Example 1 with SecurityRoleMapper
use of org.glassfish.deployment.common.SecurityRoleMapper in project Payara by payara.
the class RoleMapperFactory method getRoleMapper.
/**
* Returns a RoleMapper corresponding to the AppName.
*
* @param appName Application Name of this RoleMapper.
* @return SecurityRoleMapper for the application
*/
public RoleMapper getRoleMapper(String appName, SecurityRoleMapperFactory fact) {
RoleMapper r = (RoleMapper) ROLEMAPPER.get(appName);
if (r == null) {
r = new RoleMapper(appName);
ROLEMAPPER.put(appName, r);
}
return r;
}
Also used :
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
Example 2 with SecurityRoleMapper
use of org.glassfish.deployment.common.SecurityRoleMapper in project Payara by payara.
the class PolicyConfigurationImpl method generatePermissions.
private void generatePermissions() throws java.io.FileNotFoundException, java.io.IOException {
if (!writeOnCommit)
return;
// otherwise proceed to write policy file
Map roleToSubjectMap = null;
SecurityRoleMapperFactory factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
if (rolePermissionsTable != null) {
// Make sure a role to subject map has been defined for the Policy Context
if (factory != null) {
// the rolemapper is stored against the
// appname, for a web app get the appname for this contextid
SecurityRoleMapper srm = factory.getRoleMapper(CONTEXT_ID);
if (srm != null) {
roleToSubjectMap = srm.getRoleToSubjectMapping();
}
if (roleToSubjectMap != null) {
// make sure all liked PC's have the same roleToSubjectMap
Set linkSet = (Set) fact.getLinkTable().get(CONTEXT_ID);
if (linkSet != null) {
Iterator it = linkSet.iterator();
while (it.hasNext()) {
String contextId = (String) it.next();
if (!CONTEXT_ID.equals(contextId)) {
SecurityRoleMapper otherSrm = factory.getRoleMapper(contextId);
Map otherRoleToSubjectMap = null;
if (otherSrm != null) {
otherRoleToSubjectMap = otherSrm.getRoleToSubjectMapping();
}
if (otherRoleToSubjectMap != roleToSubjectMap) {
String defMsg = "Linked policy contexts have different roleToSubjectMaps (" + CONTEXT_ID + ")<->(" + contextId + ")";
String msg = localStrings.getLocalString("pc.linked_with_different_role_maps", defMsg, new Object[] { CONTEXT_ID, contextId });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(defMsg);
}
}
}
}
}
}
}
if (roleToSubjectMap == null && rolePermissionsTable != null) {
String defMsg = "This application has no role mapper factory defined";
String msg = localStrings.getLocalString("pc.role_map_not_defined_at_commit", defMsg, new Object[] { CONTEXT_ID });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(localStrings.getLocalString("enterprise.deployment.deployment.norolemapperfactorydefine", defMsg));
}
PolicyParser parser = new PolicyParser(false);
// load unchecked grants in parser
if (uncheckedPermissions != null) {
Enumeration pEnum = uncheckedPermissions.elements();
if (pEnum.hasMoreElements()) {
GrantEntry grant = new GrantEntry();
while (pEnum.hasMoreElements()) {
Permission p = (Permission) pEnum.nextElement();
PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
grant.add(entry);
}
parser.add(grant);
}
}
// load role based grants in parser
if (rolePermissionsTable != null) {
Iterator roleIt = rolePermissionsTable.keySet().iterator();
while (roleIt.hasNext()) {
boolean withPrincipals = false;
String roleName = (String) roleIt.next();
Permissions rolePerms = getRolePermissions(roleName);
Subject rolePrincipals = (Subject) roleToSubjectMap.get(roleName);
if (rolePrincipals != null) {
Iterator pit = rolePrincipals.getPrincipals().iterator();
while (pit.hasNext()) {
Principal prin = (Principal) pit.next();
if (prin != null) {
withPrincipals = true;
PrincipalEntry prinEntry = new PrincipalEntry(prin.getClass().getName(), escapeName(prin.getName()));
GrantEntry grant = new GrantEntry();
grant.principals.add(prinEntry);
Enumeration pEnum = rolePerms.elements();
while (pEnum.hasMoreElements()) {
Permission perm = (Permission) pEnum.nextElement();
PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
grant.add(permEntry);
}
parser.add(grant);
} else {
String msg = localStrings.getLocalString("pc.non_principal_mapped_to_role", "non principal mapped to role " + roleName, new Object[] { prin, roleName });
logger.log(Level.WARNING, msg);
}
}
}
/**
* JACC MR8 add grant for the any authenticated user role '**'
*/
if (!withPrincipals && ("**".equals(roleName))) {
withPrincipals = true;
PrincipalEntry prinEntry = new PrincipalEntry(PrincipalEntry.WILDCARD_CLASS, PrincipalEntry.WILDCARD_NAME);
GrantEntry grant = new GrantEntry();
grant.principals.add(prinEntry);
Enumeration pEnum = rolePerms.elements();
while (pEnum.hasMoreElements()) {
Permission perm = (Permission) pEnum.nextElement();
PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
grant.add(permEntry);
}
parser.add(grant);
if (logger.isLoggable(Level.FINE)) {
logger.fine("JACC Policy Provider: added role grant for any authenticated user");
}
}
if (!withPrincipals) {
String msg = localStrings.getLocalString("pc.no_principals_mapped_to_role", "no principals mapped to role " + roleName, new Object[] { roleName });
logger.log(Level.WARNING, msg);
}
}
}
writeOnCommit = createPolicyFile(true, parser, writeOnCommit);
// load excluded perms in excluded parser
if (excludedPermissions != null) {
PolicyParser excludedParser = new PolicyParser(false);
Enumeration pEnum = excludedPermissions.elements();
if (pEnum.hasMoreElements()) {
GrantEntry grant = new GrantEntry();
while (pEnum.hasMoreElements()) {
Permission p = (Permission) pEnum.nextElement();
PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
grant.add(entry);
}
excludedParser.add(grant);
}
writeOnCommit = createPolicyFile(false, excludedParser, writeOnCommit);
}
if (!writeOnCommit)
wasRefreshed = false;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Enumeration(java.util.Enumeration)
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
PrincipalEntry(com.sun.enterprise.security.provider.PolicyParser.PrincipalEntry)
Subject(javax.security.auth.Subject)
SecurityRoleMapperFactory(org.glassfish.deployment.common.SecurityRoleMapperFactory)
Iterator(java.util.Iterator)
PermissionEntry(com.sun.enterprise.security.provider.PolicyParser.PermissionEntry)
HashMap(java.util.HashMap)
Map(java.util.Map)
GrantEntry(com.sun.enterprise.security.provider.PolicyParser.GrantEntry)
Example 3 with SecurityRoleMapper
use of org.glassfish.deployment.common.SecurityRoleMapper in project Payara by payara.
the class WebBundleRuntimeNode method addDescriptor.
/**
* Adds a new DOL descriptor instance to the descriptor instance associated with this XMLNode
*
* @param newDescriptor the new descriptor
*/
@Override
public void addDescriptor(Object newDescriptor) {
SunWebAppImpl sunWebApp = (SunWebAppImpl) descriptor.getSunDescriptor();
if (newDescriptor instanceof WebComponentDescriptor) {
WebComponentDescriptor servlet = (WebComponentDescriptor) newDescriptor;
// for backward compatibility with s1as schema2beans generated desc
Servlet s1descriptor = new Servlet();
s1descriptor.setServletName(servlet.getCanonicalName());
if (servlet.getRunAsIdentity() != null) {
s1descriptor.setPrincipalName(servlet.getRunAsIdentity().getPrincipal());
}
sunWebApp.addServlet(s1descriptor);
} else if (newDescriptor instanceof ServiceReferenceDescriptor) {
descriptor.addServiceReferenceDescriptor((ServiceReferenceDescriptor) newDescriptor);
} else if (newDescriptor instanceof SecurityRoleMapping) {
SecurityRoleMapping srm = (SecurityRoleMapping) newDescriptor;
sunWebApp.addSecurityRoleMapping(srm);
// store it in the application using pure DOL descriptors...
Application app = descriptor.getApplication();
if (app != null) {
Role role = new Role(srm.getRoleName());
SecurityRoleMapper rm = app.getRoleMapper();
if (rm != null) {
List<PrincipalNameDescriptor> principals = srm.getPrincipalNames();
for (int i = 0; i < principals.size(); i++) {
rm.assignRole(principals.get(i).getPrincipal(), role, descriptor);
}
List<String> groups = srm.getGroupNames();
for (int i = 0; i < groups.size(); i++) {
rm.assignRole(new Group(groups.get(i)), role, descriptor);
}
}
}
} else if (newDescriptor instanceof IdempotentUrlPattern) {
sunWebApp.addIdempotentUrlPattern((IdempotentUrlPattern) newDescriptor);
} else if (newDescriptor instanceof SessionConfig) {
sunWebApp.setSessionConfig((SessionConfig) newDescriptor);
} else if (newDescriptor instanceof Cache) {
sunWebApp.setCache((Cache) newDescriptor);
} else if (newDescriptor instanceof ClassLoader) {
sunWebApp.setClassLoader((ClassLoader) newDescriptor);
} else if (newDescriptor instanceof JspConfig) {
sunWebApp.setJspConfig((JspConfig) newDescriptor);
} else if (newDescriptor instanceof LocaleCharsetInfo) {
sunWebApp.setLocaleCharsetInfo((LocaleCharsetInfo) newDescriptor);
} else if (newDescriptor instanceof WebProperty) {
sunWebApp.addWebProperty((WebProperty) newDescriptor);
} else if (newDescriptor instanceof Valve) {
sunWebApp.addValve((Valve) newDescriptor);
} else
super.addDescriptor(descriptor);
}
Also used :
SunWebAppImpl(org.glassfish.web.deployment.runtime.SunWebAppImpl)
Group(org.glassfish.security.common.Group)
JspConfig(org.glassfish.web.deployment.runtime.JspConfig)
WebProperty(org.glassfish.web.deployment.runtime.WebProperty)
SecurityRoleMapping(com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
IdempotentUrlPattern(com.sun.enterprise.deployment.runtime.web.IdempotentUrlPattern)
PrincipalNameDescriptor(com.sun.enterprise.deployment.runtime.common.PrincipalNameDescriptor)
SessionConfig(org.glassfish.web.deployment.runtime.SessionConfig)
ServiceReferenceDescriptor(com.sun.enterprise.deployment.ServiceReferenceDescriptor)
Role(org.glassfish.security.common.Role)
WebComponentDescriptor(com.sun.enterprise.deployment.WebComponentDescriptor)
Servlet(org.glassfish.web.deployment.runtime.Servlet)
ClassLoader(org.glassfish.web.deployment.runtime.ClassLoader)
Valve(org.glassfish.web.deployment.runtime.Valve)
Application(com.sun.enterprise.deployment.Application)
LocaleCharsetInfo(org.glassfish.web.deployment.runtime.LocaleCharsetInfo)
Cache(org.glassfish.web.deployment.runtime.Cache)
Example 4 with SecurityRoleMapper
use of org.glassfish.deployment.common.SecurityRoleMapper in project Payara by payara.
the class PolicyConfigurationImpl method getRoleToSubjectMap.
private Map<String, Subject> getRoleToSubjectMap() {
if (roleToPermissionsMap == null) {
return null;
}
Map<String, Subject> roleToSubjectMap = null;
SecurityRoleMapperFactory factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
// Make sure a role to subject map has been defined for the Policy Context
if (factory != null) {
// The role mapper is stored against the application naeme.
// For a web app get the appname for this contextid
SecurityRoleMapper securityRoleMapper = factory.getRoleMapper(CONTEXT_ID);
if (securityRoleMapper != null) {
roleToSubjectMap = securityRoleMapper.getRoleToSubjectMapping();
}
if (roleToSubjectMap != null) {
// Make sure all linked PCs have the same roleToSubjectMap
Set<String> linkContextIds = configurationFactory.getLinkTable().get(CONTEXT_ID);
if (linkContextIds != null) {
for (String contextId : linkContextIds) {
if (!CONTEXT_ID.equals(contextId)) {
SecurityRoleMapper otherSecurityRoleMapper = factory.getRoleMapper(contextId);
Map otherRoleToSubjectMap = null;
if (otherSecurityRoleMapper != null) {
otherRoleToSubjectMap = otherSecurityRoleMapper.getRoleToSubjectMapping();
}
if (otherRoleToSubjectMap != roleToSubjectMap) {
String defMsg = "Linked policy contexts have different roleToSubjectMaps (" + CONTEXT_ID + ")<->(" + contextId + ")";
logger.log(SEVERE, localStrings.getLocalString("pc.linked_with_different_role_maps", defMsg, new Object[] { CONTEXT_ID, contextId }));
throw new RuntimeException(defMsg);
}
}
}
}
}
}
return roleToSubjectMap;
}
Also used :
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
SecurityRoleMapperFactory(org.glassfish.deployment.common.SecurityRoleMapperFactory)
Map(java.util.Map)
HashMap(java.util.HashMap)
Subject(javax.security.auth.Subject)
Example 5 with SecurityRoleMapper
use of org.glassfish.deployment.common.SecurityRoleMapper in project Payara by payara.
the class GlassfishRoleMapper method getRolesOfPrincipals.
public Set<String> getRolesOfPrincipals(String pcid, Principal[] principals) throws SecurityException, UnsupportedOperationException {
if (principals.length == 0) {
return null;
}
SecurityRoleMapper srm = getInternalMapper(pcid);
Set<String> roleNames = getDeclaredRoles(srm);
// Comment out for now to supress FindBugs warning, getDeclaredRoles(srm) always throw UnsupportedOperationException
// currently so roleNames cannot be null, when getDeclaredRoles is fixed we can uncomment this
// if (roleNames == null) {
// return null;
// }
HashSet<String> roles = new HashSet<String>();
Iterator<String> it = roleNames.iterator();
while (it.hasNext()) {
String roleName = it.next();
Set<Principal> pSet = getPrincipalsInRole(srm, roleName);
if (pSet != null) {
for (Principal p : principals) {
if (pSet.contains(p)) {
roles.add(roleName);
break;
}
}
}
}
return roles;
}
Also used :
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Aggregations
SecurityRoleMapper (org.glassfish.deployment.common.SecurityRoleMapper)13
SecurityRoleMapperFactory (org.glassfish.deployment.common.SecurityRoleMapperFactory)4
Role (org.glassfish.security.common.Role)4
PrincipalNameDescriptor (com.sun.enterprise.deployment.runtime.common.PrincipalNameDescriptor)3
SecurityRoleMapping (com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)3
Subject (javax.security.auth.Subject)3
Group (org.glassfish.security.common.Group)3
Application (com.sun.enterprise.deployment.Application)2
ResourcePropertyDescriptor (com.sun.enterprise.deployment.ResourcePropertyDescriptor)2
WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)2
WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
Map (java.util.Map)2
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)1
EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)1
MethodDescriptor (com.sun.enterprise.deployment.MethodDescriptor)1
MethodPermission (com.sun.enterprise.deployment.MethodPermission)1
RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)1
