Example 6 with WebBundleDescriptor
use of com.sun.enterprise.deployment.WebBundleDescriptor in project Payara by payara.
the class ClusterReaderHelper method getWebModules.
/**
* Returns the web module readers for a set of application refs.
*
* @param _configCtx Current Config context
* @param refs Application ref(s) from cluster or stand alone
* instance
* @param target Name of the cluster or stand alone instance
*
* @return WebModuleReader[] Array of the corresponding web module
* reader(s).
*
* @throws LbReaderException In case of any error(s).
*/
public static WebModuleReader[] getWebModules(Domain domain, ApplicationRegistry appRegistry, List<ApplicationRef> refs, String target) {
List<WebModuleReader> list = new ArrayList<WebModuleReader>();
Set<String> contextRoots = new HashSet<String>();
Iterator<ApplicationRef> refAppsIter = refs.iterator();
HashMap<String, ApplicationRef> refferedApps = new HashMap<String, ApplicationRef>();
while (refAppsIter.hasNext()) {
ApplicationRef appRef = refAppsIter.next();
refferedApps.put(appRef.getRef(), appRef);
}
Applications applications = domain.getApplications();
Set<Application> apps = new HashSet<Application>();
apps.addAll(applications.getApplicationsWithSnifferType("web"));
apps.addAll(applications.getApplicationsWithSnifferType("webservices"));
Iterator<Application> appsIter = apps.iterator();
while (appsIter.hasNext()) {
Application app = appsIter.next();
String appName = app.getName();
if (!refferedApps.containsKey(appName)) {
continue;
}
ApplicationInfo appInfo = appRegistry.get(appName);
if (appInfo == null) {
String msg = LbLogUtil.getStringManager().getString("UnableToGetAppInfo", appName);
LbLogUtil.getLogger().log(Level.WARNING, msg);
continue;
}
com.sun.enterprise.deployment.Application depApp = appInfo.getMetaData(com.sun.enterprise.deployment.Application.class);
Iterator<BundleDescriptor> bundleDescriptorIter = depApp.getBundleDescriptors().iterator();
while (bundleDescriptorIter.hasNext()) {
BundleDescriptor bundleDescriptor = bundleDescriptorIter.next();
try {
if (bundleDescriptor instanceof WebBundleDescriptor) {
WebModuleReader wmr = new WebModuleReaderImpl(appName, refferedApps.get(appName), app, (WebBundleDescriptor) bundleDescriptor);
if (!contextRoots.contains(wmr.getContextRoot())) {
contextRoots.add(wmr.getContextRoot());
list.add(wmr);
}
} else if (bundleDescriptor instanceof EjbBundleDescriptor) {
EjbBundleDescriptor ejbBundleDescriptor = (EjbBundleDescriptor) bundleDescriptor;
if (!ejbBundleDescriptor.hasWebServices()) {
continue;
}
Iterator<WebServiceEndpoint> wsIter = ejbBundleDescriptor.getWebServices().getEndpoints().iterator();
while (wsIter.hasNext()) {
WebServiceEndpointReaderImpl wsr = new WebServiceEndpointReaderImpl(appName, refferedApps.get(appName), app, wsIter.next());
if (!contextRoots.contains(wsr.getContextRoot())) {
contextRoots.add(wsr.getContextRoot());
list.add(wsr);
}
}
}
} catch (LbReaderException ex) {
String msg = LbLogUtil.getStringManager().getString("UnableToGetContextRoot", appName, ex.getMessage());
LbLogUtil.getLogger().log(Level.WARNING, msg);
if (LbLogUtil.getLogger().isLoggable(Level.FINE)) {
LbLogUtil.getLogger().log(Level.FINE, "Exception when getting context root for application", ex);
}
}
}
}
contextRoots.clear();
// returns the web module reader as array
WebModuleReader[] webModules = new WebModuleReader[list.size()];
return (WebModuleReader[]) list.toArray(webModules);
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ApplicationInfo(org.glassfish.internal.data.ApplicationInfo)
ApplicationRef(com.sun.enterprise.config.serverbeans.ApplicationRef)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
Iterator(java.util.Iterator)
LbReaderException(org.glassfish.loadbalancer.admin.cli.reader.api.LbReaderException)
HashSet(java.util.HashSet)
WebModuleReader(org.glassfish.loadbalancer.admin.cli.reader.api.WebModuleReader)
Applications(com.sun.enterprise.config.serverbeans.Applications)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor)
BundleDescriptor(com.sun.enterprise.deployment.BundleDescriptor)
EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor)
Application(com.sun.enterprise.config.serverbeans.Application)
Example 7 with WebBundleDescriptor
use of com.sun.enterprise.deployment.WebBundleDescriptor in project Payara by payara.
the class RolesAllowedAutoDiscoverable method configure.
@Override
public void configure(FeatureContext context) {
boolean shouldRegister = true;
BundleDescriptor descriptor = getCurrentBundleForContext(getDefaultHabitat().getService(Deployment.class).getCurrentDeploymentContext());
if (descriptor instanceof WebBundleDescriptor) {
shouldRegister = ((WebBundleDescriptor) descriptor).isJaxrsRolesAllowedEnabled();
}
if (shouldRegister && !context.getConfiguration().isRegistered(RolesAllowedDynamicFeature.class)) {
context.register(RolesAllowedDynamicFeature.class);
}
}
Also used :
BundleDescriptor(com.sun.enterprise.deployment.BundleDescriptor)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
Example 8 with WebBundleDescriptor
use of com.sun.enterprise.deployment.WebBundleDescriptor in project Payara by payara.
the class Audit method dumpDiagnostics.
/**
* Do the work for showACL().
*/
private static void dumpDiagnostics(Application app) {
logger.finest("====[ Role and ACL Summary ]==========");
if (!app.isVirtual()) {
logger.finest("Summary for application: " + app.getRegistrationName());
} else {
logger.finest("Standalone module.");
}
logger.finest("EJB components: " + getEjbComponentCount(app));
logger.finest("Web components: " + getWebComponentCount(app));
Iterator i;
StringBuffer sb;
// show all roles with associated group & user mappings
Set allRoles = app.getRoles();
if (allRoles == null) {
logger.finest("- No roles present.");
return;
}
SecurityRoleMapper rmap = app.getRoleMapper();
if (rmap == null) {
logger.finest("- No role mappings present.");
return;
}
i = allRoles.iterator();
logger.finest("--[ Configured roles and mappings ]--");
HashMap allRoleMap = new HashMap();
while (i.hasNext()) {
Role r = (Role) i.next();
logger.finest(" [" + r.getName() + "]");
allRoleMap.put(r.getName(), new HashSet());
sb = new StringBuffer();
sb.append(" is mapped to groups: ");
Enumeration grps = rmap.getGroupsAssignedTo(r);
while (grps.hasMoreElements()) {
sb.append(grps.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
sb = new StringBuffer();
sb.append(" is mapped to principals: ");
Enumeration users = rmap.getUsersAssignedTo(r);
while (users.hasMoreElements()) {
sb.append(users.nextElement());
sb.append(" ");
}
logger.finest(sb.toString());
}
// Process all EJB modules
Set ejbDescriptorSet = app.getBundleDescriptors(EjbBundleDescriptor.class);
i = ejbDescriptorSet.iterator();
while (i.hasNext()) {
EjbBundleDescriptor bundle = (EjbBundleDescriptor) i.next();
logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
Set ejbs = bundle.getEjbs();
Iterator it = ejbs.iterator();
while (it.hasNext()) {
EjbDescriptor ejb = (EjbDescriptor) it.next();
logger.finest("EJB: " + ejb.getEjbClassName());
// check and show run-as if present
if (!ejb.getUsesCallerIdentity()) {
RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
if (runas == null) {
logger.finest(" (ejb does not use caller " + "identity)");
} else {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
if (logger.isLoggable(Level.FINEST)) {
logger.finest("*** Configuration error!");
}
}
}
}
// iterate through available methods
logger.finest(" Method to Role restriction list:");
Set methods = ejb.getMethodDescriptors();
Iterator si = methods.iterator();
while (si.hasNext()) {
MethodDescriptor md = (MethodDescriptor) si.next();
logger.finest(" " + md.getFormattedString());
Set perms = ejb.getMethodPermissionsFor(md);
StringBuffer rbuf = new StringBuffer();
rbuf.append(" can only be invoked by: ");
Iterator sip = perms.iterator();
boolean unchecked = false, excluded = false, roleBased = false;
while (sip.hasNext()) {
MethodPermission p = (MethodPermission) sip.next();
if (p.isExcluded()) {
excluded = true;
logger.finest(" excluded - can not " + "be invoked");
} else if (p.isUnchecked()) {
unchecked = true;
logger.finest(" unchecked - can be " + "invoked by all");
} else if (p.isRoleBased()) {
roleBased = true;
Role r = p.getRole();
rbuf.append(r.getName());
rbuf.append(" ");
// add to role's accessible list
HashSet ram = (HashSet) allRoleMap.get(r.getName());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
}
if (roleBased) {
logger.finest(rbuf.toString());
if (excluded || unchecked) {
logger.finest("*** Configuration error!");
}
} else if (unchecked) {
if (excluded) {
logger.finest("*** Configuration error!");
}
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
HashSet ram = (HashSet) allRoleMap.get(rksi.next());
ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
}
} else if (!excluded) {
logger.finest("*** Configuration error!");
}
}
// IOR config for this ejb
logger.finest(" IOR configuration:");
Set iors = ejb.getIORConfigurationDescriptors();
if (iors != null) {
Iterator iorsi = iors.iterator();
while (iorsi.hasNext()) {
EjbIORConfigurationDescriptor ior = (EjbIORConfigurationDescriptor) iorsi.next();
StringBuffer iorsb = new StringBuffer();
iorsb.append("realm=");
iorsb.append(ior.getRealmName());
iorsb.append(", integrity=");
iorsb.append(ior.getIntegrity());
iorsb.append(", trust-in-target=");
iorsb.append(ior.getEstablishTrustInTarget());
iorsb.append(", trust-in-client=");
iorsb.append(ior.getEstablishTrustInClient());
iorsb.append(", propagation=");
iorsb.append(ior.getCallerPropagation());
iorsb.append(", auth-method=");
iorsb.append(ior.getAuthenticationMethod());
logger.finest(iorsb.toString());
}
}
}
}
// show role->accessible methods list
logger.finest("--[ EJB methods accessible by role ]--");
Set rks = allRoleMap.keySet();
Iterator rksi = rks.iterator();
while (rksi.hasNext()) {
String roleName = (String) rksi.next();
logger.finest(" [" + roleName + "]");
HashSet ram = (HashSet) allRoleMap.get(roleName);
Iterator rami = ram.iterator();
while (rami.hasNext()) {
String meth = (String) rami.next();
logger.finest(" " + meth);
}
}
// Process all Web modules
Set webDescriptorSet = app.getBundleDescriptors(WebBundleDescriptor.class);
i = webDescriptorSet.iterator();
while (i.hasNext()) {
WebBundleDescriptor wbd = (WebBundleDescriptor) i.next();
logger.finest("--[ Web module: " + wbd.getContextRoot() + " ]--");
// login config
LoginConfiguration lconf = wbd.getLoginConfiguration();
if (lconf != null) {
logger.finest(" Login config: realm=" + lconf.getRealmName() + ", method=" + lconf.getAuthenticationMethod() + ", form=" + lconf.getFormLoginPage() + ", error=" + lconf.getFormErrorPage());
}
// get WebComponentDescriptorsSet() info
logger.finest(" Contains components:");
Set webComps = wbd.getWebComponentDescriptors();
Iterator webCompsIt = webComps.iterator();
while (webCompsIt.hasNext()) {
WebComponentDescriptor wcd = (WebComponentDescriptor) webCompsIt.next();
StringBuffer name = new StringBuffer();
name.append(" - " + wcd.getCanonicalName());
name.append(" [ ");
Enumeration urlPs = wcd.getUrlPatterns();
while (urlPs.hasMoreElements()) {
name.append(urlPs.nextElement().toString());
name.append(" ");
}
name.append("]");
logger.finest(name.toString());
RunAsIdentityDescriptor runas = wcd.getRunAsIdentity();
if (runas != null) {
String role = runas.getRoleName();
String user = runas.getPrincipal();
logger.finest(" Will run-as: Role: " + role + " Principal: " + user);
if (role == null || "".equals(role) || user == null || "".equals(user)) {
logger.finest("*** Configuration error!");
}
}
}
// security constraints
logger.finest(" Security constraints:");
Enumeration scEnum = wbd.getSecurityConstraints();
while (scEnum.hasMoreElements()) {
SecurityConstraint sc = (SecurityConstraint) scEnum.nextElement();
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
// show list of methods for this collection
StringBuffer sbm = new StringBuffer();
for (String httpMethod : wrc.getHttpMethods()) {
sbm.append(httpMethod);
sbm.append(" ");
}
logger.finest(" Using method: " + sbm.toString());
// and then list of url patterns
for (String urlPattern : wrc.getUrlPatterns()) {
logger.finest(" " + urlPattern);
}
}
// end res.collection iterator
// show roles which apply to above set of collections
AuthorizationConstraint authCons = sc.getAuthorizationConstraint();
Enumeration rolesEnum = authCons.getSecurityRoles();
StringBuffer rsb = new StringBuffer();
rsb.append(" Accessible by roles: ");
while (rolesEnum.hasMoreElements()) {
SecurityRole sr = (SecurityRole) rolesEnum.nextElement();
rsb.append(sr.getName());
rsb.append(" ");
}
logger.finest(rsb.toString());
// show transport guarantee
UserDataConstraint udc = sc.getUserDataConstraint();
if (udc != null) {
logger.finest(" Transport guarantee: " + udc.getTransportGuarantee());
}
}
// end sec.constraint
}
// end webDescriptorSet.iterator
logger.finest("======================================");
}
Also used :
SecurityRole(com.sun.enterprise.deployment.web.SecurityRole)
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor)
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
AuthorizationConstraint(com.sun.enterprise.deployment.web.AuthorizationConstraint)
LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration)
MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
MethodPermission(com.sun.enterprise.deployment.MethodPermission)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
SecurityRole(com.sun.enterprise.deployment.web.SecurityRole)
Role(org.glassfish.security.common.Role)
WebComponentDescriptor(com.sun.enterprise.deployment.WebComponentDescriptor)
EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
UserDataConstraint(com.sun.enterprise.deployment.web.UserDataConstraint)
Example 9 with WebBundleDescriptor
use of com.sun.enterprise.deployment.WebBundleDescriptor in project Payara by payara.
the class SecurityDeployer method handleCNonceCacheBSInit.
private void handleCNonceCacheBSInit(String appName, Set<WebBundleDescriptor> webDesc, boolean isHA) {
boolean hasDigest = false;
for (WebBundleDescriptor webBD : webDesc) {
LoginConfiguration lc = webBD.getLoginConfiguration();
if (lc != null && LoginConfiguration.DIGEST_AUTHENTICATION.equals(lc.getAuthenticationMethod())) {
hasDigest = true;
break;
}
}
if (!hasDigest) {
return;
}
// initialize the backing stores as well for cnonce cache.
if (isHaEnabled() && isHA) {
final String clusterName = haUtil.getClusterName();
final String instanceName = haUtil.getInstanceName();
if (cnonceCacheFactory != null) {
CNonceCache cache = cnonceCacheFactory.createCNonceCache(appName, clusterName, instanceName, HA_CNONCE_BS_NAME);
this.appCnonceMap.put(appName, cache);
}
}
}
Also used :
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration)
CNonceCache(org.glassfish.security.common.CNonceCache)
Example 10 with WebBundleDescriptor
use of com.sun.enterprise.deployment.WebBundleDescriptor in project Payara by payara.
the class SecurityDeployer method generateArtifacts.
// creates security policy if needed
@Override
protected void generateArtifacts(DeploymentContext dc) throws DeploymentException {
OpsParams params = dc.getCommandParameters(OpsParams.class);
if (params.origin.isArtifactsPresent()) {
return;
}
String appName = params.name();
try {
Application app = dc.getModuleMetaData(Application.class);
Set<WebBundleDescriptor> webDesc = app.getBundleDescriptors(WebBundleDescriptor.class);
if (webDesc == null) {
return;
}
for (WebBundleDescriptor webBD : webDesc) {
loadPolicy(webBD, false);
}
} catch (Exception se) {
String msg = "Error in generating security policy for " + appName;
throw new DeploymentException(msg, se);
}
}
Also used :
OpsParams(org.glassfish.api.deployment.OpsParams)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
DeploymentException(org.glassfish.deployment.common.DeploymentException)
DummyApplication(org.glassfish.deployment.common.DummyApplication)
Application(com.sun.enterprise.deployment.Application)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
DeploymentException(org.glassfish.deployment.common.DeploymentException)
Aggregations
WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)47
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)14
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)10
BundleDescriptor (com.sun.enterprise.deployment.BundleDescriptor)9
WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)7
Application (com.sun.enterprise.deployment.Application)6
ApplicationClientDescriptor (com.sun.enterprise.deployment.ApplicationClientDescriptor)5
ArrayList (java.util.ArrayList)4
ApplicationInfo (org.glassfish.internal.data.ApplicationInfo)4
JndiNameEnvironment (com.sun.enterprise.deployment.JndiNameEnvironment)3
ManagedBeanDescriptor (com.sun.enterprise.deployment.ManagedBeanDescriptor)3
SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)3
WebResourceCollection (com.sun.enterprise.deployment.web.WebResourceCollection)3
IASSecurityException (com.sun.enterprise.security.util.IASSecurityException)3
Iterator (java.util.Iterator)3
ConnectorDescriptor (com.sun.enterprise.deployment.ConnectorDescriptor)2
JMSDestinationDefinitionDescriptor (com.sun.enterprise.deployment.JMSDestinationDefinitionDescriptor)2
XMLNode (com.sun.enterprise.deployment.node.XMLNode)2
LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)2
File (java.io.File)2
