Search in sources :

Example 6 with NoSuchRealmException

use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.

the class ListFileUser method execute.

/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are the paramter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    // Get FileRealm class name, match it with what is expected.
    String fileRealmClassName = fileAuthRealm.getClassname();
    // Report error if provided impl is not the one expected
    if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
        report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // ensure we have the file associated with the authrealm
    String keyFile = null;
    for (Property fileProp : fileAuthRealm.getProperty()) {
        if (fileProp.getName().equals("file"))
            keyFile = fileProp.getValue();
    }
    if (keyFile == null) {
        report.setMessage(localStrings.getLocalString("list.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    boolean exists = (new File(keyFile)).exists();
    if (!exists) {
        report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { keyFile, authRealmName }));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // We have the right impl so let's try to remove one
    FileRealm fr = null;
    try {
        realmsManager.createRealms(config);
        // account for updates to realms from outside this config sharing
        // same keyfile
        CreateFileUser.refreshRealm(config.getName(), authRealmName);
        fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
        if (fr == null) {
            throw new NoSuchRealmException(authRealmName);
        }
    } catch (NoSuchRealmException e) {
        report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", authRealmName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
        return;
    }
    try {
        Enumeration users = fr.getUserNames();
        List userList = new ArrayList();
        while (users.hasMoreElements()) {
            final ActionReport.MessagePart part = report.getTopMessagePart().addChild();
            String userName = (String) users.nextElement();
            part.setMessage(userName);
            Map userMap = new HashMap();
            userMap.put("name", userName);
            try {
                userMap.put("groups", Collections.list(fr.getGroupNames(userName)));
            } catch (NoSuchUserException ex) {
            // This should never be thrown since we just got the user name from the realm
            }
            userList.add(userMap);
        }
        Properties extraProperties = new Properties();
        extraProperties.put("users", userList);
        report.setExtraProperties(extraProperties);
        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
    } catch (BadRealmException e) {
        report.setMessage(localStrings.getLocalString("list.file.user.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
    }
}
Also used : Enumeration(java.util.Enumeration) HashMap(java.util.HashMap) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException) ArrayList(java.util.ArrayList) ActionReport(org.glassfish.api.ActionReport) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) Properties(java.util.Properties) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) ArrayList(java.util.ArrayList) List(java.util.List) Property(org.jvnet.hk2.config.types.Property) File(java.io.File) HashMap(java.util.HashMap) Map(java.util.Map)

Example 7 with NoSuchRealmException

use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.

the class LoginContextDriver method loginPrincipal.

/**
 * This method is used for logging in a run As principal. It creates
 * a JAAS subject whose credential is to type GSSUPName.
 * This is used primarily for runas
 */
public static void loginPrincipal(String username, String realmName) throws LoginException {
    // no realm provided, assuming default
    if (realmName == null || realmName.length() == 0) {
        realmName = Realm.getDefaultRealm();
    }
    final Subject s = new Subject();
    final org.glassfish.security.common.PrincipalImpl p = new org.glassfish.security.common.PrincipalImpl(username);
    final GSSUPName name = new GSSUPName(username, realmName);
    AppservAccessController.doPrivileged(new PrivilegedAction() {

        public java.lang.Object run() {
            s.getPrincipals().add(p);
            s.getPublicCredentials().add(name);
            return null;
        }
    });
    try {
        Realm realm = Realm.getInstance(realmName);
        Enumeration en = realm.getGroupNames(username);
        Set<Principal> principalSet = s.getPrincipals();
        while (en.hasMoreElements()) {
            principalSet.add(new Group((String) en.nextElement()));
        }
    } catch (InvalidOperationException ex) {
        _logger.log(Level.WARNING, SecurityLoggerInfo.invalidOperationForRealmError, new Object[] { username, realmName, ex.toString() });
    } catch (NoSuchUserException ex) {
        _logger.log(Level.WARNING, SecurityLoggerInfo.noSuchUserInRealmError, new Object[] { username, realmName, ex.toString() });
    } catch (NoSuchRealmException ex) {
        LoginException lex = new LoginException(ex.toString());
        lex.initCause(ex);
        throw lex;
    }
    setSecurityContext(username, s, realmName);
}
Also used : Group(org.glassfish.security.common.Group) Enumeration(java.util.Enumeration) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException) Subject(javax.security.auth.Subject) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) GSSUPName(com.sun.enterprise.common.iiop.security.GSSUPName) PrivilegedAction(java.security.PrivilegedAction) InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) Realm(com.sun.enterprise.security.auth.realm.Realm) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) X500Principal(javax.security.auth.x500.X500Principal) Principal(java.security.Principal)

Example 8 with NoSuchRealmException

use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.

the class LDAPRealm method init.

/**
 * Initialize a realm with some properties.  This can be used
 * when instantiating realms from their descriptions.  This
 * method may only be called a single time.
 *
 * @param props Initialization parameters used by this realm.
 * @exception BadRealmException If the configuration parameters
 *     identify a corrupt realm.
 * @exception NoSuchRealmException If the configuration parameters
 *     specify a realm which doesn't exist.
 */
public synchronized void init(Properties props) throws BadRealmException, NoSuchRealmException {
    super.init(props);
    String url = props.getProperty(PARAM_DIRURL);
    String dn = props.getProperty(PARAM_USERDN);
    String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);
    if (url == null || dn == null || jaasCtx == null) {
        String msg = sm.getString("ldaprealm.badconfig", url, dn, jaasCtx);
        throw new BadRealmException(msg);
    }
    this.setProperty(PARAM_DIRURL, url);
    ldapBindProps.setProperty(Context.PROVIDER_URL, url);
    this.setProperty(PARAM_USERDN, dn);
    this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);
    String mode = props.getProperty(PARAM_MODE, MODE_DEFAULT);
    if (!MODE_DEFAULT.equals(mode)) {
        String msg = sm.getString("ldaprealm.badmode", mode);
        throw new BadRealmException(msg);
    }
    this.setProperty(PARAM_MODE, mode);
    String ctxF = props.getProperty(PARAM_JNDICF, JNDICF_DEFAULT);
    this.setProperty(PARAM_JNDICF, ctxF);
    ldapBindProps.setProperty(Context.INITIAL_CONTEXT_FACTORY, ctxF);
    String searchFilter = props.getProperty(PARAM_SEARCH_FILTER, SEARCH_FILTER_DEFAULT);
    this.setProperty(PARAM_SEARCH_FILTER, searchFilter);
    String grpDN = props.getProperty(PARAM_GRPDN, dn);
    this.setProperty(PARAM_GRPDN, grpDN);
    String grpSearchFilter = props.getProperty(PARAM_GRP_SEARCH_FILTER, GRP_SEARCH_FILTER_DEFAULT);
    this.setProperty(PARAM_GRP_SEARCH_FILTER, grpSearchFilter);
    String dynGrpSearchFilter = props.getProperty(PARAM_DYNAMIC_GRP_FILTER, SEARCH_FILTER_DEFAULT);
    this.setProperty(PARAM_DYNAMIC_GRP_FILTER, dynGrpSearchFilter);
    String grpTarget = props.getProperty(PARAM_GRP_TARGET, GRP_TARGET_DEFAULT);
    this.setProperty(PARAM_GRP_TARGET, grpTarget);
    String dynGrpTarget = props.getProperty(PARAM_DYNAMIC_GRP_TARGET, DYNAMIC_GRP_TARGET_DEFAULT);
    this.setProperty(PARAM_DYNAMIC_GRP_TARGET, dynGrpTarget);
    String objectFactory = props.getProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, DYNAMIC_GROUP_OBJECT_FACTORY);
    this.setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, objectFactory);
    ldapBindProps.setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, objectFactory);
    String stateFactory = props.getProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, DYNAMIC_GROUP_STATE_FACTORY);
    this.setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, stateFactory);
    ldapBindProps.setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, stateFactory);
    String bindDN = props.getProperty(PARAM_BINDDN);
    if (bindDN != null) {
        this.setProperty(PARAM_BINDDN, bindDN);
        ldapBindProps.setProperty(Context.SECURITY_PRINCIPAL, bindDN);
    }
    String bindPWD = props.getProperty(PARAM_BINDPWD);
    if (bindPWD != null) {
        // If the passwors is aliased, de-alias it
        try {
            bindPWD = RelativePathResolver.getRealPasswordFromAlias(bindPWD);
        } catch (Exception ex) {
            _logger.log(Level.WARNING, "ldaprealm.pwd.dealiasing.failed", ex);
        }
        this.setProperty(PARAM_BINDPWD, bindPWD);
        ldapBindProps.setProperty(Context.SECURITY_CREDENTIALS, bindPWD);
    }
    Enumeration penum = props.propertyNames();
    while (penum.hasMoreElements()) {
        String propName = (String) penum.nextElement();
        if (propName.startsWith("java.naming.") || propName.startsWith("javax.security.") || propName.startsWith("com.sun.jndi.ldap.")) {
            ldapBindProps.setProperty(propName, props.getProperty(propName));
        } else if (propName.startsWith(SUN_JNDI_POOL_) && !SUN_JNDI_POOL_MAXSIZE.equals(propName)) {
            if (System.getProperty(propName) == null) {
                System.setProperty(propName, props.getProperty(propName));
            }
        }
    }
    String poolSize = Integer.getInteger(PARAM_POOLSIZE, POOLSIZE_DEFAULT).toString();
    String sunPoolSizeStr = props.getProperty(SUN_JNDI_POOL_MAXSIZE, poolSize);
    // Precedence rule: SUN_JNDI_POOL_MAXSIZE > PARAM_POOLSIZE > POOLSIZE_DEFAULT
    try {
        sunPoolSizeStr = Integer.valueOf(sunPoolSizeStr).toString();
    } catch (Exception ex) {
        sunPoolSizeStr = poolSize;
    }
    if (System.getProperty(SUN_JNDI_POOL_MAXSIZE) == null) {
        System.setProperty(SUN_JNDI_POOL_MAXSIZE, sunPoolSizeStr);
    }
    this.setProperty(PARAM_POOLSIZE, sunPoolSizeStr);
    String usePool = props.getProperty(SUN_JNDI_POOL, "true");
    ldapBindProps.setProperty(SUN_JNDI_POOL, usePool);
    if (url.startsWith(LDAPS_URL)) {
        ldapBindProps.setProperty(LDAP_SOCKET_FACTORY, DEFAULT_SSL_LDAP_SOCKET_FACTORY);
        if (System.getProperty(SUN_JNDI_POOL_PROTOCOL) == null) {
            System.setProperty(SUN_JNDI_POOL_PROTOCOL, DEFAULT_POOL_PROTOCOL);
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "LDAPRealm : Using custom socket factory for SSL with pooling");
        }
    }
    if (_logger.isLoggable(Level.FINE)) {
        Properties tempProps = (Properties) ldapBindProps.clone();
        tempProps.remove(Context.SECURITY_CREDENTIALS);
        _logger.log(Level.FINE, "LDAPRealm : " + tempProps);
    }
    groupCache = new HashMap();
    emptyVector = new Vector();
}
Also used : BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) NamingEnumeration(javax.naming.NamingEnumeration) LoginException(javax.security.auth.login.LoginException) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) NamingException(javax.naming.NamingException) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException) IOException(java.io.IOException) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)

Example 9 with NoSuchRealmException

use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.

the class ChangeAdminPassword method execute.

/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are the paramter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    // Get FileRealm class name, match it with what is expected.
    String fileRealmClassName = fileAuthRealm.getClassname();
    // Report error if provided impl is not the one expected
    if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
        report.setMessage(localStrings.getLocalString("change.admin.password.adminrealmnotsupported", "Configured admin realm is not supported."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // ensure we have the file associated with the authrealm
    String keyFile = null;
    for (Property fileProp : fileAuthRealm.getProperty()) {
        if (fileProp.getName().equals("file"))
            keyFile = fileProp.getValue();
    }
    if (keyFile == null) {
        report.setMessage(localStrings.getLocalString("change.admin.password.keyfilenotfound", "There is no physical file associated with admin realm"));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // We have the right impl so let's get to updating existing user
    FileRealm fr = null;
    try {
        realmsManager.createRealms(config);
        fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), fileAuthRealm.getName());
        if (fr == null) {
            throw new NoSuchRealmException(fileAuthRealm.getName());
        }
    } catch (NoSuchRealmException e) {
        report.setMessage(localStrings.getLocalString("change.admin.password.realmnotsupported", "Configured admin realm does not exist.") + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
        return;
    }
    // now updating admin user password
    try {
        Enumeration en = fr.getGroupNames(userName);
        int size = 0;
        while (en.hasMoreElements()) {
            size++;
            en.nextElement();
        }
        String[] groups = new String[size];
        en = fr.getGroupNames(userName);
        for (int i = 0; i < size; i++) {
            groups[i] = (String) en.nextElement();
        }
        fr.updateUser(userName, userName, newpassword.toCharArray(), groups);
        fr.persist();
        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
    } catch (Exception e) {
        report.setMessage(localStrings.getLocalString("change.admin.password.userupdatefailed", "Password change failed for user named {0}", userName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
    }
}
Also used : NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) Enumeration(java.util.Enumeration) ActionReport(org.glassfish.api.ActionReport) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) Property(org.jvnet.hk2.config.types.Property) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)

Example 10 with NoSuchRealmException

use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.

the class DigestLoginModule method login.

public final boolean login() throws LoginException {
    Set<Object> creds = this.subject.getPrivateCredentials();
    Iterator<Object> itr = creds.iterator();
    while (itr.hasNext()) {
        Object obj = itr.next();
        if (obj instanceof DigestCredentials) {
            digestCredentials = (DigestCredentials) obj;
            break;
        } else if (obj instanceof com.sun.enterprise.security.auth.login.DigestCredentials) {
            com.sun.enterprise.security.auth.login.DigestCredentials dc = (com.sun.enterprise.security.auth.login.DigestCredentials) obj;
            digestCredentials = new DigestCredentials(dc.getRealmName(), dc.getUserName(), dc.getParameters());
        }
    }
    if (digestCredentials == null) {
        throw new LoginException();
    }
    DigestAlgorithmParameter[] params = digestCredentials.getParameters();
    String username = digestCredentials.getUserName();
    try {
        _realm = Realm.getInstance(digestCredentials.getRealmName());
    } catch (NoSuchRealmException ex) {
        _logger.log(Level.FINE, "", ex);
        _logger.log(Level.SEVERE, "no.realm", digestCredentials.getRealmName());
        throw new LoginException(ex.getMessage());
    }
    if (_realm instanceof DigestRealm) {
        if (((DigestRealm) _realm).validate(username, params)) {
            // change to pass Password Validator
            _succeeded = true;
        }
    } else {
        _logger.log(Level.SEVERE, "digest.realm", digestCredentials.getRealmName());
        throw new LoginException("Realm" + digestCredentials.getRealmName() + " does not support Digest validation");
    }
    return _succeeded;
}
Also used : DigestRealm(com.sun.enterprise.security.ee.auth.realm.DigestRealm) DigestAlgorithmParameter(com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) LoginException(javax.security.auth.login.LoginException)

Aggregations

NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)13 Property (org.jvnet.hk2.config.types.Property)7 BadRealmException (com.sun.enterprise.security.auth.realm.BadRealmException)5 Properties (java.util.Properties)5 ActionReport (org.glassfish.api.ActionReport)5 AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)4 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)4 Realm (com.sun.enterprise.security.auth.realm.Realm)4 FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)4 Config (com.sun.enterprise.config.serverbeans.Config)3 Server (com.sun.enterprise.config.serverbeans.Server)3 InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)3 Enumeration (java.util.Enumeration)3 File (java.io.File)2 LoginException (javax.security.auth.login.LoginException)2 GSSUPName (com.sun.enterprise.common.iiop.security.GSSUPName)1 DigestAlgorithmParameter (com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter)1 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)1 CertificateRealm (com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)1 DigestRealm (com.sun.enterprise.security.ee.auth.realm.DigestRealm)1