Security handler improvements

2014-03-03 15:50:46 +01:00 · 2014-03-03 15:50:46 +01:00 · e4c9f61ba9
parent e9f676939f
commit e4c9f61ba9
13 changed files with 65 additions and 59 deletions
--- a/openesb-standalone-packaging/pom.xml
+++ b/openesb-standalone-packaging/pom.xml
@ -113,11 +113,17 @@
            <version>${shiro.version}</version>
        </dependency>
        
+        <!-- SLF4J and JUL Bridge -->
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
            <version>1.7.6</version>
        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
+            <version>1.7.6</version>
+        </dependency>
        
        <!-- OpenESB REST API & Web Console -->
        <dependency>
--- a/openesb-standalone-packaging/src/main/assembly/distribution.xml
+++ b/openesb-standalone-packaging/src/main/assembly/distribution.xml
@ -98,6 +98,7 @@
                <include>org.yaml:snakeyaml</include>
                <include>org.apache.shiro:shiro-core</include>
                <include>org.slf4j:slf4j-api</include>
+                <include>org.slf4j:slf4j-jdk14</include>
            </includes>
            <outputDirectory>lib/ext</outputDirectory>
            <useProjectArtifact>false</useProjectArtifact>
--- a/openesb-standalone-packaging/src/main/resources/config/openesb.yaml
+++ b/openesb-standalone-packaging/src/main/resources/config/openesb.yaml
@ -18,7 +18,11 @@
 #
 # http.enabled: false

+################################### Security ######################################
+# Set the security realms which have to be used for management purpose or components
+# security concerns.
 realm:
+   # The realm "admin" is the realm used for management (JMX / Rest API)
   admin:
      type: properties
      file: ${install.root}/config/mgmt-users.properties
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/SecurityProviderImpl.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/SecurityProviderImpl.java
@ -24,43 +24,38 @@ public class SecurityProviderImpl implements SecurityProvider {
    private final Logger mLog =
            Logger.getLogger(this.getClass().getPackage().getName());
    
+    private final static String MANAGEMENT_REALM = "admin";
+    
    private final Map<String, Realm> realms = new HashMap<String, Realm>();
    private final ShiroAuthenticator authenticator = new ShiroAuthenticator();
-    private String adminRealmName = null;
+    private boolean adminRealFound;
    
    public SecurityProviderImpl(Map<String, Map<String, String>> realmsConfiguration) {
        this.init(realmsConfiguration);
-        this.validate();
    }
    
    private void init(Map<String, Map<String, String>> realmsConfiguration) {
        if (realmsConfiguration != null) {
-            mLog.log(Level.INFO, "Loading realms from configuration file.");
+            mLog.log(Level.INFO, "Loading security realms from configuration.");
        
            for(Map.Entry<String, Map<String, String>> realmConfig : realmsConfiguration.entrySet()) {
-                Realm realm = RealmBuilder.
+                if (! realms.containsKey(realmConfig.getKey())) {
+                    Realm realm = RealmBuilder.
                        realmBuilder().
                        build(realmConfig.getKey(), realmConfig.getValue());
-                
-                realms.put(realmConfig.getKey(), realm);
-            }
-        } else {
-            mLog.log(Level.WARNING, "No realm defined !");
-        }
-    }
-    
-    private void validate() {
-        for(Realm realm : realms.values()) {
-            authenticator.loadRealm(realm);
-            
-            if (realm.isAdmin()) {
-                if (adminRealmName == null) {
-                    adminRealmName = realm.getName();
+                    
+                    authenticator.loadRealm(realm);
+                    realms.put(realmConfig.getKey(), realm);
+                    mLog.log(Level.INFO, "Realm {0} has been correctly configured.",
+                            realmConfig.getKey());
                } else {
-                    throw new IllegalStateException(
-                            "Admin realm already defined: " + adminRealmName);
+                    mLog.log(Level.INFO, "Realm {0} is already defined, skipping...",
+                            realmConfig.getKey());
                }
            }
+        } else {
+            mLog.log(Level.WARNING, "No realm defined. Please have a look to "
+                    + " the configuration !");
        }
    }
    
@ -70,18 +65,13 @@ public class SecurityProviderImpl implements SecurityProvider {
                realms.keySet());
    }

-    @Override
-    public String getAdminRealm() {
-        return adminRealmName;
-    }
-
-    @Override
-    public boolean isAvailable(String realmName) {
-        return realms.containsKey(realmName);
-    }
-
    @Override
    public Subject login(String realmName, AuthenticationToken authenticationToken) throws AuthenticationException {
        return authenticator.authenticate(realmName, authenticationToken);
    }
+    
+    @Override
+    public Subject login(AuthenticationToken authenticationToken) throws AuthenticationException {
+        return login(MANAGEMENT_REALM, authenticationToken);
+    }
 }
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/auth/login/JMXauthenticator.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/auth/login/JMXauthenticator.java
@ -3,8 +3,8 @@ package net.openesb.standalone.security.auth.login;
 import javax.management.remote.JMXAuthenticator;
 import javax.security.auth.Subject;
 import net.openesb.security.AuthenticationException;
+import net.openesb.security.AuthenticationToken;
 import net.openesb.security.SecurityProvider;
-import net.openesb.security.UsernamePasswordToken;

 /**
 *
@ -21,17 +21,22 @@ public class JMXauthenticator implements JMXAuthenticator {
    
    @Override
    public Subject authenticate(Object credentialsObj) {
-        String [] credentials = (String []) credentialsObj;
-        String username = credentials[0];
-        String password = credentials[1];
+        final String [] credentials = (String []) credentialsObj;
        
        try {
-            return securityProvider.login(
-                    securityProvider.getAdminRealm(), 
-                    new UsernamePasswordToken(username, password));
+            return securityProvider.login(new AuthenticationToken() {
+                @Override
+                public Object getPrincipal() {
+                    return credentials[0];
+                }
+
+                @Override
+                public Object getCredentials() {
+                    return credentials[1];
+                }
+            });
        } catch (AuthenticationException ae) {
            throw new SecurityException(ae.getMessage());
        }
    }
-    
 }
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/AbstractRealm.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/AbstractRealm.java
@ -8,7 +8,6 @@ package net.openesb.standalone.security.realm;
 public abstract class AbstractRealm implements Realm {
    
    private String realmName;
-    private boolean admin = false;
    
    protected AbstractRealm() {
    }
@ -17,14 +16,6 @@ public abstract class AbstractRealm implements Realm {
        this.realmName = realmName;
    }

-    public boolean isAdmin() {
-        return admin;
-    }
-
-    public void setAdmin(boolean admin) {
-        this.admin = admin;
-    }
-
    public String getName() {
        return realmName;
    }
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/Realm.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/Realm.java
@ -7,11 +7,5 @@ package net.openesb.standalone.security.realm;
 */
 public interface Realm {
    
-    void setName(String name);
-    
    String getName();
-    
-    boolean isAdmin();
-    
-    void setAdmin(boolean isAdmin);
 }
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmBuilder.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmBuilder.java
@ -21,8 +21,7 @@ public final class RealmBuilder {
        for(RealmHandler handler : handlers) {
            String type = properties.get(REALM_TYPE);
            if (handler.canHandle(type)) {
-                Realm realm = handler.create(properties);
-                realm.setName(realmName);
+                Realm realm = handler.create(realmName, properties);
                
                return realm;
            }
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmHandler.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmHandler.java
@ -11,5 +11,5 @@ public interface RealmHandler<T extends Realm> {

    boolean canHandle(String type);
    
-    T create(Map<String, String> properties);
+    T create(String realmName, Map<String, String> properties);
 }
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/AbstractRealmHandler.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/AbstractRealmHandler.java
@ -1,5 +1,6 @@
 package net.openesb.standalone.security.realm.impl;

+import java.util.Map;
 import net.openesb.standalone.security.realm.Realm;
 import net.openesb.standalone.security.realm.RealmHandler;

@ -10,6 +11,13 @@ import net.openesb.standalone.security.realm.RealmHandler;
 */
 public abstract class AbstractRealmHandler<T extends Realm> implements RealmHandler<T> {

+    @Override
+    public T create(String realmName, Map<String, String> properties) {
+        return instantiate(realmName, properties);
+    }
+    
+    abstract T instantiate(String realmName, Map<String, String> properties);
+    
    /**
     * System property replacement in the given string.
     *
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealm.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealm.java
@ -18,6 +18,10 @@ public class PropertiesRealm extends AbstractRealm {
     */
    private int reloadInterval;

+    public PropertiesRealm(String realmName) {
+        super(realmName);
+    }
+
    public String getPath() {
        return path;
    }
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealmHandler.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealmHandler.java
@ -27,7 +27,7 @@ public class PropertiesRealmHandler extends AbstractRealmHandler<PropertiesRealm
    }

    @Override
-    public PropertiesRealm create(Map<String, String> properties) {
+    public PropertiesRealm instantiate(String realmName, Map<String, String> properties) {
        String file = properties.get(PROPERTY_PATH);
        file = replace(file);
        
@ -37,12 +37,13 @@ public class PropertiesRealmHandler extends AbstractRealmHandler<PropertiesRealm
        if (! propertyFile.exists()) {
            mLog.log(Level.SEVERE, "Properties realm, invalid path: {0}", 
                    propertyFile.getAbsolutePath());
+            
            throw new IllegalStateException("Properties realm, invalid path: " +
                    propertyFile.getAbsolutePath());
        }
        
        boolean reload = Boolean.parseBoolean(properties.get(PROPERTY_RELOAD_ENABLE));
-        PropertiesRealm propertiesRealm = new PropertiesRealm();
+        PropertiesRealm propertiesRealm = new PropertiesRealm(realmName);
        propertiesRealm.setPath(propertyFile.getAbsolutePath());
        
        if (reload) {
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/shiro/PropertiesRealmConverter.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/shiro/PropertiesRealmConverter.java
@ -20,6 +20,9 @@ public class PropertiesRealmConverter implements
            cRealm.setReloadIntervalSeconds(realm.getReloadInterval());
        }
        
+        // Initialize the realm
+        cRealm.onInit();
+        
        return cRealm;
    }