Example 1 with SecurityService
use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.
the class WebModuleContextConfig method authenticatorConfig.
/**
* Always sets up an Authenticator regardless of any security constraints.
*/
@Override
protected synchronized void authenticatorConfig() throws LifecycleException {
LoginConfig loginConfig = context.getLoginConfig();
if (loginConfig == null) {
loginConfig = new LoginConfig("NONE", null, null, null);
context.setLoginConfig(loginConfig);
}
// Has an authenticator been configured already?
if (context instanceof Authenticator) {
return;
}
if (context instanceof ContainerBase) {
Pipeline pipeline = ((ContainerBase) context).getPipeline();
if (pipeline != null) {
GlassFishValve basic = pipeline.getBasic();
if ((basic != null) && (basic instanceof Authenticator))
return;
GlassFishValve[] valves = pipeline.getValves();
for (int i = 0; i < valves.length; i++) {
if (valves[i] instanceof Authenticator)
return;
}
}
} else {
// Cannot install a Valve even if it would be needed
return;
}
// Has a Realm been configured for us to authenticate against?
/* START IASRI 4856062
if (context.getRealm() == null) {
*/
// BEGIN IASRI 4856062
Realm rlm = context.getRealm();
if (rlm == null) {
// END IASRI 4856062
String realmName = (context.getLoginConfig() != null) ? context.getLoginConfig().getRealmName() : null;
if (realmName != null && !realmName.isEmpty()) {
String msg = rb.getString(LogFacade.MISSING_REALM);
throw new LifecycleException(MessageFormat.format(msg, realmName));
}
return;
}
// BEGIN IASRI 4856062
// If a realm is available set its name in the Realm(Adapter)
rlm.setRealmName(loginConfig.getRealmName(), loginConfig.getAuthMethod());
// END IASRI 4856062
/*
* First check to see if there is a custom mapping for the login
* method. If so, use it. Otherwise, check if there is a mapping in
* org/apache/catalina/startup/Authenticators.properties.
*/
GlassFishValve authenticator = null;
if (customAuthenticators != null) {
authenticator = (GlassFishValve) customAuthenticators.get(loginConfig.getAuthMethod());
}
if (authenticator == null) {
// Identify the class name of the Valve we should configure
String authenticatorName = null;
// BEGIN RIMOD 4808402
// If login-config is given but auth-method is null, use NONE
// so that NonLoginAuthenticator is picked
String authMethod = loginConfig.getAuthMethod();
if (authMethod == null) {
authMethod = "NONE";
}
authenticatorName = authenticators.getProperty(authMethod);
if (authenticatorName == null) {
String msg = rb.getString(LogFacade.AUTHENTICATOR_MISSING);
throw new LifecycleException(MessageFormat.format(msg, loginConfig.getAuthMethod()));
}
// Instantiate and install an Authenticator of the requested class
try {
Class authenticatorClass = Class.forName(authenticatorName);
authenticator = (GlassFishValve) authenticatorClass.newInstance();
} catch (Exception e) {
String msg = rb.getString(LogFacade.AUTHENTICATOR_INSTANTIATE_ERROR);
throw new LifecycleException(MessageFormat.format(msg, authenticatorName), e);
}
}
if (authenticator != null && context instanceof ContainerBase) {
Pipeline pipeline = ((ContainerBase) context).getPipeline();
if (pipeline != null) {
((ContainerBase) context).addValve(authenticator);
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, LogFacade.AUTHENTICATOR_CONFIGURED, loginConfig.getAuthMethod());
}
}
}
if (authenticator instanceof DigestAuthenticator) {
Config config = services.getService(Config.class, ServerEnvironment.DEFAULT_INSTANCE_NAME);
SecurityService securityService = config.getSecurityService();
String digestAlgorithm = null;
if (securityService != null) {
digestAlgorithm = securityService.getPropertyValue(DEFAULT_DIGEST_ALGORITHM);
}
if (digestAlgorithm != null) {
((DigestAuthenticator) authenticator).setAlgorithm(digestAlgorithm);
}
}
}
Also used :
ContainerBase(org.apache.catalina.core.ContainerBase)
ContextConfig(org.apache.catalina.startup.ContextConfig)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
Config(com.sun.enterprise.config.serverbeans.Config)
String(java.lang.String)
NamingException(javax.naming.NamingException)
GlassFishValve(org.glassfish.web.valve.GlassFishValve)
DigestAuthenticator(org.apache.catalina.authenticator.DigestAuthenticator)
SecurityService(com.sun.enterprise.config.serverbeans.SecurityService)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
DigestAuthenticator(org.apache.catalina.authenticator.DigestAuthenticator)
Example 2 with SecurityService
use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.
the class CreateMessageSecurityProvider method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are parameter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
List<MessageSecurityConfig> mscs = secService.getMessageSecurityConfig();
// Let's find the correct MessageSecurityConfig. As of now,
// there can be only two of them - one for SOAP and one for
// HttpServlet
MessageSecurityConfig msgSecCfg = null;
for (MessageSecurityConfig msc : mscs) {
if (msc.getAuthLayer().equals(authLayer)) {
msgSecCfg = msc;
}
}
// then, add a new provider config under it provided it is not duplicate
if (msgSecCfg != null) {
// check if there exists a provider config by the
// specified provider name; if so return failure.
List<ProviderConfig> pcs = msgSecCfg.getProviderConfig();
for (ProviderConfig pc : pcs) {
if (pc.getProviderId().equals(providerId)) {
report.setMessage(localStrings.getLocalString("create.message.security.provider.duplicatefound", "Message security provider named {0} exists. " + "Cannot add duplicate.", providerId));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
// No duplicate message security providers found. So add one.
try {
ConfigSupport.apply(new SingleConfigCode<MessageSecurityConfig>() {
public Object run(MessageSecurityConfig param) throws PropertyVetoException, TransactionFailure {
ProviderConfig newPC = param.createChild(ProviderConfig.class);
populateProviderConfigElement(newPC);
param.getProviderConfig().add(newPC);
// security config object
if (isDefaultProvider) {
if (providerType.equals(SERVER) || providerType.equals(CLIENT_SERVER))
param.setDefaultProvider(providerId);
if (providerType.equals(CLIENT) || providerType.equals(CLIENT_SERVER))
param.setDefaultClientProvider(providerId);
}
return newPC;
}
}, msgSecCfg);
} catch (TransactionFailure e) {
report.setMessage(localStrings.getLocalString("create.message.security.provider.fail", "Creation of message security provider named {0} failed", providerId));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
report.setMessage(localStrings.getLocalString("create.message.security.provider.success", "Creation of message security provider named {0} completed " + "successfully", providerId));
} else // Now if there is NO message security config for this type of layer
// then, first add a message security config for the layer and then
// add a provider config under this message security config
{
try {
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
MessageSecurityConfig newMSC = param.createChild(MessageSecurityConfig.class);
newMSC.setAuthLayer(authLayer);
param.getMessageSecurityConfig().add(newMSC);
ProviderConfig newPC = newMSC.createChild(ProviderConfig.class);
populateProviderConfigElement(newPC);
newMSC.getProviderConfig().add(newPC);
// security config object
if (isDefaultProvider) {
if (providerType.equals(SERVER) || providerType.equals(CLIENT_SERVER))
newMSC.setDefaultProvider(providerId);
if (providerType.equals(CLIENT) || providerType.equals(CLIENT_SERVER))
newMSC.setDefaultClientProvider(providerId);
}
return newMSC;
}
}, secService);
} catch (TransactionFailure e) {
report.setMessage(localStrings.getLocalString("create.message.security.provider.fail", "Creation of message security provider named {0} failed", providerId));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
/* report.setMessage(localStrings.getLocalString(
"create.message.security.provider.success",
"Creation of message security provider named {0} completed " +
"successfully", providerId)); */
}
}
Also used :
PropertyVetoException(java.beans.PropertyVetoException)
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
ProviderConfig(com.sun.enterprise.config.serverbeans.ProviderConfig)
SecurityService(com.sun.enterprise.config.serverbeans.SecurityService)
MessageSecurityConfig(com.sun.enterprise.config.serverbeans.MessageSecurityConfig)
ActionReport(org.glassfish.api.ActionReport)
Example 3 with SecurityService
use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.
the class DeleteFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("delete.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
final String kFile = keyFile;
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("delete.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(kFile)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { kFile, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// hypothetically ?.
try {
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
try {
realmsManager.createRealms(config);
final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
fr.removeUser(userName);
fr.persist();
CreateFileUser.refreshRealm(config.getName(), authRealmName);
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (NoSuchUserException e) {
report.setMessage(localStrings.getLocalString("delete.file.user.usernotfound", "There is no such existing user {0} in the file realm {1}.", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
} catch (BadRealmException e) {
report.setMessage(localStrings.getLocalString("delete.file.user.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
} catch (Exception e) {
e.printStackTrace();
report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
return null;
}
}, securityService);
} catch (Exception e) {
report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
Also used :
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
ActionReport(org.glassfish.api.ActionReport)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
PropertyVetoException(java.beans.PropertyVetoException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
PropertyVetoException(java.beans.PropertyVetoException)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
SecurityService(com.sun.enterprise.config.serverbeans.SecurityService)
Property(org.jvnet.hk2.config.types.Property)
File(java.io.File)
Example 4 with SecurityService
use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.
the class DeleteAuthRealm method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
ActionReport report = context.getActionReport();
try {
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
param.getAuthRealm().remove(authRealm);
// temporary fix - since the SecurityConfigListener is not being called on an realm delete.
SecurityConfigListener.authRealmDeleted(authRealm);
return null;
}
}, securityService);
} catch (TransactionFailure e) {
report.setMessage(localStrings.getLocalString("delete.auth.realm.fail", "Deletion of Authrealm {0} failed", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
}
Also used :
PropertyVetoException(java.beans.PropertyVetoException)
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
SecurityService(com.sun.enterprise.config.serverbeans.SecurityService)
ActionReport(org.glassfish.api.ActionReport)
Example 5 with SecurityService
use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.
the class DeleteJaccProvider method execute.
@Override
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
try {
List<JaccProvider> jaccProviders = securityService.getJaccProvider();
JaccProvider jprov = null;
for (JaccProvider jaccProv : jaccProviders) {
if (jaccProv.getName().equals(jaccprovider)) {
jprov = jaccProv;
break;
}
}
final JaccProvider jaccprov = jprov;
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
param.getJaccProvider().remove(jaccprov);
return null;
}
}, securityService);
} catch (TransactionFailure e) {
report.setMessage(localStrings.getLocalString("delete.jacc.provider.fail", "Deletion of JaccProvider {0} failed", jaccprovider) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
}
Also used :
PropertyVetoException(java.beans.PropertyVetoException)
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
JaccProvider(com.sun.enterprise.config.serverbeans.JaccProvider)
SecurityService(com.sun.enterprise.config.serverbeans.SecurityService)
ActionReport(org.glassfish.api.ActionReport)
Aggregations
SecurityService (com.sun.enterprise.config.serverbeans.SecurityService)14
ActionReport (org.glassfish.api.ActionReport)10
PropertyVetoException (java.beans.PropertyVetoException)9
TransactionFailure (org.jvnet.hk2.config.TransactionFailure)9
Property (org.jvnet.hk2.config.types.Property)4
AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)3
AuditModule (com.sun.enterprise.config.serverbeans.AuditModule)2
Config (com.sun.enterprise.config.serverbeans.Config)2
JaccProvider (com.sun.enterprise.config.serverbeans.JaccProvider)2
BadRealmException (com.sun.enterprise.security.auth.realm.BadRealmException)2
FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)2
File (java.io.File)2
MessageSecurityConfig (com.sun.enterprise.config.serverbeans.MessageSecurityConfig)1
ProviderConfig (com.sun.enterprise.config.serverbeans.ProviderConfig)1
BaseAuditModule (com.sun.enterprise.security.BaseAuditModule)1
NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)1
String (java.lang.String)1
Properties (java.util.Properties)1
NamingException (javax.naming.NamingException)1
DigestAuthenticator (org.apache.catalina.authenticator.DigestAuthenticator)1
