use of com.sun.enterprise.security.provider.PolicyParser.GrantEntry in project Payara by payara.
the class PolicyConfigurationImpl method generatePermissions.
private void generatePermissions() throws java.io.FileNotFoundException, java.io.IOException {
if (!writeOnCommit)
return;
// otherwise proceed to write policy file
Map roleToSubjectMap = null;
SecurityRoleMapperFactory factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
if (rolePermissionsTable != null) {
// Make sure a role to subject map has been defined for the Policy Context
if (factory != null) {
// the rolemapper is stored against the
// appname, for a web app get the appname for this contextid
SecurityRoleMapper srm = factory.getRoleMapper(CONTEXT_ID);
if (srm != null) {
roleToSubjectMap = srm.getRoleToSubjectMapping();
}
if (roleToSubjectMap != null) {
// make sure all liked PC's have the same roleToSubjectMap
Set linkSet = (Set) fact.getLinkTable().get(CONTEXT_ID);
if (linkSet != null) {
Iterator it = linkSet.iterator();
while (it.hasNext()) {
String contextId = (String) it.next();
if (!CONTEXT_ID.equals(contextId)) {
SecurityRoleMapper otherSrm = factory.getRoleMapper(contextId);
Map otherRoleToSubjectMap = null;
if (otherSrm != null) {
otherRoleToSubjectMap = otherSrm.getRoleToSubjectMapping();
}
if (otherRoleToSubjectMap != roleToSubjectMap) {
String defMsg = "Linked policy contexts have different roleToSubjectMaps (" + CONTEXT_ID + ")<->(" + contextId + ")";
String msg = localStrings.getLocalString("pc.linked_with_different_role_maps", defMsg, new Object[] { CONTEXT_ID, contextId });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(defMsg);
}
}
}
}
}
}
}
if (roleToSubjectMap == null && rolePermissionsTable != null) {
String defMsg = "This application has no role mapper factory defined";
String msg = localStrings.getLocalString("pc.role_map_not_defined_at_commit", defMsg, new Object[] { CONTEXT_ID });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(localStrings.getLocalString("enterprise.deployment.deployment.norolemapperfactorydefine", defMsg));
}
PolicyParser parser = new PolicyParser(false);
// load unchecked grants in parser
if (uncheckedPermissions != null) {
Enumeration pEnum = uncheckedPermissions.elements();
if (pEnum.hasMoreElements()) {
GrantEntry grant = new GrantEntry();
while (pEnum.hasMoreElements()) {
Permission p = (Permission) pEnum.nextElement();
PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
grant.add(entry);
}
parser.add(grant);
}
}
// load role based grants in parser
if (rolePermissionsTable != null) {
Iterator roleIt = rolePermissionsTable.keySet().iterator();
while (roleIt.hasNext()) {
boolean withPrincipals = false;
String roleName = (String) roleIt.next();
Permissions rolePerms = getRolePermissions(roleName);
Subject rolePrincipals = (Subject) roleToSubjectMap.get(roleName);
if (rolePrincipals != null) {
Iterator pit = rolePrincipals.getPrincipals().iterator();
while (pit.hasNext()) {
Principal prin = (Principal) pit.next();
if (prin != null) {
withPrincipals = true;
PrincipalEntry prinEntry = new PrincipalEntry(prin.getClass().getName(), escapeName(prin.getName()));
GrantEntry grant = new GrantEntry();
grant.principals.add(prinEntry);
Enumeration pEnum = rolePerms.elements();
while (pEnum.hasMoreElements()) {
Permission perm = (Permission) pEnum.nextElement();
PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
grant.add(permEntry);
}
parser.add(grant);
} else {
String msg = localStrings.getLocalString("pc.non_principal_mapped_to_role", "non principal mapped to role " + roleName, new Object[] { prin, roleName });
logger.log(Level.WARNING, msg);
}
}
}
/**
* JACC MR8 add grant for the any authenticated user role '**'
*/
if (!withPrincipals && ("**".equals(roleName))) {
withPrincipals = true;
PrincipalEntry prinEntry = new PrincipalEntry(PrincipalEntry.WILDCARD_CLASS, PrincipalEntry.WILDCARD_NAME);
GrantEntry grant = new GrantEntry();
grant.principals.add(prinEntry);
Enumeration pEnum = rolePerms.elements();
while (pEnum.hasMoreElements()) {
Permission perm = (Permission) pEnum.nextElement();
PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
grant.add(permEntry);
}
parser.add(grant);
if (logger.isLoggable(Level.FINE)) {
logger.fine("JACC Policy Provider: added role grant for any authenticated user");
}
}
if (!withPrincipals) {
String msg = localStrings.getLocalString("pc.no_principals_mapped_to_role", "no principals mapped to role " + roleName, new Object[] { roleName });
logger.log(Level.WARNING, msg);
}
}
}
writeOnCommit = createPolicyFile(true, parser, writeOnCommit);
// load excluded perms in excluded parser
if (excludedPermissions != null) {
PolicyParser excludedParser = new PolicyParser(false);
Enumeration pEnum = excludedPermissions.elements();
if (pEnum.hasMoreElements()) {
GrantEntry grant = new GrantEntry();
while (pEnum.hasMoreElements()) {
Permission p = (Permission) pEnum.nextElement();
PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
grant.add(entry);
}
excludedParser.add(grant);
}
writeOnCommit = createPolicyFile(false, excludedParser, writeOnCommit);
}
if (!writeOnCommit)
wasRefreshed = false;
}
use of com.sun.enterprise.security.provider.PolicyParser.GrantEntry in project Payara by payara.
the class PolicyConfigurationImpl method loadExcludedPolicy.
private Permissions loadExcludedPolicy() {
Permissions result = null;
String name = getPolicyFileName(false);
FileReader reader = null;
PolicyParser parser = new PolicyParser(false);
try {
captureFileTime(false);
reader = new FileReader(name);
parser.read(reader);
} catch (java.io.FileNotFoundException fnf) {
// Just means there is no excluded Policy file, which
// is the typical case
parser = null;
} catch (java.io.IOException ioe) {
String defMsg = "Error reading Policy file: " + name;
String msg = localStrings.getLocalString("pc.file_read_error", defMsg, new Object[] { name, ioe });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(defMsg);
} catch (ParsingException pe) {
String defMsg = "Unable to parse Policy file: " + name;
String msg = localStrings.getLocalString("pc.policy_parsing_exception", defMsg, new Object[] { name, pe });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(defMsg);
} finally {
if (reader != null) {
try {
reader.close();
} catch (Exception e) {
String defMsg = "Unable to close Policy file: " + name;
String msg = localStrings.getLocalString("pc.file_close_error", defMsg, new Object[] { name, e });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(defMsg);
}
}
}
if (parser != null) {
Enumeration grants = parser.grantElements();
while (grants.hasMoreElements()) {
GrantEntry grant = (GrantEntry) grants.nextElement();
if (grant.codeBase != null || grant.signedBy != null || grant.principals.size() != 0) {
String msg = localStrings.getLocalString("pc.excluded_grant_context_ignored", "ignore excluded grant context", new Object[] { grant });
logger.log(Level.WARNING, msg);
} else {
Enumeration perms = grant.permissionEntries.elements();
while (perms.hasMoreElements()) {
PermissionEntry entry = (PermissionEntry) perms.nextElement();
Permission p = loadPermission(entry.permission, entry.name, entry.action);
if (result == null) {
result = new Permissions();
}
result.add(p);
}
}
}
}
return result;
}
Aggregations