Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1709 from Ashpan/ELY-2320
[ELY-2320] Add integrity support to FileSystemSecurityRealm
- Loading branch information
Showing
9 changed files
with
1,322 additions
and
445 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
387 changes: 359 additions & 28 deletions
387
auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71 changes: 71 additions & 0 deletions
71
auth/realm/base/src/main/java/org/wildfly/security/auth/realm/IntegrityException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2022 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.wildfly.security.auth.realm; | ||
|
||
import java.io.IOException; | ||
|
||
/** | ||
* Exception to indicate a general failure related to the Integrity Verification of the Filesystem Realm. | ||
* | ||
* @author <a href="mailto:araskar@redhat.com">Ashpan Raskar</a> | ||
*/ | ||
public class IntegrityException extends IOException { | ||
|
||
|
||
private static final long serialVersionUID = 8889252552074803941L; | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance. The message is left blank ({@code null}), and no | ||
* cause is specified. | ||
*/ | ||
public IntegrityException() { | ||
} | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance with an initial message. No cause is specified. | ||
* | ||
* @param msg the message | ||
*/ | ||
public IntegrityException(final String msg) { | ||
super(msg); | ||
} | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance with an initial cause. If a non-{@code null} cause | ||
* is specified, its message is used to initialize the message of this {@code IntegrityException}; otherwise | ||
* the message is left blank ({@code null}). | ||
* | ||
* @param cause the cause | ||
*/ | ||
public IntegrityException(final Throwable cause) { | ||
super(cause); | ||
} | ||
|
||
/** | ||
* Constructs a new {@code IntegrityException} instance with an initial message and cause. | ||
* | ||
* @param msg the message | ||
* @param cause the cause | ||
*/ | ||
public IntegrityException(final String msg, final Throwable cause) { | ||
super(msg, cause); | ||
} | ||
|
||
} | ||
|
152 changes: 152 additions & 0 deletions
152
auth/realm/base/src/main/resources/schema/elytron-identity-1_2.xsd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
|
||
<!-- | ||
~ JBoss, Home of Professional Open Source. | ||
~ Copyright 2022 Red Hat, Inc., and individual contributors | ||
~ as indicated by the @author tags. | ||
~ | ||
~ Licensed under the Apache License, Version 2.0 (the "License"); | ||
~ you may not use this file except in compliance with the License. | ||
~ You may obtain a copy of the License at | ||
~ | ||
~ http://www.apache.org/licenses/LICENSE-2.0 | ||
~ | ||
~ Unless required by applicable law or agreed to in writing, software | ||
~ distributed under the License is distributed on an "AS IS" BASIS, | ||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
~ See the License for the specific language governing permissions and | ||
~ limitations under the License. | ||
--> | ||
|
||
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" | ||
targetNamespace="urn:elytron:identity:1.2" | ||
xmlns="urn:elytron:identity:1.2" | ||
xmlns:xmldsig="http://www.w3.org/2000/09/xmldsig#" | ||
elementFormDefault="qualified" | ||
attributeFormDefault="unqualified" | ||
version="1.2"> | ||
|
||
<!-- File-backed realm elements --> | ||
|
||
<xsd:element name="identity" type="identity-type"/> | ||
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd" /> | ||
|
||
<xsd:complexType name="identity-type"> | ||
<xsd:all minOccurs="1" maxOccurs="1"> | ||
<xsd:element name="principal" type="name-type" minOccurs="0" maxOccurs="1"/> | ||
<xsd:element name="credentials" type="credentials-type" minOccurs="0" maxOccurs="1"/> | ||
<xsd:element name="attributes" type="attributes-type" minOccurs="0" maxOccurs="1"/> | ||
<xsd:element name="Signature" type="xmldsig:SignatureType" minOccurs="0" maxOccurs="1"/> | ||
</xsd:all> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="credentials-type"> | ||
<xsd:choice minOccurs="0" maxOccurs="unbounded"> | ||
<xsd:element name="password" type="credential-type"/> | ||
<xsd:element name="otp" type="otp-credential-type"/> | ||
<xsd:element name="public-key" type="credential-type"/> | ||
<xsd:element name="certificate" type="credential-type"/> | ||
</xsd:choice> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="attributes-type"> | ||
<xsd:choice minOccurs="0" maxOccurs="unbounded"> | ||
<xsd:element name="attribute" type="attribute-type"/> | ||
</xsd:choice> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="credential-type"> | ||
<xsd:simpleContent> | ||
<xsd:extension base="xsd:string"> | ||
<xsd:attribute name="algorithm" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="format" type="xsd:string" use="optional"/> | ||
</xsd:extension> | ||
</xsd:simpleContent> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="otp-credential-type"> | ||
<xsd:simpleContent> | ||
<xsd:extension base="xsd:string"> | ||
<xsd:attribute name="algorithm" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="hash" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="seed" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="sequence" type="xsd:string" use="optional"/> | ||
</xsd:extension> | ||
</xsd:simpleContent> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="attribute-type"> | ||
<xsd:attribute name="name" type="xsd:string" use="required"/> | ||
<xsd:attribute name="value" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<!-- Common types --> | ||
|
||
<xsd:complexType name="empty-type"/> | ||
|
||
<xsd:complexType name="name-type"> | ||
<xsd:attribute name="name" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="abstract-type-type"> | ||
<xsd:attribute name="name" type="xsd:string" use="optional"/> | ||
<xsd:attribute name="authority" type="xsd:string" use="optional"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="optional-name-type"> | ||
<xsd:attribute name="name" type="xsd:string" /> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="selector-type"> | ||
<xsd:attribute name="selector" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="module-ref-type"> | ||
<xsd:attribute name="module-name" type="xsd:string" use="optional"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="port-number-type"> | ||
<xsd:attribute name="number" type="port-number-simple-type" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:simpleType name="port-number-simple-type"> | ||
<xsd:restriction base="xsd:positiveInteger"> | ||
<xsd:minInclusive value="1"/> | ||
<xsd:maxInclusive value="65535"/> | ||
</xsd:restriction> | ||
</xsd:simpleType> | ||
|
||
<xsd:complexType name="regex-substitution-type"> | ||
<xsd:attribute name="pattern" type="xsd:string" use="required"/> | ||
<xsd:attribute name="replacement" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="names-list-type"> | ||
<xsd:attribute name="names" type="names-list-simple-type" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:simpleType name="names-list-simple-type"> | ||
<xsd:list itemType="xsd:string"/> | ||
</xsd:simpleType> | ||
|
||
<xsd:complexType name="uri-type"> | ||
<xsd:attribute name="uri" type="xsd:anyURI" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="clear-password-type"> | ||
<xsd:attribute name="password" type="xsd:string" use="required"/> | ||
</xsd:complexType> | ||
|
||
<xsd:complexType name="properties-type"> | ||
<xsd:sequence> | ||
<xsd:element name="property" maxOccurs="unbounded"> | ||
<xsd:complexType> | ||
<xsd:attribute name="key" type="xsd:string" use="required" /> | ||
<xsd:attribute name="value" type="xsd:string" use="required" /> | ||
</xsd:complexType> | ||
</xsd:element> | ||
</xsd:sequence> | ||
</xsd:complexType> | ||
|
||
|
||
</xsd:schema> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.