Search in sources :

Example 11 with Realm

use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.

the class SynchronizeRealmFromConfig method execute.

@Override
public void execute(AdminCommandContext context) {
    Config realConfig = null;
    try {
        realConfig = configs.getConfigByName(target);
    } catch (Exception ex) {
    }
    if (realConfig == null) {
        Server targetServer = domain.getServerNamed(target);
        if (targetServer != null) {
            realConfig = domain.getConfigNamed(targetServer.getConfigRef());
        }
        com.sun.enterprise.config.serverbeans.Cluster cluster = domain.getClusterNamed(target);
        if (cluster != null) {
            realConfig = domain.getConfigNamed(cluster.getConfigRef());
        }
    }
    ActionReport report = context.getActionReport();
    try {
        // TODO: can i use realConfig.equals(config) instead
        if (realConfig.getName().equals(config.getName())) {
            this.setRestartRequired(report);
            return;
        }
        // this is not an active config so try and update the backend
        // directly
        Realm realm = realmsManager.getFromLoadedRealms(realConfig.getName(), realmName);
        if (realm == null) {
            // realm is not loaded yet
            report.setMessage(_localStrings.getLocalString("REALM_SYNCH_SUCCESSFUL", "Synchronization of Realm {0} from Configuration Successful.", realmName));
            report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
            return;
        }
        // now we really need to update the realm in the backend from the config.
        realmsManager.removeFromLoadedRealms(realConfig.getName(), realmName);
        boolean done = this.instantiateRealm(realConfig, realmName);
        if (done) {
            report.setMessage(_localStrings.getLocalString("REALM_SYNCH_SUCCESSFUL", "Synchronization of Realm {0} from Configuration Successful.", new Object[] { realmName }));
            report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
            return;
        }
    } catch (BadRealmException ex) {
        // throw new RuntimeException(ex);
        report.setFailureCause(ex);
        report.setActionExitCode(ExitCode.FAILURE);
    } catch (NoSuchRealmException ex) {
        // throw new RuntimeException(ex);
        report.setFailureCause(ex);
        report.setActionExitCode(ExitCode.FAILURE);
    } catch (Exception ex) {
        report.setFailureCause(ex);
        report.setActionExitCode(ExitCode.FAILURE);
    }
}
Also used : Server(com.sun.enterprise.config.serverbeans.Server) Config(com.sun.enterprise.config.serverbeans.Config) ActionReport(org.glassfish.api.ActionReport) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm) Realm(com.sun.enterprise.security.auth.realm.Realm)

Example 12 with Realm

use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.

the class WebAndEjbToJaasBridge method doX500Login.

/**
 * A special case login for X500Name credentials.This is invoked for
 * certificate login because the containers extract the X.500 name from the
 * X.509 certificate before calling into this class.
 *
 * @param subject
 * @param realmName
 * @param appModuleID
 * @throws LoginException when login fails
 */
public static void doX500Login(Subject subject, String realmName, String appModuleID) {
    LOGGER.finest(() -> String.format("doX500Login(subject=%s, realmName=%s, appModuleID=%s)", subject, realmName, appModuleID));
    String user = null;
    try {
        X500Principal x500principal = getPublicCredentials(subject, X500Principal.class);
        if (x500principal == null) {
            // Should never happen
            return;
        }
        user = x500principal.getName(X500Principal.RFC2253, OID.getOIDMap());
        // In the RI-inherited implementation this directly creates
        // some credentials and sets the security context.
        // 
        // This means that the certificate realm does not get an opportunity to
        // process the request. While the realm will not do any authentication
        // (already done by this point) it can choose to adjust the groups or principal
        // name or other variables of the security context.
        // 
        // Of course, bug 4646134 needs to be kept in mind at all times, even though time has
        // forgotten what 4646134 was.
        Realm realm = Realm.getInstance(realmName);
        if (realm instanceof CertificateRealm) {
            // Should always be true
            CertificateRealm certRealm = (CertificateRealm) realm;
            String jaasCtx = certRealm.getJAASContext();
            if (jaasCtx != null) {
                // The subject has the certificate Credential.
                new LoginContext(jaasCtx, subject, new ServerLoginCallbackHandler(user, null, appModuleID)).login();
            }
            // The name that the cert realm decided to set as the caller principal name
            user = certRealm.authenticate(subject, x500principal);
            auditAuthenticate(user, realmName, true);
        } else {
            // Should never come here
            LOGGER.warning(certLoginBadRealmError);
            setSecurityContext(user, subject, realmName);
        }
        if (LOGGER.isLoggable(FINE)) {
            LOGGER.log(FINE, "X.500 name login succeeded for : {0}", user);
        }
    } catch (LoginException le) {
        auditAuthenticate(user, realmName, false);
        throw le;
    } catch (Exception ex) {
        throw (LoginException) new LoginException(ex.toString()).initCause(ex);
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) X500Principal(javax.security.auth.x500.X500Principal) LoginContextDriver.throwLoginException(com.sun.enterprise.security.auth.login.LoginContextDriver.throwLoginException) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) LoginContextDriver.getValidRealm(com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) Realm(com.sun.enterprise.security.auth.realm.Realm) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) ServerLoginCallbackHandler(com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler) LoginContextDriver.throwLoginException(com.sun.enterprise.security.auth.login.LoginContextDriver.throwLoginException) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)

Example 13 with Realm

use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.

the class LoginContextDriver method doX500Login.

/**
 * A special case login for X500Name credentials.
 * This is invoked for certificate login because the containers
 * extract the X.500 name from the X.509 certificate before calling
 * into this class.
 */
public static void doX500Login(Subject s, String appModuleID) throws LoginException {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("Processing X.500 name login.");
    }
    String user = null;
    String realm_name = null;
    try {
        X500Name x500name = (X500Name) getPublicCredentials(s, X500Name.class);
        user = x500name.getName();
        // In the RI-inherited implementation this directly creates
        // some credentials and sets the security context. This means
        // that the certificate realm does not get an opportunity to
        // process the request. While the realm will not do any
        // authentication (already done by this point) it can choose
        // to adjust the groups or principal name or other variables
        // of the security context. Of course, bug 4646134 needs to be
        // kept in mind at all times.
        Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
        if (realm instanceof CertificateRealm) {
            // should always be true
            CertificateRealm certRealm = (CertificateRealm) realm;
            String jaasCtx = certRealm.getJAASContext();
            if (jaasCtx != null) {
                // The subject has the Cretificate Credential.
                LoginContext lg = new LoginContext(jaasCtx, s, new ServerLoginCallbackHandler(user, null, appModuleID));
                lg.login();
            }
            certRealm.authenticate(s, x500name);
            realm_name = CertificateRealm.AUTH_TYPE;
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(user, realm_name, true);
            }
        } else {
            _logger.warning(SecurityLoggerInfo.certLoginBadRealmError);
            realm_name = realm.getName();
            setSecurityContext(user, s, realm_name);
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("X.500 name login succeeded for : " + user);
        }
    } catch (LoginException le) {
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(user, realm_name, false);
        }
        throw le;
    } catch (Exception ex) {
        throw (LoginException) new LoginException(ex.toString()).initCause(ex);
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) X500Name(sun.security.x509.X500Name) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) Realm(com.sun.enterprise.security.auth.realm.Realm) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) ServerLoginCallbackHandler(com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)

Example 14 with Realm

use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.

the class SecurityUtil method removeUser.

public void removeUser(String realmName, String user) {
    checkSupportsUserManagement(realmName);
    try {
        Realm realm = getRealm(realmName);
        realm.removeUser(user);
        realm.persist();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : Realm(com.sun.enterprise.security.auth.realm.Realm) AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm)

Example 15 with Realm

use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.

the class RealmsImpl method addUser.

public void addUser(String realmName, String user, String password, String[] groupList) {
    checkSupportsUserManagement(realmName);
    try {
        Realm realm = getRealm(realmName);
        realm.addUser(user, password.toCharArray(), groupList);
        realm.persist();
    } catch (final Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm) Realm(com.sun.enterprise.security.auth.realm.Realm)

Aggregations

Realm (com.sun.enterprise.security.auth.realm.Realm)15 AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)10 NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)8 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)5 InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)5 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)5 CertificateRealm (com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)5 PrivilegedAction (java.security.PrivilegedAction)3 Subject (javax.security.auth.Subject)3 LoginContext (javax.security.auth.login.LoginContext)3 ServerLoginCallbackHandler (com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler)2 Enumeration (java.util.Enumeration)2 Properties (java.util.Properties)2 X500Principal (javax.security.auth.x500.X500Principal)2 Group (org.glassfish.security.common.Group)2 Property (org.jvnet.hk2.config.types.Property)2 X500Name (sun.security.x509.X500Name)2 GSSUPName (com.sun.enterprise.common.iiop.security.GSSUPName)1 Config (com.sun.enterprise.config.serverbeans.Config)1 Server (com.sun.enterprise.config.serverbeans.Server)1