Merge pull request #9934 from stuartwdouglas/runtime-embedded-config

Make embedded users runtime properties

Author: stuartwdouglas

extensions/elytron-security-properties-file/deployment/src/main/java/io/quarkus/elytron/security/properties/deployment/ElytronPropertiesProcessor.java

@@ -14,6 +14,7 @@
 import io.quarkus.elytron.security.deployment.SecurityRealmBuildItem;
 import io.quarkus.elytron.security.runtime.ElytronPropertiesFileRecorder;
 import io.quarkus.elytron.security.runtime.MPRealmConfig;
+import io.quarkus.elytron.security.runtime.MPRealmRuntimeConfig;
 import io.quarkus.elytron.security.runtime.PropertiesRealmConfig;
 import io.quarkus.elytron.security.runtime.SecurityUsersConfig;
 import io.quarkus.runtime.RuntimeValue;
@@ -25,11 +26,6 @@
  * and {@linkplain org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm} realm implementations. Others could be
  * added by creating an extension that produces a SecurityRealmBuildItem for the realm.
  *
- * Additional authentication mechanisms can be added by producing AuthConfigBuildItems and including the associated
- * {@linkplain io.undertow.servlet.ServletExtension} implementations to register the
- * {@linkplain io.undertow.security.api.AuthenticationMechanismFactory}.
- *
- *
  */
 class ElytronPropertiesProcessor {
     private static final Logger log = Logger.getLogger(ElytronPropertiesProcessor.class.getName());
@@ -39,6 +35,7 @@ class ElytronPropertiesProcessor {
     private static final String ROLES_PREFIX = "quarkus.security.embedded.roles";
 
     SecurityUsersConfig propertiesConfig;
+    MPRealmRuntimeConfig runtimeConfig;
 
     @BuildStep
     FeatureBuildItem feature() {
@@ -112,7 +109,8 @@ void configureMPRealmConfig(ElytronPropertiesFileRecorder recorder,
 
             RuntimeValue<SecurityRealm> realm = recorder.createRealm(realmConfig);
             securityRealm
-                    .produce(new SecurityRealmBuildItem(realm, realmConfig.realmName, recorder.loadRealm(realm, realmConfig)));
+                    .produce(new SecurityRealmBuildItem(realm, realmConfig.realmName,
+                            recorder.loadRealm(realm, realmConfig, runtimeConfig)));
         }
     }
 }

extensions/elytron-security-properties-file/runtime/src/main/java/io/quarkus/elytron/security/runtime/ElytronPropertiesFileRecorder.java

@@ -114,7 +114,8 @@ public void run() {
      * @param config - the realm config
      * @throws Exception
      */
-    public Runnable loadRealm(RuntimeValue<SecurityRealm> realm, MPRealmConfig config) throws Exception {
+    public Runnable loadRealm(RuntimeValue<SecurityRealm> realm, MPRealmConfig config, MPRealmRuntimeConfig runtimeConfig)
+            throws Exception {
         return new Runnable() {
             @Override
             public void run() {
@@ -125,15 +126,15 @@ public void run() {
                 }
                 SimpleMapBackedSecurityRealm memRealm = (SimpleMapBackedSecurityRealm) secRealm;
                 HashMap<String, SimpleRealmEntry> identityMap = new HashMap<>();
-                Map<String, String> userInfo = config.getUsers();
+                Map<String, String> userInfo = runtimeConfig.users;
                 log.debugf("UserInfoMap: %s%n", userInfo);
-                Map<String, String> roleInfo = config.getRoles();
+                Map<String, String> roleInfo = runtimeConfig.roles;
                 log.debugf("RoleInfoMap: %s%n", roleInfo);
                 for (Map.Entry<String, String> userPasswordEntry : userInfo.entrySet()) {
                     Password password;
                     String user = userPasswordEntry.getKey();
 
-                    if (config.plainText) {
+                    if (runtimeConfig.plainText) {
                         password = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR,
                                 userPasswordEntry.getValue().toCharArray());
                     } else {

extensions/elytron-security-properties-file/runtime/src/main/java/io/quarkus/elytron/security/runtime/MPRealmConfig.java

@@ -1,7 +1,5 @@
 package io.quarkus.elytron.security.runtime;
 
-import java.util.Map;
-
 import io.quarkus.runtime.annotations.ConfigGroup;
 import io.quarkus.runtime.annotations.ConfigItem;
 
@@ -18,32 +16,12 @@ public class MPRealmConfig {
     @ConfigItem(defaultValue = "Quarkus")
     public String realmName;
 
-    /**
-     * If the properties are stored in plain text. If this is false (the default) then it is expected
-     * that the passwords are of the form HEX( MD5( username ":" realm ":" password ) )
-     */
-    @ConfigItem
-    public boolean plainText;
     /**
      * Determine whether security via the embedded realm is enabled.
      */
     @ConfigItem
     public boolean enabled;
 
-    /**
-     * The realm users user1=password\nuser2=password2... mapping.
-     * See <a href="#embedded-users">Embedded Users</a>.
-     */
-    @ConfigItem(defaultValueDocumentation = "none")
-    public Map<String, String> users;
-
-    /**
-     * The realm roles user1=role1,role2,...\nuser2=role1,role2,... mapping
-     * See <a href="#embedded-roles">Embedded Roles</a>.
-     */
-    @ConfigItem(defaultValueDocumentation = "none")
-    public Map<String, String> roles;
-
     public String getRealmName() {
         return realmName;
     }
@@ -60,29 +38,11 @@ public void setEnabled(boolean enabled) {
         this.enabled = enabled;
     }
 
-    public Map<String, String> getUsers() {
-        return users;
-    }
-
-    public void setUsers(Map<String, String> users) {
-        this.users = users;
-    }
-
-    public Map<String, String> getRoles() {
-        return roles;
-    }
-
-    public void setRoles(Map<String, String> roles) {
-        this.roles = roles;
-    }
-
     @Override
     public String toString() {
         return "MPRealmConfig{" +
                 ", realmName='" + realmName + '\'' +
                 ", enabled=" + enabled +
-                ", users=" + users +
-                ", roles=" + roles +
                 '}';
     }
 }

extensions/elytron-security-properties-file/runtime/src/main/java/io/quarkus/elytron/security/runtime/MPRealmRuntimeConfig.java

@@ -0,0 +1,36 @@
+package io.quarkus.elytron.security.runtime;
+
+import java.util.Map;
+
+import io.quarkus.runtime.annotations.ConfigItem;
+import io.quarkus.runtime.annotations.ConfigRoot;
+
+/**
+ * Configuration information used to populate a {@linkplain org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm}
+ * }
+ */
+@ConfigRoot(name = "security.users.embedded")
+public class MPRealmRuntimeConfig {
+
+    /**
+     * If the properties are stored in plain text. If this is false (the default) then it is expected
+     * that the passwords are of the form HEX( MD5( username ":" realm ":" password ) )
+     */
+    @ConfigItem
+    public boolean plainText;
+
+    /**
+     * The realm users user1=password\nuser2=password2... mapping.
+     * See <a href="#embedded-users">Embedded Users</a>.
+     */
+    @ConfigItem(defaultValueDocumentation = "none")
+    public Map<String, String> users;
+
+    /**
+     * The realm roles user1=role1,role2,...\nuser2=role1,role2,... mapping
+     * See <a href="#embedded-roles">Embedded Roles</a>.
+     */
+    @ConfigItem(defaultValueDocumentation = "none")
+    public Map<String, String> roles;
+
+}