[WFCORE-4326] Use any configured SASL mechanisms when accessing the S…

…aslAuthenticationFactory.
codylerum · Feb 12, 2019 · 0c23ef0 · 0c23ef0
1 parent 5f45f02
commit 0c23ef0
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/remoting/subsystem/src/main/java/org/jboss/as/remoting/AbstractStreamServerService.java b/remoting/subsystem/src/main/java/org/jboss/as/remoting/AbstractStreamServerService.java
@@ -48,6 +48,7 @@
 import org.xnio.IoUtils;
 import org.xnio.OptionMap;
 import org.xnio.Options;
+import org.xnio.Sequence;
 import org.xnio.SslClientAuthMode;
 import org.xnio.StreamConnection;
 import org.xnio.channels.AcceptingChannel;
@@ -119,7 +120,24 @@ public void start(final StartContext context) throws StartException {
             final InjectedValue<SaslAuthenticationFactory> saslFactoryValue = this.saslAuthenticationFactory;
             SaslAuthenticationFactory factory = saslFactoryValue.getOptionalValue();
             if (factory == null && securityRealm != null) {
-                factory = securityRealm.getSaslAuthenticationFactory();
+                String[] mechanismNames = null;
+                if(connectorPropertiesOptionMap.contains(Options.SASL_MECHANISMS)) {
+                    Sequence<String> sequence = connectorPropertiesOptionMap.get(Options.SASL_MECHANISMS);
+                    mechanismNames = sequence.toArray(new String[sequence.size()]);
+                }
+
+                //in case that legacy sasl mechanisms are used, noanonymous default value is true
+                Boolean policyNonanonymous = mechanismNames == null ? null: true;
+                if(connectorPropertiesOptionMap.contains(Options.SASL_POLICY_NOANONYMOUS)) {
+                    policyNonanonymous = connectorPropertiesOptionMap.get(Options.SASL_POLICY_NOANONYMOUS).booleanValue();
+                }
+
+                if(mechanismNames != null || policyNonanonymous != null) {
+                    factory = securityRealm.getSaslAuthenticationFactory(mechanismNames, policyNonanonymous);
+                } else {
+                    factory = securityRealm.getSaslAuthenticationFactory();
+                }
+
                 if (securityRealm.getSupportedAuthenticationMechanisms().contains(AuthMechanism.CLIENT_CERT)) {
                     builder.set(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.REQUESTED);
                 }