Example 6 with BadRealmException
use of com.sun.enterprise.security.auth.realm.BadRealmException in project Payara by payara.
the class FileRealm method init.
/**
* Initialize a realm with some properties. This can be used
* when instantiating realms from their descriptions. This
* method is invoked from Realm during initialization.
*
* @param props Initialization parameters used by this realm.
* @exception BadRealmException If the configuration parameters
* identify a corrupt realm.
* @exception NoSuchRealmException If the configuration parameters
* specify a realm which doesn't exist.
*/
@Override
protected void init(Properties props) throws BadRealmException, NoSuchRealmException {
super.init(props);
String file = props.getProperty(PARAM_KEYFILE);
if (file == null) {
String msg = sm.getString("filerealm.nofile");
throw new BadRealmException(msg);
}
if (file.contains("$")) {
file = RelativePathResolver.resolvePath(file);
}
this.setProperty(PARAM_KEYFILE, file);
String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);
if (jaasCtx == null) {
String msg = sm.getString("filerealm.nomodule");
throw new BadRealmException(msg);
}
this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);
_logger.log(Level.FINE, "FileRealm : " + PARAM_KEYFILE + "={0}", file);
_logger.log(Level.FINE, "FileRealm : " + IASRealm.JAAS_CONTEXT_PARAM + "={0}", jaasCtx);
try {
if (Util.isEmbeddedServer()) {
String embeddedFilePath = Util.writeConfigFileToTempDir(file).getAbsolutePath();
file = embeddedFilePath;
}
helper = new FileRealmHelper(file);
} catch (IOException ioe) {
String msg = sm.getString("filerealm.noaccess", ioe.toString());
throw new BadRealmException(msg);
}
}
Also used :
FileRealmHelper(org.glassfish.security.common.FileRealmHelper)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
Example 7 with BadRealmException
use of com.sun.enterprise.security.auth.realm.BadRealmException in project Payara by payara.
the class FileRealm method refresh.
/**
* Refreshes the realm data so that new users/groups are visible.
*
* <P>A new FileRealm instance is created and initialized from the
* keyfile on disk. The new instance is installed in the Realm registry
* so future Realm.getInstance() calls will obtain the new data. Any
* existing references to this instance (e.g. in active LoginModule
* sessions) are unaffected.
*
* @exception BadRealmException if realm data structures are bad
*/
@Override
public void refresh() throws BadRealmException {
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("Reloading file realm data.");
}
try {
FileRealm newRealm = new FileRealm(getProperty(PARAM_KEYFILE));
newRealm.init(getProperties());
Realm.updateInstance(newRealm, this.getName());
} catch (Exception e) {
throw new BadRealmException(e.toString());
}
}
Also used :
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 8 with BadRealmException
use of com.sun.enterprise.security.auth.realm.BadRealmException in project Payara by payara.
the class LDAPRealm method init.
/**
* Initialize a realm with some properties. This can be used
* when instantiating realms from their descriptions. This
* method may only be called a single time.
*
* @param props Initialization parameters used by this realm.
* @exception BadRealmException If the configuration parameters
* identify a corrupt realm.
* @exception NoSuchRealmException If the configuration parameters
* specify a realm which doesn't exist.
*/
public synchronized void init(Properties props) throws BadRealmException, NoSuchRealmException {
super.init(props);
String url = props.getProperty(PARAM_DIRURL);
String dn = props.getProperty(PARAM_USERDN);
String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);
if (url == null || dn == null || jaasCtx == null) {
String msg = sm.getString("ldaprealm.badconfig", url, dn, jaasCtx);
throw new BadRealmException(msg);
}
this.setProperty(PARAM_DIRURL, url);
ldapBindProps.setProperty(Context.PROVIDER_URL, url);
this.setProperty(PARAM_USERDN, dn);
this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);
String mode = props.getProperty(PARAM_MODE, MODE_DEFAULT);
if (!MODE_DEFAULT.equals(mode)) {
String msg = sm.getString("ldaprealm.badmode", mode);
throw new BadRealmException(msg);
}
this.setProperty(PARAM_MODE, mode);
String ctxF = props.getProperty(PARAM_JNDICF, JNDICF_DEFAULT);
this.setProperty(PARAM_JNDICF, ctxF);
ldapBindProps.setProperty(Context.INITIAL_CONTEXT_FACTORY, ctxF);
String searchFilter = props.getProperty(PARAM_SEARCH_FILTER, SEARCH_FILTER_DEFAULT);
this.setProperty(PARAM_SEARCH_FILTER, searchFilter);
String grpDN = props.getProperty(PARAM_GRPDN, dn);
this.setProperty(PARAM_GRPDN, grpDN);
String grpSearchFilter = props.getProperty(PARAM_GRP_SEARCH_FILTER, GRP_SEARCH_FILTER_DEFAULT);
this.setProperty(PARAM_GRP_SEARCH_FILTER, grpSearchFilter);
String dynGrpSearchFilter = props.getProperty(PARAM_DYNAMIC_GRP_FILTER, SEARCH_FILTER_DEFAULT);
this.setProperty(PARAM_DYNAMIC_GRP_FILTER, dynGrpSearchFilter);
String grpTarget = props.getProperty(PARAM_GRP_TARGET, GRP_TARGET_DEFAULT);
this.setProperty(PARAM_GRP_TARGET, grpTarget);
String dynGrpTarget = props.getProperty(PARAM_DYNAMIC_GRP_TARGET, DYNAMIC_GRP_TARGET_DEFAULT);
this.setProperty(PARAM_DYNAMIC_GRP_TARGET, dynGrpTarget);
String objectFactory = props.getProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, DYNAMIC_GROUP_OBJECT_FACTORY);
this.setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, objectFactory);
ldapBindProps.setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, objectFactory);
String stateFactory = props.getProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, DYNAMIC_GROUP_STATE_FACTORY);
this.setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, stateFactory);
ldapBindProps.setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, stateFactory);
String bindDN = props.getProperty(PARAM_BINDDN);
if (bindDN != null) {
this.setProperty(PARAM_BINDDN, bindDN);
ldapBindProps.setProperty(Context.SECURITY_PRINCIPAL, bindDN);
}
String bindPWD = props.getProperty(PARAM_BINDPWD);
if (bindPWD != null) {
// If the passwors is aliased, de-alias it
try {
bindPWD = RelativePathResolver.getRealPasswordFromAlias(bindPWD);
} catch (Exception ex) {
_logger.log(Level.WARNING, "ldaprealm.pwd.dealiasing.failed", ex);
}
this.setProperty(PARAM_BINDPWD, bindPWD);
ldapBindProps.setProperty(Context.SECURITY_CREDENTIALS, bindPWD);
}
Enumeration penum = props.propertyNames();
while (penum.hasMoreElements()) {
String propName = (String) penum.nextElement();
if (propName.startsWith("java.naming.") || propName.startsWith("javax.security.") || propName.startsWith("com.sun.jndi.ldap.")) {
ldapBindProps.setProperty(propName, props.getProperty(propName));
} else if (propName.startsWith(SUN_JNDI_POOL_) && !SUN_JNDI_POOL_MAXSIZE.equals(propName)) {
if (System.getProperty(propName) == null) {
System.setProperty(propName, props.getProperty(propName));
}
}
}
String poolSize = Integer.getInteger(PARAM_POOLSIZE, POOLSIZE_DEFAULT).toString();
String sunPoolSizeStr = props.getProperty(SUN_JNDI_POOL_MAXSIZE, poolSize);
// Precedence rule: SUN_JNDI_POOL_MAXSIZE > PARAM_POOLSIZE > POOLSIZE_DEFAULT
try {
sunPoolSizeStr = Integer.valueOf(sunPoolSizeStr).toString();
} catch (Exception ex) {
sunPoolSizeStr = poolSize;
}
if (System.getProperty(SUN_JNDI_POOL_MAXSIZE) == null) {
System.setProperty(SUN_JNDI_POOL_MAXSIZE, sunPoolSizeStr);
}
this.setProperty(PARAM_POOLSIZE, sunPoolSizeStr);
String usePool = props.getProperty(SUN_JNDI_POOL, "true");
ldapBindProps.setProperty(SUN_JNDI_POOL, usePool);
if (url.startsWith(LDAPS_URL)) {
ldapBindProps.setProperty(LDAP_SOCKET_FACTORY, DEFAULT_SSL_LDAP_SOCKET_FACTORY);
if (System.getProperty(SUN_JNDI_POOL_PROTOCOL) == null) {
System.setProperty(SUN_JNDI_POOL_PROTOCOL, DEFAULT_POOL_PROTOCOL);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "LDAPRealm : Using custom socket factory for SSL with pooling");
}
}
if (_logger.isLoggable(Level.FINE)) {
Properties tempProps = (Properties) ldapBindProps.clone();
tempProps.remove(Context.SECURITY_CREDENTIALS);
_logger.log(Level.FINE, "LDAPRealm : " + tempProps);
}
groupCache = new HashMap();
emptyVector = new Vector();
}
Also used :
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
NamingEnumeration(javax.naming.NamingEnumeration)
LoginException(javax.security.auth.login.LoginException)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
NamingException(javax.naming.NamingException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
IOException(java.io.IOException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 9 with BadRealmException
use of com.sun.enterprise.security.auth.realm.BadRealmException in project Payara by payara.
the class CreateFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("create.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
final String kf = keyFile;
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("create.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(kf)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { kf, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// Now get all inputs ready. userid and groups are straightforward but
// password is tricky. It is stored in the file passwordfile passed
// through the CLI options. It is stored under the name
// AS_ADMIN_USERPASSWORD. Fetch it from there.
// fetchPassword(report);
final String password = userpassword;
if (password == null) {
report.setMessage(localStrings.getLocalString("create.file.user.keyfilenotreadable", "Password for user {0} " + "has to be specified in --userpassword option or supplied " + "through AS_ADMIN_USERPASSWORD property in the file specified " + "in --passwordfile option", userName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// Issue 17525 Fix - Check for null passwords for admin-realm if secureadmin is enabled
secureAdmin = domain.getSecureAdmin();
if ((SecureAdmin.Util.isEnabled(secureAdmin)) && (authRealmName.equals(adminService.getAuthRealmName()))) {
if (password.isEmpty()) {
report.setMessage(localStrings.getLocalString("null_empty_password", "The admin user password is null or empty"));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
// now adding user
try {
// even though create-file-user is not an update to the security-service
// do we need to make it transactional by referncing the securityservice
// hypothetically ?.
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
try {
realmsManager.createRealms(config);
// If the (shared) keyfile is updated by an external process, load the users first
refreshRealm(config.getName(), authRealmName);
final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
CreateFileUser.handleAdminGroup(authRealmName, groups);
String[] groups1 = groups.toArray(new String[groups.size()]);
try {
fr.addUser(userName, password.toCharArray(), groups1);
} catch (BadRealmException br) {
if (se != null && se.isDas()) {
throw new BadRealmException(br);
}
}
fr.persist();
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (Exception e) {
String localalizedErrorMsg = (e.getLocalizedMessage() == null) ? "" : e.getLocalizedMessage();
report.setMessage(localStrings.getLocalString("create.file.user.useraddfailed", "Adding User {0} to the file realm {1} failed", userName, authRealmName) + " " + localalizedErrorMsg);
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
return null;
}
}, securityService);
} catch (Exception e) {
report.setMessage(localStrings.getLocalString("create.file.user.useraddfailed", "Adding User {0} to the file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
Also used :
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
ActionReport(org.glassfish.api.ActionReport)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
PropertyVetoException(java.beans.PropertyVetoException)
PropertyVetoException(java.beans.PropertyVetoException)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
SecurityService(com.sun.enterprise.config.serverbeans.SecurityService)
Property(org.jvnet.hk2.config.types.Property)
File(java.io.File)
Example 10 with BadRealmException
use of com.sun.enterprise.security.auth.realm.BadRealmException in project Payara by payara.
the class JDBCRealm method init.
/**
* Initialize a realm with some properties. This can be used when instantiating realms from their descriptions. This
* method may only be called a single time.
*
* @param props
* Initialization parameters used by this realm.
* @exception BadRealmException
* If the configuration parameters identify a corrupt realm.
* @exception NoSuchRealmException
* If the configuration parameters specify a realm which doesn't exist.
*/
@SuppressWarnings("unchecked")
public synchronized void init(Properties props) throws BadRealmException, NoSuchRealmException {
super.init(props);
String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);
String dbUser = props.getProperty(PARAM_DB_USER);
String dbPassword = props.getProperty(PARAM_DB_PASSWORD);
String dsJndi = props.getProperty(PARAM_DATASOURCE_JNDI);
String digestAlgorithm = props.getProperty(PARAM_DIGEST_ALGORITHM, getDefaultDigestAlgorithm());
String encoding = props.getProperty(PARAM_ENCODING);
String charset = props.getProperty(PARAM_CHARSET);
String userTable = props.getProperty(PARAM_USER_TABLE);
String userNameColumn = props.getProperty(PARAM_USER_NAME_COLUMN);
String passwordColumn = props.getProperty(PARAM_PASSWORD_COLUMN);
String groupTable = props.getProperty(PARAM_GROUP_TABLE);
String groupNameColumn = props.getProperty(PARAM_GROUP_NAME_COLUMN);
String groupTableUserNameColumn = props.getProperty(PARAM_GROUP_TABLE_USER_NAME_COLUMN, userNameColumn);
cr = (ActiveDescriptor<ConnectorRuntime>) Util.getDefaultHabitat().getBestDescriptor(BuilderHelper.createContractFilter(ConnectorRuntime.class.getName()));
if (jaasCtx == null) {
throw new BadRealmException(sm.getString("realm.missingprop", IASRealm.JAAS_CONTEXT_PARAM, "JDBCRealm"));
}
if (dsJndi == null) {
throw new BadRealmException(sm.getString("realm.missingprop", PARAM_DATASOURCE_JNDI, "JDBCRealm"));
}
if (userTable == null) {
throw new BadRealmException(sm.getString("realm.missingprop", PARAM_USER_TABLE, "JDBCRealm"));
}
if (groupTable == null) {
throw new BadRealmException(sm.getString("realm.missingprop", PARAM_GROUP_TABLE, "JDBCRealm"));
}
if (userNameColumn == null) {
throw new BadRealmException(sm.getString("realm.missingprop", PARAM_USER_NAME_COLUMN, "JDBCRealm"));
}
if (passwordColumn == null) {
throw new BadRealmException(sm.getString("realm.missingprop", PARAM_PASSWORD_COLUMN, "JDBCRealm"));
}
if (groupNameColumn == null) {
throw new BadRealmException(sm.getString("realm.missingprop", PARAM_GROUP_NAME_COLUMN, "JDBCRealm"));
}
passwordQuery = "SELECT " + passwordColumn + " FROM " + userTable + " WHERE " + userNameColumn + " = ?";
groupQuery = "SELECT " + groupNameColumn + " FROM " + groupTable + " WHERE " + groupTableUserNameColumn + " = ? ";
if (!NONE.equalsIgnoreCase(digestAlgorithm)) {
try {
md = MessageDigest.getInstance(digestAlgorithm);
} catch (NoSuchAlgorithmException e) {
throw new BadRealmException(sm.getString("jdbcrealm.notsupportdigestalg", digestAlgorithm));
}
}
if (md != null && encoding == null) {
encoding = DEFAULT_ENCODING;
}
this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);
if (dbUser != null && dbPassword != null) {
this.setProperty(PARAM_DB_USER, dbUser);
this.setProperty(PARAM_DB_PASSWORD, dbPassword);
}
this.setProperty(PARAM_DATASOURCE_JNDI, dsJndi);
this.setProperty(PARAM_DIGEST_ALGORITHM, digestAlgorithm);
if (encoding != null) {
this.setProperty(PARAM_ENCODING, encoding);
}
if (charset != null) {
this.setProperty(PARAM_CHARSET, charset);
}
if (_logger.isLoggable(Level.FINEST)) {
_logger.finest("JDBCRealm : " + IASRealm.JAAS_CONTEXT_PARAM + "= " + jaasCtx + ", " + PARAM_DATASOURCE_JNDI + " = " + dsJndi + ", " + PARAM_DB_USER + " = " + dbUser + ", " + PARAM_DIGEST_ALGORITHM + " = " + digestAlgorithm + ", " + PARAM_ENCODING + " = " + encoding + ", " + PARAM_CHARSET + " = " + charset);
}
groupCache = new HashMap<String, Vector>();
emptyVector = new Vector<String>();
}
Also used :
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Vector(java.util.Vector)
ConnectorRuntime(com.sun.appserv.connectors.internal.api.ConnectorRuntime)
Aggregations
BadRealmException (com.sun.enterprise.security.auth.realm.BadRealmException)12
NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)7
NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)7
ActionReport (org.glassfish.api.ActionReport)6
FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)4
Config (com.sun.enterprise.config.serverbeans.Config)3
Server (com.sun.enterprise.config.serverbeans.Server)3
File (java.io.File)3
Property (org.jvnet.hk2.config.types.Property)3
SecurityService (com.sun.enterprise.config.serverbeans.SecurityService)2
InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)2
IASSecurityException (com.sun.enterprise.security.util.IASSecurityException)2
PropertyVetoException (java.beans.PropertyVetoException)2
Enumeration (java.util.Enumeration)2
Properties (java.util.Properties)2
TransactionFailure (org.jvnet.hk2.config.TransactionFailure)2
ConnectorRuntime (com.sun.appserv.connectors.internal.api.ConnectorRuntime)1
AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)1
Realm (com.sun.enterprise.security.auth.realm.Realm)1
ActionReporter (com.sun.enterprise.v3.common.ActionReporter)1
