public virtual EnterpriseAuthAndUserManager NewAuthManager(Config config, LogProvider logProvider, SecurityLog securityLog, FileSystemAbstraction fileSystem, JobScheduler jobScheduler, AccessCapability accessCapability)
{
SecurityConfig = GetValidatedSecurityConfig(config);
IList <Realm> realms = new List <Realm>(SecurityConfig.authProviders.Count + 1);
SecureHasher secureHasher = new SecureHasher();
EnterpriseUserManager internalRealm = CreateInternalRealm(config, logProvider, fileSystem, jobScheduler, securityLog, accessCapability);
if (internalRealm != null)
{
realms.Add(( Realm )internalRealm);
}
if (SecurityConfig.hasLdapProvider)
{
realms.Add(new LdapRealm(config, securityLog, secureHasher));
}
if (SecurityConfig.pluginAuthProviders.Count > 0)
{
((IList <Realm>)realms).AddRange(CreatePluginRealms(config, securityLog, secureHasher, SecurityConfig));
}
// Select the active realms in the order they are configured
IList <Realm> orderedActiveRealms = SelectOrderedActiveRealms(SecurityConfig.authProviders, realms);
if (orderedActiveRealms.Count == 0)
{
throw IllegalConfiguration("No valid auth provider is active.");
}
return(new MultiRealmAuthManager(internalRealm, orderedActiveRealms, CreateCacheManager(config), securityLog, config.Get(SecuritySettings.security_log_successful_authentication), SecurityConfig.propertyAuthorization, SecurityConfig.propertyBlacklist));
}
public LdapRealm(Config config, SecurityLog securityLog, SecureHasher secureHasher) : base()
{
this._securityLog = securityLog;
this._secureHasher = secureHasher;
Name = SecuritySettings.LDAP_REALM_NAME;
RolePermissionResolver = PredefinedRolesBuilder.RolePermissionResolver;
ConfigureRealm(config);
if (AuthenticationCachingEnabled)
{
CredentialsMatcher = secureHasher.HashedCredentialsMatcher;
}
else
{
CredentialsMatcher = new AllowAllCredentialsMatcher();
}
}
internal TestRealm(LdapCachingTest outerInstance, Config config, SecurityLog securityLog, SecureHasher secureHasher) : base(config, securityLog, secureHasher)
{
this._outerInstance = outerInstance;
AuthenticationCachingEnabled = true;
AuthorizationCachingEnabled = true;
}
private static IList <PluginRealm> CreatePluginRealms(Config config, SecurityLog securityLog, SecureHasher secureHasher, SecurityConfig securityConfig)
{
IList <PluginRealm> availablePluginRealms = new List <PluginRealm>();
ISet <Type> excludedClasses = new HashSet <Type>();
if (securityConfig.PluginAuthentication && securityConfig.PluginAuthorization)
{
foreach (AuthPlugin plugin in Service.load(typeof(AuthPlugin)))
{
PluginRealm pluginRealm = new PluginRealm(plugin, config, securityLog, Clocks.systemClock(), secureHasher);
availablePluginRealms.Add(pluginRealm);
}
}
if (securityConfig.PluginAuthentication)
{
foreach (AuthenticationPlugin plugin in Service.load(typeof(AuthenticationPlugin)))
{
PluginRealm pluginRealm;
if (securityConfig.PluginAuthorization && plugin is AuthorizationPlugin)
{
// This plugin implements both interfaces, create a combined plugin
pluginRealm = new PluginRealm(plugin, ( AuthorizationPlugin )plugin, config, securityLog, Clocks.systemClock(), secureHasher);
// We need to make sure we do not add a duplicate when the AuthorizationPlugin service gets loaded
// so we allow only one instance per combined plugin class
excludedClasses.Add(plugin.GetType());
}
else
{
pluginRealm = new PluginRealm(plugin, null, config, securityLog, Clocks.systemClock(), secureHasher);
}
availablePluginRealms.Add(pluginRealm);
}
}
if (securityConfig.PluginAuthorization)
{
foreach (AuthorizationPlugin plugin in Service.load(typeof(AuthorizationPlugin)))
{
if (!excludedClasses.Contains(plugin.GetType()))
{
availablePluginRealms.add(new PluginRealm(null, plugin, config, securityLog, Clocks.systemClock(), secureHasher)
);
}
}
}
foreach (string pluginRealmName in securityConfig.PluginAuthProviders)
{
if (availablePluginRealms.noneMatch(r => r.Name.Equals(pluginRealmName)))
{
throw IllegalConfiguration(format("Failed to load auth plugin '%s'.", pluginRealmName));
}
}
IList <PluginRealm> realms = availablePluginRealms.Where(realm => securityConfig.PluginAuthProviders.Contains(realm.Name)).ToList();
//JAVA TO C# CONVERTER TODO TASK: Method reference arbitrary object instance method syntax is not converted by Java to C# Converter:
bool missingAuthenticatingRealm = securityConfig.OnlyPluginAuthentication() && realms.noneMatch(PluginRealm::canAuthenticate);
//JAVA TO C# CONVERTER TODO TASK: Method reference arbitrary object instance method syntax is not converted by Java to C# Converter:
bool missingAuthorizingRealm = securityConfig.OnlyPluginAuthorization() && realms.noneMatch(PluginRealm::canAuthorize);
if (missingAuthenticatingRealm || missingAuthorizingRealm)
{
string missingProvider = (missingAuthenticatingRealm && missingAuthorizingRealm) ? "authentication or authorization" : missingAuthenticatingRealm ? "authentication" : "authorization";
throw IllegalConfiguration(format("No plugin %s provider loaded even though required by configuration.", missingProvider));
}
return(realms);
}
