[Engine-patches] Change in ovirt-engine[master]: core: custom jboss login plugin using digest

rgolan Tue, 08 Jul 2014 00:27:27 -0700

Roy Golan has uploaded a new change for review.

Change subject: core: custom jboss login plugin using digest
......................................................................


core: custom jboss login plugin using digest

this plugin will enable us to auth users who whants to perform
management actions like JMX etc.

! - doesn't work with Jboss AS 7.1.1

Change-Id: I0e504c9b429f7fe02d42b0170e6e3a08b801efae
Signed-off-by: Roy Golan <rgo...@redhat.com>
---
M backend/manager/modules/aaa/pom.xml
A 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugIn.java
A 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugInProvider.java
M 
backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml
A 
backend/manager/modules/aaa/src/main/resources/META-INF/services/org.jboss.as.domain.management.plugin.PlugInProvider
M packaging/services/ovirt-engine/ovirt-engine.xml.in
6 files changed, 91 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/93/29693/1

diff --git a/backend/manager/modules/aaa/pom.xml 
b/backend/manager/modules/aaa/pom.xml
index 23f9bec..9559127 100644
--- a/backend/manager/modules/aaa/pom.xml
+++ b/backend/manager/modules/aaa/pom.xml
@@ -49,6 +49,11 @@
       <groupId>commons-lang</groupId>
       <artifactId>commons-lang</artifactId>
     </dependency>
+      <dependency>
+          <groupId>org.jboss.as</groupId>
+          <artifactId>jboss-as-domain-management</artifactId>
+          <version>7.2.0.Final</version>
+      </dependency>
 
   </dependencies>
 
diff --git 
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugIn.java
 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugIn.java
new file mode 100644
index 0000000..6d6cc0b
--- /dev/null
+++ 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugIn.java
@@ -0,0 +1,53 @@
+package org.ovirt.engine.core.aaa.jboss_auth_plugin;
+
+import org.jboss.as.domain.management.plugin.AbstractPlugIn;
+import org.jboss.as.domain.management.plugin.AuthorizationPlugIn;
+import org.jboss.as.domain.management.plugin.DigestCredential;
+import org.jboss.as.domain.management.plugin.Identity;
+import org.ovirt.engine.core.common.action.LoginUserParameters;
+import org.ovirt.engine.core.common.interfaces.BackendLocal;
+
+import javax.inject.Inject;
+import java.io.IOException;
+import java.util.Map;
+
+public class OvirtAuthPlugIn extends AbstractPlugIn {
+
+    @Inject
+    BackendLocal backendLocal;
+
+    public void init(Map<String, String> configuration, Map<String, Object> 
sharedState) throws IOException {
+        this.configuration = configuration;
+        // This will allow an AuthorizationPlugIn to delegate back to this 
instance.
+        sharedState.put(AuthorizationPlugIn.class.getName(), this);
+    }
+
+    @Override public Identity loadIdentity(String username, String realm) 
throws IOException {
+        return new OvirtIdentity(username, realm);
+    }
+
+
+    public class OvirtIdentity implements Identity<DigestCredential>{
+        private String hash, username, realm;
+
+        public OvirtIdentity(String username, String realm) {
+            this.username = username;
+            this.realm = realm;
+            createHash();
+        }
+
+        private void createHash() {
+            // WIP get a hash of the username password and realm from the 
backend
+            hash = backendLocal.getUserHash(username, realm);
+        }
+
+        @Override public String getUserName() {
+            return username;
+        }
+
+        @Override public DigestCredential getCredential() {
+            return new DigestCredential(hash);
+        }
+    }
+
+}
diff --git 
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugInProvider.java
 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugInProvider.java
new file mode 100644
index 0000000..c7eb04a
--- /dev/null
+++ 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/jboss_auth_plugin/OvirtAuthPlugInProvider.java
@@ -0,0 +1,19 @@
+package org.ovirt.engine.core.aaa.jboss_auth_plugin;
+
+import org.jboss.as.domain.management.plugin.AuthenticationPlugIn;
+import org.jboss.as.domain.management.plugin.AuthorizationPlugIn;
+import org.jboss.as.domain.management.plugin.Credential;
+import org.jboss.as.domain.management.plugin.PlugInProvider;
+
+public class OvirtAuthPlugInProvider implements PlugInProvider {
+    @Override public AuthenticationPlugIn<Credential> 
loadAuthenticationPlugIn(String s) {
+        if ("OvirtAuth".equals(s)) {
+            return new OvirtAuthPlugIn();
+        }
+        return null;
+    }
+
+    @Override public AuthorizationPlugIn loadAuthorizationPlugIn(String s) {
+        return null;
+    }
+}
diff --git 
a/backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml
 
b/backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml
index 5b730b1..2247562 100644
--- 
a/backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml
+++ 
b/backend/manager/modules/aaa/src/main/modules/org/ovirt/engine/core/aaa/main/module.xml
@@ -9,6 +9,7 @@
   <dependencies>
     <module name="javax.api"/>
     <module name="javax.servlet.api"/>
+    <module name="org.jboss.as.domain.management"/>
     <module name="org.apache.commons.codec"/>
     <module name="org.apache.commons.lang"/>
     <module name="org.ovirt.engine.core.common"/>
diff --git 
a/backend/manager/modules/aaa/src/main/resources/META-INF/services/org.jboss.as.domain.management.plugin.PlugInProvider
 
b/backend/manager/modules/aaa/src/main/resources/META-INF/services/org.jboss.as.domain.management.plugin.PlugInProvider
new file mode 100644
index 0000000..50124c8
--- /dev/null
+++ 
b/backend/manager/modules/aaa/src/main/resources/META-INF/services/org.jboss.as.domain.management.plugin.PlugInProvider
@@ -0,0 +1 @@
+org.ovirt.engine.core.aaa.jboss_auth_plugin.OvirtAuthPlugInProvider
diff --git a/packaging/services/ovirt-engine/ovirt-engine.xml.in 
b/packaging/services/ovirt-engine/ovirt-engine.xml.in
index ac772e3..2e125f2 100644
--- a/packaging/services/ovirt-engine/ovirt-engine.xml.in
+++ b/packaging/services/ovirt-engine/ovirt-engine.xml.in
@@ -50,6 +50,18 @@
           <properties path="/dev/null"/>
         </authentication>
       </security-realm>
+      <security-realm name="ovirt">
+        <plug-ins>
+          <plug-in module="org.ovirt.engine.core.aaa"/>
+        </plug-ins>
+
+        <authentication>
+          <plug-in name="OvirtAuth"/>
+        </authentication>
+        <uthorization>
+          <plug-in name="Delegate"/>
+        </authorization>
+      </security-realm>
     </security-realms>
     <management-interfaces>
       <native-interface security-realm="management">


-- 
To view, visit http://gerrit.ovirt.org/29693
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0e504c9b429f7fe02d42b0170e6e3a08b801efae
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Roy Golan <rgo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: core: custom jboss login plugin using digest

Reply via email to