise just discard
            String op = operation.get().asString();
            if (.equals(op)) {
                if (operation.hasDefined()) {
                    return new TransformedOperation(operation.);
                }
            } else if (op.equals() || op.equals()) {
                return transformOperation(contextaddressoperation);
            }
            return ..transformOperation(contextaddressoperation);
        }
    }
    private static class JaspiModulesToAttributeTransformer extends ModulesToAttributeTransformer {
        final boolean loginModule;
        private JaspiModulesToAttributeTransformer(String resourceNameString oldName) {
            super(resourceNameoldName);
            this. = oldName.equals(.);
        }
        public TransformedOperation transformOperation(TransformationContext contextPathAddress addressModelNode operationthrows OperationFailedException {
            //Within the authentication=jaspi resource the structure is:
            // authentication=jaspi
            //    auth-module=*  (should get pulled up into authentication=jaspi)
            //    login-module-stack=*
            //       login-module=*  (should get pulled up into login-module-stack
            //
            // If there are no auth-module children, and we are the login-module-stack, we cannot be added
            PathAddress jaspiAddress = getJaspiAuthenticationAddress(address);
            ModelNode authModulesModel = new ModelNode();
            transformModulesToAttributes(jaspiAddress..contextauthModulesModel);
            ModelNode authModules = authModulesModel.get(.);
            if (authModules.asList().size() == 0) {
                return new TransformedOperation(Util.createRemoveOperation(jaspiAddress), .);
            } else {
                List<ModelNodelist = new ArrayList<ModelNode>();
                ModelNode addJaspi = Util.createAddOperation(jaspiAddress);
                addJaspi.get(.).set(authModules);
                list.add(addJaspi);
                Resource jaspiResource = context.readResourceFromRoot(jaspiAddress);
                for (ResourceEntry entry : jaspiResource.getChildren(.)) {
                    PathAddress stackAddress = jaspiAddress.append(PathElement.pathElement(.entry.getName()));
                    ModelNode loginModulesModel = new ModelNode();
                    transformModulesToAttributes(stackAddress..contextloginModulesModel);
                    ModelNode loginModules = loginModulesModel.get(.);
                    if (loginModules.asList().size() > 0) {
                        ModelNode addStack = Util.createAddOperation(stackAddress);
                        addStack.get(.).set(loginModules);
                        list.add(addStack);
                    }
                }
                return new TransformedOperation(createComposite(jaspiAddresslist.toArray(new ModelNode[list.size()])), .);
            }
        }
        private PathAddress getJaspiAuthenticationAddress(PathAddress address) {
            PathAddress jaspi = .;
            for (PathElement element : address) {
                jaspi = jaspi.append(element);
                if (element.equals()) {
                    break;
                }
            }
            return jaspi;
        }
    }
    private static class AttributeToModulesTransformer implements OperationTransformer {
        private final String attributeName;
        private AttributeToModulesTransformer(String attributeName) {
            this. = attributeName;
        }
        @Override
        public TransformedOperation transformOperation(TransformationContext contextPathAddress addressModelNode operationthrows OperationFailedException {
            final ModelNode transformedOp;
            if (!operation.has()) {
                transformedOp = operation;
            } else if (!operation.hasDefined()) {
                transformedOp = operation.clone();
                transformedOp.remove();
            } else {
                // Convert to a composite of an add without the module list + a write-attribute for the module list
                PathAddress pa = PathAddress.pathAddress(operation.get());
                transformedOp = Util.createEmptyOperation(null);
                ModelNode steps = transformedOp.get();
                ModelNode clone = operation.clone();
                clone.remove();
                steps.add(clone);
                ModelNode writeOp = Util.createEmptyOperation(pa);
                writeOp.get().set();
                writeOp.get().set(operation.get());
                steps.add(writeOp);
            }
            return new TransformedOperation(transformedOp.);
        }
    }
    private static class ChildResourceTransformersRegistrar {
        private String[] reject;
        private String[] defined;
        public ChildResourceTransformersRegistrar(String[] rejectString[] defined) {
            this. = reject;
            this. = defined;
        }
            if ( != null) {
            }
            if ( != null) {
                builder.getAttributeBuilder().addRejectCheck(.);
            }
        }
        static Builder createBuilder() {
            return new Builder();
        }
        static class Builder {
            private List<Stringreject;
            private List<Stringdefined;
            Builder addRejectExpressions(String...attributes){
                 = addToList(attributes);
                return this;
            }
            Builder addRejectIfDefined(String...attributes){
                 = addToList(attributes);
                return this;
            }
            ChildResourceTransformersRegistrar build() {
                return new ChildResourceTransformersRegistrar(
                         == null ? null : .toArray(new String[.size()]),
                         == null ? null : .toArray(new String[.size()]));
            }
            private List<StringaddToList(List<StringattrsString...attributes){
                if (attrs == null) {
                    attrs = new ArrayList<String>();
                }
                for (String attr : attributes) {
                    attrs.add(attr);
                }
                return attrs;
            }
        }
    }
New to GrepCode? Check out our FAQ X