.setInitialMode(ServiceController.Mode.ACTIVE)
.install());
}
private ApplicationPolicy createApplicationPolicy(String securityDomain, ModelNode operation) {
ApplicationPolicy applicationPolicy = null;
ModelNode node = null;
List<ModelNode> modules;
// authentication
node = operation.get(AUTHENTICATION);
if (node.isDefined()) {
if (applicationPolicy == null)
applicationPolicy = new ApplicationPolicy(securityDomain);
AuthenticationInfo authenticationInfo = new AuthenticationInfo(securityDomain);
modules = node.asList();
for (ModelNode module : modules) {
String codeName = module.require(CODE).asString();
if (ModulesMap.AUTHENTICATION_MAP.containsKey(codeName))
codeName = ModulesMap.AUTHENTICATION_MAP.get(codeName);
LoginModuleControlFlag controlFlag = getControlFlag(module.require(FLAG).asString());
Map<String, Object> options = new HashMap<String, Object>();
if (module.hasDefined(MODULE_OPTIONS)) {
for (Property prop : module.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
AppConfigurationEntry entry = new AppConfigurationEntry(codeName, controlFlag, options);
authenticationInfo.addAppConfigurationEntry(entry);
}
applicationPolicy.setAuthenticationInfo(authenticationInfo);
}
// acl
node = operation.get(ACL);
if (node.isDefined()) {
if (applicationPolicy == null)
applicationPolicy = new ApplicationPolicy(securityDomain);
ACLInfo aclInfo = new ACLInfo(securityDomain);
modules = node.asList();
for (ModelNode module : modules) {
String codeName = module.require(CODE).asString();
ControlFlag controlFlag = ControlFlag.valueOf(module.require(FLAG).asString());
Map<String, Object> options = new HashMap<String, Object>();
if (module.hasDefined(MODULE_OPTIONS)) {
for (Property prop : module.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
ACLProviderEntry entry = new ACLProviderEntry(codeName, options);
entry.setControlFlag(controlFlag);
aclInfo.add(entry);
}
applicationPolicy.setAclInfo(aclInfo);
}
// audit
node = operation.get(AUDIT);
if (node.isDefined()) {
if (applicationPolicy == null)
applicationPolicy = new ApplicationPolicy(securityDomain);
AuditInfo auditInfo = new AuditInfo(securityDomain);
modules = node.asList();
for (ModelNode module : modules) {
String codeName = module.require(CODE).asString();
Map<String, Object> options = new HashMap<String, Object>();
if (module.hasDefined(MODULE_OPTIONS)) {
for (Property prop : module.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
AuditProviderEntry entry = new AuditProviderEntry(codeName, options);
auditInfo.add(entry);
}
applicationPolicy.setAuditInfo(auditInfo);
}
// authorization
node = operation.get(AUTHORIZATION);
if (node.isDefined()) {
if (applicationPolicy == null)
applicationPolicy = new ApplicationPolicy(securityDomain);
AuthorizationInfo authorizationInfo = new AuthorizationInfo(securityDomain);
modules = node.asList();
for (ModelNode module : modules) {
String codeName = module.require(CODE).asString();
ControlFlag controlFlag = ControlFlag.valueOf(module.require(FLAG).asString());
Map<String, Object> options = new HashMap<String, Object>();
if (module.hasDefined(MODULE_OPTIONS)) {
for (Property prop : module.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
AuthorizationModuleEntry entry = new AuthorizationModuleEntry(codeName, options);
entry.setControlFlag(controlFlag);
authorizationInfo.add(entry);
}
applicationPolicy.setAuthorizationInfo(authorizationInfo);
}
// identity trust
node = operation.get(IDENTITY_TRUST);
if (node.isDefined()) {
if (applicationPolicy == null)
applicationPolicy = new ApplicationPolicy(securityDomain);
IdentityTrustInfo identityTrustInfo = new IdentityTrustInfo(securityDomain);
modules = node.asList();
for (ModelNode module : modules) {
String codeName = module.require(CODE).asString();
ControlFlag controlFlag = ControlFlag.valueOf(module.require(FLAG).asString());
Map<String, Object> options = new HashMap<String, Object>();
if (module.hasDefined(MODULE_OPTIONS)) {
for (Property prop : module.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
IdentityTrustModuleEntry entry = new IdentityTrustModuleEntry(codeName, options);
entry.setControlFlag(controlFlag);
identityTrustInfo.add(entry);
}
applicationPolicy.setIdentityTrustInfo(identityTrustInfo);
}
// mapping
node = operation.get(MAPPING);
if (node.isDefined()) {
if (applicationPolicy == null)
applicationPolicy = new ApplicationPolicy(securityDomain);
modules = node.asList();
String mappingType = null;
for (ModelNode module : modules) {
MappingInfo mappingInfo = new MappingInfo(securityDomain);
String codeName = module.require(CODE).asString();
if (ModulesMap.MAPPING_MAP.containsKey(codeName))
codeName = ModulesMap.MAPPING_MAP.get(codeName);
if (module.hasDefined(TYPE))
mappingType = module.get(TYPE).asString();
else
mappingType = MappingType.ROLE.toString();
Map<String, Object> options = new HashMap<String, Object>();
if (module.hasDefined(MODULE_OPTIONS)) {
for (Property prop : module.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
MappingModuleEntry entry = new MappingModuleEntry(codeName, options, mappingType);
mappingInfo.add(entry);
applicationPolicy.setMappingInfo(mappingType, mappingInfo);
}
}
// authentication-jaspi
node = operation.get(AUTHENTICATION_JASPI);
if (node.isDefined()) {
if (applicationPolicy == null)
applicationPolicy = new ApplicationPolicy(securityDomain);
JASPIAuthenticationInfo authenticationInfo = new JASPIAuthenticationInfo(securityDomain);
Map<String, LoginModuleStackHolder> holders = new HashMap<String, LoginModuleStackHolder>();
ModelNode moduleStack = node.get(LOGIN_MODULE_STACK);
modules = moduleStack.asList();
for (ModelNode loginModuleStack : modules) {
List<ModelNode> nodes = loginModuleStack.asList();
Iterator<ModelNode> iter = nodes.iterator();
ModelNode nameNode = iter.next();
String name = nameNode.get(NAME).asString();
LoginModuleStackHolder holder = new LoginModuleStackHolder(name, null);
holders.put(name, holder);
authenticationInfo.add(holder);
while (iter.hasNext()) {
ModelNode lmsNode = iter.next();
List<ModelNode> lms = lmsNode.asList();
for (ModelNode lmNode : lms) {
String code = lmNode.require(CODE).asString();
LoginModuleControlFlag controlFlag = getControlFlag(lmNode.require(FLAG).asString());
Map<String, Object> options = new HashMap<String, Object>();
if (lmNode.hasDefined(MODULE_OPTIONS)) {
for (Property prop : lmNode.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
AppConfigurationEntry entry = new AppConfigurationEntry(code, controlFlag, options);
holder.addAppConfigurationEntry(entry);
}
}
}
ModelNode authModuleNode = node.get(AUTH_MODULE);
List<ModelNode> authModules = authModuleNode.asList();
for (ModelNode authModule : authModules) {
String code = authModule.require(CODE).asString();
String loginStackRef = null;
if (authModule.hasDefined(LOGIN_MODULE_STACK_REF))
loginStackRef = authModule.get(LOGIN_MODULE_STACK_REF).asString();
Map<String, Object> options = new HashMap<String, Object>();
if (authModule.hasDefined(MODULE_OPTIONS)) {
for (Property prop : authModule.get(MODULE_OPTIONS).asPropertyList()) {
options.put(prop.getName(), prop.getValue().asString());
}
}
AuthModuleEntry entry = new AuthModuleEntry(code, options, loginStackRef);
if (loginStackRef != null) {
if (!holders.containsKey(loginStackRef)) {
throw new IllegalArgumentException("auth-module references a login module stack that doesn't exist: "
+ loginStackRef);
}
entry.setLoginModuleStackHolder(holders.get(loginStackRef));
}
authenticationInfo.add(entry);
}
applicationPolicy.setAuthenticationInfo(authenticationInfo);
}
return applicationPolicy;
}