Search in sources :

Example 1 with SecurityService

use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.

the class WebModuleContextConfig method authenticatorConfig.

/**
 * Always sets up an Authenticator regardless of any security constraints.
 */
@Override
protected synchronized void authenticatorConfig() throws LifecycleException {
    LoginConfig loginConfig = context.getLoginConfig();
    if (loginConfig == null) {
        loginConfig = new LoginConfig("NONE", null, null, null);
        context.setLoginConfig(loginConfig);
    }
    // Has an authenticator been configured already?
    if (context instanceof Authenticator) {
        return;
    }
    if (context instanceof ContainerBase) {
        Pipeline pipeline = ((ContainerBase) context).getPipeline();
        if (pipeline != null) {
            GlassFishValve basic = pipeline.getBasic();
            if ((basic != null) && (basic instanceof Authenticator))
                return;
            GlassFishValve[] valves = pipeline.getValves();
            for (int i = 0; i < valves.length; i++) {
                if (valves[i] instanceof Authenticator)
                    return;
            }
        }
    } else {
        // Cannot install a Valve even if it would be needed
        return;
    }
    // Has a Realm been configured for us to authenticate against?
    /* START IASRI 4856062
        if (context.getRealm() == null) {
        */
    // BEGIN IASRI 4856062
    Realm rlm = context.getRealm();
    if (rlm == null) {
        // END IASRI 4856062
        String realmName = (context.getLoginConfig() != null) ? context.getLoginConfig().getRealmName() : null;
        if (realmName != null && !realmName.isEmpty()) {
            String msg = rb.getString(LogFacade.MISSING_REALM);
            throw new LifecycleException(MessageFormat.format(msg, realmName));
        }
        return;
    }
    // BEGIN IASRI 4856062
    // If a realm is available set its name in the Realm(Adapter)
    rlm.setRealmName(loginConfig.getRealmName(), loginConfig.getAuthMethod());
    // END IASRI 4856062
    /*
         * First check to see if there is a custom mapping for the login
         * method. If so, use it. Otherwise, check if there is a mapping in
         * org/apache/catalina/startup/Authenticators.properties.
         */
    GlassFishValve authenticator = null;
    if (customAuthenticators != null) {
        authenticator = (GlassFishValve) customAuthenticators.get(loginConfig.getAuthMethod());
    }
    if (authenticator == null) {
        // Identify the class name of the Valve we should configure
        String authenticatorName = null;
        // BEGIN RIMOD 4808402
        // If login-config is given but auth-method is null, use NONE
        // so that NonLoginAuthenticator is picked
        String authMethod = loginConfig.getAuthMethod();
        if (authMethod == null) {
            authMethod = "NONE";
        }
        authenticatorName = authenticators.getProperty(authMethod);
        if (authenticatorName == null) {
            String msg = rb.getString(LogFacade.AUTHENTICATOR_MISSING);
            throw new LifecycleException(MessageFormat.format(msg, loginConfig.getAuthMethod()));
        }
        // Instantiate and install an Authenticator of the requested class
        try {
            Class authenticatorClass = Class.forName(authenticatorName);
            authenticator = (GlassFishValve) authenticatorClass.newInstance();
        } catch (Exception e) {
            String msg = rb.getString(LogFacade.AUTHENTICATOR_INSTANTIATE_ERROR);
            throw new LifecycleException(MessageFormat.format(msg, authenticatorName), e);
        }
    }
    if (authenticator != null && context instanceof ContainerBase) {
        Pipeline pipeline = ((ContainerBase) context).getPipeline();
        if (pipeline != null) {
            ((ContainerBase) context).addValve(authenticator);
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, LogFacade.AUTHENTICATOR_CONFIGURED, loginConfig.getAuthMethod());
            }
        }
    }
    if (authenticator instanceof DigestAuthenticator) {
        Config config = services.getService(Config.class, ServerEnvironment.DEFAULT_INSTANCE_NAME);
        SecurityService securityService = config.getSecurityService();
        String digestAlgorithm = null;
        if (securityService != null) {
            digestAlgorithm = securityService.getPropertyValue(DEFAULT_DIGEST_ALGORITHM);
        }
        if (digestAlgorithm != null) {
            ((DigestAuthenticator) authenticator).setAlgorithm(digestAlgorithm);
        }
    }
}
Also used : ContainerBase(org.apache.catalina.core.ContainerBase) ContextConfig(org.apache.catalina.startup.ContextConfig) LoginConfig(org.apache.catalina.deploy.LoginConfig) Config(com.sun.enterprise.config.serverbeans.Config) String(java.lang.String) NamingException(javax.naming.NamingException) GlassFishValve(org.glassfish.web.valve.GlassFishValve) DigestAuthenticator(org.apache.catalina.authenticator.DigestAuthenticator) SecurityService(com.sun.enterprise.config.serverbeans.SecurityService) LoginConfig(org.apache.catalina.deploy.LoginConfig) DigestAuthenticator(org.apache.catalina.authenticator.DigestAuthenticator)

Example 2 with SecurityService

use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.

the class CreateMessageSecurityProvider method execute.

/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are parameter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    List<MessageSecurityConfig> mscs = secService.getMessageSecurityConfig();
    // Let's find the correct MessageSecurityConfig. As of now,
    // there can be only two of them - one for SOAP and one for
    // HttpServlet
    MessageSecurityConfig msgSecCfg = null;
    for (MessageSecurityConfig msc : mscs) {
        if (msc.getAuthLayer().equals(authLayer)) {
            msgSecCfg = msc;
        }
    }
    // then, add a new provider config under it provided it is not duplicate
    if (msgSecCfg != null) {
        // check if there exists a provider config by the
        // specified provider name; if so return failure.
        List<ProviderConfig> pcs = msgSecCfg.getProviderConfig();
        for (ProviderConfig pc : pcs) {
            if (pc.getProviderId().equals(providerId)) {
                report.setMessage(localStrings.getLocalString("create.message.security.provider.duplicatefound", "Message security provider named {0} exists. " + "Cannot add duplicate.", providerId));
                report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                return;
            }
        }
        // No duplicate message security providers found. So add one.
        try {
            ConfigSupport.apply(new SingleConfigCode<MessageSecurityConfig>() {

                public Object run(MessageSecurityConfig param) throws PropertyVetoException, TransactionFailure {
                    ProviderConfig newPC = param.createChild(ProviderConfig.class);
                    populateProviderConfigElement(newPC);
                    param.getProviderConfig().add(newPC);
                    // security config object
                    if (isDefaultProvider) {
                        if (providerType.equals(SERVER) || providerType.equals(CLIENT_SERVER))
                            param.setDefaultProvider(providerId);
                        if (providerType.equals(CLIENT) || providerType.equals(CLIENT_SERVER))
                            param.setDefaultClientProvider(providerId);
                    }
                    return newPC;
                }
            }, msgSecCfg);
        } catch (TransactionFailure e) {
            report.setMessage(localStrings.getLocalString("create.message.security.provider.fail", "Creation of message security provider named {0} failed", providerId));
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            report.setFailureCause(e);
            return;
        }
        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
        report.setMessage(localStrings.getLocalString("create.message.security.provider.success", "Creation of message security provider named {0} completed " + "successfully", providerId));
    } else // Now if there is NO message security config for this type of layer
    // then, first add a message security config for the layer and then
    // add a provider config under this message security config
    {
        try {
            ConfigSupport.apply(new SingleConfigCode<SecurityService>() {

                public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
                    MessageSecurityConfig newMSC = param.createChild(MessageSecurityConfig.class);
                    newMSC.setAuthLayer(authLayer);
                    param.getMessageSecurityConfig().add(newMSC);
                    ProviderConfig newPC = newMSC.createChild(ProviderConfig.class);
                    populateProviderConfigElement(newPC);
                    newMSC.getProviderConfig().add(newPC);
                    // security config object
                    if (isDefaultProvider) {
                        if (providerType.equals(SERVER) || providerType.equals(CLIENT_SERVER))
                            newMSC.setDefaultProvider(providerId);
                        if (providerType.equals(CLIENT) || providerType.equals(CLIENT_SERVER))
                            newMSC.setDefaultClientProvider(providerId);
                    }
                    return newMSC;
                }
            }, secService);
        } catch (TransactionFailure e) {
            report.setMessage(localStrings.getLocalString("create.message.security.provider.fail", "Creation of message security provider named {0} failed", providerId));
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            report.setFailureCause(e);
            return;
        }
        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
    /* report.setMessage(localStrings.getLocalString(
                "create.message.security.provider.success",
                "Creation of message security provider named {0} completed " +
                "successfully", providerId));  */
    }
}
Also used : PropertyVetoException(java.beans.PropertyVetoException) TransactionFailure(org.jvnet.hk2.config.TransactionFailure) ProviderConfig(com.sun.enterprise.config.serverbeans.ProviderConfig) SecurityService(com.sun.enterprise.config.serverbeans.SecurityService) MessageSecurityConfig(com.sun.enterprise.config.serverbeans.MessageSecurityConfig) ActionReport(org.glassfish.api.ActionReport)

Example 3 with SecurityService

use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.

the class DeleteFileUser method execute.

/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are the paramter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    // Get FileRealm class name, match it with what is expected.
    String fileRealmClassName = fileAuthRealm.getClassname();
    // Report error if provided impl is not the one expected
    if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
        report.setMessage(localStrings.getLocalString("delete.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // ensure we have the file associated with the authrealm
    String keyFile = null;
    for (Property fileProp : fileAuthRealm.getProperty()) {
        if (fileProp.getName().equals("file"))
            keyFile = fileProp.getValue();
    }
    final String kFile = keyFile;
    if (keyFile == null) {
        report.setMessage(localStrings.getLocalString("delete.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    boolean exists = (new File(kFile)).exists();
    if (!exists) {
        report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { kFile, authRealmName }));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // hypothetically ?.
    try {
        ConfigSupport.apply(new SingleConfigCode<SecurityService>() {

            public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
                try {
                    realmsManager.createRealms(config);
                    final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
                    fr.removeUser(userName);
                    fr.persist();
                    CreateFileUser.refreshRealm(config.getName(), authRealmName);
                    report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
                } catch (NoSuchUserException e) {
                    report.setMessage(localStrings.getLocalString("delete.file.user.usernotfound", "There is no such existing user {0} in the file realm {1}.", userName, authRealmName) + "  " + e.getLocalizedMessage());
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    report.setFailureCause(e);
                } catch (BadRealmException e) {
                    report.setMessage(localStrings.getLocalString("delete.file.user.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + "  " + e.getLocalizedMessage());
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    report.setFailureCause(e);
                } catch (Exception e) {
                    e.printStackTrace();
                    report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + "  " + e.getLocalizedMessage());
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    report.setFailureCause(e);
                }
                return null;
            }
        }, securityService);
    } catch (Exception e) {
        report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
    }
}
Also used : TransactionFailure(org.jvnet.hk2.config.TransactionFailure) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException) ActionReport(org.glassfish.api.ActionReport) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) PropertyVetoException(java.beans.PropertyVetoException) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException) PropertyVetoException(java.beans.PropertyVetoException) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) SecurityService(com.sun.enterprise.config.serverbeans.SecurityService) Property(org.jvnet.hk2.config.types.Property) File(java.io.File)

Example 4 with SecurityService

use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.

the class DeleteAuthRealm method execute.

/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are the paramter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    ActionReport report = context.getActionReport();
    try {
        ConfigSupport.apply(new SingleConfigCode<SecurityService>() {

            public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
                param.getAuthRealm().remove(authRealm);
                // temporary fix - since the SecurityConfigListener is  not being called on an realm delete.
                SecurityConfigListener.authRealmDeleted(authRealm);
                return null;
            }
        }, securityService);
    } catch (TransactionFailure e) {
        report.setMessage(localStrings.getLocalString("delete.auth.realm.fail", "Deletion of Authrealm {0} failed", authRealmName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
        return;
    }
    report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
}
Also used : PropertyVetoException(java.beans.PropertyVetoException) TransactionFailure(org.jvnet.hk2.config.TransactionFailure) SecurityService(com.sun.enterprise.config.serverbeans.SecurityService) ActionReport(org.glassfish.api.ActionReport)

Example 5 with SecurityService

use of com.sun.enterprise.config.serverbeans.SecurityService in project Payara by payara.

the class DeleteJaccProvider method execute.

@Override
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    try {
        List<JaccProvider> jaccProviders = securityService.getJaccProvider();
        JaccProvider jprov = null;
        for (JaccProvider jaccProv : jaccProviders) {
            if (jaccProv.getName().equals(jaccprovider)) {
                jprov = jaccProv;
                break;
            }
        }
        final JaccProvider jaccprov = jprov;
        ConfigSupport.apply(new SingleConfigCode<SecurityService>() {

            public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
                param.getJaccProvider().remove(jaccprov);
                return null;
            }
        }, securityService);
    } catch (TransactionFailure e) {
        report.setMessage(localStrings.getLocalString("delete.jacc.provider.fail", "Deletion of JaccProvider {0} failed", jaccprovider) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
        return;
    }
    report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
}
Also used : PropertyVetoException(java.beans.PropertyVetoException) TransactionFailure(org.jvnet.hk2.config.TransactionFailure) JaccProvider(com.sun.enterprise.config.serverbeans.JaccProvider) SecurityService(com.sun.enterprise.config.serverbeans.SecurityService) ActionReport(org.glassfish.api.ActionReport)

Aggregations

SecurityService (com.sun.enterprise.config.serverbeans.SecurityService)14 ActionReport (org.glassfish.api.ActionReport)10 PropertyVetoException (java.beans.PropertyVetoException)9 TransactionFailure (org.jvnet.hk2.config.TransactionFailure)9 Property (org.jvnet.hk2.config.types.Property)4 AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)3 AuditModule (com.sun.enterprise.config.serverbeans.AuditModule)2 Config (com.sun.enterprise.config.serverbeans.Config)2 JaccProvider (com.sun.enterprise.config.serverbeans.JaccProvider)2 BadRealmException (com.sun.enterprise.security.auth.realm.BadRealmException)2 FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)2 File (java.io.File)2 MessageSecurityConfig (com.sun.enterprise.config.serverbeans.MessageSecurityConfig)1 ProviderConfig (com.sun.enterprise.config.serverbeans.ProviderConfig)1 BaseAuditModule (com.sun.enterprise.security.BaseAuditModule)1 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)1 String (java.lang.String)1 Properties (java.util.Properties)1 NamingException (javax.naming.NamingException)1 DigestAuthenticator (org.apache.catalina.authenticator.DigestAuthenticator)1