Example 1 with EjbIORConfigurationDescriptor
use of com.sun.enterprise.deployment.EjbIORConfigurationDescriptor in project Payara by payara.
the class SecurityMechanismSelector method evaluate_client_conformance.
/**
* Evaluates a client's conformance to the security policies configured on the target. Returns true
* if conformant to the security policies otherwise return false.
*
* Conformance checking is done as follows: First, the object_id is mapped to the set of
* EjbIORConfigurationDescriptor. Each EjbIORConfigurationDescriptor corresponds to a single
* CompoundSecMechanism of the CSIv2 spec. A client is considered to be conformant if a
* CompoundSecMechanism consistent with the client's actions is found i.e. transport_mech,
* as_context_mech and sas_context_mech must all be consistent.
*/
private boolean evaluate_client_conformance(SecurityContext ctx, byte[] object_id, boolean ssl_used, X509Certificate[] certchain) {
if (object_id == null)
return true;
if (protocolMgr == null)
protocolMgr = orbHelper.getProtocolManager();
// is on a callback object in the client VM.
if (protocolMgr == null)
return true;
EjbDescriptor ejbDesc = protocolMgr.getEjbDescriptor(object_id);
Set iorDescSet = null;
if (ejbDesc != null) {
iorDescSet = ejbDesc.getIORConfigurationDescriptors();
} else {
// Probably a non-EJB CORBA object.
// Create a temporary EjbIORConfigurationDescriptor.
iorDescSet = getCorbaIORDescSet();
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "SecurityMechanismSelector.evaluate_client_conformance: iorDescSet: " + iorDescSet);
}
/*
* if there are no IORConfigurationDescriptors configured, then no security policy is configured. So
* consider the client to be conformant.
*/
if (iorDescSet.isEmpty())
return true;
// go through each EjbIORConfigurationDescriptor trying to find
// a find a CompoundSecMechanism that matches client's actions.
boolean checkSkipped = false;
for (Iterator itr = iorDescSet.iterator(); itr.hasNext(); ) {
EjbIORConfigurationDescriptor iorDesc = (EjbIORConfigurationDescriptor) itr.next();
if (skip_client_conformance(iorDesc)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "SecurityMechanismSelector.evaluate_client_conformance: skip_client_conformance");
}
checkSkipped = true;
continue;
}
if (!evaluate_client_conformance_ssl(iorDesc, ssl_used, certchain)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "SecurityMechanismSelector.evaluate_client_conformance: evaluate_client_conformance_ssl");
}
checkSkipped = false;
continue;
}
String realmName = "default";
if (ejbDesc != null && ejbDesc.getApplication() != null) {
realmName = ejbDesc.getApplication().getRealm();
}
if (realmName == null) {
realmName = iorDesc.getRealmName();
}
if (realmName == null) {
realmName = "default";
}
if (!evaluate_client_conformance_ascontext(ctx, iorDesc, realmName)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "SecurityMechanismSelector.evaluate_client_conformance: evaluate_client_conformance_ascontext");
}
checkSkipped = false;
continue;
}
if (!evaluate_client_conformance_sascontext(ctx, iorDesc)) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "SecurityMechanismSelector.evaluate_client_conformance: evaluate_client_conformance_sascontext");
}
checkSkipped = false;
continue;
}
// security policy matched.
return true;
}
if (checkSkipped)
return true;
// No matching security policy found
return false;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
Example 2 with EjbIORConfigurationDescriptor
use of com.sun.enterprise.deployment.EjbIORConfigurationDescriptor in project Payara by payara.
the class SecurityMechanismSelector method postConstruct.
@Override
public void postConstruct() {
try {
orbHelper = Lookups.getGlassFishORBHelper();
// Initialize client security config
String s = (orbHelper.getCSIv2Props()).getProperty(ORBLocator.ORB_SSL_CLIENT_REQUIRED);
if (s != null && s.equals("true")) {
sslRequired = true;
}
// initialize corbaIORDescSet with security config for CORBA objects
corbaIORDescSet = new HashSet<EjbIORConfigurationDescriptor>();
EjbIORConfigurationDescriptor iorDesc = new EjbIORConfigurationDescriptor();
EjbIORConfigurationDescriptor iorDesc2 = new EjbIORConfigurationDescriptor();
String serverSslReqd = (orbHelper.getCSIv2Props()).getProperty(ORBLocator.ORB_SSL_SERVER_REQUIRED);
if (serverSslReqd != null && serverSslReqd.equals("true")) {
iorDesc.setIntegrity(EjbIORConfigurationDescriptor.REQUIRED);
iorDesc.setConfidentiality(EjbIORConfigurationDescriptor.REQUIRED);
iorDesc2.setIntegrity(EjbIORConfigurationDescriptor.REQUIRED);
iorDesc2.setConfidentiality(EjbIORConfigurationDescriptor.REQUIRED);
}
String clientAuthReq = (orbHelper.getCSIv2Props()).getProperty(ORBLocator.ORB_CLIENT_AUTH_REQUIRED);
if (clientAuthReq != null && clientAuthReq.equals("true")) {
// Need auth either by SSL or username-password.
// This sets SSL clientauth to required.
iorDesc.setEstablishTrustInClient(EjbIORConfigurationDescriptor.REQUIRED);
// This sets username-password auth to required.
iorDesc2.setAuthMethodRequired(true);
getCorbaIORDescSet().add(iorDesc2);
}
getCorbaIORDescSet().add(iorDesc);
} catch (Exception e) {
_logger.log(Level.SEVERE, "iiop.Exception", e);
}
}
Also used :
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Example 3 with EjbIORConfigurationDescriptor
use of com.sun.enterprise.deployment.EjbIORConfigurationDescriptor in project Payara by payara.
the class CSIV2TaggedComponentInfo method createCompoundSecMechs.
/**
* Create the security mechanisms. Only 1 such mechanism is created although the spec allows
* multiple mechanisms (in decreasing order of preference). Note that creating more than one
* CompoundSecMech here will cause getSecurityMechanisms to fail, as it supports only one
* CompoundSecMech.
*/
private CompoundSecMech[] createCompoundSecMechs(DescriptorMaker maker, EjbDescriptor ejbDescriptor) throws GSSException {
if (logger.isLoggable(FINE)) {
logger.log(FINE, "IIOP: Creating CompoundSecMech");
}
if (ejbDescriptor == null) {
return null;
}
Set<EjbIORConfigurationDescriptor> iorDescriptors = getIORConfigurationDescriptors(ejbDescriptor);
CompoundSecMech[] mechList = new CompoundSecMech[iorDescriptors.size()];
Iterator<EjbIORConfigurationDescriptor> itr = iorDescriptors.iterator();
if (logger.isLoggable(FINE)) {
logger.log(FINE, "IORDescSet SIZE:" + iorDescriptors.size());
}
String realmName = DEFAULT_REALM;
for (int i = 0; i < iorDescriptors.size(); i++) {
EjbIORConfigurationDescriptor iorDescriptor = itr.next();
int targetRequires = getTargetRequires(iorDescriptor);
org.omg.IOP.TaggedComponent comp = maker.evaluate(iorDescriptor);
if (ejbDescriptor.getApplication() != null) {
realmName = ejbDescriptor.getApplication().getRealm();
}
if (realmName == null) {
realmName = iorDescriptor.getRealmName();
}
if (realmName == null) {
realmName = DEFAULT_REALM;
}
// Create AS_Context
AS_ContextSec asContext = createASContextSec(iorDescriptor, realmName);
// Create SAS_Context
SAS_ContextSec sasContext = createSASContextSec(iorDescriptor);
// Update the target requires value
int targ_req = targetRequires | asContext.target_requires | sasContext.target_requires;
// Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
mechList[i] = new CompoundSecMech((short) targ_req, comp, asContext, sasContext);
}
return mechList;
}
Also used :
AS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec)
SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)
CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)
SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
Example 4 with EjbIORConfigurationDescriptor
use of com.sun.enterprise.deployment.EjbIORConfigurationDescriptor in project Payara by payara.
the class EjbNode method writeDescriptor.
/**
* write the descriptor class to a DOM tree and return it
*
* @param parent node for the DOM tree
* @param node name for the descriptor
* @param the descriptor to write
* @return the DOM tree top node
*/
@Override
public Node writeDescriptor(Node parent, String nodeName, EjbDescriptor ejbDescriptor) {
Element ejbNode = (Element) super.writeDescriptor(parent, nodeName, ejbDescriptor);
appendTextChild(ejbNode, RuntimeTagNames.EJB_NAME, ejbDescriptor.getName());
appendTextChild(ejbNode, RuntimeTagNames.JNDI_NAME, ejbDescriptor.getJndiName());
RuntimeDescriptorNode.writeCommonComponentInfo(ejbNode, ejbDescriptor);
appendTextChild(ejbNode, RuntimeTagNames.PASS_BY_REFERENCE, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getPassByReference()));
if (ejbDescriptor instanceof IASEjbCMPEntityDescriptor) {
CmpNode cmpNode = new CmpNode();
cmpNode.writeDescriptor(ejbNode, RuntimeTagNames.CMP, (IASEjbCMPEntityDescriptor) ejbDescriptor);
}
// principal
if (Boolean.FALSE.equals(ejbDescriptor.getUsesCallerIdentity())) {
RunAsIdentityDescriptor raid = ejbDescriptor.getRunAsIdentity();
if (raid != null && raid.getPrincipal() != null) {
Node principalNode = appendChild(ejbNode, RuntimeTagNames.PRINCIPAL);
appendTextChild(principalNode, RuntimeTagNames.NAME, raid.getPrincipal());
}
}
if (ejbDescriptor instanceof EjbMessageBeanDescriptor) {
EjbMessageBeanDescriptor msgBeanDesc = (EjbMessageBeanDescriptor) ejbDescriptor;
// mdb-connection-factory?
if (ejbDescriptor.getIASEjbExtraDescriptors().getMdbConnectionFactory() != null) {
MDBConnectionFactoryNode mcfNode = new MDBConnectionFactoryNode();
mcfNode.writeDescriptor(ejbNode, RuntimeTagNames.MDB_CONNECTION_FACTORY, ejbDescriptor.getIASEjbExtraDescriptors().getMdbConnectionFactory());
}
// jms-durable-subscription-name
if (msgBeanDesc.hasDurableSubscription()) {
appendTextChild(ejbNode, RuntimeTagNames.DURABLE_SUBSCRIPTION, msgBeanDesc.getDurableSubscriptionName());
}
appendTextChild(ejbNode, RuntimeTagNames.JMS_MAX_MESSAGES_LOAD, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getJmsMaxMessagesLoad()));
}
// ior-configuration
IORConfigurationNode iorNode = new IORConfigurationNode();
for (EjbIORConfigurationDescriptor iorConf : ejbDescriptor.getIORConfigurationDescriptors()) {
iorNode.writeDescriptor(ejbNode, RuntimeTagNames.IOR_CONFIG, iorConf);
}
appendTextChild(ejbNode, RuntimeTagNames.IS_READ_ONLY_BEAN, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().isIsReadOnlyBean()));
appendTextChild(ejbNode, RuntimeTagNames.REFRESH_PERIOD_IN_SECONDS, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getRefreshPeriodInSeconds()));
appendTextChild(ejbNode, RuntimeTagNames.COMMIT_OPTION, ejbDescriptor.getIASEjbExtraDescriptors().getCommitOption());
appendTextChild(ejbNode, RuntimeTagNames.CMT_TIMEOUT_IN_SECONDS, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getCmtTimeoutInSeconds()));
appendTextChild(ejbNode, RuntimeTagNames.USE_THREAD_POOL_ID, ejbDescriptor.getIASEjbExtraDescriptors().getUseThreadPoolId());
// gen-classes
writeGenClasses(ejbNode, ejbDescriptor);
// bean-pool
BeanPoolDescriptor beanPoolDesc = ejbDescriptor.getIASEjbExtraDescriptors().getBeanPool();
if (beanPoolDesc != null) {
BeanPoolNode bpNode = new BeanPoolNode();
bpNode.writeDescriptor(ejbNode, RuntimeTagNames.BEAN_POOL, beanPoolDesc);
}
// bean-cache
BeanCacheDescriptor beanCacheDesc = ejbDescriptor.getIASEjbExtraDescriptors().getBeanCache();
if (beanCacheDesc != null) {
BeanCacheNode bcNode = new BeanCacheNode();
bcNode.writeDescriptor(ejbNode, RuntimeTagNames.BEAN_CACHE, beanCacheDesc);
}
if (ejbDescriptor instanceof EjbMessageBeanDescriptor) {
EjbMessageBeanDescriptor msgBeanDesc = (EjbMessageBeanDescriptor) ejbDescriptor;
if (msgBeanDesc.hasResourceAdapterMid()) {
MDBResourceAdapterNode mdb = new MDBResourceAdapterNode();
mdb.writeDescriptor(ejbNode, RuntimeTagNames.MDB_RESOURCE_ADAPTER, msgBeanDesc);
}
} else if (ejbDescriptor instanceof EjbSessionDescriptor) {
// web-services
WebServiceEndpointRuntimeNode wsRuntime = new WebServiceEndpointRuntimeNode();
wsRuntime.writeWebServiceEndpointInfo(ejbNode, ejbDescriptor);
}
// flush-at-end-of-method
FlushAtEndOfMethodDescriptor flushMethodDesc = ejbDescriptor.getIASEjbExtraDescriptors().getFlushAtEndOfMethodDescriptor();
if (flushMethodDesc != null) {
FlushAtEndOfMethodNode flushNode = new FlushAtEndOfMethodNode();
flushNode.writeDescriptor(ejbNode, RuntimeTagNames.FLUSH_AT_END_OF_METHOD, flushMethodDesc);
}
// checkpointed-methods
// checkpoint-at-end-of-method
CheckpointAtEndOfMethodDescriptor checkpointMethodDesc = ejbDescriptor.getIASEjbExtraDescriptors().getCheckpointAtEndOfMethodDescriptor();
if (checkpointMethodDesc != null) {
CheckpointAtEndOfMethodNode checkpointNode = new CheckpointAtEndOfMethodNode();
checkpointNode.writeDescriptor(ejbNode, RuntimeTagNames.CHECKPOINT_AT_END_OF_METHOD, checkpointMethodDesc);
}
if (ejbDescriptor.getIASEjbExtraDescriptors().getPerRequestLoadBalancing() != null) {
appendTextChild(ejbNode, RuntimeTagNames.PER_REQUEST_LOAD_BALANCING, String.valueOf(ejbDescriptor.getIASEjbExtraDescriptors().getPerRequestLoadBalancing()));
}
// availability-enabled
setAttribute(ejbNode, RuntimeTagNames.AVAILABILITY_ENABLED, ejbDescriptor.getIASEjbExtraDescriptors().getAttributeValue(IASEjbExtraDescriptors.AVAILABILITY_ENABLED));
return ejbNode;
}
Also used :
BeanCacheDescriptor(org.glassfish.ejb.deployment.descriptor.runtime.BeanCacheDescriptor)
WebServiceEndpointRuntimeNode(com.sun.enterprise.deployment.node.runtime.WebServiceEndpointRuntimeNode)
RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor)
XMLElement(com.sun.enterprise.deployment.node.XMLElement)
Element(org.w3c.dom.Element)
ResourceEnvRefNode(com.sun.enterprise.deployment.node.runtime.ResourceEnvRefNode)
WebServiceEndpointRuntimeNode(com.sun.enterprise.deployment.node.runtime.WebServiceEndpointRuntimeNode)
EjbRefNode(com.sun.enterprise.deployment.node.runtime.EjbRefNode)
ServiceRefNode(com.sun.enterprise.deployment.node.runtime.ServiceRefNode)
DeploymentDescriptorNode(com.sun.enterprise.deployment.node.DeploymentDescriptorNode)
ResourceRefNode(com.sun.enterprise.deployment.node.runtime.ResourceRefNode)
Node(org.w3c.dom.Node)
RuntimeDescriptorNode(com.sun.enterprise.deployment.node.runtime.RuntimeDescriptorNode)
MessageDestinationRefNode(com.sun.enterprise.deployment.node.runtime.MessageDestinationRefNode)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
IASEjbCMPEntityDescriptor(org.glassfish.ejb.deployment.descriptor.IASEjbCMPEntityDescriptor)
EjbMessageBeanDescriptor(org.glassfish.ejb.deployment.descriptor.EjbMessageBeanDescriptor)
EjbSessionDescriptor(com.sun.enterprise.deployment.EjbSessionDescriptor)
FlushAtEndOfMethodDescriptor(org.glassfish.ejb.deployment.descriptor.runtime.FlushAtEndOfMethodDescriptor)
BeanPoolDescriptor(com.sun.enterprise.deployment.runtime.BeanPoolDescriptor)
CheckpointAtEndOfMethodDescriptor(org.glassfish.ejb.deployment.descriptor.runtime.CheckpointAtEndOfMethodDescriptor)
Example 5 with EjbIORConfigurationDescriptor
use of com.sun.enterprise.deployment.EjbIORConfigurationDescriptor in project Payara by payara.
the class Audit method dumpDiagnostics.
/**
* Do the work for showACL().
*/
private static void dumpDiagnostics(Application app) {
logger.finest("====[ Role and ACL Summary ]==========");
if (!app.isVirtual()) {
logger.finest("Summary for application: " + app.getRegistrationName());
} else {
logger.finest("Standalone module.");
}
logger.finest("EJB components: " + getEjbComponentCount(app));
logger.finest("Web components: " + getWebComponentCount(app));
Iterator i;
StringBuilder sb;
// show all roles with associated group & user mappings
Set allRoles = app.getRoles();
if (allRoles == null) {
logger.finest("- No roles present.");
return;
}
SecurityRoleMapper rmap = app.getRoleMapper();
if (rmap == null) {
logger.finest("- No role mappings present.");
return;
}
i = allRoles.iterator();
logger.finest("--[ Configured roles and mappings ]--");
HashMap allRoleMap = new HashMap();
while (i.hasNext()) {
Role r = (Role) i.next();
logger.finest(" [" + r.getName() + "]");
allRoleMap.put(r.getName(), new HashSet());
sb = new StringBuilder();
sb.append(" is mapped to groups: ");
Enumeration grps = rmap.getGroupsAssignedTo(r);
while (grps.hasMoreElements()) {
sb.append(grps.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
sb = new StringBuilder();
sb.append(" is mapped to principals: ");
Enumeration users = rmap.getUsersAssignedTo(r);
while (users.hasMoreElements()) {
sb.append(users.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
}
// Process all EJB modules
Set ejbDescriptorSet = app.getBundleDescriptors(EjbBundleDescriptor.class);
i = ejbDescriptorSet.iterator();
while (i.hasNext()) {
EjbBundleDescriptor bundle = (EjbBundleDescriptor) i.next();
logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
Set ejbs = bundle.getEjbs();
Iterator it = ejbs.iterator();
while (it.hasNext()) {
EjbDescriptor ejb = (EjbDescriptor) it.next();
logger.finest("EJB: " + ejb.getEjbClassName());
// check and show run-as if present
if (!ejb.getUsesCallerIdentity()) {
RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
if (runas == null) {
logger.finest(" (ejb does not use caller " + "identity)");
} else {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
if (logger.isLoggable(Level.FINEST)) {
logger.finest("*** Configuration error!");
}
}
}
}
// iterate through available methods
logger.finest(" Method to Role restriction list:");
Set methods = ejb.getMethodDescriptors();
Iterator si = methods.iterator();
while (si.hasNext()) {
MethodDescriptor md = (MethodDescriptor) si.next();
logger.finest(" " + md.getFormattedString());
Set perms = ejb.getMethodPermissionsFor(md);
StringBuilder rbuf = new StringBuilder();
rbuf.append(" can only be invoked by: ");
Iterator sip = perms.iterator();
boolean unchecked = false, excluded = false, roleBased = false;
while (sip.hasNext()) {
MethodPermission p = (MethodPermission) sip.next();
if (p.isExcluded()) {
excluded = true;
logger.finest(" excluded - can not " + "be invoked");
} else if (p.isUnchecked()) {
unchecked = true;
logger.finest(" unchecked - can be " + "invoked by all");
} else if (p.isRoleBased()) {
roleBased = true;
Role r = p.getRole();
rbuf.append(r.getName());
rbuf.append(" ");
// add to role's accessible list
HashSet ram = (HashSet) allRoleMap.get(r.getName());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
}
if (roleBased) {
logger.finest(rbuf.toString());
if (excluded || unchecked) {
logger.finest("*** Configuration error!");
}
} else if (unchecked) {
if (excluded) {
logger.finest("*** Configuration error!");
}
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
HashSet ram = (HashSet) allRoleMap.get(rksi.next());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
} else if (!excluded) {
logger.finest("*** Configuration error!");
}
}
// IOR config for this ejb
logger.finest(" IOR configuration:");
Set iors = ejb.getIORConfigurationDescriptors();
if (iors != null) {
Iterator iorsi = iors.iterator();
while (iorsi.hasNext()) {
EjbIORConfigurationDescriptor ior = (EjbIORConfigurationDescriptor) iorsi.next();
StringBuilder iorsb = new StringBuilder();
iorsb.append("realm=");
iorsb.append(ior.getRealmName());
iorsb.append(", integrity=");
iorsb.append(ior.getIntegrity());
iorsb.append(", trust-in-target=");
iorsb.append(ior.getEstablishTrustInTarget());
iorsb.append(", trust-in-client=");
iorsb.append(ior.getEstablishTrustInClient());
iorsb.append(", propagation=");
iorsb.append(ior.getCallerPropagation());
iorsb.append(", auth-method=");
iorsb.append(ior.getAuthenticationMethod());
logger.finest(iorsb.toString());
}
}
}
}
// show role->accessible methods list
logger.finest("--[ EJB methods accessible by role ]--");
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
String roleName = (String) rksi.next();
logger.finest(" [" + roleName + "]");
HashSet ram = (HashSet) allRoleMap.get(roleName);
Iterator rami = ram.iterator();
while (rami.hasNext()) {
String meth = (String) rami.next();
logger.finest(" " + meth);
}
}
// Process all Web modules
Set webDescriptorSet = app.getBundleDescriptors(WebBundleDescriptor.class);
i = webDescriptorSet.iterator();
while (i.hasNext()) {
WebBundleDescriptor wbd = (WebBundleDescriptor) i.next();
logger.finest("--[ Web module: " + wbd.getContextRoot() + " ]--");
// login config
LoginConfiguration lconf = wbd.getLoginConfiguration();
if (lconf != null) {
logger.finest(" Login config: realm=" + lconf.getRealmName() + ", method=" + lconf.getAuthenticationMethod() + ", form=" + lconf.getFormLoginPage() + ", error=" + lconf.getFormErrorPage());
}
// get WebComponentDescriptorsSet() info
logger.finest(" Contains components:");
Set webComps = wbd.getWebComponentDescriptors();
Iterator webCompsIt = webComps.iterator();
while (webCompsIt.hasNext()) {
WebComponentDescriptor wcd = (WebComponentDescriptor) webCompsIt.next();
StringBuilder name = new StringBuilder();
name.append(" - " + wcd.getCanonicalName());
name.append(" [ ");
Enumeration urlPs = wcd.getUrlPatterns();
while (urlPs.hasMoreElements()) {
name.append(urlPs.nextElement().toString());
name.append(" ");
}
name.append("]");
logger.finest(name.toString());
RunAsIdentityDescriptor runas = wcd.getRunAsIdentity();
if (runas != null) {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
logger.finest("*** Configuration error!");
}
}
}
// security constraints
logger.finest(" Security constraints:");
Enumeration scEnum = wbd.getSecurityConstraints();
while (scEnum.hasMoreElements()) {
SecurityConstraint sc = (SecurityConstraint) scEnum.nextElement();
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
// show list of methods for this collection
StringBuilder sbm = new StringBuilder();
for (String httpMethod : wrc.getHttpMethods()) {
sbm.append(httpMethod);
sbm.append(" ");
}
logger.finest(" Using method: " + sbm.toString());
// and then list of url patterns
for (String urlPattern : wrc.getUrlPatterns()) {
logger.finest(" " + urlPattern);
}
}
// end res.collection iterator
// show roles which apply to above set of collections
AuthorizationConstraint authCons = sc.getAuthorizationConstraint();
Enumeration rolesEnum = authCons.getSecurityRoles();
StringBuilder rsb = new StringBuilder();
rsb.append(" Accessible by roles: ");
while (rolesEnum.hasMoreElements()) {
SecurityRole sr = (SecurityRole) rolesEnum.nextElement();
rsb.append(sr.getName());
rsb.append(" ");
}
logger.finest(rsb.toString());
// show transport guarantee
UserDataConstraint udc = sc.getUserDataConstraint();
if (udc != null) {
logger.finest(" Transport guarantee: " + udc.getTransportGuarantee());
}
}
// end sec.constraint
}
// end webDescriptorSet.iterator
logger.finest("======================================");
}
Also used :
SecurityRole(com.sun.enterprise.deployment.web.SecurityRole)
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor)
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
AuthorizationConstraint(com.sun.enterprise.deployment.web.AuthorizationConstraint)
LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration)
MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
SecurityRole(com.sun.enterprise.deployment.web.SecurityRole)
Role(org.glassfish.security.common.Role)
WebComponentDescriptor(com.sun.enterprise.deployment.WebComponentDescriptor)
EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
UserDataConstraint(com.sun.enterprise.deployment.web.UserDataConstraint)
Aggregations
EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)8
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)3
MethodPermission (com.sun.enterprise.deployment.MethodPermission)2
RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)2
Role (org.glassfish.security.common.Role)2
AS_ContextSec (com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec)1
CompoundSecMech (com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)1
SAS_ContextSec (com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)1
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1
EjbSessionDescriptor (com.sun.enterprise.deployment.EjbSessionDescriptor)1
MethodDescriptor (com.sun.enterprise.deployment.MethodDescriptor)1
WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)1
WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)1
DeploymentDescriptorNode (com.sun.enterprise.deployment.node.DeploymentDescriptorNode)1
XMLElement (com.sun.enterprise.deployment.node.XMLElement)1
EjbRefNode (com.sun.enterprise.deployment.node.runtime.EjbRefNode)1
MessageDestinationRefNode (com.sun.enterprise.deployment.node.runtime.MessageDestinationRefNode)1
ResourceEnvRefNode (com.sun.enterprise.deployment.node.runtime.ResourceEnvRefNode)1
ResourceRefNode (com.sun.enterprise.deployment.node.runtime.ResourceRefNode)1
RuntimeDescriptorNode (com.sun.enterprise.deployment.node.runtime.RuntimeDescriptorNode)1
