Search in sources :

Example 1 with FileRealmUser

use of com.sun.enterprise.security.auth.realm.file.FileRealmUser in project Payara by payara.

the class GenericAdminAuthenticator method getDefaultAdminUser.

/**
 * Return the default admin user.  A default admin user only
 * exists if the admin realm is a file realm and the admin file
 * realm contains exactly one user in the admin group.  If so, that's the default
 * admin user.
 */
private String getDefaultAdminUser() {
    AuthRealm realm = as.getAssociatedAuthRealm();
    if (realm == null) {
        /*
             * If for some reason there is no admin realm available return null
             * (instead of throwing an exception).
             */
        return null;
    }
    if (!FileRealm.class.getName().equals(realm.getClassname())) {
        ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: IT'S NOT A FILE REALM");
        // can only find default admin user in file realm
        return null;
    }
    // the property named "file"
    String pv = realm.getPropertyValue("file");
    File rf = null;
    if (pv == null || !(rf = new File(pv)).exists()) {
        // an incompletely formed file property or the file property points to a non-existent file, can't allow access
        ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
        return null;
    }
    try {
        FileRealm fr = new FileRealm(rf.getAbsolutePath());
        String candidateDefaultAdminUser = null;
        for (Enumeration users = fr.getUserNames(); users.hasMoreElements(); ) {
            String au = (String) users.nextElement();
            FileRealmUser fru = (FileRealmUser) fr.getUser(au);
            for (String group : fru.getGroups()) {
                if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
                    if (candidateDefaultAdminUser != null) {
                        ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
                        return null;
                    }
                    candidateDefaultAdminUser = au;
                }
            }
        }
        if (candidateDefaultAdminUser == null) {
            ADMSEC_LOGGER.log(Level.FINE, "There are no admin users so we cannot use any as a default");
        } else {
            // there is only one admin user, in the right group, default to it
            ADMSEC_LOGGER.log(Level.FINE, "Will use \"{0}\", if needed, for a default admin user", candidateDefaultAdminUser);
        }
        return candidateDefaultAdminUser;
    } catch (Exception e) {
        ADMSEC_LOGGER.log(Level.WARNING, AdminLoggerInfo.mAdminUserSearchError, e);
        return null;
    }
}
Also used : AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm) Enumeration(java.util.Enumeration) FileRealmUser(com.sun.enterprise.security.auth.realm.file.FileRealmUser) FileRealm(com.sun.enterprise.security.auth.realm.file.FileRealm) File(java.io.File) LoginException(javax.security.auth.login.LoginException) ServerNotActiveException(java.rmi.server.ServerNotActiveException) RemoteAdminAccessException(org.glassfish.internal.api.RemoteAdminAccessException) IOException(java.io.IOException)

Aggregations

AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)1 FileRealm (com.sun.enterprise.security.auth.realm.file.FileRealm)1 FileRealmUser (com.sun.enterprise.security.auth.realm.file.FileRealmUser)1 File (java.io.File)1 IOException (java.io.IOException)1 ServerNotActiveException (java.rmi.server.ServerNotActiveException)1 Enumeration (java.util.Enumeration)1 LoginException (javax.security.auth.login.LoginException)1 RemoteAdminAccessException (org.glassfish.internal.api.RemoteAdminAccessException)1