From 82622397bebd6419930b6f118af0dea27e971557 Mon Sep 17 00:00:00 2001 From: George Gastaldi Date: Mon, 22 Jul 2024 22:28:27 -0300 Subject: [PATCH] Migrate KerberosConfig to interface --- .../kerberos/runtime/KerberosConfig.java | 31 +++++++++---------- .../runtime/KerberosIdentityProvider.java | 26 ++++++++-------- 2 files changed, 27 insertions(+), 30 deletions(-) diff --git a/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosConfig.java b/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosConfig.java index ca4ef17..b0e6010 100644 --- a/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosConfig.java +++ b/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosConfig.java @@ -2,12 +2,14 @@ import java.util.Optional; -import io.quarkus.runtime.annotations.ConfigItem; import io.quarkus.runtime.annotations.ConfigPhase; import io.quarkus.runtime.annotations.ConfigRoot; +import io.smallrye.config.ConfigMapping; +import io.smallrye.config.WithDefault; -@ConfigRoot(name = "kerberos", phase = ConfigPhase.RUN_TIME) -public class KerberosConfig { +@ConfigMapping(prefix = "quarkus.kerberos") +@ConfigRoot(phase = ConfigPhase.RUN_TIME) +public interface KerberosConfig { /** * JAAS Login context name. @@ -19,32 +21,29 @@ public class KerberosConfig { * Note this property will be ignored if a custom {@link io.quarkiverse.kerberos.ServicePrincipalSubjectFactory} is * registered, and it creates a non-null service Subject for the current authentication request. */ - @ConfigItem - public Optional loginContextName; + Optional loginContextName(); /** * Specifies if a JAAS configuration 'debug' property should be enabled. * Note this property is only effective when {@code loginContextName} is not set. * and the JAAS configuration is created automatically. */ - @ConfigItem(defaultValue = "false") - public boolean debug; + @WithDefault("false") + boolean debug(); /** * Points to a service principal keytab file and will be used to set a JAAS configuration 'keyTab' property. * Note this property is only effective when {@code loginContextName} is not set. * and the JAAS configuration is created automatically. */ - @ConfigItem - public Optional keytabPath; + Optional keytabPath(); /** * Kerberos Service Principal Name. * If this property is not set then the service principal name will be calculated by * concatenating "HTTP/" and the HTTP Host header value, for example: "HTTP/localhost". */ - @ConfigItem - public Optional servicePrincipalName; + Optional servicePrincipalName(); /** * Kerberos Service Principal Realm Name. @@ -52,20 +51,18 @@ public class KerberosConfig { * "HTTP/localhost@SERVICE-REALM.COM". Setting the realm property is not required if it matches * a default realm set in the Kerberos Key Distribution Center (KDC) configuration. */ - @ConfigItem - public Optional servicePrincipalRealm; + Optional servicePrincipalRealm(); /** * Service principal password. * Set this property only if using {@code keytabPath}, custom {@linkplain CallbackHandler} or * {@linkplain ServicePrincipalSubjectFactory} is not possible. */ - @ConfigItem - public Optional servicePrincipalPassword; + Optional servicePrincipalPassword(); /** * Specifies whether to use Spnego or Kerberos OID. */ - @ConfigItem(defaultValue = "true") - public boolean useSpnegoOid; + @WithDefault("true") + boolean useSpnegoOid(); } diff --git a/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosIdentityProvider.java b/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosIdentityProvider.java index b109ec6..441b9a4 100644 --- a/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosIdentityProvider.java +++ b/runtime/src/main/java/io/quarkiverse/kerberos/runtime/KerberosIdentityProvider.java @@ -86,18 +86,18 @@ public KerberosIdentityProvider(Instance callbackHandle throw new IllegalStateException("Multiple " + ServicePrincipalSubjectFactory.class + " beans registered"); } String realKeytabPath = null; - if (kerberosConfig.keytabPath.isPresent()) { - URL keytabUrl = Thread.currentThread().getContextClassLoader().getResource(kerberosConfig.keytabPath.get()); + if (kerberosConfig.keytabPath().isPresent()) { + URL keytabUrl = Thread.currentThread().getContextClassLoader().getResource(kerberosConfig.keytabPath().get()); if (keytabUrl != null) { realKeytabPath = keytabUrl.toString(); } else { - Path filePath = Paths.get(kerberosConfig.keytabPath.get()); + Path filePath = Paths.get(kerberosConfig.keytabPath().get()); if (Files.exists(filePath)) { realKeytabPath = filePath.toAbsolutePath().toString(); } } if (realKeytabPath == null) { - throw new ConfigurationException("Keytab file is not available at " + kerberosConfig.keytabPath.get()); + throw new ConfigurationException("Keytab file is not available at " + kerberosConfig.keytabPath().get()); } } this.realKeytabPath = realKeytabPath; @@ -185,7 +185,7 @@ protected Subject getSubjectForServicePrincipal(String completeServicePrincipalN } } - String loginContextName = kerberosConfig.loginContextName.orElse(DEFAULT_LOGIN_CONTEXT_NAME); + String loginContextName = kerberosConfig.loginContextName().orElse(DEFAULT_LOGIN_CONTEXT_NAME); Configuration config = DEFAULT_LOGIN_CONTEXT_NAME.equals(loginContextName) ? new DefaultJAASConfiguration(completeServicePrincipalName) : null; @@ -202,16 +202,16 @@ protected CallbackHandler getCallback(String completeServicePrincipalName) { if (callbackHandler.isResolvable()) { return callbackHandler.get(); } - if (kerberosConfig.servicePrincipalPassword.isPresent()) { + if (kerberosConfig.servicePrincipalPassword().isPresent()) { return new UsernamePasswordCBH(completeServicePrincipalName, - kerberosConfig.servicePrincipalPassword.get().toCharArray()); + kerberosConfig.servicePrincipalPassword().get().toCharArray()); } return null; } protected GSSContext createGSSContext(RoutingContext routingContext, String completeServicePrincipalName) throws GSSException { - Oid oid = new Oid(kerberosConfig.useSpnegoOid ? SPNEGO_OID : KERBEROS_OID); + Oid oid = new Oid(kerberosConfig.useSpnegoOid() ? SPNEGO_OID : KERBEROS_OID); GSSManager gssManager = GSSManager.getInstance(); if (gssManager == null) { @@ -223,15 +223,15 @@ protected GSSContext createGSSContext(RoutingContext routingContext, String comp } protected String getCompleteServicePrincipalName(RoutingContext routingContext) { - String name = kerberosConfig.servicePrincipalName.isEmpty() + String name = kerberosConfig.servicePrincipalName().isEmpty() ? "HTTP/" + routingContext.request().host() - : kerberosConfig.servicePrincipalName.get(); + : kerberosConfig.servicePrincipalName().get(); int portIndex = name.indexOf(":"); if (portIndex > 0) { name = name.substring(0, portIndex); } - if (kerberosConfig.servicePrincipalRealm.isPresent()) { - name += "@" + kerberosConfig.servicePrincipalRealm.get(); + if (kerberosConfig.servicePrincipalRealm().isPresent()) { + name += "@" + kerberosConfig.servicePrincipalRealm().get(); } return name; } @@ -265,7 +265,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name) { // See https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html AppConfigurationEntry[] entries = new AppConfigurationEntry[1]; Map options = new HashMap<>(); - if (kerberosConfig.debug) { + if (kerberosConfig.debug()) { options.put("debug", "true"); } options.put("refreshKrb5Config", "true");