modules/enterprise/gui/installer/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java | 53 +++++++++- modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/InstallerGWTServiceImpl.java | 3 modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/ServerInstallUtil.java | 46 ++++++-- modules/enterprise/gui/rest-war/src/main/webapp/WEB-INF/jboss-web.xml | 2 4 files changed, 88 insertions(+), 16 deletions(-)
New commits: commit 7a16d557311c811c97abc96a26ba2b454f7d2b1e Author: Jay Shaughnessy jshaughn@jshaughn.csb Date: Mon Sep 10 16:24:25 2012 -0400
Add REST security domain def to the installer.
diff --git a/modules/enterprise/gui/installer/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java b/modules/enterprise/gui/installer/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java index b1e8782..723a295 100644 --- a/modules/enterprise/gui/installer/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java +++ b/modules/enterprise/gui/installer/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java @@ -22,7 +22,7 @@ import org.jboss.as.controller.client.ModelControllerClient; import org.jboss.dmr.ModelNode;
/** - * Provides convienence methods associated with security domain management. + * Provides convenience methods associated with security domain management. * * @author John Mazzitelli */ @@ -39,6 +39,11 @@ public class SecurityDomainJBossASClient extends JBossASClient { public static final String MODULE_OPTIONS = "module-options"; public static final String USERNAME = "username"; public static final String PASSWORD = "password"; + public static final String DS_JNDI_NAME = "dsJndiName"; + public static final String PRINCIPALS_QUERY = "principalsQuery"; + public static final String ROLES_QUERY = "rolesQuery"; + public static final String HASH_ALGORITHM = "hashAlgorithm"; + public static final String HASH_ENCODING = "hashEncoding";
public SecurityDomainJBossASClient(ModelControllerClient client) { super(client); @@ -57,7 +62,7 @@ public class SecurityDomainJBossASClient extends JBossASClient { }
/** - * Convienence method that builds a request which can create a new security-domain + * Convenience method that builds a request which can create a new security-domain * using the SecureIdentity authentication method. This is used when you want * to obfuscate a database password in the configuration. * @@ -96,4 +101,48 @@ public class SecurityDomainJBossASClient extends JBossASClient {
return; } + + /** + * Convenience method that builds a request which can create a new security domain + * using the database server authentication method. This is used when you want to directly + * authenticate against a db entry. + * + * @param securityDomainName the name of the new security domain + * @param dsJndiName the jndi name for the datasource to query against + * @param principalsQuery the SQL query for selecting password info for a principal + * @param rolesQuery the SQL query for selecting role info for a principal + * @param hashAlgorithm if null defaults to "MD5" + * @param hashEncoding if null defaults to "base64" + * @throws Exception if failed to create security domain + */ + public void createNewDatabaseServerSecurityDomainRequest(String securityDomainName, String dsJndiName, + String principalsQuery, String rolesQuery, String hashAlgorithm, String hashEncoding) throws Exception { + + Address addr = Address.root().add(SUBSYSTEM, SUBSYSTEM_SECURITY, SECURITY_DOMAIN, securityDomainName); + ModelNode addTopNode = createRequest(ADD, addr); + addTopNode.get(CACHE_TYPE).set("default"); + + ModelNode addAuthNode = createRequest(ADD, addr.clone().add(AUTHENTICATION, CLASSIC)); + ModelNode loginModulesNode = addAuthNode.get(LOGIN_MODULES); + ModelNode loginModule = new ModelNode(); + loginModule.get(CODE).set("DatabaseServer"); + loginModule.get(FLAG).set("required"); + ModelNode moduleOptions = loginModule.get(MODULE_OPTIONS); + moduleOptions.setEmptyList(); + moduleOptions.add(DS_JNDI_NAME, dsJndiName); + moduleOptions.add(PRINCIPALS_QUERY, principalsQuery); + moduleOptions.add(ROLES_QUERY, rolesQuery); + moduleOptions.add(HASH_ALGORITHM, (null == hashAlgorithm ? "MD5" : hashAlgorithm)); + moduleOptions.add(HASH_ENCODING, (null == hashEncoding ? "base64" : hashEncoding)); + loginModulesNode.add(loginModule); + + ModelNode batch = createBatchRequest(addTopNode, addAuthNode); + ModelNode results = execute(batch); + if (!isSuccess(results)) { + throw new FailureException(results, "Failed to create security domain [" + securityDomainName + "]"); + } + + return; + } + } diff --git a/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/InstallerGWTServiceImpl.java b/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/InstallerGWTServiceImpl.java index ecda87c..a39009f 100644 --- a/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/InstallerGWTServiceImpl.java +++ b/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/InstallerGWTServiceImpl.java @@ -571,6 +571,9 @@ public class InstallerGWTServiceImpl extends RemoteServiceServlet implements Ins // create the security domain needed by the datasources ServerInstallUtil.createDatasourceSecurityDomain(client, serverProperties);
+ // create the security domain needed by REST + ServerInstallUtil.createRESTSecurityDomain(client, serverProperties); + // create the JDBC driver configurations for use by datasources ServerInstallUtil.createNewJdbcDrivers(client, serverProperties);
diff --git a/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/ServerInstallUtil.java b/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/ServerInstallUtil.java index aa0b27c..e03bf87 100644 --- a/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/ServerInstallUtil.java +++ b/modules/enterprise/gui/installer/src/main/java/org/rhq/enterprise/gui/installer/server/servlet/ServerInstallUtil.java @@ -95,7 +95,8 @@ public class ServerInstallUtil {
private static final String RHQ_DATASOURCE_NAME_NOTX = "NoTxRHQDS"; private static final String RHQ_DATASOURCE_NAME_XA = "RHQDS"; - private static final String RHQ_SECURITY_DOMAIN = "RHQDSSecurityDomain"; + private static final String RHQ_DS_SECURITY_DOMAIN = "RHQDSSecurityDomain"; + private static final String RHQ_REST_SECURITY_DOMAIN = "RHQRESTSecurityDomain"; private static final String JDBC_DRIVER_POSTGRES = "postgres"; private static final String JDBC_DRIVER_ORACLE = "oracle";
@@ -127,7 +128,7 @@ public class ServerInstallUtil { throws Exception {
String fromAddressExpr = "${" + ServerProperties.PROP_EMAIL_FROM_ADDRESS + ":rhqadmin@localhost.com}"; - String smtpHostExpr = "${" + ServerProperties.PROP_EMAIL_SMTP_HOST + ":localhost}"; + //String smtpHostExpr = "${" + ServerProperties.PROP_EMAIL_SMTP_HOST + ":localhost}"; String smtpPortExpr = "${" + ServerProperties.PROP_EMAIL_SMTP_PORT + ":25}";
// Tweek the mail configuration that comes out of box. Setup a batch request to write the proper attributes. @@ -206,7 +207,7 @@ public class ServerInstallUtil { final String dbUsername = serverProperties.get(ServerProperties.PROP_DATABASE_USERNAME); final String obfuscatedPassword = serverProperties.get(ServerProperties.PROP_DATABASE_PASSWORD); final SecurityDomainJBossASClient client = new SecurityDomainJBossASClient(mcc); - final String securityDomain = RHQ_SECURITY_DOMAIN; + final String securityDomain = RHQ_DS_SECURITY_DOMAIN; if (!client.isSecurityDomain(securityDomain)) { client.createNewSecureIdentitySecurityDomainRequest(securityDomain, dbUsername, obfuscatedPassword); LOG.info("Security domain [" + securityDomain + "] created"); @@ -216,6 +217,28 @@ public class ServerInstallUtil { }
/** + * Creates the security domain for REST. + * + * @param mcc the JBossAS management client + * @param serverProperties contains the obfuscated password to store in the security domain + * @throws Exception + */ + public static void createRESTSecurityDomain(ModelControllerClient mcc, HashMap<String, String> serverProperties) + throws Exception { + + final SecurityDomainJBossASClient client = new SecurityDomainJBossASClient(mcc); + final String securityDomain = RHQ_REST_SECURITY_DOMAIN; + if (!client.isSecurityDomain(securityDomain)) { + client.createNewDatabaseServerSecurityDomainRequest(securityDomain, "java:jboss/datasources/RHQDS", + "SELECT PASSWORD FROM RHQ_PRINCIPAL WHERE principal=?", + "SELECT 'all', 'Roles' FROM RHQ_PRINCIPAL WHERE principal=?", null, null); + LOG.info("Security domain [" + securityDomain + "] created"); + } else { + LOG.info("Security domain [" + securityDomain + "] already exists, skipping the creation request"); + } + } + + /** * Creates JDBC driver configurations so the datasources can properly connect to the backend databases. * This will attempt to create drivers for all supported databases, not just for the database type that * is currently configured. @@ -342,7 +365,7 @@ public class ServerInstallUtil { noTxDsRequest = client.createNewDatasourceRequest(RHQ_DATASOURCE_NAME_NOTX, 30000, "${rhq.server.database.connection-url:jdbc:postgres://127.0.0.1:5432/rhq}", JDBC_DRIVER_POSTGRES, "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter", 15, false, 2, 5, 75, - RHQ_SECURITY_DOMAIN, "-unused-stale-conn-checker-", "TRANSACTION_READ_COMMITTED", + RHQ_DS_SECURITY_DOMAIN, "-unused-stale-conn-checker-", "TRANSACTION_READ_COMMITTED", "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker", props); noTxDsRequest.get("steps").get(0).remove("stale-connection-checker-class-name"); // we don't have one of these for postgres } else { @@ -357,7 +380,7 @@ public class ServerInstallUtil {
xaDsRequest = client.createNewXADatasourceRequest(RHQ_DATASOURCE_NAME_XA, 30000, JDBC_DRIVER_POSTGRES, "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter", 15, 5, 50, 75, - RHQ_SECURITY_DOMAIN, "-unused-stale-conn-checker-", "TRANSACTION_READ_COMMITTED", + RHQ_DS_SECURITY_DOMAIN, "-unused-stale-conn-checker-", "TRANSACTION_READ_COMMITTED", "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker", props); xaDsRequest.get("steps").get(0).remove("stale-connection-checker-class-name"); // we don't have one of these for postgres } else { @@ -387,7 +410,7 @@ public class ServerInstallUtil { noTxDsRequest = client.createNewDatasourceRequest(RHQ_DATASOURCE_NAME_NOTX, 30000, "${rhq.server.database.connection-url:jdbc:oracle:thin:@127.0.0.1:1521:rhq}", JDBC_DRIVER_ORACLE, "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter", 15, false, 2, 5, 75, - RHQ_SECURITY_DOMAIN, "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker", + RHQ_DS_SECURITY_DOMAIN, "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker", "TRANSACTION_READ_COMMITTED", "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker", props); } else { @@ -401,7 +424,7 @@ public class ServerInstallUtil {
xaDsRequest = client.createNewXADatasourceRequest(RHQ_DATASOURCE_NAME_XA, 30000, JDBC_DRIVER_ORACLE, "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter", 15, 5, 50, 75, - RHQ_SECURITY_DOMAIN, "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker", + RHQ_DS_SECURITY_DOMAIN, "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker", "TRANSACTION_READ_COMMITTED", "org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker", props); } else { @@ -799,8 +822,7 @@ public class ServerInstallUtil { * @throws Exception if failed to create the new schema for some reason */ public static void createNewDatabaseSchema(HashMap<String, String> props, ServerDetails serverDetails, - String password, String logDir) - throws Exception { + String password, String logDir) throws Exception { String dbUrl = props.get(ServerProperties.PROP_DATABASE_CONNECTION_URL); String userName = props.get(ServerProperties.PROP_DATABASE_USERNAME);
@@ -836,8 +858,7 @@ public class ServerInstallUtil { * @throws Exception if the upgrade failed for some reason */ public static void upgradeExistingDatabaseSchema(HashMap<String, String> props, ServerDetails serverDetails, - String password, String logDir) - throws Exception { + String password, String logDir) throws Exception { String dbUrl = props.get(ServerProperties.PROP_DATABASE_CONNECTION_URL); String userName = props.get(ServerProperties.PROP_DATABASE_USERNAME);
@@ -889,8 +910,7 @@ public class ServerInstallUtil { * @throws IOException if failed to extract the file to the log directory */ private static String extractDatabaseXmlFile(String xmlFileName, HashMap<String, String> props, - ServerDetails serverDetails, String logDir) - throws IOException { + ServerDetails serverDetails, String logDir) throws IOException {
// first slurp the file contents in memory InputStream resourceInStream = ServerInstallUtil.class.getClassLoader().getResourceAsStream(xmlFileName); diff --git a/modules/enterprise/gui/rest-war/src/main/webapp/WEB-INF/jboss-web.xml b/modules/enterprise/gui/rest-war/src/main/webapp/WEB-INF/jboss-web.xml index 45759fd..1ef5880 100644 --- a/modules/enterprise/gui/rest-war/src/main/webapp/WEB-INF/jboss-web.xml +++ b/modules/enterprise/gui/rest-war/src/main/webapp/WEB-INF/jboss-web.xml @@ -2,5 +2,5 @@
<jboss-web> <context-root>rest</context-root> - <security-domain>REST</security-domain> + <security-domain>RHQRESTSecurityDomain</security-domain> </jboss-web>
rhq-commits@lists.fedorahosted.org