Security handler improvements
parent
e9f676939f
commit
e4c9f61ba9
|
@ -113,11 +113,17 @@
|
|||
<version>${shiro.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- SLF4J and JUL Bridge -->
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
<version>1.7.6</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-jdk14</artifactId>
|
||||
<version>1.7.6</version>
|
||||
</dependency>
|
||||
|
||||
<!-- OpenESB REST API & Web Console -->
|
||||
<dependency>
|
||||
|
|
|
@ -98,6 +98,7 @@
|
|||
<include>org.yaml:snakeyaml</include>
|
||||
<include>org.apache.shiro:shiro-core</include>
|
||||
<include>org.slf4j:slf4j-api</include>
|
||||
<include>org.slf4j:slf4j-jdk14</include>
|
||||
</includes>
|
||||
<outputDirectory>lib/ext</outputDirectory>
|
||||
<useProjectArtifact>false</useProjectArtifact>
|
||||
|
|
|
@ -18,7 +18,11 @@
|
|||
#
|
||||
# http.enabled: false
|
||||
|
||||
################################### Security ######################################
|
||||
# Set the security realms which have to be used for management purpose or components
|
||||
# security concerns.
|
||||
realm:
|
||||
# The realm "admin" is the realm used for management (JMX / Rest API)
|
||||
admin:
|
||||
type: properties
|
||||
file: ${install.root}/config/mgmt-users.properties
|
|
@ -24,43 +24,38 @@ public class SecurityProviderImpl implements SecurityProvider {
|
|||
private final Logger mLog =
|
||||
Logger.getLogger(this.getClass().getPackage().getName());
|
||||
|
||||
private final static String MANAGEMENT_REALM = "admin";
|
||||
|
||||
private final Map<String, Realm> realms = new HashMap<String, Realm>();
|
||||
private final ShiroAuthenticator authenticator = new ShiroAuthenticator();
|
||||
private String adminRealmName = null;
|
||||
private boolean adminRealFound;
|
||||
|
||||
public SecurityProviderImpl(Map<String, Map<String, String>> realmsConfiguration) {
|
||||
this.init(realmsConfiguration);
|
||||
this.validate();
|
||||
}
|
||||
|
||||
private void init(Map<String, Map<String, String>> realmsConfiguration) {
|
||||
if (realmsConfiguration != null) {
|
||||
mLog.log(Level.INFO, "Loading realms from configuration file.");
|
||||
mLog.log(Level.INFO, "Loading security realms from configuration.");
|
||||
|
||||
for(Map.Entry<String, Map<String, String>> realmConfig : realmsConfiguration.entrySet()) {
|
||||
if (! realms.containsKey(realmConfig.getKey())) {
|
||||
Realm realm = RealmBuilder.
|
||||
realmBuilder().
|
||||
build(realmConfig.getKey(), realmConfig.getValue());
|
||||
|
||||
realms.put(realmConfig.getKey(), realm);
|
||||
}
|
||||
} else {
|
||||
mLog.log(Level.WARNING, "No realm defined !");
|
||||
}
|
||||
}
|
||||
|
||||
private void validate() {
|
||||
for(Realm realm : realms.values()) {
|
||||
authenticator.loadRealm(realm);
|
||||
|
||||
if (realm.isAdmin()) {
|
||||
if (adminRealmName == null) {
|
||||
adminRealmName = realm.getName();
|
||||
realms.put(realmConfig.getKey(), realm);
|
||||
mLog.log(Level.INFO, "Realm {0} has been correctly configured.",
|
||||
realmConfig.getKey());
|
||||
} else {
|
||||
throw new IllegalStateException(
|
||||
"Admin realm already defined: " + adminRealmName);
|
||||
mLog.log(Level.INFO, "Realm {0} is already defined, skipping...",
|
||||
realmConfig.getKey());
|
||||
}
|
||||
}
|
||||
} else {
|
||||
mLog.log(Level.WARNING, "No realm defined. Please have a look to "
|
||||
+ " the configuration !");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -70,18 +65,13 @@ public class SecurityProviderImpl implements SecurityProvider {
|
|||
realms.keySet());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getAdminRealm() {
|
||||
return adminRealmName;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAvailable(String realmName) {
|
||||
return realms.containsKey(realmName);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Subject login(String realmName, AuthenticationToken authenticationToken) throws AuthenticationException {
|
||||
return authenticator.authenticate(realmName, authenticationToken);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Subject login(AuthenticationToken authenticationToken) throws AuthenticationException {
|
||||
return login(MANAGEMENT_REALM, authenticationToken);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,8 +3,8 @@ package net.openesb.standalone.security.auth.login;
|
|||
import javax.management.remote.JMXAuthenticator;
|
||||
import javax.security.auth.Subject;
|
||||
import net.openesb.security.AuthenticationException;
|
||||
import net.openesb.security.AuthenticationToken;
|
||||
import net.openesb.security.SecurityProvider;
|
||||
import net.openesb.security.UsernamePasswordToken;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -21,17 +21,22 @@ public class JMXauthenticator implements JMXAuthenticator {
|
|||
|
||||
@Override
|
||||
public Subject authenticate(Object credentialsObj) {
|
||||
String [] credentials = (String []) credentialsObj;
|
||||
String username = credentials[0];
|
||||
String password = credentials[1];
|
||||
final String [] credentials = (String []) credentialsObj;
|
||||
|
||||
try {
|
||||
return securityProvider.login(
|
||||
securityProvider.getAdminRealm(),
|
||||
new UsernamePasswordToken(username, password));
|
||||
return securityProvider.login(new AuthenticationToken() {
|
||||
@Override
|
||||
public Object getPrincipal() {
|
||||
return credentials[0];
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getCredentials() {
|
||||
return credentials[1];
|
||||
}
|
||||
});
|
||||
} catch (AuthenticationException ae) {
|
||||
throw new SecurityException(ae.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -8,7 +8,6 @@ package net.openesb.standalone.security.realm;
|
|||
public abstract class AbstractRealm implements Realm {
|
||||
|
||||
private String realmName;
|
||||
private boolean admin = false;
|
||||
|
||||
protected AbstractRealm() {
|
||||
}
|
||||
|
@ -17,14 +16,6 @@ public abstract class AbstractRealm implements Realm {
|
|||
this.realmName = realmName;
|
||||
}
|
||||
|
||||
public boolean isAdmin() {
|
||||
return admin;
|
||||
}
|
||||
|
||||
public void setAdmin(boolean admin) {
|
||||
this.admin = admin;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return realmName;
|
||||
}
|
||||
|
|
|
@ -7,11 +7,5 @@ package net.openesb.standalone.security.realm;
|
|||
*/
|
||||
public interface Realm {
|
||||
|
||||
void setName(String name);
|
||||
|
||||
String getName();
|
||||
|
||||
boolean isAdmin();
|
||||
|
||||
void setAdmin(boolean isAdmin);
|
||||
}
|
||||
|
|
|
@ -21,8 +21,7 @@ public final class RealmBuilder {
|
|||
for(RealmHandler handler : handlers) {
|
||||
String type = properties.get(REALM_TYPE);
|
||||
if (handler.canHandle(type)) {
|
||||
Realm realm = handler.create(properties);
|
||||
realm.setName(realmName);
|
||||
Realm realm = handler.create(realmName, properties);
|
||||
|
||||
return realm;
|
||||
}
|
||||
|
|
|
@ -11,5 +11,5 @@ public interface RealmHandler<T extends Realm> {
|
|||
|
||||
boolean canHandle(String type);
|
||||
|
||||
T create(Map<String, String> properties);
|
||||
T create(String realmName, Map<String, String> properties);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
package net.openesb.standalone.security.realm.impl;
|
||||
|
||||
import java.util.Map;
|
||||
import net.openesb.standalone.security.realm.Realm;
|
||||
import net.openesb.standalone.security.realm.RealmHandler;
|
||||
|
||||
|
@ -10,6 +11,13 @@ import net.openesb.standalone.security.realm.RealmHandler;
|
|||
*/
|
||||
public abstract class AbstractRealmHandler<T extends Realm> implements RealmHandler<T> {
|
||||
|
||||
@Override
|
||||
public T create(String realmName, Map<String, String> properties) {
|
||||
return instantiate(realmName, properties);
|
||||
}
|
||||
|
||||
abstract T instantiate(String realmName, Map<String, String> properties);
|
||||
|
||||
/**
|
||||
* System property replacement in the given string.
|
||||
*
|
||||
|
|
|
@ -18,6 +18,10 @@ public class PropertiesRealm extends AbstractRealm {
|
|||
*/
|
||||
private int reloadInterval;
|
||||
|
||||
public PropertiesRealm(String realmName) {
|
||||
super(realmName);
|
||||
}
|
||||
|
||||
public String getPath() {
|
||||
return path;
|
||||
}
|
||||
|
|
|
@ -27,7 +27,7 @@ public class PropertiesRealmHandler extends AbstractRealmHandler<PropertiesRealm
|
|||
}
|
||||
|
||||
@Override
|
||||
public PropertiesRealm create(Map<String, String> properties) {
|
||||
public PropertiesRealm instantiate(String realmName, Map<String, String> properties) {
|
||||
String file = properties.get(PROPERTY_PATH);
|
||||
file = replace(file);
|
||||
|
||||
|
@ -37,12 +37,13 @@ public class PropertiesRealmHandler extends AbstractRealmHandler<PropertiesRealm
|
|||
if (! propertyFile.exists()) {
|
||||
mLog.log(Level.SEVERE, "Properties realm, invalid path: {0}",
|
||||
propertyFile.getAbsolutePath());
|
||||
|
||||
throw new IllegalStateException("Properties realm, invalid path: " +
|
||||
propertyFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
boolean reload = Boolean.parseBoolean(properties.get(PROPERTY_RELOAD_ENABLE));
|
||||
PropertiesRealm propertiesRealm = new PropertiesRealm();
|
||||
PropertiesRealm propertiesRealm = new PropertiesRealm(realmName);
|
||||
propertiesRealm.setPath(propertyFile.getAbsolutePath());
|
||||
|
||||
if (reload) {
|
||||
|
|
|
@ -20,6 +20,9 @@ public class PropertiesRealmConverter implements
|
|||
cRealm.setReloadIntervalSeconds(realm.getReloadInterval());
|
||||
}
|
||||
|
||||
// Initialize the realm
|
||||
cRealm.onInit();
|
||||
|
||||
return cRealm;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue