Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY-2320] Add integrity support to FileSystemSecurityRealm
- Loading branch information
Showing
11 changed files
with
1,134 additions
and
243 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
350 changes: 321 additions & 29 deletions
350
auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71 changes: 71 additions & 0 deletions
71
auth/realm/base/src/main/java/org/wildfly/security/auth/realm/IntegrityException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2020 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.wildfly.security.auth.realm; | ||
|
||
import java.io.IOException; | ||
|
||
/** | ||
* Exception to indicate a general failure related to the Integrity Verification of the Filesystem Realm. | ||
* | ||
* @author <a href="mailto:araskar@redhat.com">Ashpan Raskar</a> | ||
*/ | ||
public class IntegrityException extends IOException { | ||
|
||
|
||
private static final long serialVersionUID = 8889252552074803941L; | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance. The message is left blank ({@code null}), and no | ||
* cause is specified. | ||
*/ | ||
public IntegrityException() { | ||
} | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance with an initial message. No cause is specified. | ||
* | ||
* @param msg the message | ||
*/ | ||
public IntegrityException(final String msg) { | ||
super(msg); | ||
} | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance with an initial cause. If a non-{@code null} cause | ||
* is specified, its message is used to initialize the message of this {@code IntegrityException}; otherwise | ||
* the message is left blank ({@code null}). | ||
* | ||
* @param cause the cause | ||
*/ | ||
public IntegrityException(final Throwable cause) { | ||
super(cause); | ||
} | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance with an initial message and cause. | ||
* | ||
* @param msg the message | ||
* @param cause the cause | ||
*/ | ||
public IntegrityException(final String msg, final Throwable cause) { | ||
super(msg, cause); | ||
} | ||
|
||
} | ||
|
150 changes: 150 additions & 0 deletions
150
auth/realm/base/src/main/resources/schema/elytron-identity-1_2.xsd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,150 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
|
||
<!-- | ||
~ JBoss, Home of Professional Open Source. | ||
~ Copyright 2021 Red Hat, Inc., and individual contributors | ||
~ as indicated by the @author tags. | ||
~ | ||
~ Licensed under the Apache License, Version 2.0 (the "License"); | ||
~ you may not use this file except in compliance with the License. | ||
~ You may obtain a copy of the License at | ||
~ | ||
~ http://www.apache.org/licenses/LICENSE-2.0 | ||
~ | ||
~ Unless required by applicable law or agreed to in writing, software | ||
~ distributed under the License is distributed on an "AS IS" BASIS, | ||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
~ See the License for the specific language governing permissions and | ||
~ limitations under the License. | ||
--> | ||
|
||
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" | ||
targetNamespace="urn:elytron:identity:1.2" | ||
xmlns="urn:elytron:identity:1.2" | ||
elementFormDefault="qualified" | ||
attributeFormDefault="unqualified" | ||
version="1.2"> | ||
|
||
<!-- File-backed realm elements --> | ||
|
||
<xsd:element name="identity" type="identity-type"/> | ||
|
||
<xsd:complexType name="identity-type"> | ||
<xsd:all minOccurs="1" maxOccurs="1"> | ||
<xsd:element name="principal" type="name-type" minOccurs="1" maxOccurs="1"/> | ||
<xsd:element name="credentials" type="credentials-type" minOccurs="0" maxOccurs="1"/> | ||
<xsd:element name="attributes" type="attributes-type" minOccurs="0" maxOccurs="1"/> | ||
</xsd:all> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="credentials-type"> | ||
<xsd:choice minOccurs="0" maxOccurs="unbounded"> | ||
<xsd:element name="password" type="credential-type"/> | ||
<xsd:element name="otp" type="otp-credential-type"/> | ||
<xsd:element name="public-key" type="credential-type"/> | ||
<xsd:element name="certificate" type="credential-type"/> | ||
</xsd:choice> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="attributes-type"> | ||
<xsd:choice minOccurs="0" maxOccurs="unbounded"> | ||
<xsd:element name="attribute" type="attribute-type"/> | ||
</xsd:choice> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="credential-type"> | ||
<xsd:simpleContent> | ||
<xsd:extension base="xsd:string"> | ||
<xsd:attribute name="algorithm" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="format" type="xsd:string" use="optional"/> | ||
</xsd:extension> | ||
</xsd:simpleContent> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="otp-credential-type"> | ||
<xsd:simpleContent> | ||
<xsd:extension base="xsd:string"> | ||
<xsd:attribute name="algorithm" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="hash" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="seed" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="sequence" type="xsd:string" use="optional"/> | ||
</xsd:extension> | ||
</xsd:simpleContent> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="attribute-type"> | ||
<xsd:attribute name="name" type="xsd:string" use="required"/> | ||
<xsd:attribute name="value" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<!-- Common types --> | ||
|
||
<xsd:complexType name="empty-type"/> | ||
|
||
<xsd:complexType name="name-type"> | ||
<xsd:attribute name="name" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="abstract-type-type"> | ||
<xsd:attribute name="name" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="authority" type="xsd:string" use="optional"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="optional-name-type"> | ||
<xsd:attribute name="name" type="xsd:string" /> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="selector-type"> | ||
<xsd:attribute name="selector" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="module-ref-type"> | ||
<xsd:attribute name="module-name" type="xsd:string" use="optional"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="port-number-type"> | ||
<xsd:attribute name="number" type="port-number-simple-type" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:simpleType name="port-number-simple-type"> | ||
<xsd:restriction base="xsd:positiveInteger"> | ||
<xsd:minInclusive value="1"/> | ||
<xsd:maxInclusive value="65535"/> | ||
</xsd:restriction> | ||
</xsd:simpleType> | ||
|
||
<xsd:complexType name="regex-substitution-type"> | ||
<xsd:attribute name="pattern" type="xsd:string" use="required"/> | ||
<xsd:attribute name="replacement" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="names-list-type"> | ||
<xsd:attribute name="names" type="names-list-simple-type" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:simpleType name="names-list-simple-type"> | ||
<xsd:list itemType="xsd:string"/> | ||
</xsd:simpleType> | ||
|
||
<xsd:complexType name="uri-type"> | ||
<xsd:attribute name="uri" type="xsd:anyURI" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="clear-password-type"> | ||
<xsd:attribute name="password" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="properties-type"> | ||
<xsd:sequence> | ||
<xsd:element name="property" maxOccurs="unbounded"> | ||
<xsd:complexType> | ||
<xsd:attribute name="key" type="xsd:string" use="required" /> | ||
<xsd:attribute name="value" type="xsd:string" use="required" /> | ||
</xsd:complexType> | ||
</xsd:element> | ||
</xsd:sequence> | ||
</xsd:complexType> | ||
|
||
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="https://www.w3.org/TR/xmldsig-core1/xmldsig11-schema.xsd"/> | ||
|
||
</xsd:schema> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.