diff --git a/openesb-standalone-packaging/pom.xml b/openesb-standalone-packaging/pom.xml
index be30bc3..d405eed 100644
--- a/openesb-standalone-packaging/pom.xml
+++ b/openesb-standalone-packaging/pom.xml
@@ -113,11 +113,17 @@
${shiro.version}
+
org.slf4j
slf4j-api
1.7.6
+
+ org.slf4j
+ slf4j-jdk14
+ 1.7.6
+
diff --git a/openesb-standalone-packaging/src/main/assembly/distribution.xml b/openesb-standalone-packaging/src/main/assembly/distribution.xml
index 68ab6c0..83685a0 100644
--- a/openesb-standalone-packaging/src/main/assembly/distribution.xml
+++ b/openesb-standalone-packaging/src/main/assembly/distribution.xml
@@ -98,6 +98,7 @@
org.yaml:snakeyaml
org.apache.shiro:shiro-core
org.slf4j:slf4j-api
+ org.slf4j:slf4j-jdk14
lib/ext
false
diff --git a/openesb-standalone-packaging/src/main/resources/config/openesb.yaml b/openesb-standalone-packaging/src/main/resources/config/openesb.yaml
index affa41e..6ac2e32 100644
--- a/openesb-standalone-packaging/src/main/resources/config/openesb.yaml
+++ b/openesb-standalone-packaging/src/main/resources/config/openesb.yaml
@@ -18,7 +18,11 @@
#
# http.enabled: false
+################################### Security ######################################
+# Set the security realms which have to be used for management purpose or components
+# security concerns.
realm:
+ # The realm "admin" is the realm used for management (JMX / Rest API)
admin:
type: properties
file: ${install.root}/config/mgmt-users.properties
\ No newline at end of file
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/SecurityProviderImpl.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/SecurityProviderImpl.java
index 88f8614..aa67b0b 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/SecurityProviderImpl.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/SecurityProviderImpl.java
@@ -24,43 +24,38 @@ public class SecurityProviderImpl implements SecurityProvider {
private final Logger mLog =
Logger.getLogger(this.getClass().getPackage().getName());
+ private final static String MANAGEMENT_REALM = "admin";
+
private final Map realms = new HashMap();
private final ShiroAuthenticator authenticator = new ShiroAuthenticator();
- private String adminRealmName = null;
+ private boolean adminRealFound;
public SecurityProviderImpl(Map> realmsConfiguration) {
this.init(realmsConfiguration);
- this.validate();
}
private void init(Map> realmsConfiguration) {
if (realmsConfiguration != null) {
- mLog.log(Level.INFO, "Loading realms from configuration file.");
+ mLog.log(Level.INFO, "Loading security realms from configuration.");
for(Map.Entry> realmConfig : realmsConfiguration.entrySet()) {
- Realm realm = RealmBuilder.
+ if (! realms.containsKey(realmConfig.getKey())) {
+ Realm realm = RealmBuilder.
realmBuilder().
build(realmConfig.getKey(), realmConfig.getValue());
-
- realms.put(realmConfig.getKey(), realm);
- }
- } else {
- mLog.log(Level.WARNING, "No realm defined !");
- }
- }
-
- private void validate() {
- for(Realm realm : realms.values()) {
- authenticator.loadRealm(realm);
-
- if (realm.isAdmin()) {
- if (adminRealmName == null) {
- adminRealmName = realm.getName();
+
+ authenticator.loadRealm(realm);
+ realms.put(realmConfig.getKey(), realm);
+ mLog.log(Level.INFO, "Realm {0} has been correctly configured.",
+ realmConfig.getKey());
} else {
- throw new IllegalStateException(
- "Admin realm already defined: " + adminRealmName);
+ mLog.log(Level.INFO, "Realm {0} is already defined, skipping...",
+ realmConfig.getKey());
}
}
+ } else {
+ mLog.log(Level.WARNING, "No realm defined. Please have a look to "
+ + " the configuration !");
}
}
@@ -70,18 +65,13 @@ public class SecurityProviderImpl implements SecurityProvider {
realms.keySet());
}
- @Override
- public String getAdminRealm() {
- return adminRealmName;
- }
-
- @Override
- public boolean isAvailable(String realmName) {
- return realms.containsKey(realmName);
- }
-
@Override
public Subject login(String realmName, AuthenticationToken authenticationToken) throws AuthenticationException {
return authenticator.authenticate(realmName, authenticationToken);
}
+
+ @Override
+ public Subject login(AuthenticationToken authenticationToken) throws AuthenticationException {
+ return login(MANAGEMENT_REALM, authenticationToken);
+ }
}
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/auth/login/JMXauthenticator.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/auth/login/JMXauthenticator.java
index 0beae18..40da503 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/auth/login/JMXauthenticator.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/auth/login/JMXauthenticator.java
@@ -3,8 +3,8 @@ package net.openesb.standalone.security.auth.login;
import javax.management.remote.JMXAuthenticator;
import javax.security.auth.Subject;
import net.openesb.security.AuthenticationException;
+import net.openesb.security.AuthenticationToken;
import net.openesb.security.SecurityProvider;
-import net.openesb.security.UsernamePasswordToken;
/**
*
@@ -21,17 +21,22 @@ public class JMXauthenticator implements JMXAuthenticator {
@Override
public Subject authenticate(Object credentialsObj) {
- String [] credentials = (String []) credentialsObj;
- String username = credentials[0];
- String password = credentials[1];
+ final String [] credentials = (String []) credentialsObj;
try {
- return securityProvider.login(
- securityProvider.getAdminRealm(),
- new UsernamePasswordToken(username, password));
+ return securityProvider.login(new AuthenticationToken() {
+ @Override
+ public Object getPrincipal() {
+ return credentials[0];
+ }
+
+ @Override
+ public Object getCredentials() {
+ return credentials[1];
+ }
+ });
} catch (AuthenticationException ae) {
throw new SecurityException(ae.getMessage());
}
}
-
}
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/AbstractRealm.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/AbstractRealm.java
index e62905e..eb12e41 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/AbstractRealm.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/AbstractRealm.java
@@ -8,7 +8,6 @@ package net.openesb.standalone.security.realm;
public abstract class AbstractRealm implements Realm {
private String realmName;
- private boolean admin = false;
protected AbstractRealm() {
}
@@ -17,14 +16,6 @@ public abstract class AbstractRealm implements Realm {
this.realmName = realmName;
}
- public boolean isAdmin() {
- return admin;
- }
-
- public void setAdmin(boolean admin) {
- this.admin = admin;
- }
-
public String getName() {
return realmName;
}
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/Realm.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/Realm.java
index 14ef15e..41e4607 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/Realm.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/Realm.java
@@ -7,11 +7,5 @@ package net.openesb.standalone.security.realm;
*/
public interface Realm {
- void setName(String name);
-
String getName();
-
- boolean isAdmin();
-
- void setAdmin(boolean isAdmin);
}
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmBuilder.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmBuilder.java
index 72d6608..9a19ae2 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmBuilder.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmBuilder.java
@@ -21,8 +21,7 @@ public final class RealmBuilder {
for(RealmHandler handler : handlers) {
String type = properties.get(REALM_TYPE);
if (handler.canHandle(type)) {
- Realm realm = handler.create(properties);
- realm.setName(realmName);
+ Realm realm = handler.create(realmName, properties);
return realm;
}
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmHandler.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmHandler.java
index ba3a33a..aea8778 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmHandler.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/RealmHandler.java
@@ -11,5 +11,5 @@ public interface RealmHandler {
boolean canHandle(String type);
- T create(Map properties);
+ T create(String realmName, Map properties);
}
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/AbstractRealmHandler.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/AbstractRealmHandler.java
index 127280d..38d4af6 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/AbstractRealmHandler.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/AbstractRealmHandler.java
@@ -1,5 +1,6 @@
package net.openesb.standalone.security.realm.impl;
+import java.util.Map;
import net.openesb.standalone.security.realm.Realm;
import net.openesb.standalone.security.realm.RealmHandler;
@@ -10,6 +11,13 @@ import net.openesb.standalone.security.realm.RealmHandler;
*/
public abstract class AbstractRealmHandler implements RealmHandler {
+ @Override
+ public T create(String realmName, Map properties) {
+ return instantiate(realmName, properties);
+ }
+
+ abstract T instantiate(String realmName, Map properties);
+
/**
* System property replacement in the given string.
*
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealm.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealm.java
index d9efdaa..53e8a0e 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealm.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealm.java
@@ -18,6 +18,10 @@ public class PropertiesRealm extends AbstractRealm {
*/
private int reloadInterval;
+ public PropertiesRealm(String realmName) {
+ super(realmName);
+ }
+
public String getPath() {
return path;
}
diff --git a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealmHandler.java b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealmHandler.java
index 672d9ef..b8a0fe3 100644
--- a/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealmHandler.java
+++ b/openesb-standalone-security/src/main/java/net/openesb/standalone/security/realm/impl/PropertiesRealmHandler.java
@@ -27,7 +27,7 @@ public class PropertiesRealmHandler extends AbstractRealmHandler properties) {
+ public PropertiesRealm instantiate(String realmName, Map properties) {
String file = properties.get(PROPERTY_PATH);
file = replace(file);
@@ -37,12 +37,13 @@ public class PropertiesRealmHandler extends AbstractRealmHandler