use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.
the class SecureAdminHelperImpl method isAnyAdminUserWithoutPassword.
/**
* Returns whether at least one admin user has an empty password.
*
* @return true if at least one admin user has an empty password; false otherwise
* @throws BadRealmException
* @throws NoSuchRealmException
* @throws NoSuchUserException
*/
@Override
public boolean isAnyAdminUserWithoutPassword() throws Exception {
final FileRealm adminRealm = adminRealm();
/*
* If the user has configured the admin realm to use a realm other than
* the default file realm bypass the check that makes sure no admin users have
* an empty password.
*/
if (adminRealm == null) {
return false;
}
for (final Enumeration<String> e = adminRealm.getUserNames(); e.hasMoreElements(); ) {
final String username = e.nextElement();
/*
* Try to authenticate this user with an empty password. If it
* works we can stop.
*/
final String[] groupNames = adminRealm.authenticate(username, emptyPassword);
if (groupNames != null) {
for (String groupName : groupNames) {
if (DOMAIN_ADMIN_GROUP_NAME.equals(groupName)) {
return true;
}
}
}
}
return false;
}
use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.
the class GenericAdminAuthenticator method getDefaultAdminUser.
/**
* Return the default admin user. A default admin user only
* exists if the admin realm is a file realm and the admin file
* realm contains exactly one user in the admin group. If so, that's the default
* admin user.
*/
private String getDefaultAdminUser() {
AuthRealm realm = as.getAssociatedAuthRealm();
if (realm == null) {
/*
* If for some reason there is no admin realm available return null
* (instead of throwing an exception).
*/
return null;
}
if (!FileRealm.class.getName().equals(realm.getClassname())) {
ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: IT'S NOT A FILE REALM");
// can only find default admin user in file realm
return null;
}
// the property named "file"
String pv = realm.getPropertyValue("file");
File rf = null;
if (pv == null || !(rf = new File(pv)).exists()) {
// an incompletely formed file property or the file property points to a non-existent file, can't allow access
ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
return null;
}
try {
FileRealm fr = new FileRealm(rf.getAbsolutePath());
String candidateDefaultAdminUser = null;
for (Enumeration users = fr.getUserNames(); users.hasMoreElements(); ) {
String au = (String) users.nextElement();
FileRealmUser fru = (FileRealmUser) fr.getUser(au);
for (String group : fru.getGroups()) {
if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
if (candidateDefaultAdminUser != null) {
ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
return null;
}
candidateDefaultAdminUser = au;
}
}
}
if (candidateDefaultAdminUser == null) {
ADMSEC_LOGGER.log(Level.FINE, "There are no admin users so we cannot use any as a default");
} else {
// there is only one admin user, in the right group, default to it
ADMSEC_LOGGER.log(Level.FINE, "Will use \"{0}\", if needed, for a default admin user", candidateDefaultAdminUser);
}
return candidateDefaultAdminUser;
} catch (Exception e) {
ADMSEC_LOGGER.log(Level.WARNING, AdminLoggerInfo.mAdminUserSearchError, e);
return null;
}
}
Aggregations