Example 1 with FileRealm
use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.
the class GenericAdminAuthenticator method postConstruct.
@Override
public synchronized void postConstruct() {
secureAdmin = domain.getSecureAdmin();
// Ensure that the admin password is set as required
if (as.usesFileRealm()) {
try {
AuthRealm ar = as.getAssociatedAuthRealm();
if (FileRealm.class.getName().equals(ar.getClassname())) {
String adminKeyFilePath = ar.getPropertyValue("file");
FileRealm fr = new FileRealm(adminKeyFilePath);
if (!fr.hasAuthenticatableUser()) {
ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mSecureAdminEmptyPassword);
throw new IllegalStateException(ADMSEC_LOGGER.getResourceBundle().getString(AdminLoggerInfo.mSecureAdminEmptyPassword));
}
}
} catch (Exception ex) {
ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mUnexpectedException, ex);
throw new RuntimeException(ex);
}
}
}
Also used :
AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
LoginException(javax.security.auth.login.LoginException)
ServerNotActiveException(java.rmi.server.ServerNotActiveException)
RemoteAdminAccessException(org.glassfish.internal.api.RemoteAdminAccessException)
IOException(java.io.IOException)
Example 2 with FileRealm
use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.
the class DeleteFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("delete.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
final String kFile = keyFile;
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("delete.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(kFile)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { kFile, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// hypothetically ?.
try {
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
try {
realmsManager.createRealms(config);
final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
fr.removeUser(userName);
fr.persist();
CreateFileUser.refreshRealm(config.getName(), authRealmName);
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (NoSuchUserException e) {
report.setMessage(localStrings.getLocalString("delete.file.user.usernotfound", "There is no such existing user {0} in the file realm {1}.", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
} catch (BadRealmException e) {
report.setMessage(localStrings.getLocalString("delete.file.user.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
} catch (Exception e) {
e.printStackTrace();
report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
return null;
}
}, securityService);
} catch (Exception e) {
report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
Also used :
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
ActionReport(org.glassfish.api.ActionReport)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
PropertyVetoException(java.beans.PropertyVetoException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
PropertyVetoException(java.beans.PropertyVetoException)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
SecurityService(com.sun.enterprise.config.serverbeans.SecurityService)
Property(org.jvnet.hk2.config.types.Property)
File(java.io.File)
Example 3 with FileRealm
use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.
the class ListFileGroup method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
try {
// Get all users of this file realm. If a username has
// been passed in through the --name CLI option use that
FileRealm fr = getFileRealm(securityService, fileAuthRealm, report);
if (fr == null) {
// in the right cause of this situation
return;
}
Enumeration groups = null;
if (fileUserName != null) {
fr.getUser(fileUserName);
groups = fr.getGroupNames(fileUserName);
} else {
groups = fr.getGroupNames();
}
report.getTopMessagePart().setMessage(localStrings.getLocalString("list.file.group.success", "list-file-groups successful"));
report.getTopMessagePart().setChildrenType("file-group");
while (groups.hasMoreElements()) {
final ActionReport.MessagePart part = report.getTopMessagePart().addChild();
part.setMessage((String) groups.nextElement());
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (BadRealmException e) {
report.setMessage(localStrings.getLocalString("list.file.group.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
} catch (NoSuchUserException e) {
report.setMessage(localStrings.getLocalString("list.file.group.usernotfound", "Specified file user {0} not found.", fileUserName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
Also used :
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
Enumeration(java.util.Enumeration)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
ActionReport(org.glassfish.api.ActionReport)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
Example 4 with FileRealm
use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.
the class UpdateFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("update.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("update.file.user.keyfilenotfound", "There is no physical file associated with file realm {0}", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(keyFile)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { keyFile, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// Now get all inputs ready. userid and groups are straightforward but
// password is tricky. It is stored in the file passwordfile passed
// through the CLI options. It is stored under the name
// AS_ADMIN_USERPASSWORD. Fetch it from there.
// fetchPassword(report);
String password = userpassword;
if (password == null && groups == null) {
report.setMessage(localStrings.getLocalString("update.file.user.keyfilenotreadable", "None of password or groups have been specified for update," + "Password for user {0} has to be specified" + "through AS_ADMIN_USERPASSWORD property in the file specified " + "in --passwordfile option", userName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// Issue 17525 Fix - Check for null passwords for admin-realm if secureadmin is enabled
if (password != null) {
secureAdmin = domain.getSecureAdmin();
if ((SecureAdmin.Util.isEnabled(secureAdmin)) && (adminService.getAuthRealmName().equals(authRealmName))) {
if ((password.isEmpty())) {
report.setMessage(localStrings.getLocalString("null_empty_password", "The admin user password is empty"));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
// even though update-file-user is not an update to the security-service
// do we need to make it transactional by referncing the securityservice
// hypothetically ?.
// TODO: check and enclose the code below inside ConfigSupport.apply(...)
FileRealm fr = null;
try {
realmsManager.createRealms(config);
fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
if (fr == null) {
throw new NoSuchRealmException(authRealmName);
}
} catch (NoSuchRealmException e) {
report.setMessage(localStrings.getLocalString("update.file.user.realmnotsupported", "Configured file realm {0} does not exist.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
// now updating user
try {
CreateFileUser.handleAdminGroup(authRealmName, groups);
String[] groups1 = (groups == null) ? null : groups.toArray(new String[groups.size()]);
fr.updateUser(userName, userName, password, groups1);
fr.persist();
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (Exception e) {
report.setMessage(localStrings.getLocalString("update.file.user.userupdatefailed", "Updating user {0} in file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
Also used :
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
ActionReport(org.glassfish.api.ActionReport)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
Property(org.jvnet.hk2.config.types.Property)
File(java.io.File)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
Example 5 with FileRealm
use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.
the class ListFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("list.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(keyFile)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { keyFile, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// We have the right impl so let's try to remove one
FileRealm fr = null;
try {
realmsManager.createRealms(config);
// account for updates to realms from outside this config sharing
// same keyfile
CreateFileUser.refreshRealm(config.getName(), authRealmName);
fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
if (fr == null) {
throw new NoSuchRealmException(authRealmName);
}
} catch (NoSuchRealmException e) {
report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
try {
Enumeration users = fr.getUserNames();
List userList = new ArrayList();
while (users.hasMoreElements()) {
final ActionReport.MessagePart part = report.getTopMessagePart().addChild();
String userName = (String) users.nextElement();
part.setMessage(userName);
Map userMap = new HashMap();
userMap.put("name", userName);
try {
userMap.put("groups", Collections.list(fr.getGroupNames(userName)));
} catch (NoSuchUserException ex) {
// This should never be thrown since we just got the user name from the realm
}
userList.add(userMap);
}
Properties extraProperties = new Properties();
extraProperties.put("users", userList);
report.setExtraProperties(extraProperties);
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (BadRealmException e) {
report.setMessage(localStrings.getLocalString("list.file.user.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
Also used :
Enumeration(java.util.Enumeration)
HashMap(java.util.HashMap)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
ArrayList(java.util.ArrayList)
ActionReport(org.glassfish.api.ActionReport)
FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)
Properties(java.util.Properties)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Property(org.jvnet.hk2.config.types.Property)
File(java.io.File)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)12
ActionReport (org.glassfish.api.ActionReport)6
Property (org.jvnet.hk2.config.types.Property)6
File (java.io.File)5
BadRealmException (com.sun.enterprise.security.auth.realm.BadRealmException)4
NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)4
Enumeration (java.util.Enumeration)4
AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)3
NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)3
LoginException (javax.security.auth.login.LoginException)3
SecurityService (com.sun.enterprise.config.serverbeans.SecurityService)2
PropertyVetoException (java.beans.PropertyVetoException)2
IOException (java.io.IOException)2
ServerNotActiveException (java.rmi.server.ServerNotActiveException)2
RemoteAdminAccessException (org.glassfish.internal.api.RemoteAdminAccessException)2
TransactionFailure (org.jvnet.hk2.config.TransactionFailure)2
FileRealmUser (com.sun.enterprise.security.auth.realm.file.FileRealmUser)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
List (java.util.List)1
