Search in sources :

Example 6 with FileRealm

use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.

the class SecureAdminHelperImpl method adminRealm.

private FileRealm adminRealm() throws BadRealmException, NoSuchRealmException {
    final AuthRealm ar = as.getAssociatedAuthRealm();
    if (FileRealm.class.getName().equals(ar.getClassname())) {
        String adminKeyFilePath = ar.getPropertyValue("file");
        FileRealm fr = new FileRealm(adminKeyFilePath);
        return fr;
    }
    return null;
}
Also used : AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)

Example 7 with FileRealm

use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.

the class FileLoginModule method authenticate.

/**
 * Perform file authentication. Delegates to FileRealm.
 *
 * @throws LoginException If login fails (JAAS login() behavior).
 */
protected void authenticate() throws LoginException {
    if (!(_currentRealm instanceof FileRealm)) {
        String msg = sm.getString("filelm.badrealm");
        throw new LoginException(msg);
    }
    FileRealm fileRealm = (FileRealm) _currentRealm;
    String[] grpList = fileRealm.authenticate(_username, getPasswordChar());
    if (grpList == null) {
        // JAAS behavior
        String msg = sm.getString("filelm.faillogin", _username);
        throw new LoginException(msg);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "File login succeeded for: " + _username);
    }
    commitAuthentication(_username, getPasswordChar(), _currentRealm, grpList);
}
Also used : LoginException(javax.security.auth.login.LoginException) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)

Example 8 with FileRealm

use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.

the class ChangeAdminPassword method execute.

/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are the paramter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    // Get FileRealm class name, match it with what is expected.
    String fileRealmClassName = fileAuthRealm.getClassname();
    // Report error if provided impl is not the one expected
    if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
        report.setMessage(localStrings.getLocalString("change.admin.password.adminrealmnotsupported", "Configured admin realm is not supported."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // ensure we have the file associated with the authrealm
    String keyFile = null;
    for (Property fileProp : fileAuthRealm.getProperty()) {
        if (fileProp.getName().equals("file"))
            keyFile = fileProp.getValue();
    }
    if (keyFile == null) {
        report.setMessage(localStrings.getLocalString("change.admin.password.keyfilenotfound", "There is no physical file associated with admin realm"));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // We have the right impl so let's get to updating existing user
    FileRealm fr = null;
    try {
        realmsManager.createRealms(config);
        fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), fileAuthRealm.getName());
        if (fr == null) {
            throw new NoSuchRealmException(fileAuthRealm.getName());
        }
    } catch (NoSuchRealmException e) {
        report.setMessage(localStrings.getLocalString("change.admin.password.realmnotsupported", "Configured admin realm does not exist.") + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
        return;
    }
    // now updating admin user password
    try {
        Enumeration en = fr.getGroupNames(userName);
        int size = 0;
        while (en.hasMoreElements()) {
            size++;
            en.nextElement();
        }
        String[] groups = new String[size];
        en = fr.getGroupNames(userName);
        for (int i = 0; i < size; i++) {
            groups[i] = (String) en.nextElement();
        }
        fr.updateUser(userName, userName, newpassword.toCharArray(), groups);
        fr.persist();
        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
    } catch (Exception e) {
        report.setMessage(localStrings.getLocalString("change.admin.password.userupdatefailed", "Password change failed for user named {0}", userName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
    }
}
Also used : NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) Enumeration(java.util.Enumeration) ActionReport(org.glassfish.api.ActionReport) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) Property(org.jvnet.hk2.config.types.Property) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)

Example 9 with FileRealm

use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.

the class CreateFileUser method execute.

/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are the paramter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    // Get FileRealm class name, match it with what is expected.
    String fileRealmClassName = fileAuthRealm.getClassname();
    // Report error if provided impl is not the one expected
    if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
        report.setMessage(localStrings.getLocalString("create.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // ensure we have the file associated with the authrealm
    String keyFile = null;
    for (Property fileProp : fileAuthRealm.getProperty()) {
        if (fileProp.getName().equals("file"))
            keyFile = fileProp.getValue();
    }
    final String kf = keyFile;
    if (keyFile == null) {
        report.setMessage(localStrings.getLocalString("create.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    boolean exists = (new File(kf)).exists();
    if (!exists) {
        report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { kf, authRealmName }));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // Now get all inputs ready. userid and groups are straightforward but
    // password is tricky. It is stored in the file passwordfile passed
    // through the CLI options. It is stored under the name
    // AS_ADMIN_USERPASSWORD. Fetch it from there.
    // fetchPassword(report);
    final String password = userpassword;
    if (password == null) {
        report.setMessage(localStrings.getLocalString("create.file.user.keyfilenotreadable", "Password for user {0} " + "has to be specified in --userpassword option or supplied " + "through AS_ADMIN_USERPASSWORD property in the file specified " + "in --passwordfile option", userName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // Issue 17525 Fix - Check for null passwords for admin-realm if secureadmin is enabled
    secureAdmin = domain.getSecureAdmin();
    if ((SecureAdmin.Util.isEnabled(secureAdmin)) && (authRealmName.equals(adminService.getAuthRealmName()))) {
        if (password.isEmpty()) {
            report.setMessage(localStrings.getLocalString("null_empty_password", "The admin user password is null or empty"));
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
    }
    // now adding user
    try {
        // even though create-file-user is not an update to the security-service
        // do we need to make it transactional by referncing the securityservice
        // hypothetically ?.
        ConfigSupport.apply(new SingleConfigCode<SecurityService>() {

            public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
                try {
                    realmsManager.createRealms(config);
                    // If the (shared) keyfile is updated by an external process, load the users first
                    refreshRealm(config.getName(), authRealmName);
                    final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
                    CreateFileUser.handleAdminGroup(authRealmName, groups);
                    String[] groups1 = groups.toArray(new String[groups.size()]);
                    try {
                        fr.addUser(userName, password.toCharArray(), groups1);
                    } catch (BadRealmException br) {
                        if (se != null && se.isDas()) {
                            throw new BadRealmException(br);
                        }
                    }
                    fr.persist();
                    report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
                } catch (Exception e) {
                    String localalizedErrorMsg = (e.getLocalizedMessage() == null) ? "" : e.getLocalizedMessage();
                    report.setMessage(localStrings.getLocalString("create.file.user.useraddfailed", "Adding User {0} to the file realm {1} failed", userName, authRealmName) + "  " + localalizedErrorMsg);
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    report.setFailureCause(e);
                }
                return null;
            }
        }, securityService);
    } catch (Exception e) {
        report.setMessage(localStrings.getLocalString("create.file.user.useraddfailed", "Adding User {0} to the file realm {1} failed", userName, authRealmName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
    }
}
Also used : TransactionFailure(org.jvnet.hk2.config.TransactionFailure) ActionReport(org.glassfish.api.ActionReport) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) PropertyVetoException(java.beans.PropertyVetoException) PropertyVetoException(java.beans.PropertyVetoException) BadRealmException(com.sun.enterprise.security.auth.realm.BadRealmException) SecurityService(com.sun.enterprise.config.serverbeans.SecurityService) Property(org.jvnet.hk2.config.types.Property) File(java.io.File)

Example 10 with FileRealm

use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.

the class ListFileGroup method getFileRealm.

private FileRealm getFileRealm(final SecurityService securityService, AuthRealm fileAuthRealm, ActionReport report) {
    // Get FileRealm class name, match it with what is expected.
    String fileRealmClassName = fileAuthRealm.getClassname();
    // Report error if provided impl is not the one expected
    if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
        report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return null;
    }
    // ensure we have the file associated with the authrealm
    String keyFile = null;
    for (Property fileProp : fileAuthRealm.getProperty()) {
        if (fileProp.getName().equals("file"))
            keyFile = fileProp.getValue();
    }
    if (keyFile == null) {
        report.setMessage(localStrings.getLocalString("list.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return null;
    }
    // We have the right impl so let's try to remove one
    FileRealm fr = null;
    try {
        realmsManager.createRealms(config);
        fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
        if (fr == null) {
            throw new NoSuchRealmException(authRealmName);
        }
    } catch (NoSuchRealmException e) {
        report.setMessage(localStrings.getLocalString("list.file.user.realmnotsupported", "Configured file realm {0} is not supported.", authRealmName) + "  " + e.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(e);
    }
    return fr;
}
Also used : NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) Property(org.jvnet.hk2.config.types.Property)

Aggregations

FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)12 ActionReport (org.glassfish.api.ActionReport)6 Property (org.jvnet.hk2.config.types.Property)6 File (java.io.File)5 BadRealmException (com.sun.enterprise.security.auth.realm.BadRealmException)4 NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)4 Enumeration (java.util.Enumeration)4 AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)3 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)3 LoginException (javax.security.auth.login.LoginException)3 SecurityService (com.sun.enterprise.config.serverbeans.SecurityService)2 PropertyVetoException (java.beans.PropertyVetoException)2 IOException (java.io.IOException)2 ServerNotActiveException (java.rmi.server.ServerNotActiveException)2 RemoteAdminAccessException (org.glassfish.internal.api.RemoteAdminAccessException)2 TransactionFailure (org.jvnet.hk2.config.TransactionFailure)2 FileRealmUser (com.sun.enterprise.security.auth.realm.file.FileRealmUser)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1