Example 11 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class SynchronizeRealmFromConfig method execute.
@Override
public void execute(AdminCommandContext context) {
Config realConfig = null;
try {
realConfig = configs.getConfigByName(target);
} catch (Exception ex) {
}
if (realConfig == null) {
Server targetServer = domain.getServerNamed(target);
if (targetServer != null) {
realConfig = domain.getConfigNamed(targetServer.getConfigRef());
}
com.sun.enterprise.config.serverbeans.Cluster cluster = domain.getClusterNamed(target);
if (cluster != null) {
realConfig = domain.getConfigNamed(cluster.getConfigRef());
}
}
ActionReport report = context.getActionReport();
try {
// TODO: can i use realConfig.equals(config) instead
if (realConfig.getName().equals(config.getName())) {
this.setRestartRequired(report);
return;
}
// this is not an active config so try and update the backend
// directly
Realm realm = realmsManager.getFromLoadedRealms(realConfig.getName(), realmName);
if (realm == null) {
// realm is not loaded yet
report.setMessage(_localStrings.getLocalString("REALM_SYNCH_SUCCESSFUL", "Synchronization of Realm {0} from Configuration Successful.", realmName));
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
return;
}
// now we really need to update the realm in the backend from the config.
realmsManager.removeFromLoadedRealms(realConfig.getName(), realmName);
boolean done = this.instantiateRealm(realConfig, realmName);
if (done) {
report.setMessage(_localStrings.getLocalString("REALM_SYNCH_SUCCESSFUL", "Synchronization of Realm {0} from Configuration Successful.", new Object[] { realmName }));
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
return;
}
} catch (BadRealmException ex) {
// throw new RuntimeException(ex);
report.setFailureCause(ex);
report.setActionExitCode(ExitCode.FAILURE);
} catch (NoSuchRealmException ex) {
// throw new RuntimeException(ex);
report.setFailureCause(ex);
report.setActionExitCode(ExitCode.FAILURE);
} catch (Exception ex) {
report.setFailureCause(ex);
report.setActionExitCode(ExitCode.FAILURE);
}
}
Also used :
Server(com.sun.enterprise.config.serverbeans.Server)
Config(com.sun.enterprise.config.serverbeans.Config)
ActionReport(org.glassfish.api.ActionReport)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm)
Realm(com.sun.enterprise.security.auth.realm.Realm)
Example 12 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class WebAndEjbToJaasBridge method doX500Login.
/**
* A special case login for X500Name credentials.This is invoked for
* certificate login because the containers extract the X.500 name from the
* X.509 certificate before calling into this class.
*
* @param subject
* @param realmName
* @param appModuleID
* @throws LoginException when login fails
*/
public static void doX500Login(Subject subject, String realmName, String appModuleID) {
LOGGER.finest(() -> String.format("doX500Login(subject=%s, realmName=%s, appModuleID=%s)", subject, realmName, appModuleID));
String user = null;
try {
X500Principal x500principal = getPublicCredentials(subject, X500Principal.class);
if (x500principal == null) {
// Should never happen
return;
}
user = x500principal.getName(X500Principal.RFC2253, OID.getOIDMap());
// In the RI-inherited implementation this directly creates
// some credentials and sets the security context.
//
// This means that the certificate realm does not get an opportunity to
// process the request. While the realm will not do any authentication
// (already done by this point) it can choose to adjust the groups or principal
// name or other variables of the security context.
//
// Of course, bug 4646134 needs to be kept in mind at all times, even though time has
// forgotten what 4646134 was.
Realm realm = Realm.getInstance(realmName);
if (realm instanceof CertificateRealm) {
// Should always be true
CertificateRealm certRealm = (CertificateRealm) realm;
String jaasCtx = certRealm.getJAASContext();
if (jaasCtx != null) {
// The subject has the certificate Credential.
new LoginContext(jaasCtx, subject, new ServerLoginCallbackHandler(user, null, appModuleID)).login();
}
// The name that the cert realm decided to set as the caller principal name
user = certRealm.authenticate(subject, x500principal);
auditAuthenticate(user, realmName, true);
} else {
// Should never come here
LOGGER.warning(certLoginBadRealmError);
setSecurityContext(user, subject, realmName);
}
if (LOGGER.isLoggable(FINE)) {
LOGGER.log(FINE, "X.500 name login succeeded for : {0}", user);
}
} catch (LoginException le) {
auditAuthenticate(user, realmName, false);
throw le;
} catch (Exception ex) {
throw (LoginException) new LoginException(ex.toString()).initCause(ex);
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
X500Principal(javax.security.auth.x500.X500Principal)
LoginContextDriver.throwLoginException(com.sun.enterprise.security.auth.login.LoginContextDriver.throwLoginException)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
LoginContextDriver.getValidRealm(com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
ServerLoginCallbackHandler(com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler)
LoginContextDriver.throwLoginException(com.sun.enterprise.security.auth.login.LoginContextDriver.throwLoginException)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 13 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class LoginContextDriver method doX500Login.
/**
* A special case login for X500Name credentials.
* This is invoked for certificate login because the containers
* extract the X.500 name from the X.509 certificate before calling
* into this class.
*/
public static void doX500Login(Subject s, String appModuleID) throws LoginException {
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("Processing X.500 name login.");
}
String user = null;
String realm_name = null;
try {
X500Name x500name = (X500Name) getPublicCredentials(s, X500Name.class);
user = x500name.getName();
// In the RI-inherited implementation this directly creates
// some credentials and sets the security context. This means
// that the certificate realm does not get an opportunity to
// process the request. While the realm will not do any
// authentication (already done by this point) it can choose
// to adjust the groups or principal name or other variables
// of the security context. Of course, bug 4646134 needs to be
// kept in mind at all times.
Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
if (realm instanceof CertificateRealm) {
// should always be true
CertificateRealm certRealm = (CertificateRealm) realm;
String jaasCtx = certRealm.getJAASContext();
if (jaasCtx != null) {
// The subject has the Cretificate Credential.
LoginContext lg = new LoginContext(jaasCtx, s, new ServerLoginCallbackHandler(user, null, appModuleID));
lg.login();
}
certRealm.authenticate(s, x500name);
realm_name = CertificateRealm.AUTH_TYPE;
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(user, realm_name, true);
}
} else {
_logger.warning(SecurityLoggerInfo.certLoginBadRealmError);
realm_name = realm.getName();
setSecurityContext(user, s, realm_name);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("X.500 name login succeeded for : " + user);
}
} catch (LoginException le) {
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(user, realm_name, false);
}
throw le;
} catch (Exception ex) {
throw (LoginException) new LoginException(ex.toString()).initCause(ex);
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
X500Name(sun.security.x509.X500Name)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
ServerLoginCallbackHandler(com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 14 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class SecurityUtil method removeUser.
public void removeUser(String realmName, String user) {
checkSupportsUserManagement(realmName);
try {
Realm realm = getRealm(realmName);
realm.removeUser(user);
realm.persist();
} catch (Exception e) {
throw new RuntimeException(e);
}
}Example 15 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class RealmsImpl method addUser.
public void addUser(String realmName, String user, String password, String[] groupList) {
checkSupportsUserManagement(realmName);
try {
Realm realm = getRealm(realmName);
realm.addUser(user, password.toCharArray(), groupList);
realm.persist();
} catch (final Exception e) {
throw new RuntimeException(e);
}
}Aggregations
Realm (com.sun.enterprise.security.auth.realm.Realm)15
AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)10
NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)8
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)5
InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)5
NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)5
CertificateRealm (com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)5
PrivilegedAction (java.security.PrivilegedAction)3
Subject (javax.security.auth.Subject)3
LoginContext (javax.security.auth.login.LoginContext)3
ServerLoginCallbackHandler (com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler)2
Enumeration (java.util.Enumeration)2
Properties (java.util.Properties)2
X500Principal (javax.security.auth.x500.X500Principal)2
Group (org.glassfish.security.common.Group)2
Property (org.jvnet.hk2.config.types.Property)2
X500Name (sun.security.x509.X500Name)2
GSSUPName (com.sun.enterprise.common.iiop.security.GSSUPName)1
Config (com.sun.enterprise.config.serverbeans.Config)1
Server (com.sun.enterprise.config.serverbeans.Server)1
