use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.
the class ListFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("list.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(keyFile)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { keyFile, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// We have the right impl so let's try to remove one
FileRealm fr = null;
try {
realmsManager.createRealms(config);
// account for updates to realms from outside this config sharing
// same keyfile
CreateFileUser.refreshRealm(config.getName(), authRealmName);
fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
if (fr == null) {
throw new NoSuchRealmException(authRealmName);
}
} catch (NoSuchRealmException e) {
report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
try {
Enumeration users = fr.getUserNames();
List userList = new ArrayList();
while (users.hasMoreElements()) {
final ActionReport.MessagePart part = report.getTopMessagePart().addChild();
String userName = (String) users.nextElement();
part.setMessage(userName);
Map userMap = new HashMap();
userMap.put("name", userName);
try {
userMap.put("groups", Collections.list(fr.getGroupNames(userName)));
} catch (NoSuchUserException ex) {
// This should never be thrown since we just got the user name from the realm
}
userList.add(userMap);
}
Properties extraProperties = new Properties();
extraProperties.put("users", userList);
report.setExtraProperties(extraProperties);
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (BadRealmException e) {
report.setMessage(localStrings.getLocalString("list.file.user.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.
the class LoginContextDriver method loginPrincipal.
/**
* This method is used for logging in a run As principal. It creates
* a JAAS subject whose credential is to type GSSUPName.
* This is used primarily for runas
*/
public static void loginPrincipal(String username, String realmName) throws LoginException {
// no realm provided, assuming default
if (realmName == null || realmName.length() == 0) {
realmName = Realm.getDefaultRealm();
}
final Subject s = new Subject();
final org.glassfish.security.common.PrincipalImpl p = new org.glassfish.security.common.PrincipalImpl(username);
final GSSUPName name = new GSSUPName(username, realmName);
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
s.getPrincipals().add(p);
s.getPublicCredentials().add(name);
return null;
}
});
try {
Realm realm = Realm.getInstance(realmName);
Enumeration en = realm.getGroupNames(username);
Set<Principal> principalSet = s.getPrincipals();
while (en.hasMoreElements()) {
principalSet.add(new Group((String) en.nextElement()));
}
} catch (InvalidOperationException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.invalidOperationForRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchUserException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.noSuchUserInRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchRealmException ex) {
LoginException lex = new LoginException(ex.toString());
lex.initCause(ex);
throw lex;
}
setSecurityContext(username, s, realmName);
}
use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.
the class LDAPRealm method init.
/**
* Initialize a realm with some properties. This can be used
* when instantiating realms from their descriptions. This
* method may only be called a single time.
*
* @param props Initialization parameters used by this realm.
* @exception BadRealmException If the configuration parameters
* identify a corrupt realm.
* @exception NoSuchRealmException If the configuration parameters
* specify a realm which doesn't exist.
*/
public synchronized void init(Properties props) throws BadRealmException, NoSuchRealmException {
super.init(props);
String url = props.getProperty(PARAM_DIRURL);
String dn = props.getProperty(PARAM_USERDN);
String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);
if (url == null || dn == null || jaasCtx == null) {
String msg = sm.getString("ldaprealm.badconfig", url, dn, jaasCtx);
throw new BadRealmException(msg);
}
this.setProperty(PARAM_DIRURL, url);
ldapBindProps.setProperty(Context.PROVIDER_URL, url);
this.setProperty(PARAM_USERDN, dn);
this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);
String mode = props.getProperty(PARAM_MODE, MODE_DEFAULT);
if (!MODE_DEFAULT.equals(mode)) {
String msg = sm.getString("ldaprealm.badmode", mode);
throw new BadRealmException(msg);
}
this.setProperty(PARAM_MODE, mode);
String ctxF = props.getProperty(PARAM_JNDICF, JNDICF_DEFAULT);
this.setProperty(PARAM_JNDICF, ctxF);
ldapBindProps.setProperty(Context.INITIAL_CONTEXT_FACTORY, ctxF);
String searchFilter = props.getProperty(PARAM_SEARCH_FILTER, SEARCH_FILTER_DEFAULT);
this.setProperty(PARAM_SEARCH_FILTER, searchFilter);
String grpDN = props.getProperty(PARAM_GRPDN, dn);
this.setProperty(PARAM_GRPDN, grpDN);
String grpSearchFilter = props.getProperty(PARAM_GRP_SEARCH_FILTER, GRP_SEARCH_FILTER_DEFAULT);
this.setProperty(PARAM_GRP_SEARCH_FILTER, grpSearchFilter);
String dynGrpSearchFilter = props.getProperty(PARAM_DYNAMIC_GRP_FILTER, SEARCH_FILTER_DEFAULT);
this.setProperty(PARAM_DYNAMIC_GRP_FILTER, dynGrpSearchFilter);
String grpTarget = props.getProperty(PARAM_GRP_TARGET, GRP_TARGET_DEFAULT);
this.setProperty(PARAM_GRP_TARGET, grpTarget);
String dynGrpTarget = props.getProperty(PARAM_DYNAMIC_GRP_TARGET, DYNAMIC_GRP_TARGET_DEFAULT);
this.setProperty(PARAM_DYNAMIC_GRP_TARGET, dynGrpTarget);
String objectFactory = props.getProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, DYNAMIC_GROUP_OBJECT_FACTORY);
this.setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, objectFactory);
ldapBindProps.setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, objectFactory);
String stateFactory = props.getProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, DYNAMIC_GROUP_STATE_FACTORY);
this.setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, stateFactory);
ldapBindProps.setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, stateFactory);
String bindDN = props.getProperty(PARAM_BINDDN);
if (bindDN != null) {
this.setProperty(PARAM_BINDDN, bindDN);
ldapBindProps.setProperty(Context.SECURITY_PRINCIPAL, bindDN);
}
String bindPWD = props.getProperty(PARAM_BINDPWD);
if (bindPWD != null) {
// If the passwors is aliased, de-alias it
try {
bindPWD = RelativePathResolver.getRealPasswordFromAlias(bindPWD);
} catch (Exception ex) {
_logger.log(Level.WARNING, "ldaprealm.pwd.dealiasing.failed", ex);
}
this.setProperty(PARAM_BINDPWD, bindPWD);
ldapBindProps.setProperty(Context.SECURITY_CREDENTIALS, bindPWD);
}
Enumeration penum = props.propertyNames();
while (penum.hasMoreElements()) {
String propName = (String) penum.nextElement();
if (propName.startsWith("java.naming.") || propName.startsWith("javax.security.") || propName.startsWith("com.sun.jndi.ldap.")) {
ldapBindProps.setProperty(propName, props.getProperty(propName));
} else if (propName.startsWith(SUN_JNDI_POOL_) && !SUN_JNDI_POOL_MAXSIZE.equals(propName)) {
if (System.getProperty(propName) == null) {
System.setProperty(propName, props.getProperty(propName));
}
}
}
String poolSize = Integer.getInteger(PARAM_POOLSIZE, POOLSIZE_DEFAULT).toString();
String sunPoolSizeStr = props.getProperty(SUN_JNDI_POOL_MAXSIZE, poolSize);
// Precedence rule: SUN_JNDI_POOL_MAXSIZE > PARAM_POOLSIZE > POOLSIZE_DEFAULT
try {
sunPoolSizeStr = Integer.valueOf(sunPoolSizeStr).toString();
} catch (Exception ex) {
sunPoolSizeStr = poolSize;
}
if (System.getProperty(SUN_JNDI_POOL_MAXSIZE) == null) {
System.setProperty(SUN_JNDI_POOL_MAXSIZE, sunPoolSizeStr);
}
this.setProperty(PARAM_POOLSIZE, sunPoolSizeStr);
String usePool = props.getProperty(SUN_JNDI_POOL, "true");
ldapBindProps.setProperty(SUN_JNDI_POOL, usePool);
if (url.startsWith(LDAPS_URL)) {
ldapBindProps.setProperty(LDAP_SOCKET_FACTORY, DEFAULT_SSL_LDAP_SOCKET_FACTORY);
if (System.getProperty(SUN_JNDI_POOL_PROTOCOL) == null) {
System.setProperty(SUN_JNDI_POOL_PROTOCOL, DEFAULT_POOL_PROTOCOL);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "LDAPRealm : Using custom socket factory for SSL with pooling");
}
}
if (_logger.isLoggable(Level.FINE)) {
Properties tempProps = (Properties) ldapBindProps.clone();
tempProps.remove(Context.SECURITY_CREDENTIALS);
_logger.log(Level.FINE, "LDAPRealm : " + tempProps);
}
groupCache = new HashMap();
emptyVector = new Vector();
}
use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.
the class ChangeAdminPassword method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("change.admin.password.adminrealmnotsupported", "Configured admin realm is not supported."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("change.admin.password.keyfilenotfound", "There is no physical file associated with admin realm"));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// We have the right impl so let's get to updating existing user
FileRealm fr = null;
try {
realmsManager.createRealms(config);
fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), fileAuthRealm.getName());
if (fr == null) {
throw new NoSuchRealmException(fileAuthRealm.getName());
}
} catch (NoSuchRealmException e) {
report.setMessage(localStrings.getLocalString("change.admin.password.realmnotsupported", "Configured admin realm does not exist.") + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
// now updating admin user password
try {
Enumeration en = fr.getGroupNames(userName);
int size = 0;
while (en.hasMoreElements()) {
size++;
en.nextElement();
}
String[] groups = new String[size];
en = fr.getGroupNames(userName);
for (int i = 0; i < size; i++) {
groups[i] = (String) en.nextElement();
}
fr.updateUser(userName, userName, newpassword.toCharArray(), groups);
fr.persist();
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (Exception e) {
report.setMessage(localStrings.getLocalString("change.admin.password.userupdatefailed", "Password change failed for user named {0}", userName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
use of com.sun.enterprise.security.auth.realm.NoSuchRealmException in project Payara by payara.
the class DigestLoginModule method login.
public final boolean login() throws LoginException {
Set<Object> creds = this.subject.getPrivateCredentials();
Iterator<Object> itr = creds.iterator();
while (itr.hasNext()) {
Object obj = itr.next();
if (obj instanceof DigestCredentials) {
digestCredentials = (DigestCredentials) obj;
break;
} else if (obj instanceof com.sun.enterprise.security.auth.login.DigestCredentials) {
com.sun.enterprise.security.auth.login.DigestCredentials dc = (com.sun.enterprise.security.auth.login.DigestCredentials) obj;
digestCredentials = new DigestCredentials(dc.getRealmName(), dc.getUserName(), dc.getParameters());
}
}
if (digestCredentials == null) {
throw new LoginException();
}
DigestAlgorithmParameter[] params = digestCredentials.getParameters();
String username = digestCredentials.getUserName();
try {
_realm = Realm.getInstance(digestCredentials.getRealmName());
} catch (NoSuchRealmException ex) {
_logger.log(Level.FINE, "", ex);
_logger.log(Level.SEVERE, "no.realm", digestCredentials.getRealmName());
throw new LoginException(ex.getMessage());
}
if (_realm instanceof DigestRealm) {
if (((DigestRealm) _realm).validate(username, params)) {
// change to pass Password Validator
_succeeded = true;
}
} else {
_logger.log(Level.SEVERE, "digest.realm", digestCredentials.getRealmName());
throw new LoginException("Realm" + digestCredentials.getRealmName() + " does not support Digest validation");
}
return _succeeded;
}
Aggregations