Search in sources :

Example 11 with FileRealm

use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.

the class SecureAdminHelperImpl method isAnyAdminUserWithoutPassword.

/**
 * Returns whether at least one admin user has an empty password.
 *
 * @return true if at least one admin user has an empty password; false otherwise
 * @throws BadRealmException
 * @throws NoSuchRealmException
 * @throws NoSuchUserException
 */
@Override
public boolean isAnyAdminUserWithoutPassword() throws Exception {
    final FileRealm adminRealm = adminRealm();
    /*
         * If the user has configured the admin realm to use a realm other than 
         * the default file realm bypass the check that makes sure no admin users have
         * an empty password.
         */
    if (adminRealm == null) {
        return false;
    }
    for (final Enumeration<String> e = adminRealm.getUserNames(); e.hasMoreElements(); ) {
        final String username = e.nextElement();
        /*
                * Try to authenticate this user with an empty password.  If it 
                * works we can stop.
                */
        final String[] groupNames = adminRealm.authenticate(username, emptyPassword);
        if (groupNames != null) {
            for (String groupName : groupNames) {
                if (DOMAIN_ADMIN_GROUP_NAME.equals(groupName)) {
                    return true;
                }
            }
        }
    }
    return false;
}
Also used : FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm)

Example 12 with FileRealm

use of com.sun.enterprise.security.auth.realm.file.FileRealm in project Payara by payara.

the class GenericAdminAuthenticator method getDefaultAdminUser.

/**
 * Return the default admin user.  A default admin user only
 * exists if the admin realm is a file realm and the admin file
 * realm contains exactly one user in the admin group.  If so, that's the default
 * admin user.
 */
private String getDefaultAdminUser() {
    AuthRealm realm = as.getAssociatedAuthRealm();
    if (realm == null) {
        /*
             * If for some reason there is no admin realm available return null
             * (instead of throwing an exception).
             */
        return null;
    }
    if (!FileRealm.class.getName().equals(realm.getClassname())) {
        ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: IT'S NOT A FILE REALM");
        // can only find default admin user in file realm
        return null;
    }
    // the property named "file"
    String pv = realm.getPropertyValue("file");
    File rf = null;
    if (pv == null || !(rf = new File(pv)).exists()) {
        // an incompletely formed file property or the file property points to a non-existent file, can't allow access
        ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
        return null;
    }
    try {
        FileRealm fr = new FileRealm(rf.getAbsolutePath());
        String candidateDefaultAdminUser = null;
        for (Enumeration users = fr.getUserNames(); users.hasMoreElements(); ) {
            String au = (String) users.nextElement();
            FileRealmUser fru = (FileRealmUser) fr.getUser(au);
            for (String group : fru.getGroups()) {
                if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
                    if (candidateDefaultAdminUser != null) {
                        ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
                        return null;
                    }
                    candidateDefaultAdminUser = au;
                }
            }
        }
        if (candidateDefaultAdminUser == null) {
            ADMSEC_LOGGER.log(Level.FINE, "There are no admin users so we cannot use any as a default");
        } else {
            // there is only one admin user, in the right group, default to it
            ADMSEC_LOGGER.log(Level.FINE, "Will use \"{0}\", if needed, for a default admin user", candidateDefaultAdminUser);
        }
        return candidateDefaultAdminUser;
    } catch (Exception e) {
        ADMSEC_LOGGER.log(Level.WARNING, AdminLoggerInfo.mAdminUserSearchError, e);
        return null;
    }
}
Also used : AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm) Enumeration(java.util.Enumeration) FileRealmUser(com.sun.enterprise.security.auth.realm.file.FileRealmUser) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) File(java.io.File) LoginException(javax.security.auth.login.LoginException) ServerNotActiveException(java.rmi.server.ServerNotActiveException) RemoteAdminAccessException(org.glassfish.internal.api.RemoteAdminAccessException) IOException(java.io.IOException)

Aggregations

FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)12 ActionReport (org.glassfish.api.ActionReport)6 Property (org.jvnet.hk2.config.types.Property)6 File (java.io.File)5 BadRealmException (com.sun.enterprise.security.auth.realm.BadRealmException)4 NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)4 Enumeration (java.util.Enumeration)4 AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)3 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)3 LoginException (javax.security.auth.login.LoginException)3 SecurityService (com.sun.enterprise.config.serverbeans.SecurityService)2 PropertyVetoException (java.beans.PropertyVetoException)2 IOException (java.io.IOException)2 ServerNotActiveException (java.rmi.server.ServerNotActiveException)2 RemoteAdminAccessException (org.glassfish.internal.api.RemoteAdminAccessException)2 TransactionFailure (org.jvnet.hk2.config.TransactionFailure)2 FileRealmUser (com.sun.enterprise.security.auth.realm.file.FileRealmUser)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1