use of com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping in project Payara by payara.
the class ApplicationRuntimeNode method writeDescriptor.
/**
* write the descriptor class to a DOM tree and return it
*
* @param parent node for the DOM tree
* @param nodeName the node name
* @param application the descriptor to write
* @return the DOM tree top node
*/
public Node writeDescriptor(Node parent, String nodeName, Application application) {
Node appNode = super.writeDescriptor(parent, nodeName, application);
// web*
for (ModuleDescriptor module : application.getModules()) {
if (module.getModuleType().equals(DOLUtils.warType())) {
Node web = appendChild(appNode, RuntimeTagNames.WEB);
appendTextChild(web, RuntimeTagNames.WEB_URI, module.getArchiveUri());
appendTextChild(web, RuntimeTagNames.CONTEXT_ROOT, module.getContextRoot());
}
}
// pass-by-reference ?
if (application.isPassByReferenceDefined()) {
appendTextChild(appNode, RuntimeTagNames.PASS_BY_REFERENCE, String.valueOf(application.getPassByReference()));
}
// NOTE : unique-id is no longer written out to sun-ejb-jar.xml. It is persisted via
// domain.xml deployment context properties instead.
// security-role-mapping*
List<SecurityRoleMapping> roleMappings = application.getSecurityRoleMappings();
for (int i = 0; i < roleMappings.size(); i++) {
SecurityRoleMappingNode srmn = new SecurityRoleMappingNode();
srmn.writeDescriptor(appNode, RuntimeTagNames.SECURITY_ROLE_MAPPING, roleMappings.get(i));
}
// realm?
appendTextChild(appNode, RuntimeTagNames.REALM, application.getRealm());
// references
RuntimeDescriptorNode.writeCommonComponentInfo(appNode, application);
RuntimeDescriptorNode.writeMessageDestinationInfo(appNode, application);
// archive-name
appendTextChild(appNode, RuntimeTagNames.ARCHIVE_NAME, application.getArchiveName());
// compatibility
appendTextChild(appNode, RuntimeTagNames.COMPATIBILITY, application.getCompatibility());
// keep-state
appendTextChild(appNode, RuntimeTagNames.KEEP_STATE, String.valueOf(application.getKeepState()));
return appNode;
}
use of com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping in project Payara by payara.
the class ApplicationRuntimeNode method addDescriptor.
/**
* Adds a new DOL descriptor instance to the descriptor instance associated with
* this XMLNode
*
* @param newDescriptor the new descriptor
*/
public void addDescriptor(Object newDescriptor) {
if (newDescriptor instanceof SecurityRoleMapping) {
SecurityRoleMapping roleMap = (SecurityRoleMapping) newDescriptor;
if (descriptor != null && !descriptor.isVirtual()) {
descriptor.addSecurityRoleMapping(roleMap);
Role role = new Role(roleMap.getRoleName());
SecurityRoleMapper rm = descriptor.getRoleMapper();
if (rm != null) {
List<PrincipalNameDescriptor> principals = roleMap.getPrincipalNames();
for (int i = 0; i < principals.size(); i++) {
rm.assignRole(principals.get(i).getPrincipal(), role, descriptor);
}
List<String> groups = roleMap.getGroupNames();
for (int i = 0; i < groups.size(); i++) {
rm.assignRole(new Group(groups.get(i)), role, descriptor);
}
}
}
} else if (newDescriptor instanceof ResourcePropertyDescriptor) {
ResourcePropertyDescriptor desc = (ResourcePropertyDescriptor) newDescriptor;
if ("default-role-mapping".equals(desc.getName())) {
descriptor.setDefaultGroupPrincipalMapping(ConfigBeansUtilities.toBoolean(desc.getValue()));
}
}
}
use of com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping in project Payara by payara.
the class JaccWebAuthorizationManager method initialise.
/**
* Initialise this class and specifically load permissions into the JACC Policy Configuration.
*
* @param appName
* @throws PolicyContextException
*/
private void initialise(String appName) throws PolicyContextException {
logger.finest(() -> String.format("initialise(appName=%s)", appName));
getPolicyFactory();
CODEBASE = removeSpaces(CONTEXT_ID);
if (ADMIN_VS.equals(getVirtualServers(appName))) {
LoginConfiguration loginConfiguration = webBundleDescriptor.getLoginConfiguration();
if (loginConfiguration != null) {
String realmName = loginConfiguration.getRealmName();
// Process mappings from sun-web.xml
SunWebApp sunDes = webBundleDescriptor.getSunDescriptor();
if (sunDes != null) {
SecurityRoleMapping[] roleMappings = sunDes.getSecurityRoleMapping();
if (roleMappings != null) {
for (SecurityRoleMapping roleMapping : roleMappings) {
for (String principal : roleMapping.getPrincipalName()) {
webSecurityManagerFactory.addAdminPrincipal(principal, realmName, new PrincipalImpl(principal));
}
for (String group : roleMapping.getGroupNames()) {
webSecurityManagerFactory.addAdminGroup(group, realmName, new Group(group));
}
}
}
SecurityRoleAssignment[] roleAssignments = sunDes.getSecurityRoleAssignments();
if (roleAssignments != null) {
for (SecurityRoleAssignment roleAssignment : roleAssignments) {
if (roleAssignment.isExternallyDefined()) {
webSecurityManagerFactory.addAdminGroup(roleAssignment.getRoleName(), realmName, new Group(roleAssignment.getRoleName()));
continue;
}
for (String principal : roleAssignment.getPrincipalNames()) {
webSecurityManagerFactory.addAdminPrincipal(principal, realmName, new PrincipalImpl(principal));
}
}
}
}
}
}
// Will require stuff in hash format for reference later on.
try {
try {
logger.log(FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
URI uri = new URI("file:///" + CODEBASE);
if (uri != null) {
codesource = new CodeSource(new URL(uri.toString()), (Certificate[]) null);
}
} catch (URISyntaxException use) {
// Manually create the URL
logger.log(FINE, "[Web-Security] Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch (MalformedURLException mue) {
logger.log(SEVERE, "[Web-Security] Exception while getting the CodeSource", mue);
throw new RuntimeException(mue);
}
logger.log(FINE, "[Web-Security] Context id (id under which WEB component in application will be created) = {0}", CONTEXT_ID);
logger.log(FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
// Generate permissions and store these into the JACC policyConfiguration
// The JACC Policy (to which we delegate) will use these permissions later to make authorization decisions.
loadPermissionsInToPolicyConfiguration();
if (uncheckedPermissionCache == null) {
if (register) {
uncheckedPermissionCache = PermissionCacheFactory.createPermissionCache(CONTEXT_ID, codesource, protoPerms, null);
allResourcesCachedPermission = new CachedPermissionImpl(uncheckedPermissionCache, allResources);
allConnectionsCachedPermission = new CachedPermissionImpl(uncheckedPermissionCache, allConnections);
}
} else {
uncheckedPermissionCache.reset();
}
}
Aggregations