nheron/kie-platform
nheron/kie-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Usage of Mongodb and Login Module using mongo

Browse source
This commit is contained in:
Nicolas Héron 2020-01-03 14:40:00 +01:00
commit 657a0f9a03
54 changed files with 1003 additions and 3963 deletions
Download patch file Download diff file Expand all files Collapse all files

28
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-elytron-realm/README.md
View file

@ -1,28 +0,0 @@
Pymma kie realm for WildFly Elytron
=======================================
Simple demonstration security realm for WildFly Elytron providing one user identity "myadmin" with password "mypassword".
It support password verification only, so it can be used with plain-text authentication mechanisms like BASIC, PLAIN or FORM.
To support mechanisms like DIGEST or SCRAM you will need to implement credential acquirement too.
Usage
*****
Compile:
mvn package
Add the module into the WildFly:
bin/jboss-cli.sh
module add --name=com.pymmasoftware.kie-realm --resources=custom-realm-1.0.0.Alpha1-SNAPSHOT.jar --dependencies=org.wildfly.security.elytron,org.wildfly.extension.elytron
Add a custom-realm into the subsystem:
/subsystem=elytron/custom-realm=pymmaKieRealm:add(module=com.pymmasoftware.kie-realm, class-name=org.chtijbug.wildfly.realm.PymmaKieRealm, configuration={myAttribute="myValue"})
use it
/subsystem=elytron/security-domain=ApplicationDomain:list-add(name=realms, index=0, value={realm=pymmaKieRealm})
/subsystem=elytron/security-domain=ApplicationDomain:write-attribute(name=default-realm, value=pymmaKieRealm)
reload

129
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-elytron-realm/src/main/java/org/chtijbug/wildfly/realm/PymmaKieRealm.java
View file

@ -1,129 +0,0 @@
/*
* Copyright 2018 Red Hat, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.chtijbug.wildfly.realm;
import com.mongodb.MongoClientSettings;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
import com.mongodb.client.MongoDatabase;
import org.bson.codecs.configuration.CodecRegistry;
import org.bson.codecs.pojo.PojoCodecProvider;
import org.wildfly.extension.elytron.Configurable;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Map;
import static org.bson.codecs.configuration.CodecRegistries.fromProviders;
import static org.bson.codecs.configuration.CodecRegistries.fromRegistries;
/**
* Example of custom-realm for WildFly Elytron
* Realm providing one identity "myadmin" with password "mypassword"
*
* @author <a href="mailto:jkalina@redhat.com">Jan Kalina</a>
*/
public class PymmaKieRealm implements SecurityRealm, Configurable {
private String connectionString;
private String databaseName;
private MongoClient mongoClient;
CodecRegistry pojoCodecRegistry;
MongoDatabase database;
// receiving configuration from subsystem
public void initialize(Map<String, String> configuration) {
connectionString = configuration.get("connectionString");
databaseName = configuration.get("name");
System.out.println("PymmaKieRealm initialized with databaseName = " + connectionString );
mongoClient = MongoClients.create(connectionString);
pojoCodecRegistry = fromRegistries(MongoClientSettings.getDefaultCodecRegistry(),
fromProviders(PojoCodecProvider.builder().automatic(true).build()));
database = mongoClient.getDatabase(databaseName).withCodecRegistry(pojoCodecRegistry);
System.out.println("All setup");
}
// this realm does not allow acquiring credentials
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName,
AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
return SupportLevel.UNSUPPORTED;
}
// this realm will be able to verify password evidences only
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
throws RealmUnavailableException {
return PasswordGuessEvidence.class.isAssignableFrom(evidenceType) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
}
public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException {
if ("myadmin".equals(principal.getName())) { // identity "myadmin" will have password "mypassword"
return new RealmIdentity() {
public Principal getRealmIdentityPrincipal() {
return principal;
}
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
return SupportLevel.UNSUPPORTED;
}
public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException {
return null;
}
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
throws RealmUnavailableException {
return PasswordGuessEvidence.class.isAssignableFrom(evidenceType) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
}
// evidence will be accepted if it is password "mypassword"
public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
if (evidence instanceof PasswordGuessEvidence) {
PasswordGuessEvidence guess = (PasswordGuessEvidence) evidence;
try {
return Arrays.equals("mypassword".toCharArray(), guess.getGuess());
} finally {
guess.destroy();
}
}
return false;
}
public boolean exists() throws RealmUnavailableException {
return true;
}
};
}
return RealmIdentity.NON_EXISTENT;
}
}

8
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/pom.xml
View file

@ -67,6 +67,14 @@
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
<!--dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver</artifactId>
<version>${version.mongodb.driver}</version>
<scope>provided</scope>
</dependency-->
</dependencies>
</project>

19
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformGroupManager.java
View file

@ -36,17 +36,19 @@ import java.util.Map;
* <p>Groups manager service provider implementation for Apache tomcat, when using default realm based on properties files.</p>
* @since 0.8.0
*/
public class KiePlatformGroupManager implements GroupManager,
ContextualManager {
public class KiePlatformGroupManager implements GroupManager, ContextualManager {
private static final Logger LOG = LoggerFactory.getLogger(KiePlatformGroupManager.class);
IdentifierRuntimeSearchEngine<Group> groupsSearchEngine;
public KiePlatformGroupManager() {
this(new ConfigProperties(System.getProperties()));
}
public KiePlatformGroupManager(final Map<String, String> gitPrefs) {
this(new ConfigProperties(gitPrefs));
}
@ -67,17 +69,17 @@ public class KiePlatformGroupManager implements GroupManager,
@Override
public SearchResponse<Group> search(SearchRequest request) throws SecurityManagementException {
return null;
throw new UnsupportedServiceCapabilityException(Capability.CAN_SEARCH_GROUPS);
}
@Override
public Group get(String identifier) throws SecurityManagementException {
return null;
throw new UnsupportedServiceCapabilityException(Capability.CAN_READ_GROUP);
}
@Override
public Group create(Group entity) throws SecurityManagementException {
return null;
throw new UnsupportedServiceCapabilityException(Capability.CAN_ADD_GROUP);
}
@Override
@ -87,7 +89,7 @@ public class KiePlatformGroupManager implements GroupManager,
@Override
public void delete(String... identifiers) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_DELETE_GROUP);
}
@Override
@ -102,21 +104,24 @@ public class KiePlatformGroupManager implements GroupManager,
}
protected CapabilityStatus getCapabilityStatus(Capability capability) {
/**
if (capability != null) {
switch (capability) {
case CAN_SEARCH_GROUPS:
case CAN_ADD_GROUP:
case CAN_UPDATE_GROUP:
case CAN_READ_GROUP:
case CAN_DELETE_GROUP:
return CapabilityStatus.ENABLED;
}
}
**/
return CapabilityStatus.UNSUPPORTED;
}
@Override
public void assignUsers(String name,
Collection<String> users) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_ASSIGN_GROUPS);
}
}

126
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformRoleManager.java Normal file
View file

@ -0,0 +1,126 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.chtijbug.guvnor.uberfire.security;
import org.jboss.errai.security.shared.api.Group;
import org.jboss.errai.security.shared.api.Role;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.commons.config.ConfigProperties;
import org.uberfire.ext.security.management.api.*;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
import org.uberfire.ext.security.management.api.exception.UnsupportedServiceCapabilityException;
import org.uberfire.ext.security.management.impl.RoleManagerSettingsImpl;
import org.uberfire.ext.security.management.search.GroupsIdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.util.SecurityManagementUtils;
import java.util.HashMap;
import java.util.Map;
/**
* <p>Groups manager service provider implementation for Apache tomcat, when using default realm based on properties files.</p>
* @since 0.8.0
*/
public class KiePlatformRoleManager implements RoleManager,ContextualManager {
private static final Logger LOG = LoggerFactory.getLogger(KiePlatformRoleManager.class);
IdentifierRuntimeSearchEngine<Group> groupsSearchEngine;
public KiePlatformRoleManager() {
this(new ConfigProperties(System.getProperties()));
}
public KiePlatformRoleManager(final Map<String, String> gitPrefs) {
this(new ConfigProperties(gitPrefs));
}
public KiePlatformRoleManager(final ConfigProperties gitPrefs) {
// loadConfig(gitPrefs);
}
@Override
public void initialize(UserSystemManager userSystemManager) throws Exception {
groupsSearchEngine = new GroupsIdentifierRuntimeSearchEngine();
}
@Override
public void destroy() throws Exception {
}
@Override
public SearchResponse<Role> search(SearchRequest request) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_SEARCH_ROLES);
}
@Override
public Role get(String identifier) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_READ_ROLE);
}
@Override
public Role create(Role entity) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_ADD_ROLE);
}
@Override
public Role update(Role entity) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_UPDATE_ROLE);
}
@Override
public void delete(String... identifiers) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_DELETE_ROLE);
}
@Override
public RoleManagerSettings getSettings() {
final Map<Capability, CapabilityStatus> capabilityStatusMap = new HashMap<Capability, CapabilityStatus>(8);
for (final Capability capability : SecurityManagementUtils.ROLES_CAPABILITIES) {
capabilityStatusMap.put(capability,
getCapabilityStatus(capability));
}
return new RoleManagerSettingsImpl(capabilityStatusMap);
}
protected CapabilityStatus getCapabilityStatus(Capability capability) {
/**
if (capability != null) {
switch (capability) {
case CAN_SEARCH_ROLES:
case CAN_ADD_ROLE:
case CAN_UPDATE_ROLE:
case CAN_READ_ROLE:
case CAN_DELETE_ROLE:
return CapabilityStatus.ENABLED;
}
}
**/
return CapabilityStatus.UNSUPPORTED;
}
}

44
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformSecurityService.java
View file

@ -1,30 +1,53 @@
package org.chtijbug.guvnor.uberfire.security;
import org.uberfire.ext.security.management.UberfireRoleManager;
import org.uberfire.ext.security.management.api.GroupManager;
import org.uberfire.ext.security.management.api.RoleManager;
import org.uberfire.ext.security.management.api.UserManagementService;
import org.uberfire.ext.security.management.api.UserManager;
import org.uberfire.ext.security.management.service.AbstractUserManagementService;
import javax.enterprise.context.Dependent;
import javax.inject.Inject;
import javax.inject.Named;
@Dependent
@Named(value = "TomcatUserManagementService")
public class KiePlatformSecurityService extends AbstractUserManagementService {
@Named(value = "PymmaKieSecurityService")
public class KiePlatformSecurityService implements UserManagementService {
KiePlatformUserManager userManager;
KiePlatformGroupManager groupManager;
KiePlatformRoleManager roleManager;
private String connectionString;
private String databaseName;
// private MongoClient mongoClient;
// private CodecRegistry pojoCodecRegistry;
//private MongoDatabase database;
public KiePlatformSecurityService() {
System.out.println("KiePlatformSecurityService initialized with databaseName = " + connectionString );
}
@Inject
public KiePlatformSecurityService(final KiePlatformUserManager userManager,
final KiePlatformGroupManager groupManager,
final @Named("uberfireRoleManager") UberfireRoleManager roleManager) {
super(roleManager);
public KiePlatformSecurityService(KiePlatformUserManager userManager,
KiePlatformGroupManager groupManager,
KiePlatformRoleManager roleManager) {
connectionString = System.getProperty("connectionString");
databaseName=System.getProperty("name");
System.out.println("KiePlatformSecurityService initialized with databaseName = " + connectionString );
//mongoClient = MongoClients.create(connectionString);
//pojoCodecRegistry = fromRegistries(MongoClientSettings.getDefaultCodecRegistry(),
// fromProviders(PojoCodecProvider.builder().automatic(true).build()));
// database = mongoClient.getDatabase(databaseName).withCodecRegistry(pojoCodecRegistry);
System.out.println("All setup");
this.userManager = userManager;
this.groupManager = groupManager;
this.roleManager = roleManager;
}
@Override
public UserManager users() {
return new KiePlatformUserManager();
@ -34,4 +57,9 @@ public class KiePlatformSecurityService extends AbstractUserManagementService {
public GroupManager groups() {
return new KiePlatformGroupManager();
}
@Override
public RoleManager roles() {
return new KiePlatformRoleManager();
}
}

35
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformUserManager.java
View file

@ -22,6 +22,7 @@ import org.slf4j.LoggerFactory;
import org.uberfire.commons.config.ConfigProperties;
import org.uberfire.ext.security.management.api.*;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
import org.uberfire.ext.security.management.api.exception.UnsupportedServiceCapabilityException;
import org.uberfire.ext.security.management.impl.UserManagerSettingsImpl;
import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.search.UsersIdentifierRuntimeSearchEngine;
@ -32,21 +33,20 @@ import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import static org.kie.soup.commons.validation.PortablePreconditions.checkNotNull;
/**
* <p>Users manager service provider implementation for Apache tomcat, when using default realm based on properties files.</p>
*
* @since 0.8.0
*/
public class KiePlatformUserManager implements UserManager,
ContextualManager {
public class KiePlatformUserManager implements UserManager, ContextualManager {
private static final Logger LOG = LoggerFactory.getLogger(KiePlatformUserManager.class);
UserSystemManager userSystemManager;
IdentifierRuntimeSearchEngine<User> usersSearchEngine;
public KiePlatformUserManager() {
this(new ConfigProperties(System.getProperties()));
}
@ -59,6 +59,8 @@ public class KiePlatformUserManager implements UserManager,
//loadConfig(gitPrefs);
}
@Override
public void initialize(final UserSystemManager userSystemManager) throws Exception {
this.userSystemManager = userSystemManager;
@ -72,28 +74,27 @@ public class KiePlatformUserManager implements UserManager,
@Override
public SearchResponse<User> search(SearchRequest request) throws SecurityManagementException {
return null;
throw new UnsupportedServiceCapabilityException(Capability.CAN_SEARCH_USERS);
}
@Override
public User get(String identifier) throws SecurityManagementException {
return null;
throw new UnsupportedServiceCapabilityException(Capability.CAN_READ_USER);
}
@Override
public User create(User entity) throws SecurityManagementException {
return null;
throw new UnsupportedServiceCapabilityException(Capability.CAN_ADD_USER);
}
@Override
public User update(User entity) throws SecurityManagementException {
return null;
throw new UnsupportedServiceCapabilityException(Capability.CAN_UPDATE_USER);
}
@Override
public void delete(String... identifiers) throws SecurityManagementException {
checkNotNull("identifiers",
identifiers);
throw new UnsupportedServiceCapabilityException(Capability.CAN_DELETE_USER);
}
@ -121,11 +122,7 @@ public class KiePlatformUserManager implements UserManager,
@Override
public void assignRoles(String username,
Collection<String> roles) throws SecurityManagementException {
Set<String> userGroups = SecurityManagementUtils.groupsToString(SecurityManagementUtils.getGroups(userSystemManager,
username));
userGroups.addAll(roles);
doAssignGroups(username,
userGroups);
throw new UnsupportedServiceCapabilityException(Capability.CAN_ASSIGN_ROLES);
}
private void doAssignGroups(String username,
@ -136,13 +133,12 @@ public class KiePlatformUserManager implements UserManager,
@Override
public void changePassword(String username,
String newPassword) throws SecurityManagementException {
checkNotNull("username",
username);
throw new UnsupportedServiceCapabilityException(Capability.CAN_CHANGE_PASSWORD);
}
protected CapabilityStatus getCapabilityStatus(Capability capability) {
/**
if (capability != null) {
switch (capability) {
case CAN_SEARCH_USERS:
@ -152,12 +148,13 @@ public class KiePlatformUserManager implements UserManager,
case CAN_READ_USER:
case CAN_MANAGE_ATTRIBUTES:
case CAN_ASSIGN_GROUPS:
/** As it is using the UberfireRoleManager. **/
case CAN_ASSIGN_ROLES:
case CAN_CHANGE_PASSWORD:
return CapabilityStatus.ENABLED;
}
}
**/
return CapabilityStatus.UNSUPPORTED;
}
}

22
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-elytron-realm/pom.xml → drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-wildfly-login-module/pom.xml
View file

@ -9,27 +9,22 @@
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>drools-framework-elytron-realm</artifactId>
<artifactId>drools-framework-wildfly-login-module</artifactId>
<dependencies>
<!-- interface SecurityRealm -->
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron</artifactId>
<version>${version.org.wildfly.security.wildfly-elytron}</version>
</dependency>
<!-- interface Configurable -->
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-elytron-integration</artifactId>
<version>${version.org.wildfly.core}</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver</artifactId>
<version>${version.mongodb.driver}</version>
</dependency>
<dependency>
<groupId>org.picketbox</groupId>
<artifactId>picketbox</artifactId>
<version>5.0.3.Final</version>
</dependency>
</dependencies>
<build>
<finalName>pymma-kie-loginmodule</finalName>
<plugins>
<plugin>
@ -82,4 +77,5 @@
</plugin>
</plugins>
</build>
</project>

108
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-wildfly-login-module/src/main/java/org/chtijbug/wildfly/loginmodule/KiePlatformLoginModule.java Normal file
View file

@ -0,0 +1,108 @@
package org.chtijbug.wildfly.loginmodule;
import com.mongodb.DBRef;
import com.mongodb.MongoClientSettings;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;
import org.bson.Document;
import org.bson.codecs.configuration.CodecRegistry;
import org.bson.codecs.pojo.PojoCodecProvider;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import static com.mongodb.client.model.Filters.eq;
import static org.bson.codecs.configuration.CodecRegistries.fromProviders;
import static org.bson.codecs.configuration.CodecRegistries.fromRegistries;
public class KiePlatformLoginModule extends UsernamePasswordLoginModule {
private String connectionString;
private String databaseName;
private MongoClient mongoClient;
CodecRegistry pojoCodecRegistry;
MongoDatabase database;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
super.initialize(subject, callbackHandler, sharedState, options);
connectionString = (String)options.get("connectionString");
databaseName = (String)options.get("name");
System.out.println("Pymma Login Module initialized with databaseName = " + connectionString );
mongoClient = MongoClients.create(connectionString);
pojoCodecRegistry = fromRegistries(MongoClientSettings.getDefaultCodecRegistry(),
fromProviders(PojoCodecProvider.builder().automatic(true).build()));
database = mongoClient.getDatabase(databaseName).withCodecRegistry(pojoCodecRegistry);
System.out.println("All setup");
}
@Override
protected boolean validatePassword(String inputPassword, String expectedPassword) {
System.out.println( "Pymma KieLogin validate password");
return inputPassword.equals(expectedPassword);
//return super.validatePassword(inputPassword, expectedPassword);
}
@Override
protected String getUsersPassword() throws LoginException {
System.out.format("KiePlatformLoginModule: authenticating user '%s'\n",
getUsername());
AtomicReference<String> password= new AtomicReference<>("");
AtomicReference<String> userWorkbenchName= new AtomicReference<>("");
MongoCollection<Document> userCollection = database.getCollection("user");
userCollection.find(eq("login", getUsername())).forEach((Consumer<Document>) doc
-> password.set((String) doc.get("password")));
userCollection.find(eq("login", getUsername())).forEach((Consumer<Document>) doc
-> userWorkbenchName.set((String) doc.get("wbName")));
String wbName=System.getProperty("org.chtijbug.wbname");
if (wbName==null || wbName.length()==0)
wbName="demo";
if (userWorkbenchName.get()==null || wbName.equals(userWorkbenchName.get())){
return password.get();
}else{
return "";
}
}
@Override
protected Group[] getRoleSets() throws LoginException {
SimpleGroup group = new SimpleGroup("Roles");
AtomicReference<ArrayList<DBRef>> roles= new AtomicReference<ArrayList<DBRef>>(new ArrayList());
AtomicReference<ArrayList<DBRef>> groups= new AtomicReference<ArrayList<DBRef>>(new ArrayList());
MongoCollection<Document> userCollection = database.getCollection("user");
userCollection.find(eq("login", getUsername())).forEach((Consumer<Document>) doc
-> roles.set((ArrayList) doc.get("userRoles")));
userCollection.find(eq("login", getUsername())).forEach((Consumer<Document>) doc
-> groups.set((ArrayList) doc.get("userGroups")));
MongoCollection<Document> userRolesCollection = database.getCollection("userRoles");
for (DBRef dbRef : roles.get()){
Document role = userRolesCollection.find(eq("_id", dbRef.getId())).first();
group.addMember(new SimplePrincipal((String)role.get("name")));
}
MongoCollection<Document> userGroupsCollection = database.getCollection("userGroups");
for (DBRef dbRef : groups.get()){
Document userGroupdoc = userGroupsCollection.find(eq("_id", dbRef.getId())).first();
group.addMember(new SimplePrincipal((String)userGroupdoc.get("name")));
}
return new Group[] { group };
}
}

33
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/pom.xml
View file

@ -40,11 +40,26 @@
</dependency>
<dependency>
<groupId>com.pymmasoftware.jbpm</groupId>
<artifactId>drools-framework-elytron-realm</artifactId>
<artifactId>drools-framework-wildfly-login-module</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.uberfire</groupId>
<artifactId>uberfire-security-management-wildfly</artifactId>
<version>${jbpm.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.pymmasoftware.jbpm</groupId>
<artifactId>drools-framework-uberfire-security-service</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver</artifactId>
<version>${version.mongodb.driver}</version>
</dependency>
</dependencies>
@ -96,7 +111,7 @@
<overWriteReleases>false</overWriteReleases>
<overWriteSnapshots>false</overWriteSnapshots>
<overWriteIfNewer>true</overWriteIfNewer>
<excludeArtifactIds>drools-framework-elytron-realm</excludeArtifactIds>
<excludeArtifactIds>drools-framework-wildfly-login-module</excludeArtifactIds>
<includeGroupIds>com.pymmasoftware.jbpm</includeGroupIds>
</configuration>
</execution>
@ -165,12 +180,12 @@
<artifactItems>
<artifactItem>
<groupId>com.pymmasoftware.jbpm</groupId>
<artifactId>drools-framework-elytron-realm</artifactId>
<artifactId>drools-framework-wildfly-login-module</artifactId>
<version>${project.version}</version>
<type>jar</type>
<overWrite>yes</overWrite>
<outputDirectory>${project.build.directory}/</outputDirectory>
<destFileName>pymma-kie-elytron.jar</destFileName>
<destFileName>pymma-kie-login-module.jar</destFileName>
</artifactItem>
<artifactItem>
<groupId>org.mongodb</groupId>
@ -249,9 +264,9 @@
<destName>kie-wb.war</destName>
</file>
<file>
<source>${project.build.directory}/pymma-kie-elytron.jar</source>
<source>${project.build.directory}/pymma-kie-login-module.jar</source>
<outputDirectory>./</outputDirectory>
<destName>pymma-kie-elytron.jar</destName>
<destName>pymma-kie-login-module.jar</destName>
</file>
<file>
<source>${project.build.directory}/bson.jar</source>
@ -342,9 +357,9 @@
<destName>kie-wb.war</destName>
</file>
<file>
<source>${project.build.directory}/pymma-kie-elytron.jar</source>
<source>${project.build.directory}/pymma-kie-login-module.jar</source>
<outputDirectory>./</outputDirectory>
<destName>pymma-kie-elytron.jar</destName>
<destName>pymma-kie-login-module.jar</destName>
</file>
</files>
</inline>

39
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/assembly/assembly-ee7-container.xml
View file

@ -1,39 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2012 Red Hat, Inc. and/or its affiliates
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<assembly xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd
http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 ">
<!-- including a . in the id will modify the *classifier* of the artifact, instead of the name/id of the artifact -->
<id>ee7</id>
<formats>
<format>war</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>${project.build.directory}/unpack-tmp</directory>
<outputDirectory>.</outputDirectory>
</fileSet>
</fileSets>
</assembly>

38
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/assembly/component-kie-wb-wildfly-11-eap-7-common.xml
View file

@ -1,38 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<component xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/component/1.1.3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/component/1.1.3 http://maven.apache.org/xsd/component-1.1.3.xsd">
<!-- Assembly configuration for WildFly 10 and EAP 7, shared between the community and product assemblies. -->
<dependencySets>
<dependencySet>
<includes>
<include>org.kie:${artifactId}:war</include>
</includes>
<outputDirectory>.</outputDirectory>
<unpack>true</unpack>
<unpackOptions>
<excludes>
<exclude>WEB-INF/classes/application-roles.properties</exclude>
<exclude>WEB-INF/classes/application-users.properties</exclude>
</excludes>
</unpackOptions>
<useStrictFiltering>true</useStrictFiltering>
</dependencySet>
</dependencySets>
</component>

10
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/docker/Dockerfile
View file

@ -27,10 +27,12 @@ ENV JAVA_OPTS -Xms256m -Xmx4512m
##com.pymmasoftware.kie-realm
RUN mkdir /opt/jboss/wildfly/modules/com
RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware
RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm
RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm/main
ADD maven/pymma-kie-elytron.jar /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm/main/pymma-kie-elytron.jar
ADD etc/module.xml /opt/jboss/wildfly/modules/com/pymmasoftware/kie-realm/main/module.xml
RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware/loginmodule
RUN mkdir /opt/jboss/wildfly/modules/com/pymmasoftware/loginmodule/main
ADD maven/pymma-kie-login-module.jar /opt/jboss/wildfly/modules/com/pymmasoftware/loginmodule/main/pymma-kie-login-module.jar
ADD etc/module-loginmodule.xml /opt/jboss/wildfly/modules/com/pymmasoftware/loginmodule/main/module.xml
####### DROOLS-WB ############

8
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/docker/etc/module.xml → drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/docker/etc/module-loginmodule.xml
View file

@ -1,16 +1,16 @@
<?xml version='1.0' encoding='UTF-8'?>
<module xmlns="urn:jboss:module:1.1" name="com.pymmasoftware.kie-realm">
<module xmlns="urn:jboss:module:1.1" name="com.pymmasoftware.pymma-kie-loginmodule">
<resources>
<resource-root path="pymma-kie-elytron.jar"/>
<resource-root path="pymma-kie-loginmodule.jar"/>
<resource-root path="bson.jar"/>
<resource-root path="mongodb-driver-core.jar"/>
<resource-root path="mongodb-driver.jar"/>
</resources>
<dependencies>
<module name="org.wildfly.security.elytron"/>
<module name="org.wildfly.extension.elytron"/>
<module name="org.picketbox"/>
<module name="javax.api"/>
</dependencies>
</module>

14
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/docker/etc/standalone-full-drools.xml
View file

@ -251,12 +251,6 @@
</security-domain>
</security-domains>
<security-realms>
<custom-realm name="pymmaKieRealm" module="com.pymmasoftware.kie-realm" class-name="org.chtijbug.wildfly.realm.PymmaKieRealm">
<configuration>
<property name="connectionString" value="mongodb://mongodb:27017"/>
<property name="name" value="businessProxyDB"/>
</configuration>
</custom-realm>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
@ -457,11 +451,9 @@
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<login-module code="org.chtijbug.wildfly.loginmodule.KiePlatformLoginModule" flag="required" module="com.pymmasoftware.pymma-kie-loginmodule">
<module-option name="connectionString" value="mongodb://mongodb:27017"/>
<module-option name="name" value="businessProxyDB"/>
</login-module>
</authentication>
</security-domain>

2
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/resources/META-INF/log4j.xml
View file

@ -11,7 +11,7 @@
</appender>
<root>
<level value="INFO"/>
<level value="DEBUG"/>
<appender-ref ref="console"/>
</root>

43
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/resources/WEB-INF/web.xml
View file

@ -120,6 +120,28 @@
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<!-- Basic Auth Filter for REST and Maven2 repo -->
<filter>
<filter-name>HTTP Basic Auth Filter</filter-name>
<filter-class>org.uberfire.ext.security.server.BasicAuthSecurityFilter</filter-class>
<init-param>
<param-name>realmName</param-name>
<param-value>Business Central Realm</param-value>
</init-param>
<init-param>
<param-name>excludedPaths</param-name>
<param-value>/rest/healthy,/rest/ready</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HTTP Basic Auth Filter</filter-name>
<url-pattern>/git/*</url-pattern>
<url-pattern>/rest/*</url-pattern>
<url-pattern>/maven2/*</url-pattern>
<url-pattern>/ws/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>GzipFilter</filter-name>
<filter-class>org.uberfire.backend.server.util.gzip.GzipFilter</filter-class>
@ -371,6 +393,17 @@ See http://www.w3.org/TR/SVG/intro.html#MIMEType. -->
</auth-constraint>
</security-constraint>
<!-- Basic auth for WebSocket endpoints -->
<security-constraint>
<web-resource-collection>
<web-resource-name>WebSocket basic auth resources</web-resource-name>
<url-pattern>/websocket/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>rest-all</role-name>
</auth-constraint>
</security-constraint>
<!-- public resources -->
<security-constraint>
<web-resource-collection>
@ -460,6 +493,16 @@ See http://www.w3.org/TR/SVG/intro.html#MIMEType. -->
<role-name>process-admin</role-name>
</security-role>
<security-role>
<description>REST user - Users with the rest-all role can access Business Central REST capabilities.</description>
<role-name>rest-all</role-name>
</security-role>
<security-role>
<description>REST project - Users with the rest-project role can access Business Central REST capabilities.</description>
<role-name>rest-project</role-name>
</security-role>
<error-page>
<error-code>403</error-code>
<location>/not_authorized.jsp</location>

4
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/pom.xml
View file

@ -15,7 +15,7 @@
<module>kie-drools-framework-rest-backend</module>
<module>drools-framework-kie-wb-rest-pojo</module>
<module>drools-framework-uberfire-security-service</module>
<module>drools-framework-elytron-realm</module>
<module>drools-framework-wildfly-login-module</module>
</modules>
<dependencyManagement>
@ -28,7 +28,7 @@
one of them, the ${project.version} property changes too and therefore also required version of
uberfire-bom. Usage of this property makes it possible to change version of the (sub)module
and still use the original version of uberfire-bom. -->
<version>2.9.0.Final</version>
<version>${jbpm.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

2
drools-framework-base-tools-parent/pom.xml
View file

@ -13,7 +13,7 @@
<modules>
<module>drools-framework-common</module>
<module>drools-framework-examples</module>
<module>drools-framework-kie-server-parent</module>
<!--module>drools-framework-kie-server-parent</module-->
<module>drools-framework-runtime-base</module>
<module>drools-framework-runtime-entity</module>
<module>drools-framework-kie-wb-parent</module>