Example 1 with SecurityRoleAssignment
use of com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment in project Payara by payara.
the class WebSecurityManager method initialise.
private void initialise(String appName) throws PolicyContextException {
getPolicyFactory();
CODEBASE = removeSpaces(CONTEXT_ID);
// V3:Commented if(VirtualServer.ADMIN_VS.equals(getVirtualServers(appName))){
if (Constants.ADMIN_VS.equals(getVirtualServers(appName))) {
LoginConfiguration lgConf = wbd.getLoginConfiguration();
if (lgConf != null) {
String realmName = lgConf.getRealmName();
SunWebApp sunDes = wbd.getSunDescriptor();
if (sunDes != null) {
SecurityRoleMapping[] srms = sunDes.getSecurityRoleMapping();
if (srms != null) {
for (SecurityRoleMapping srm : srms) {
String[] principals = srm.getPrincipalName();
if (principals != null) {
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
for (String group : srm.getGroupNames()) {
wsmf.ADMIN_GROUP.put(realmName + group, new Group(group));
}
}
}
SecurityRoleAssignment[] sras = sunDes.getSecurityRoleAssignments();
if (sras != null) {
for (SecurityRoleAssignment sra : sras) {
List<String> principals = sra.getPrincipalNames();
if (sra.isExternallyDefined()) {
wsmf.ADMIN_GROUP.put(realmName + sra.getRoleName(), new Group(sra.getRoleName()));
continue;
}
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
}
}
}
}
// will require stuff in hash format for reference later on.
try {
java.net.URI uri = null;
try {
if (logger.isLoggable(Level.FINE))
logger.log(Level.FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
uri = new java.net.URI("file:///" + CODEBASE);
if (uri != null) {
codesource = new CodeSource(new URL(uri.toString()), (java.security.cert.Certificate[]) null);
}
} catch (java.net.URISyntaxException use) {
// manually create the URL
logger.log(Level.FINE, "[Web-Security] Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch (java.net.MalformedURLException mue) {
logger.log(Level.SEVERE, "[Web-Security] Exception while getting the CodeSource", mue);
throw new RuntimeException(mue);
}
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "[Web-Security] Context id (id under which WEB component in application will be created) = {0}", CONTEXT_ID);
logger.log(Level.FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
}
loadPolicyConfiguration();
if (uncheckedPermissionCache == null) {
if (register) {
uncheckedPermissionCache = PermissionCacheFactory.createPermissionCache(this.CONTEXT_ID, codesource, protoPerms, null);
allResourcesCP = new CachedPermissionImpl(uncheckedPermissionCache, allResources);
allConnectionsCP = new CachedPermissionImpl(uncheckedPermissionCache, allConnections);
}
} else {
uncheckedPermissionCache.reset();
}
}
Also used :
SunWebApp(com.sun.enterprise.deployment.runtime.web.SunWebApp)
Group(org.glassfish.security.common.Group)
SecurityRoleMapping(com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)
LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration)
URL(java.net.URL)
CachedPermissionImpl(com.sun.enterprise.security.ee.CachedPermissionImpl)
PrincipalImpl(org.glassfish.security.common.PrincipalImpl)
SecurityRoleAssignment(com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)
Example 2 with SecurityRoleAssignment
use of com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment in project Payara by payara.
the class SecurityRoleAssignmentNode method writeDescriptors.
/**
* write all occurrences of the descriptor corresponding to the current
* node from the parent descriptor to an JAXP DOM node and return it
*
* This API will be invoked by the parent node when the parent node
* writes out a mix of statically and dynamically registered sub nodes.
*
* This method should be overriden by the sub classes if it
* needs to be called by the parent node.
*
* @param parent node in the DOM tree
* @param nodeName the name of the node
* @param parentDesc parent descriptor of the descriptor to be written
* @return the JAXP DOM node
*/
@Override
public Node writeDescriptors(Node parent, String nodeName, Descriptor parentDesc) {
if (parentDesc instanceof WebBundleDescriptor) {
WebBundleDescriptor webBundleDescriptor = (WebBundleDescriptor) parentDesc;
// security-role-assignment*
SecurityRoleAssignment[] securityRoleAssignments = webBundleDescriptor.getSunDescriptor().getSecurityRoleAssignments();
for (SecurityRoleAssignment securityRoleAssignment : securityRoleAssignments) {
writeDescriptor(parent, nodeName, securityRoleAssignment);
}
}
return parent;
}
Also used :
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
SecurityRoleAssignment(com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)
Example 3 with SecurityRoleAssignment
use of com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment in project Payara by payara.
the class JaccWebAuthorizationManager method initialise.
/**
* Initialise this class and specifically load permissions into the JACC Policy Configuration.
*
* @param appName
* @throws PolicyContextException
*/
private void initialise(String appName) throws PolicyContextException {
logger.finest(() -> String.format("initialise(appName=%s)", appName));
getPolicyFactory();
CODEBASE = removeSpaces(CONTEXT_ID);
if (ADMIN_VS.equals(getVirtualServers(appName))) {
LoginConfiguration loginConfiguration = webBundleDescriptor.getLoginConfiguration();
if (loginConfiguration != null) {
String realmName = loginConfiguration.getRealmName();
// Process mappings from sun-web.xml
SunWebApp sunDes = webBundleDescriptor.getSunDescriptor();
if (sunDes != null) {
SecurityRoleMapping[] roleMappings = sunDes.getSecurityRoleMapping();
if (roleMappings != null) {
for (SecurityRoleMapping roleMapping : roleMappings) {
for (String principal : roleMapping.getPrincipalName()) {
webSecurityManagerFactory.addAdminPrincipal(principal, realmName, new PrincipalImpl(principal));
}
for (String group : roleMapping.getGroupNames()) {
webSecurityManagerFactory.addAdminGroup(group, realmName, new Group(group));
}
}
}
SecurityRoleAssignment[] roleAssignments = sunDes.getSecurityRoleAssignments();
if (roleAssignments != null) {
for (SecurityRoleAssignment roleAssignment : roleAssignments) {
if (roleAssignment.isExternallyDefined()) {
webSecurityManagerFactory.addAdminGroup(roleAssignment.getRoleName(), realmName, new Group(roleAssignment.getRoleName()));
continue;
}
for (String principal : roleAssignment.getPrincipalNames()) {
webSecurityManagerFactory.addAdminPrincipal(principal, realmName, new PrincipalImpl(principal));
}
}
}
}
}
}
// Will require stuff in hash format for reference later on.
try {
try {
logger.log(FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
URI uri = new URI("file:///" + CODEBASE);
if (uri != null) {
codesource = new CodeSource(new URL(uri.toString()), (Certificate[]) null);
}
} catch (URISyntaxException use) {
// Manually create the URL
logger.log(FINE, "[Web-Security] Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch (MalformedURLException mue) {
logger.log(SEVERE, "[Web-Security] Exception while getting the CodeSource", mue);
throw new RuntimeException(mue);
}
logger.log(FINE, "[Web-Security] Context id (id under which WEB component in application will be created) = {0}", CONTEXT_ID);
logger.log(FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
// Generate permissions and store these into the JACC policyConfiguration
// The JACC Policy (to which we delegate) will use these permissions later to make authorization decisions.
loadPermissionsInToPolicyConfiguration();
if (uncheckedPermissionCache == null) {
if (register) {
uncheckedPermissionCache = PermissionCacheFactory.createPermissionCache(CONTEXT_ID, codesource, protoPerms, null);
allResourcesCachedPermission = new CachedPermissionImpl(uncheckedPermissionCache, allResources);
allConnectionsCachedPermission = new CachedPermissionImpl(uncheckedPermissionCache, allConnections);
}
} else {
uncheckedPermissionCache.reset();
}
}
Also used :
SunWebApp(com.sun.enterprise.deployment.runtime.web.SunWebApp)
Group(org.glassfish.security.common.Group)
MalformedURLException(java.net.MalformedURLException)
SecurityRoleMapping(com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)
LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration)
URISyntaxException(java.net.URISyntaxException)
CodeSource(java.security.CodeSource)
URI(java.net.URI)
URL(java.net.URL)
CachedPermissionImpl(com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)
PrincipalImpl(org.glassfish.security.common.PrincipalImpl)
SecurityRoleAssignment(com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)
Aggregations
SecurityRoleAssignment (com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)3
SecurityRoleMapping (com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)2
SunWebApp (com.sun.enterprise.deployment.runtime.web.SunWebApp)2
LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)2
URL (java.net.URL)2
Group (org.glassfish.security.common.Group)2
PrincipalImpl (org.glassfish.security.common.PrincipalImpl)2
WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)1
CachedPermissionImpl (com.sun.enterprise.security.ee.CachedPermissionImpl)1
CachedPermissionImpl (com.sun.enterprise.security.jacc.cache.CachedPermissionImpl)1
MalformedURLException (java.net.MalformedURLException)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
CodeSource (java.security.CodeSource)1
