Search in sources :

Example 1 with SecurityRole

use of com.sun.enterprise.deployment.web.SecurityRole in project Payara by payara.

the class Audit method dumpDiagnostics.

/**
 * Do the work for showACL().
 */
private static void dumpDiagnostics(Application app) {
    logger.finest("====[ Role and ACL Summary ]==========");
    if (!app.isVirtual()) {
        logger.finest("Summary for application: " + app.getRegistrationName());
    } else {
        logger.finest("Standalone module.");
    }
    logger.finest("EJB components: " + getEjbComponentCount(app));
    logger.finest("Web components: " + getWebComponentCount(app));
    Iterator i;
    StringBuffer sb;
    // show all roles with associated group & user mappings
    Set allRoles = app.getRoles();
    if (allRoles == null) {
        logger.finest("- No roles present.");
        return;
    }
    SecurityRoleMapper rmap = app.getRoleMapper();
    if (rmap == null) {
        logger.finest("- No role mappings present.");
        return;
    }
    i = allRoles.iterator();
    logger.finest("--[ Configured roles and mappings ]--");
    HashMap allRoleMap = new HashMap();
    while (i.hasNext()) {
        Role r = (Role) i.next();
        logger.finest(" [" + r.getName() + "]");
        allRoleMap.put(r.getName(), new HashSet());
        sb = new StringBuffer();
        sb.append("  is mapped to groups: ");
        Enumeration grps = rmap.getGroupsAssignedTo(r);
        while (grps.hasMoreElements()) {
            sb.append(grps.nextElement());
            sb.append(" ");
        }
        logger.finest(sb.toString());
        sb = new StringBuffer();
        sb.append("  is mapped to principals: ");
        Enumeration users = rmap.getUsersAssignedTo(r);
        while (users.hasMoreElements()) {
            sb.append(users.nextElement());
            sb.append(" ");
        }
        logger.finest(sb.toString());
    }
    // Process all EJB modules
    Set ejbDescriptorSet = app.getBundleDescriptors(EjbBundleDescriptor.class);
    i = ejbDescriptorSet.iterator();
    while (i.hasNext()) {
        EjbBundleDescriptor bundle = (EjbBundleDescriptor) i.next();
        logger.finest("--[ EJB module: " + bundle.getName() + " ]--");
        Set ejbs = bundle.getEjbs();
        Iterator it = ejbs.iterator();
        while (it.hasNext()) {
            EjbDescriptor ejb = (EjbDescriptor) it.next();
            logger.finest("EJB: " + ejb.getEjbClassName());
            // check and show run-as if present
            if (!ejb.getUsesCallerIdentity()) {
                RunAsIdentityDescriptor runas = ejb.getRunAsIdentity();
                if (runas == null) {
                    logger.finest(" (ejb does not use caller " + "identity)");
                } else {
                    String role = runas.getRoleName();
                    String user = runas.getPrincipal();
                    logger.finest(" Will run-as: Role: " + role + "  Principal: " + user);
                    if (role == null || "".equals(role) || user == null || "".equals(user)) {
                        if (logger.isLoggable(Level.FINEST)) {
                            logger.finest("*** Configuration error!");
                        }
                    }
                }
            }
            // iterate through available methods
            logger.finest(" Method to Role restriction list:");
            Set methods = ejb.getMethodDescriptors();
            Iterator si = methods.iterator();
            while (si.hasNext()) {
                MethodDescriptor md = (MethodDescriptor) si.next();
                logger.finest("   " + md.getFormattedString());
                Set perms = ejb.getMethodPermissionsFor(md);
                StringBuffer rbuf = new StringBuffer();
                rbuf.append("     can only be invoked by: ");
                Iterator sip = perms.iterator();
                boolean unchecked = false, excluded = false, roleBased = false;
                while (sip.hasNext()) {
                    MethodPermission p = (MethodPermission) sip.next();
                    if (p.isExcluded()) {
                        excluded = true;
                        logger.finest("     excluded - can not " + "be invoked");
                    } else if (p.isUnchecked()) {
                        unchecked = true;
                        logger.finest("     unchecked - can be " + "invoked by all");
                    } else if (p.isRoleBased()) {
                        roleBased = true;
                        Role r = p.getRole();
                        rbuf.append(r.getName());
                        rbuf.append(" ");
                        // add to role's accessible list
                        HashSet ram = (HashSet) allRoleMap.get(r.getName());
                        ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
                    }
                }
                if (roleBased) {
                    logger.finest(rbuf.toString());
                    if (excluded || unchecked) {
                        logger.finest("*** Configuration error!");
                    }
                } else if (unchecked) {
                    if (excluded) {
                        logger.finest("*** Configuration error!");
                    }
                    Set rks = allRoleMap.keySet();
                    Iterator rksi = rks.iterator();
                    while (rksi.hasNext()) {
                        HashSet ram = (HashSet) allRoleMap.get(rksi.next());
                        ram.add(bundle.getName() + ":" + ejb.getEjbClassName() + "." + md.getFormattedString());
                    }
                } else if (!excluded) {
                    logger.finest("*** Configuration error!");
                }
            }
            // IOR config for this ejb
            logger.finest(" IOR configuration:");
            Set iors = ejb.getIORConfigurationDescriptors();
            if (iors != null) {
                Iterator iorsi = iors.iterator();
                while (iorsi.hasNext()) {
                    EjbIORConfigurationDescriptor ior = (EjbIORConfigurationDescriptor) iorsi.next();
                    StringBuffer iorsb = new StringBuffer();
                    iorsb.append("realm=");
                    iorsb.append(ior.getRealmName());
                    iorsb.append(", integrity=");
                    iorsb.append(ior.getIntegrity());
                    iorsb.append(", trust-in-target=");
                    iorsb.append(ior.getEstablishTrustInTarget());
                    iorsb.append(", trust-in-client=");
                    iorsb.append(ior.getEstablishTrustInClient());
                    iorsb.append(", propagation=");
                    iorsb.append(ior.getCallerPropagation());
                    iorsb.append(", auth-method=");
                    iorsb.append(ior.getAuthenticationMethod());
                    logger.finest(iorsb.toString());
                }
            }
        }
    }
    // show role->accessible methods list
    logger.finest("--[ EJB methods accessible by role ]--");
    Set rks = allRoleMap.keySet();
    Iterator rksi = rks.iterator();
    while (rksi.hasNext()) {
        String roleName = (String) rksi.next();
        logger.finest(" [" + roleName + "]");
        HashSet ram = (HashSet) allRoleMap.get(roleName);
        Iterator rami = ram.iterator();
        while (rami.hasNext()) {
            String meth = (String) rami.next();
            logger.finest("   " + meth);
        }
    }
    // Process all Web modules
    Set webDescriptorSet = app.getBundleDescriptors(WebBundleDescriptor.class);
    i = webDescriptorSet.iterator();
    while (i.hasNext()) {
        WebBundleDescriptor wbd = (WebBundleDescriptor) i.next();
        logger.finest("--[ Web module: " + wbd.getContextRoot() + " ]--");
        // login config
        LoginConfiguration lconf = wbd.getLoginConfiguration();
        if (lconf != null) {
            logger.finest("  Login config: realm=" + lconf.getRealmName() + ", method=" + lconf.getAuthenticationMethod() + ", form=" + lconf.getFormLoginPage() + ", error=" + lconf.getFormErrorPage());
        }
        // get WebComponentDescriptorsSet() info
        logger.finest("  Contains components:");
        Set webComps = wbd.getWebComponentDescriptors();
        Iterator webCompsIt = webComps.iterator();
        while (webCompsIt.hasNext()) {
            WebComponentDescriptor wcd = (WebComponentDescriptor) webCompsIt.next();
            StringBuffer name = new StringBuffer();
            name.append("   - " + wcd.getCanonicalName());
            name.append(" [ ");
            Enumeration urlPs = wcd.getUrlPatterns();
            while (urlPs.hasMoreElements()) {
                name.append(urlPs.nextElement().toString());
                name.append(" ");
            }
            name.append("]");
            logger.finest(name.toString());
            RunAsIdentityDescriptor runas = wcd.getRunAsIdentity();
            if (runas != null) {
                String role = runas.getRoleName();
                String user = runas.getPrincipal();
                logger.finest("      Will run-as: Role: " + role + "  Principal: " + user);
                if (role == null || "".equals(role) || user == null || "".equals(user)) {
                    logger.finest("*** Configuration error!");
                }
            }
        }
        // security constraints
        logger.finest("  Security constraints:");
        Enumeration scEnum = wbd.getSecurityConstraints();
        while (scEnum.hasMoreElements()) {
            SecurityConstraint sc = (SecurityConstraint) scEnum.nextElement();
            for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
                // show list of methods for this collection
                StringBuffer sbm = new StringBuffer();
                for (String httpMethod : wrc.getHttpMethods()) {
                    sbm.append(httpMethod);
                    sbm.append(" ");
                }
                logger.finest("     Using method: " + sbm.toString());
                // and then list of url patterns
                for (String urlPattern : wrc.getUrlPatterns()) {
                    logger.finest("       " + urlPattern);
                }
            }
            // end res.collection iterator
            // show roles which apply to above set of collections
            AuthorizationConstraint authCons = sc.getAuthorizationConstraint();
            Enumeration rolesEnum = authCons.getSecurityRoles();
            StringBuffer rsb = new StringBuffer();
            rsb.append("     Accessible by roles: ");
            while (rolesEnum.hasMoreElements()) {
                SecurityRole sr = (SecurityRole) rolesEnum.nextElement();
                rsb.append(sr.getName());
                rsb.append(" ");
            }
            logger.finest(rsb.toString());
            // show transport guarantee
            UserDataConstraint udc = sc.getUserDataConstraint();
            if (udc != null) {
                logger.finest("     Transport guarantee: " + udc.getTransportGuarantee());
            }
        }
    // end sec.constraint
    }
    // end webDescriptorSet.iterator
    logger.finest("======================================");
}
Also used : SecurityRole(com.sun.enterprise.deployment.web.SecurityRole) WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection) RunAsIdentityDescriptor(com.sun.enterprise.deployment.RunAsIdentityDescriptor) SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper) AuthorizationConstraint(com.sun.enterprise.deployment.web.AuthorizationConstraint) LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration) MethodDescriptor(com.sun.enterprise.deployment.MethodDescriptor) EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor) MethodPermission(com.sun.enterprise.deployment.MethodPermission) EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor) SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint) SecurityRole(com.sun.enterprise.deployment.web.SecurityRole) Role(org.glassfish.security.common.Role) WebComponentDescriptor(com.sun.enterprise.deployment.WebComponentDescriptor) EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor) WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor) UserDataConstraint(com.sun.enterprise.deployment.web.UserDataConstraint)

Example 2 with SecurityRole

use of com.sun.enterprise.deployment.web.SecurityRole in project Payara by payara.

the class WebBundleDescriptorImpl method getSecurityRoles.

/**
 * Returns an Enumeration of my SecurityRole objects.
 * @return
 */
@Override
public Enumeration<SecurityRoleDescriptor> getSecurityRoles() {
    Vector<SecurityRoleDescriptor> securityRoles = new Vector<SecurityRoleDescriptor>();
    for (Role r : super.getRoles()) {
        SecurityRoleDescriptor srd = new SecurityRoleDescriptor(r);
        securityRoles.add(srd);
    }
    return securityRoles.elements();
}
Also used : SecurityRole(com.sun.enterprise.deployment.web.SecurityRole) Role(org.glassfish.security.common.Role) SecurityRoleDescriptor(com.sun.enterprise.deployment.SecurityRoleDescriptor) Vector(java.util.Vector)

Example 3 with SecurityRole

use of com.sun.enterprise.deployment.web.SecurityRole in project Payara by payara.

the class WebBundleDescriptorImpl method addSecurityRole.

/**
 * Add a new abstract role to me.
 * @param securityRole
 */
@Override
public void addSecurityRole(SecurityRole securityRole) {
    Role r = new Role(securityRole.getName());
    r.setDescription(securityRole.getDescription());
    super.addRole(r);
}
Also used : SecurityRole(com.sun.enterprise.deployment.web.SecurityRole) Role(org.glassfish.security.common.Role)

Aggregations

SecurityRole (com.sun.enterprise.deployment.web.SecurityRole)3 Role (org.glassfish.security.common.Role)3 EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1 EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)1 EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)1 MethodDescriptor (com.sun.enterprise.deployment.MethodDescriptor)1 MethodPermission (com.sun.enterprise.deployment.MethodPermission)1 RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)1 SecurityRoleDescriptor (com.sun.enterprise.deployment.SecurityRoleDescriptor)1 WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)1 WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)1 AuthorizationConstraint (com.sun.enterprise.deployment.web.AuthorizationConstraint)1 LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)1 SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)1 UserDataConstraint (com.sun.enterprise.deployment.web.UserDataConstraint)1 WebResourceCollection (com.sun.enterprise.deployment.web.WebResourceCollection)1 Vector (java.util.Vector)1 SecurityRoleMapper (org.glassfish.deployment.common.SecurityRoleMapper)1