All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.security.auth.realm.FailoverSecurityRealm Maven / Gradle / Ivy

Go to download

This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).

There is a newer version: 35.0.0.Final
Show newest version
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2019 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.wildfly.security.auth.realm;

import static org.wildfly.security.auth.realm.ElytronMessages.log;

import org.wildfly.common.Assert;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;

import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.function.Consumer;
import java.util.function.Function;

/**
 * A realm which wraps one realm and fails over to another in case the first is unavailable.
 *
 * @author Martin Mazanek
 */
public class FailoverSecurityRealm implements SecurityRealm {
    protected final SecurityRealm delegateRealm;
    protected final SecurityRealm failoverRealm;
    protected final Consumer failoverCallback;

    /**
     * Construct a new instance.
     *
     * @param delegateRealm the wrapped realm
     * @param failoverRealm the realm to use in case delegateRealm is unavailable
     * @param failoverCallback callback function that gets called in case delegateRealm is unavailable
     */
    public FailoverSecurityRealm(final SecurityRealm delegateRealm, final SecurityRealm failoverRealm, final Consumer failoverCallback) {
        Assert.checkNotNullParam("delegateRealm", delegateRealm);
        Assert.checkNotNullParam("failoverRealm", failoverRealm);

        this.delegateRealm = delegateRealm;
        this.failoverRealm = failoverRealm;
        this.failoverCallback = failoverCallback;
    }

    @Override
    public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnavailableException {
        try {
            return createFailoverIdentity(delegateRealm.getRealmIdentity(evidence), evidence);
        } catch (RealmUnavailableException e) {
            log.realmFailover(e);
            if (failoverCallback != null) {
                failoverCallback.accept(e);
            }
            return failoverRealm.getRealmIdentity(evidence);
        }
    }

    @Override
    public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException {
        try {
            return createFailoverIdentity(delegateRealm.getRealmIdentity(principal), principal);
        } catch (RealmUnavailableException e) {
            log.realmFailover(e);
            if (failoverCallback != null) {
                failoverCallback.accept(e);
            }
            return failoverRealm.getRealmIdentity(principal);
        }
    }

    @Override
    public SupportLevel getCredentialAcquireSupport(final Class credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
        try {
            return delegateRealm.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec);
        } catch (RealmUnavailableException rue) {
            log.realmFailover(rue);
            if (failoverCallback != null) {
                failoverCallback.accept(rue);
            }
            return SupportLevel.POSSIBLY_SUPPORTED;
        }
    }

    @Override
    public SupportLevel getEvidenceVerifySupport(final Class evidenceType, final String algorithmName) throws RealmUnavailableException {
        try {
            return delegateRealm.getEvidenceVerifySupport(evidenceType, algorithmName);
        } catch (RealmUnavailableException rue) {
            log.realmFailover(rue);
            if (failoverCallback != null) {
                failoverCallback.accept(rue);
            }
            return SupportLevel.POSSIBLY_SUPPORTED;
        }
    }

    protected RealmIdentity createFailoverIdentity(final RealmIdentity identity, final Evidence evidence) {
        return new FailoverRealmIdentity(identity) {
            @Override
            protected RealmIdentity getFailoverIdentity() throws RealmUnavailableException {
                return failoverRealm.getRealmIdentity(evidence);
            }
        };
    }

    protected RealmIdentity createFailoverIdentity(final RealmIdentity identity, final Principal principal) {
        return new FailoverRealmIdentity(identity) {
            @Override
            protected RealmIdentity getFailoverIdentity() throws RealmUnavailableException {
                return failoverRealm.getRealmIdentity(principal);
            }
        };
    }

    protected abstract class FailoverRealmIdentity implements RealmIdentity {
        protected RealmIdentity delegate;
        protected boolean failed = false;

        protected FailoverRealmIdentity(final RealmIdentity identity) {
            this.delegate = identity;
        }

        protected abstract RealmIdentity getFailoverIdentity() throws RealmUnavailableException;

        @Override
        public SupportLevel getCredentialAcquireSupport(Class credentialType, String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
            try {
                return delegate.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec);
            } catch (RealmUnavailableException rue) {
                return failover(rue).getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec);
            }
        }

        @Override
        public  C getCredential(Class credentialType) throws RealmUnavailableException {
            try {
                return delegate.getCredential(credentialType);
            } catch (RealmUnavailableException rue) {
                return failover(rue).getCredential(credentialType);
            } finally {
                disableFailover();
            }
        }

        @Override
        public SupportLevel getEvidenceVerifySupport(Class evidenceType, String algorithmName) throws RealmUnavailableException {
            try {
                return delegate.getEvidenceVerifySupport(evidenceType, algorithmName);
            } catch (RealmUnavailableException rue) {
                return failover(rue).getEvidenceVerifySupport(evidenceType, algorithmName);
            }
        }

        @Override
        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            try {
                return delegate.verifyEvidence(evidence);
            } catch (RealmUnavailableException rue) {
                return failover(rue).verifyEvidence(evidence);
            } finally {
                disableFailover();
            }
        }

        @Override
        public boolean exists() throws RealmUnavailableException {
            try {
                return delegate.exists();
            } catch (RealmUnavailableException rue) {
                return failover(rue).exists();
            } finally {
                disableFailover();
            }
        }

        @Override
        public void updateCredential(Credential credential) throws RealmUnavailableException {
            try {
                delegate.updateCredential(credential);
            } catch (RealmUnavailableException rue) {
                failover(rue).updateCredential(credential);
            } finally {
                disableFailover();
            }
        }

        @Override
        public Principal getRealmIdentityPrincipal() {
            return delegate.getRealmIdentityPrincipal();
        }

        @Override
        public  C getCredential(Class credentialType, String algorithmName) throws RealmUnavailableException {
            try {
                return delegate.getCredential(credentialType, algorithmName);
            } catch (RealmUnavailableException rue) {
                return failover(rue).getCredential(credentialType, algorithmName);
            } finally {
                disableFailover();
            }
        }

        @Override
        public  C getCredential(final Class credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
            try {
                return delegate.getCredential(credentialType, algorithmName, parameterSpec);
            } catch (RealmUnavailableException rue) {
                return failover(rue).getCredential(credentialType, algorithmName, parameterSpec);
            } finally {
                disableFailover();
            }
        }

        @Override
        public  R applyToCredential(Class credentialType, Function function) throws RealmUnavailableException {
            try {
                return delegate.applyToCredential(credentialType, function);
            } catch (RealmUnavailableException rue) {
                return failover(rue).applyToCredential(credentialType, function);
            } finally {
                disableFailover();
            }
        }

        @Override
        public  R applyToCredential(Class credentialType, String algorithmName, Function function) throws RealmUnavailableException {
            try {
                return delegate.applyToCredential(credentialType, algorithmName, function);
            } catch (RealmUnavailableException rue) {
                return failover(rue).applyToCredential(credentialType, algorithmName, function);
            } finally {
                disableFailover();
            }
        }

        @Override
        public  R applyToCredential(final Class credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec, final Function function) throws RealmUnavailableException {
            try {
                return delegate.applyToCredential(credentialType, algorithmName, parameterSpec, function);
            } catch (RealmUnavailableException rue) {
                return failover(rue).applyToCredential(credentialType, algorithmName, parameterSpec, function);
            } finally {
                disableFailover();
            }
        }

        @Override
        public void dispose() {
            delegate.dispose();
        }

        @Override
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            try {
                return delegate.getAuthorizationIdentity();
            } catch (RealmUnavailableException rue) {
                return failover(rue).getAuthorizationIdentity();
            } finally {
                disableFailover();
            }
        }

        @Override
        public Attributes getAttributes() throws RealmUnavailableException {
            return delegate.getAttributes();
        }

        protected RealmIdentity failover(RealmUnavailableException rue) throws RealmUnavailableException {
            if (failed) {
                throw rue;
            }
            log.realmFailover(rue);
            if (FailoverSecurityRealm.this.failoverCallback != null) {
                FailoverSecurityRealm.this.failoverCallback.accept(rue);
            }
            failed = true;
            delegate.dispose();
            delegate = getFailoverIdentity();
            return delegate;
        }

        // Used to make sure that failover cannot happen in the middle of authentication.
        protected void disableFailover() {
            failed = true;
        }
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy