use of com.sun.enterprise.deployment.web.LoginConfiguration in project Payara by payara.
the class WebSecurityManager method initialise.
private void initialise(String appName) throws PolicyContextException {
getPolicyFactory();
CODEBASE = removeSpaces(CONTEXT_ID);
// V3:Commented if(VirtualServer.ADMIN_VS.equals(getVirtualServers(appName))){
if (Constants.ADMIN_VS.equals(getVirtualServers(appName))) {
LoginConfiguration lgConf = wbd.getLoginConfiguration();
if (lgConf != null) {
String realmName = lgConf.getRealmName();
SunWebApp sunDes = wbd.getSunDescriptor();
if (sunDes != null) {
SecurityRoleMapping[] srms = sunDes.getSecurityRoleMapping();
if (srms != null) {
for (SecurityRoleMapping srm : srms) {
String[] principals = srm.getPrincipalName();
if (principals != null) {
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
for (String group : srm.getGroupNames()) {
wsmf.ADMIN_GROUP.put(realmName + group, new Group(group));
}
}
}
SecurityRoleAssignment[] sras = sunDes.getSecurityRoleAssignments();
if (sras != null) {
for (SecurityRoleAssignment sra : sras) {
List<String> principals = sra.getPrincipalNames();
if (sra.isExternallyDefined()) {
wsmf.ADMIN_GROUP.put(realmName + sra.getRoleName(), new Group(sra.getRoleName()));
continue;
}
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
}
}
}
}
// will require stuff in hash format for reference later on.
try {
java.net.URI uri = null;
try {
if (logger.isLoggable(Level.FINE))
logger.log(Level.FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
uri = new java.net.URI("file:///" + CODEBASE);
if (uri != null) {
codesource = new CodeSource(new URL(uri.toString()), (java.security.cert.Certificate[]) null);
}
} catch (java.net.URISyntaxException use) {
// manually create the URL
logger.log(Level.FINE, "[Web-Security] Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch (java.net.MalformedURLException mue) {
logger.log(Level.SEVERE, "[Web-Security] Exception while getting the CodeSource", mue);
throw new RuntimeException(mue);
}
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "[Web-Security] Context id (id under which WEB component in application will be created) = {0}", CONTEXT_ID);
logger.log(Level.FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
}
loadPolicyConfiguration();
if (uncheckedPermissionCache == null) {
if (register) {
uncheckedPermissionCache = PermissionCacheFactory.createPermissionCache(this.CONTEXT_ID, codesource, protoPerms, null);
allResourcesCP = new CachedPermissionImpl(uncheckedPermissionCache, allResources);
allConnectionsCP = new CachedPermissionImpl(uncheckedPermissionCache, allConnections);
}
} else {
uncheckedPermissionCache.reset();
}
}
use of com.sun.enterprise.deployment.web.LoginConfiguration in project Payara by payara.
the class RealmAdapter method computeRealmName.
// ### Private methods
private void computeRealmName(WebBundleDescriptor webDescriptor, String realmName) {
Application application = webDescriptor.getApplication();
LoginConfiguration loginConfig = webDescriptor.getLoginConfiguration();
this.realmName = application.getRealm();
if (this.realmName == null && loginConfig != null) {
this.realmName = loginConfig.getRealmName();
}
if (realmName != null && (this.realmName == null || this.realmName.equals(""))) {
this.realmName = realmName;
}
}
use of com.sun.enterprise.deployment.web.LoginConfiguration in project Payara by payara.
the class DynamicWebServletRegistrationImpl method setSecurityConfig.
@Override
public void setSecurityConfig(SecurityConfig config) {
if (config == null) {
return;
}
this.config = config;
LoginConfig lc = config.getLoginConfig();
if (lc != null) {
LoginConfiguration loginConf = new LoginConfigurationImpl();
loginConf.setAuthenticationMethod(lc.getAuthMethod().name());
loginConf.setRealmName(lc.getRealmName());
FormLoginConfig form = lc.getFormLoginConfig();
if (form != null) {
loginConf.setFormErrorPage(form.getFormErrorPage());
loginConf.setFormLoginPage(form.getFormLoginPage());
}
LoginConfigDecorator decorator = new LoginConfigDecorator(loginConf);
setLoginConfig(decorator);
getWebBundleDescriptor().setLoginConfiguration(loginConf);
}
Set<org.glassfish.embeddable.web.config.SecurityConstraint> securityConstraints = config.getSecurityConstraints();
for (org.glassfish.embeddable.web.config.SecurityConstraint sc : securityConstraints) {
com.sun.enterprise.deployment.web.SecurityConstraint securityConstraint = new SecurityConstraintImpl();
Set<org.glassfish.embeddable.web.config.WebResourceCollection> wrcs = sc.getWebResourceCollection();
for (org.glassfish.embeddable.web.config.WebResourceCollection wrc : wrcs) {
WebResourceCollectionImpl webResourceColl = new WebResourceCollectionImpl();
webResourceColl.setDisplayName(wrc.getName());
for (String urlPattern : wrc.getUrlPatterns()) {
webResourceColl.addUrlPattern(urlPattern);
}
securityConstraint.addWebResourceCollection(webResourceColl);
AuthorizationConstraintImpl ac = null;
if (sc.getAuthConstraint() != null && sc.getAuthConstraint().length > 0) {
ac = new AuthorizationConstraintImpl();
for (String roleName : sc.getAuthConstraint()) {
Role role = new Role(roleName);
getWebBundleDescriptor().addRole(role);
ac.addSecurityRole(roleName);
}
} else {
// DENY
ac = new AuthorizationConstraintImpl();
}
securityConstraint.setAuthorizationConstraint(ac);
UserDataConstraint udc = new UserDataConstraintImpl();
udc.setTransportGuarantee(((sc.getDataConstraint() == TransportGuarantee.CONFIDENTIAL) ? UserDataConstraint.CONFIDENTIAL_TRANSPORT : UserDataConstraint.NONE_TRANSPORT));
securityConstraint.setUserDataConstraint(udc);
if (wrc.getHttpMethods() != null) {
for (String httpMethod : wrc.getHttpMethods()) {
webResourceColl.addHttpMethod(httpMethod);
}
}
if (wrc.getHttpMethodOmissions() != null) {
for (String httpMethod : wrc.getHttpMethodOmissions()) {
webResourceColl.addHttpMethodOmission(httpMethod);
}
}
getWebBundleDescriptor().addSecurityConstraint(securityConstraint);
TomcatDeploymentConfig.configureSecurityConstraint(this, getWebBundleDescriptor());
}
}
if (pipeline != null) {
GlassFishValve basic = pipeline.getBasic();
if ((basic != null) && (basic instanceof java.net.Authenticator)) {
removeValve(basic);
}
GlassFishValve[] valves = pipeline.getValves();
for (GlassFishValve valve : valves) {
if (valve instanceof java.net.Authenticator) {
removeValve(valve);
}
}
}
if (realm != null && realm instanceof RealmInitializer) {
((RealmInitializer) realm).initializeRealm(this.getWebBundleDescriptor(), false, ((VirtualServer) parent).getAuthRealmName());
((RealmInitializer) realm).setVirtualServer(getParent());
((RealmInitializer) realm).updateWebSecurityManager();
setRealm(realm);
}
}
use of com.sun.enterprise.deployment.web.LoginConfiguration in project Payara by payara.
the class RealmAdapter method computeRealmName.
private String computeRealmName(String defaultRealmName) {
Application application = webDescriptor.getApplication();
LoginConfiguration loginConfig = webDescriptor.getLoginConfiguration();
String computedRealmName = application.getRealm();
if (computedRealmName == null && loginConfig != null) {
computedRealmName = loginConfig.getRealmName();
}
if (defaultRealmName != null && (computedRealmName == null || computedRealmName.isEmpty())) {
computedRealmName = defaultRealmName;
}
return computedRealmName;
}
use of com.sun.enterprise.deployment.web.LoginConfiguration in project Payara by payara.
the class Audit method dumpDiagnostics.
/**
* Do the work for showACL().
*/
private static void dumpDiagnostics(Application app) {
logger.finest("====[ Role and ACL Summary ]==========");
if (!app.isVirtual()) {
logger.finest("Summary for application: " + app.getRegistrationName());
} else {
logger.finest("Standalone module.");
}
logger.finest("EJB components: " + getEjbComponentCount(app));
logger.finest("Web components: " + getWebComponentCount(app));
Iterator i;
StringBuilder sb;
// show all roles with associated group & user mappings
Set allRoles = app.getRoles();
if (allRoles == null) {
logger.finest("- No roles present.");
return;
}
SecurityRoleMapper rmap = app.getRoleMapper();
if (rmap == null) {
logger.finest("- No role mappings present.");
return;
}
i = allRoles.iterator();
logger.finest("--[ Configured roles and mappings ]--");
HashMap allRoleMap = new HashMap();
while (i.hasNext()) {
Role r = (Role) i.next();
logger.finest(" [" + r.getName() + "]");
allRoleMap.put(r.getName(), new HashSet());
sb = new StringBuilder();
sb.append(" is mapped to groups: ");
Enumeration grps = rmap.getGroupsAssignedTo(r);
while (grps.hasMoreElements()) {
sb.append(grps.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
sb = new StringBuilder();
sb.append(" is mapped to principals: ");
Enumeration users = rmap.getUsersAssignedTo(r);
while (users.hasMoreElements()) {
sb.append(users.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
}
// Process all EJB modules
Set ejbDescriptorSet = app.getBundleDescriptors(EjbBundleDescriptor.class);
i = ejbDescriptorSet.iterator();
while (i.hasNext()) {
EjbBundleDescriptor bundle = (EjbBundleDescriptor) i.next();
logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
Set ejbs = bundle.getEjbs();
Iterator it = ejbs.iterator();
while (it.hasNext()) {
EjbDescriptor ejb = (EjbDescriptor) it.next();
logger.finest("EJB: " + ejb.getEjbClassName());
// check and show run-as if present
if (!ejb.getUsesCallerIdentity()) {
RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
if (runas == null) {
logger.finest(" (ejb does not use caller " + "identity)");
} else {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
if (logger.isLoggable(Level.FINEST)) {
logger.finest("*** Configuration error!");
}
}
}
}
// iterate through available methods
logger.finest(" Method to Role restriction list:");
Set methods = ejb.getMethodDescriptors();
Iterator si = methods.iterator();
while (si.hasNext()) {
MethodDescriptor md = (MethodDescriptor) si.next();
logger.finest(" " + md.getFormattedString());
Set perms = ejb.getMethodPermissionsFor(md);
StringBuilder rbuf = new StringBuilder();
rbuf.append(" can only be invoked by: ");
Iterator sip = perms.iterator();
boolean unchecked = false, excluded = false, roleBased = false;
while (sip.hasNext()) {
MethodPermission p = (MethodPermission) sip.next();
if (p.isExcluded()) {
excluded = true;
logger.finest(" excluded - can not " + "be invoked");
} else if (p.isUnchecked()) {
unchecked = true;
logger.finest(" unchecked - can be " + "invoked by all");
} else if (p.isRoleBased()) {
roleBased = true;
Role r = p.getRole();
rbuf.append(r.getName());
rbuf.append(" ");
// add to role's accessible list
HashSet ram = (HashSet) allRoleMap.get(r.getName());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
}
if (roleBased) {
logger.finest(rbuf.toString());
if (excluded || unchecked) {
logger.finest("*** Configuration error!");
}
} else if (unchecked) {
if (excluded) {
logger.finest("*** Configuration error!");
}
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
HashSet ram = (HashSet) allRoleMap.get(rksi.next());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
} else if (!excluded) {
logger.finest("*** Configuration error!");
}
}
// IOR config for this ejb
logger.finest(" IOR configuration:");
Set iors = ejb.getIORConfigurationDescriptors();
if (iors != null) {
Iterator iorsi = iors.iterator();
while (iorsi.hasNext()) {
EjbIORConfigurationDescriptor ior = (EjbIORConfigurationDescriptor) iorsi.next();
StringBuilder iorsb = new StringBuilder();
iorsb.append("realm=");
iorsb.append(ior.getRealmName());
iorsb.append(", integrity=");
iorsb.append(ior.getIntegrity());
iorsb.append(", trust-in-target=");
iorsb.append(ior.getEstablishTrustInTarget());
iorsb.append(", trust-in-client=");
iorsb.append(ior.getEstablishTrustInClient());
iorsb.append(", propagation=");
iorsb.append(ior.getCallerPropagation());
iorsb.append(", auth-method=");
iorsb.append(ior.getAuthenticationMethod());
logger.finest(iorsb.toString());
}
}
}
}
// show role->accessible methods list
logger.finest("--[ EJB methods accessible by role ]--");
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
String roleName = (String) rksi.next();
logger.finest(" [" + roleName + "]");
HashSet ram = (HashSet) allRoleMap.get(roleName);
Iterator rami = ram.iterator();
while (rami.hasNext()) {
String meth = (String) rami.next();
logger.finest(" " + meth);
}
}
// Process all Web modules
Set webDescriptorSet = app.getBundleDescriptors(WebBundleDescriptor.class);
i = webDescriptorSet.iterator();
while (i.hasNext()) {
WebBundleDescriptor wbd = (WebBundleDescriptor) i.next();
logger.finest("--[ Web module: " + wbd.getContextRoot() + " ]--");
// login config
LoginConfiguration lconf = wbd.getLoginConfiguration();
if (lconf != null) {
logger.finest(" Login config: realm=" + lconf.getRealmName() + ", method=" + lconf.getAuthenticationMethod() + ", form=" + lconf.getFormLoginPage() + ", error=" + lconf.getFormErrorPage());
}
// get WebComponentDescriptorsSet() info
logger.finest(" Contains components:");
Set webComps = wbd.getWebComponentDescriptors();
Iterator webCompsIt = webComps.iterator();
while (webCompsIt.hasNext()) {
WebComponentDescriptor wcd = (WebComponentDescriptor) webCompsIt.next();
StringBuilder name = new StringBuilder();
name.append(" - " + wcd.getCanonicalName());
name.append(" [ ");
Enumeration urlPs = wcd.getUrlPatterns();
while (urlPs.hasMoreElements()) {
name.append(urlPs.nextElement().toString());
name.append(" ");
}
name.append("]");
logger.finest(name.toString());
RunAsIdentityDescriptor runas = wcd.getRunAsIdentity();
if (runas != null) {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
logger.finest("*** Configuration error!");
}
}
}
// security constraints
logger.finest(" Security constraints:");
Enumeration scEnum = wbd.getSecurityConstraints();
while (scEnum.hasMoreElements()) {
SecurityConstraint sc = (SecurityConstraint) scEnum.nextElement();
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
// show list of methods for this collection
StringBuilder sbm = new StringBuilder();
for (String httpMethod : wrc.getHttpMethods()) {
sbm.append(httpMethod);
sbm.append(" ");
}
logger.finest(" Using method: " + sbm.toString());
// and then list of url patterns
for (String urlPattern : wrc.getUrlPatterns()) {
logger.finest(" " + urlPattern);
}
}
// end res.collection iterator
// show roles which apply to above set of collections
AuthorizationConstraint authCons = sc.getAuthorizationConstraint();
Enumeration rolesEnum = authCons.getSecurityRoles();
StringBuilder rsb = new StringBuilder();
rsb.append(" Accessible by roles: ");
while (rolesEnum.hasMoreElements()) {
SecurityRole sr = (SecurityRole) rolesEnum.nextElement();
rsb.append(sr.getName());
rsb.append(" ");
}
logger.finest(rsb.toString());
// show transport guarantee
UserDataConstraint udc = sc.getUserDataConstraint();
if (udc != null) {
logger.finest(" Transport guarantee: " + udc.getTransportGuarantee());
}
}
// end sec.constraint
}
// end webDescriptorSet.iterator
logger.finest("======================================");
}
Aggregations