From a70cb315842ec01243fd0fd0fcf223fbb1e3939d Mon Sep 17 00:00:00 2001 From: Thomas Diesler <thomas.diesler@jboss.com> Date: Fri, 3 Jul 2015 11:54:23 +0200 Subject: [PATCH] [resolves #723] Add support for Exchange.AUTHENTICATION header --- .../test/policy/EJBSecurityTestCase.java | 4 +- .../policy/PolicyIntegrationTestCase.java | 20 +++- .../test/policy/SecuredRouteTestCase.java | 109 ++++++++++++++++++ modules/etc/baseline/exported-paths.txt | 72 ++++++++++++ modules/etc/baseline/module-list.txt | 3 + .../component/spring/security/main/module.xml | 15 +++ .../springframework/security/main/module.xml | 16 +++ .../springframework/spring/main/module.xml | 54 --------- .../apache/camel/component/main/module.xml | 1 + .../springframework/spring/main/module.xml | 6 +- .../wildfly/extension/camel/main/module.xml | 1 + modules/etc/smartics/camel-modules.xml | 13 +++ modules/etc/smartics/spring-modules.xml | 27 +++-- modules/pom.xml | 5 + pom.xml | 7 ++ subsystem/pom.xml | 4 + .../camel/security/Authentication.java | 33 ++++++ .../camel/security/AuthorizationPolicy.java | 66 ----------- .../ClientLoginAuthorizationPolicy.java | 87 ++++++++++++++ .../camel/security/ClientLoginContext.java | 4 +- .../UsernamePasswordAuthentication.java | 54 +++++++++ 21 files changed, 462 insertions(+), 139 deletions(-) create mode 100644 itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java create mode 100644 modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml create mode 100644 modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml delete mode 100644 modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml create mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java delete mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java create mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java create mode 100644 subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java diff --git a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java index b1750e7b28..4709dca474 100644 --- a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java +++ b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/EJBSecurityTestCase.java @@ -63,7 +63,7 @@ public void testAccessAllowed() throws Exception { public void testAuthorizedAccess() throws Exception { AnnotatedSLSB bean = lookup(new InitialContext(), AnnotatedSLSB.class, AnnotatedSLSB.class); - LoginContext lc = ClientLoginContext.newLoginContext(USERNAME, PASSWORD); + LoginContext lc = ClientLoginContext.newLoginContext(USERNAME, PASSWORD.toCharArray()); lc.login(); try { Assert.assertEquals("Hello Kermit", bean.doSelected("Kermit")); @@ -83,7 +83,7 @@ public void testUnauthorizedAccess() throws Exception { //expected } - LoginContext lc = ClientLoginContext.newLoginContext("user1", "wrongpass"); + LoginContext lc = ClientLoginContext.newLoginContext("user1", "wrongpass".toCharArray()); lc.login(); try { bean.doSelected("Kermit"); diff --git a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java index da1c5fdedb..78483f689c 100644 --- a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java +++ b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/PolicyIntegrationTestCase.java @@ -22,8 +22,13 @@ package org.wildfly.camel.test.policy; +import java.security.Principal; + +import javax.security.auth.Subject; + import org.apache.camel.CamelContext; import org.apache.camel.CamelExecutionException; +import org.apache.camel.Exchange; import org.apache.camel.ProducerTemplate; import org.apache.camel.builder.RouteBuilder; import org.apache.camel.impl.DefaultCamelContext; @@ -35,7 +40,8 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.wildfly.camel.test.policy.subA.AnnotatedSLSB; -import org.wildfly.extension.camel.security.AuthorizationPolicy; +import org.wildfly.extension.camel.security.ClientLoginAuthorizationPolicy; +import org.wildfly.extension.camel.security.UsernamePasswordAuthentication; @RunWith(Arquillian.class) public class PolicyIntegrationTestCase { @@ -101,7 +107,7 @@ public void testRoleBasedAccessAllowed() throws Exception { @Override public void configure() throws Exception { from("direct:start") - .policy(new AuthorizationPolicy(EJBSecurityTestCase.USERNAME, EJBSecurityTestCase.PASSWORD)) + .policy(new ClientLoginAuthorizationPolicy()) .to("ejb:java:module/AnnotatedSLSB?method=doSelected"); } }); @@ -109,10 +115,18 @@ public void configure() throws Exception { camelctx.start(); try { ProducerTemplate producer = camelctx.createProducerTemplate(); - String result = producer.requestBody("direct:start", "Kermit", String.class); + Subject subject = getAuthenticationToken(EJBSecurityTestCase.USERNAME, EJBSecurityTestCase.PASSWORD); + String result = producer.requestBodyAndHeader("direct:start", "Kermit", Exchange.AUTHENTICATION, subject, String.class); Assert.assertEquals("Hello Kermit", result); } finally { camelctx.stop(); } } + + private Subject getAuthenticationToken(String username, String password) { + Subject subject = new Subject(); + Principal principal = new UsernamePasswordAuthentication(username, password.toCharArray()); + subject.getPrincipals().add(principal); + return subject; + } } diff --git a/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java new file mode 100644 index 0000000000..fb0653d2c8 --- /dev/null +++ b/itests/standalone/extras/src/main/java/org/wildfly/camel/test/policy/SecuredRouteTestCase.java @@ -0,0 +1,109 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2011, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.wildfly.camel.test.policy; + +import java.security.Principal; + +import javax.security.auth.Subject; + +import org.apache.camel.CamelContext; +import org.apache.camel.CamelExecutionException; +import org.apache.camel.Exchange; +import org.apache.camel.ProducerTemplate; +import org.apache.camel.builder.RouteBuilder; +import org.apache.camel.impl.DefaultCamelContext; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.wildfly.extension.camel.security.ClientLoginAuthorizationPolicy; + +@RunWith(Arquillian.class) +public class SecuredRouteTestCase { + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive archive = ShrinkWrap.create(JavaArchive.class, "secured-route-test"); + return archive; + } + + @Test + public void testRoleBasedAccessDenied() throws Exception { + CamelContext camelctx = new DefaultCamelContext(); + camelctx.addRoutes(new RouteBuilder() { + @Override + public void configure() throws Exception { + from("direct:start") + .policy(new ClientLoginAuthorizationPolicy()) + .transform(body().prepend("Hello ")); + } + }); + + camelctx.start(); + try { + ProducerTemplate producer = camelctx.createProducerTemplate(); + try { + producer.requestBody("direct:start", "Kermit", String.class); + Assert.fail("CamelExecutionException expected"); + } catch (CamelExecutionException e) { + // expected + } + } finally { + camelctx.stop(); + } + } + + @Test + public void testRoleBasedAccessAllowed() throws Exception { + CamelContext camelctx = new DefaultCamelContext(); + camelctx.addRoutes(new RouteBuilder() { + @Override + public void configure() throws Exception { + from("direct:start") + .policy(new ClientLoginAuthorizationPolicy()) + .transform(body().prepend("Hello ")); + } + }); + + camelctx.start(); + try { + ProducerTemplate producer = camelctx.createProducerTemplate(); + Subject subject = getAuthenticationToken(EJBSecurityTestCase.USERNAME, EJBSecurityTestCase.PASSWORD); + String result = producer.requestBodyAndHeader("direct:start", "Kermit", Exchange.AUTHENTICATION, subject, String.class); + Assert.assertEquals("Hello Kermit", result); + } finally { + camelctx.stop(); + } + } + + private Subject getAuthenticationToken(String username, String password) { + Subject subject = new Subject(); + Principal principal = new UsernamePasswordAuthenticationToken(username, password); + subject.getPrincipals().add(principal); + return subject; + } +} diff --git a/modules/etc/baseline/exported-paths.txt b/modules/etc/baseline/exported-paths.txt index 097d3ccbe4..17b5b9f3dc 100644 --- a/modules/etc/baseline/exported-paths.txt +++ b/modules/etc/baseline/exported-paths.txt @@ -367,6 +367,9 @@ org/apache/camel/component/salesforce/api/dto org/apache/camel/component/salesforce/api/dto/bulk org/apache/camel/component/servlet org/apache/camel/component/servlet/osgi +org/apache/camel/component/spring +org/apache/camel/component/spring/security +org/apache/camel/component/spring/security/config org/apache/camel/component/sql org/apache/camel/component/swagger org/apache/camel/component/velocity @@ -513,6 +516,75 @@ org/dozer/osgi org/dozer/propertydescriptor org/dozer/stats org/dozer/util +org/springframework +org/springframework/security +org/springframework/security/access +org/springframework/security/access/annotation +org/springframework/security/access/event +org/springframework/security/access/expression +org/springframework/security/access/expression/method +org/springframework/security/access/hierarchicalroles +org/springframework/security/access/intercept +org/springframework/security/access/intercept/aopalliance +org/springframework/security/access/intercept/aspectj +org/springframework/security/access/method +org/springframework/security/access/prepost +org/springframework/security/access/vote +org/springframework/security/authentication +org/springframework/security/authentication/dao +org/springframework/security/authentication/encoding +org/springframework/security/authentication/event +org/springframework/security/authentication/jaas +org/springframework/security/authentication/jaas/event +org/springframework/security/authentication/jaas/memory +org/springframework/security/authentication/rcp +org/springframework/security/concurrent +org/springframework/security/config +org/springframework/security/config/annotation +org/springframework/security/config/annotation/authentication +org/springframework/security/config/annotation/authentication/builders +org/springframework/security/config/annotation/authentication/configuration +org/springframework/security/config/annotation/authentication/configurers +org/springframework/security/config/annotation/authentication/configurers/ldap +org/springframework/security/config/annotation/authentication/configurers/provisioning +org/springframework/security/config/annotation/authentication/configurers/userdetails +org/springframework/security/config/annotation/configuration +org/springframework/security/config/annotation/method +org/springframework/security/config/annotation/method/configuration +org/springframework/security/config/annotation/web +org/springframework/security/config/annotation/web/builders +org/springframework/security/config/annotation/web/configuration +org/springframework/security/config/annotation/web/configurers +org/springframework/security/config/annotation/web/configurers/openid +org/springframework/security/config/annotation/web/servlet +org/springframework/security/config/annotation/web/servlet/configuration +org/springframework/security/config/authentication +org/springframework/security/config/debug +org/springframework/security/config/http +org/springframework/security/config/ldap +org/springframework/security/config/method +org/springframework/security/core +org/springframework/security/core/authority +org/springframework/security/core/authority/mapping +org/springframework/security/core/context +org/springframework/security/core/parameters +org/springframework/security/core/session +org/springframework/security/core/token +org/springframework/security/core/userdetails +org/springframework/security/core/userdetails/cache +org/springframework/security/core/userdetails/jdbc +org/springframework/security/core/userdetails/memory +org/springframework/security/crypto +org/springframework/security/crypto/bcrypt +org/springframework/security/crypto/codec +org/springframework/security/crypto/encrypt +org/springframework/security/crypto/keygen +org/springframework/security/crypto/password +org/springframework/security/crypto/util +org/springframework/security/provisioning +org/springframework/security/scheduling +org/springframework/security/task +org/springframework/security/util org/xmlsoap org/xmlsoap/schemas org/xmlsoap/schemas/soap diff --git a/modules/etc/baseline/module-list.txt b/modules/etc/baseline/module-list.txt index 46819c424f..290598930c 100644 --- a/modules/etc/baseline/module-list.txt +++ b/modules/etc/baseline/module-list.txt @@ -79,6 +79,7 @@ /org/apache/camel/component/script/main/camel-script-2.15.2.jar /org/apache/camel/component/servlet/main/camel-servlet-2.15.2.jar /org/apache/camel/component/soap/main/camel-soap-2.15.2.jar +/org/apache/camel/component/spring/security/main/camel-spring-security-2.15.2.jar /org/apache/camel/component/sql/main/camel-sql-2.15.2.jar /org/apache/camel/component/swagger/main/camel-swagger-2.15.2.jar /org/apache/camel/component/swagger/main/swagger-annotations-1.3.12.jar @@ -156,5 +157,7 @@ /org/springframework/jdbc/main/spring-jdbc-4.1.6.RELEASE.jar /org/springframework/jms/main/spring-jms-4.1.6.RELEASE.jar /org/springframework/orm/main/spring-orm-4.1.6.RELEASE.jar +/org/springframework/security/main/spring-security-config-3.2.5.RELEASE.jar +/org/springframework/security/main/spring-security-core-3.2.5.RELEASE.jar /org/springframework/spring-messaging/main/spring-messaging-4.1.6.RELEASE.jar /org/springframework/tx/main/spring-tx-4.1.6.RELEASE.jar diff --git a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml new file mode 100644 index 0000000000..4f8187366d --- /dev/null +++ b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/apache/camel/component/spring/security/main/module.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module xmlns="urn:jboss:module:1.1" name="org.apache.camel.component.spring.security"> + <resources> + <resource-root path="camel-spring-security-2.15.2.jar" /> + </resources> + <dependencies> + <module name="javax.api" /> + <module name="org.slf4j" /> + <module name="org.springframework.security" export="true" /> + <module name="javax.xml.bind.api" /> + <module name="org.apache.camel.core" /> + <module name="org.apache.camel.spring" /> + <module name="org.apache.commons.logging" /> + </dependencies> +</module> diff --git a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml new file mode 100644 index 0000000000..2ff50179f9 --- /dev/null +++ b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/security/main/module.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module xmlns="urn:jboss:module:1.1" name="org.springframework.security"> + <resources> + <resource-root path="spring-security-config-3.2.5.RELEASE.jar" /> + <resource-root path="spring-security-core-3.2.5.RELEASE.jar" /> + </resources> + <dependencies> + <module name="javax.api" /> + <module name="org.apache.commons.logging" /> + <module name="javax.servlet.api" /> + <module name="org.springframework.aop" /> + <module name="org.springframework.beans" /> + <module name="org.springframework.context" /> + <module name="org.springframework.core" /> + </dependencies> +</module> diff --git a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml b/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml deleted file mode 100644 index 0f0298ddd2..0000000000 --- a/modules/etc/generated/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml +++ /dev/null @@ -1,54 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - #%L - Wildfly Camel :: Patch - %% - Copyright (C) 2013 - 2014 RedHat - %% - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - #L% - --> - - - - -<module xmlns="urn:jboss:module:1.1" name="org.springframework.spring"> - - <dependencies> - <module name="org.springframework.beans" export="true"> - <imports> - <include path="META-INF" /> - </imports> - <exports> - <include path="META-INF" /> - </exports> - </module> - <module name="org.springframework.context" export="true"> - <imports> - <include path="META-INF" /> - </imports> - <exports> - <include path="META-INF" /> - </exports> - </module> - <module name="org.springframework.core" export="true"> - <imports> - <include path="META-INF" /> - </imports> - <exports> - <include path="META-INF" /> - </exports> - </module> - </dependencies> - -</module> diff --git a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml index 67f2b34f85..b3c72c6ac7 100644 --- a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml +++ b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/apache/camel/component/main/module.xml @@ -68,6 +68,7 @@ <module name="org.apache.camel.component.script" export="true" services="export" /> <module name="org.apache.camel.component.servlet" export="true" services="export" /> <module name="org.apache.camel.component.soap" export="true" services="export" /> + <module name="org.apache.camel.component.spring.security" export="true" services="export" /> <module name="org.apache.camel.component.sql" export="true" services="export" /> <module name="org.apache.camel.component.swagger" export="true" services="export" /> <module name="org.apache.camel.component.tagsoup" export="true" services="export" /> diff --git a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml index 0f0298ddd2..a9f452391b 100644 --- a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml +++ b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/springframework/spring/main/module.xml @@ -19,9 +19,9 @@ #L% --> - - - +<!-- + This is referenced in the base layer from org.apache.cxf as an optional dependency +--> <module xmlns="urn:jboss:module:1.1" name="org.springframework.spring"> <dependencies> diff --git a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml index 14fee8bab8..17c1259953 100644 --- a/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml +++ b/modules/etc/managed/wildfly/modules/system/layers/fuse/org/wildfly/extension/camel/main/module.xml @@ -57,6 +57,7 @@ <module name="org.springframework.beans"/> <module name="org.springframework.core"/> <module name="org.springframework.context"/> + <module name="org.springframework.security"/> <module name="org.springframework.tx"/> <module name="org.slf4j"/> </dependencies> diff --git a/modules/etc/smartics/camel-modules.xml b/modules/etc/smartics/camel-modules.xml index 53ca46d61c..43fa662b27 100644 --- a/modules/etc/smartics/camel-modules.xml +++ b/modules/etc/smartics/camel-modules.xml @@ -612,6 +612,19 @@ </exports> </module> + <module name="org.apache.camel.component.spring.security"> + <include artifact="org.apache.camel:camel-spring-security" /> + <apply-to-dependencies skip="true"> + <include module="org.apache.camel.apt" /> + <include module="org.springframework.security" /> + </apply-to-dependencies> + <dependencies> + <module name="javax.api"/> + <module name="org.slf4j"/> + <module name="org.springframework.security" export="true"/> + </dependencies> + </module> + <module name="org.apache.camel.component.sql"> <include artifact="org.apache.camel:camel-sql" /> <apply-to-dependencies skip="true"> diff --git a/modules/etc/smartics/spring-modules.xml b/modules/etc/smartics/spring-modules.xml index 74ade2981a..3a876beeca 100644 --- a/modules/etc/smartics/spring-modules.xml +++ b/modules/etc/smartics/spring-modules.xml @@ -21,7 +21,7 @@ <modules xmlns="http://smartics.de/ns/jboss-modules-descriptor/2"> <module name="org.springframework.aop"> - <include artifact="org.springframework:spring-aop" /> + <include artifact=":spring-aop" /> <include artifact=":aopalliance" /> <dependencies> <module name="javax.api" /> @@ -30,7 +30,7 @@ </module> <module name="org.springframework.beans"> - <include artifact="org.springframework:spring-beans" /> + <include artifact=":spring-beans" /> <dependencies> <module name="javax.api" /> <module name="org.apache.commons.logging" /> @@ -40,7 +40,7 @@ </module> <module name="org.springframework.context"> - <include artifact="org.springframework:spring-context" /> + <include artifact=":spring-context" /> <dependencies> <module name="javax.api" /> <module name="org.apache.commons.logging" /> @@ -49,7 +49,7 @@ </module> <module name="org.springframework.core"> - <include artifact="org.springframework:spring-core" /> + <include artifact=":spring-core" /> <dependencies> <module name="javax.api" /> <module name="org.jboss.vfs" /> @@ -57,7 +57,7 @@ </module> <module name="org.springframework.expression"> - <include artifact="org.springframework:spring-expression" /> + <include artifact=":spring-expression" /> <dependencies> <module name="javax.api" /> <module name="org.apache.commons.logging" /> @@ -65,7 +65,7 @@ </module> <module name="org.springframework.jdbc"> - <include artifact="org.springframework:spring-jdbc" /> + <include artifact=":spring-jdbc" /> <dependencies> <module name="javax.api" /> <module name="org.apache.commons.logging" /> @@ -73,7 +73,7 @@ </module> <module name="org.springframework.jms"> - <include artifact="org.springframework:spring-jms" /> + <include artifact=":spring-jms" /> <dependencies> <module name="javax.api" /> <module name="org.apache.commons.logging" /> @@ -81,7 +81,7 @@ </module> <module name="org.springframework.orm"> - <include artifact="org.springframework:spring-orm" /> + <include artifact=":spring-orm" /> <dependencies> <module name="javax.api" /> <module name="javax.persistence.api" /> @@ -89,8 +89,17 @@ </dependencies> </module> + <module name="org.springframework.security"> + <include artifact=":spring-security-config" /> + <include artifact=":spring-security-core" /> + <dependencies> + <module name="javax.api" /> + <module name="org.apache.commons.logging" /> + </dependencies> + </module> + <module name="org.springframework.tx"> - <include artifact="org.springframework:spring-tx" /> + <include artifact=":spring-tx" /> <dependencies> <module name="javax.api" /> <module name="org.apache.commons.logging" /> diff --git a/modules/pom.xml b/modules/pom.xml index c4edeeaca9..d9f72d7643 100644 --- a/modules/pom.xml +++ b/modules/pom.xml @@ -265,6 +265,11 @@ <artifactId>camel-soap</artifactId> <scope>provided</scope> </dependency> + <dependency> + <groupId>org.apache.camel</groupId> + <artifactId>camel-spring-security</artifactId> + <scope>provided</scope> + </dependency> <dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-sql</artifactId> diff --git a/pom.xml b/pom.xml index d947a78629..a9a1cbc91c 100644 --- a/pom.xml +++ b/pom.xml @@ -47,6 +47,8 @@ <!-- Camel version --> <version.apache.camel>2.15.2</version.apache.camel> + <!-- [#726] Remove explicit spring-security version --> + <version.spring.security>3.2.5.RELEASE</version.spring.security> <!-- WildFly versions --> <version.wildfly>9.0.0.CR1</version.wildfly> @@ -161,6 +163,11 @@ <scope>import</scope> <type>pom</type> </dependency> + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-core</artifactId> + <version>${version.spring.security}</version> + </dependency> <!-- Xmlbeans --> <dependency> diff --git a/subsystem/pom.xml b/subsystem/pom.xml index 357bd52066..b3420cb1c8 100644 --- a/subsystem/pom.xml +++ b/subsystem/pom.xml @@ -70,6 +70,10 @@ <groupId>org.jboss.shrinkwrap</groupId> <artifactId>shrinkwrap-impl-base</artifactId> </dependency> + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-core</artifactId> + </dependency> <!-- Test --> <dependency> diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java new file mode 100644 index 0000000000..a9dd76d844 --- /dev/null +++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/Authentication.java @@ -0,0 +1,33 @@ +/* + * #%L + * Wildfly Camel :: Subsystem + * %% + * Copyright (C) 2013 - 2014 RedHat + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +package org.wildfly.extension.camel.security; + + + +/** + * An authetication marker interface + * + * @author Thomas.Diesler@jboss.com + * @since 03-Jul-2015 + */ +public interface Authentication { + +} diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java deleted file mode 100644 index 1ca668e7c9..0000000000 --- a/subsystem/src/main/java/org/wildfly/extension/camel/security/AuthorizationPolicy.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * #%L - * Wildfly Camel :: Subsystem - * %% - * Copyright (C) 2013 - 2014 RedHat - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * #L% - */ - -package org.wildfly.extension.camel.security; - -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; - -import org.apache.camel.Exchange; -import org.apache.camel.Processor; -import org.apache.camel.model.ProcessorDefinition; -import org.apache.camel.spi.Policy; -import org.apache.camel.spi.RouteContext; - - -/** - * Provides access RunAs login policy - * - * @author Thomas.Diesler@jboss.com - * @since 08-May-2015 - */ -public class AuthorizationPolicy implements Policy { - - private final LoginContext loginContext; - - public AuthorizationPolicy(String username, String password) throws LoginException { - loginContext = ClientLoginContext.newLoginContext(username, password); - } - - @Override - public void beforeWrap(RouteContext routeContext, ProcessorDefinition<?> definition) { - } - - @Override - public Processor wrap(final RouteContext routeContext, final Processor processor) { - return new Processor() { - @Override - public void process(Exchange exchange) throws Exception { - loginContext.login(); - try { - processor.process(exchange); - } finally { - loginContext.logout(); - } - } - }; - } - -} diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java new file mode 100644 index 0000000000..bd6764d948 --- /dev/null +++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginAuthorizationPolicy.java @@ -0,0 +1,87 @@ +/* + * #%L + * Wildfly Camel :: Subsystem + * %% + * Copyright (C) 2013 - 2014 RedHat + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +package org.wildfly.extension.camel.security; + +import java.security.Principal; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; + +import org.apache.camel.Exchange; +import org.apache.camel.Processor; +import org.apache.camel.model.ProcessorDefinition; +import org.apache.camel.spi.AuthorizationPolicy; +import org.apache.camel.spi.RouteContext; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; + + +/** + * Provides access to RunAs login policy + * + * @author Thomas.Diesler@jboss.com + * @since 08-May-2015 + */ +public class ClientLoginAuthorizationPolicy implements AuthorizationPolicy { + + @Override + public void beforeWrap(RouteContext routeContext, ProcessorDefinition<?> definition) { + } + + @Override + public Processor wrap(final RouteContext routeContext, final Processor processor) { + return new Processor() { + @Override + public void process(Exchange exchange) throws Exception { + Subject subject = exchange.getIn().getHeader(Exchange.AUTHENTICATION, Subject.class); + if (subject == null) { + throw new SecurityException("Cannot obtain authentication subject from exchange: " + exchange); + } + String username = null; + char[] password = null; + for (Principal principal : subject.getPrincipals()) { + if (principal instanceof UsernamePasswordAuthentication) { + username = principal.getName(); + password = ((UsernamePasswordAuthentication) principal).getPassword(); + } else if (principal instanceof UsernamePasswordAuthenticationToken) { + username = principal.getName(); + Object credentials = ((UsernamePasswordAuthenticationToken) principal).getCredentials(); + if (credentials instanceof String) { + password = ((String) credentials).toCharArray(); + } else if (credentials instanceof char[]) { + password = (char[]) credentials; + } + } + } + if (username == null || password == null) { + throw new SecurityException("Cannot obtain credentials from exchange: " + exchange); + } + LoginContext loginContext = ClientLoginContext.newLoginContext(username, password); + loginContext.login(); + try { + processor.process(exchange); + } finally { + loginContext.logout(); + } + } + }; + } + +} diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java index a927dc718b..bf1b638fb7 100644 --- a/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java +++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/ClientLoginContext.java @@ -51,7 +51,7 @@ public final class ClientLoginContext { private ClientLoginContext() { } - public static LoginContext newLoginContext(final String username, final String password) throws LoginException { + public static LoginContext newLoginContext(final String username, final char[] password) throws LoginException { final String configurationName = "WildFly-Camel"; CallbackHandler cbh = new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { @@ -59,7 +59,7 @@ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallback if (current instanceof NameCallback) { ((NameCallback) current).setName(username); } else if (current instanceof PasswordCallback) { - ((PasswordCallback) current).setPassword(password.toCharArray()); + ((PasswordCallback) current).setPassword(password); } else { throw new UnsupportedCallbackException(current); } diff --git a/subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java b/subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java new file mode 100644 index 0000000000..34f4cc049c --- /dev/null +++ b/subsystem/src/main/java/org/wildfly/extension/camel/security/UsernamePasswordAuthentication.java @@ -0,0 +1,54 @@ +/* + * #%L + * Wildfly Camel :: Subsystem + * %% + * Copyright (C) 2013 - 2014 RedHat + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +package org.wildfly.extension.camel.security; + +import java.security.Principal; + +import org.jboss.gravia.utils.IllegalArgumentAssertion; + + +/** + * A username password authentication token + * + * @author Thomas.Diesler@jboss.com + * @since 03-Jul-2015 + */ +public class UsernamePasswordAuthentication implements Authentication, Principal { + + private final String username; + private final char[] password; + + public UsernamePasswordAuthentication(String username, char[] password) { + IllegalArgumentAssertion.assertNotNull(username, "username"); + IllegalArgumentAssertion.assertNotNull(password, "password"); + this.username = username; + this.password = password; + } + + @Override + public String getName() { + return username; + } + + public char[] getPassword() { + return password; + } +}