Search in sources :

Example 1 with GrantEntry

use of com.sun.enterprise.security.provider.PolicyParser.GrantEntry in project Payara by payara.

the class PolicyConfigurationImpl method generatePermissions.

private void generatePermissions() throws java.io.FileNotFoundException, java.io.IOException {
    if (!writeOnCommit)
        return;
    // otherwise proceed to write policy file
    Map roleToSubjectMap = null;
    SecurityRoleMapperFactory factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
    if (rolePermissionsTable != null) {
        // Make sure a role to subject map has been defined for the Policy Context
        if (factory != null) {
            // the rolemapper is stored against the
            // appname, for a web app get the appname for this contextid
            SecurityRoleMapper srm = factory.getRoleMapper(CONTEXT_ID);
            if (srm != null) {
                roleToSubjectMap = srm.getRoleToSubjectMapping();
            }
            if (roleToSubjectMap != null) {
                // make sure all liked PC's have the same roleToSubjectMap
                Set linkSet = (Set) fact.getLinkTable().get(CONTEXT_ID);
                if (linkSet != null) {
                    Iterator it = linkSet.iterator();
                    while (it.hasNext()) {
                        String contextId = (String) it.next();
                        if (!CONTEXT_ID.equals(contextId)) {
                            SecurityRoleMapper otherSrm = factory.getRoleMapper(contextId);
                            Map otherRoleToSubjectMap = null;
                            if (otherSrm != null) {
                                otherRoleToSubjectMap = otherSrm.getRoleToSubjectMapping();
                            }
                            if (otherRoleToSubjectMap != roleToSubjectMap) {
                                String defMsg = "Linked policy contexts have different roleToSubjectMaps (" + CONTEXT_ID + ")<->(" + contextId + ")";
                                String msg = localStrings.getLocalString("pc.linked_with_different_role_maps", defMsg, new Object[] { CONTEXT_ID, contextId });
                                logger.log(Level.SEVERE, msg);
                                throw new RuntimeException(defMsg);
                            }
                        }
                    }
                }
            }
        }
    }
    if (roleToSubjectMap == null && rolePermissionsTable != null) {
        String defMsg = "This application has no role mapper factory defined";
        String msg = localStrings.getLocalString("pc.role_map_not_defined_at_commit", defMsg, new Object[] { CONTEXT_ID });
        logger.log(Level.SEVERE, msg);
        throw new RuntimeException(localStrings.getLocalString("enterprise.deployment.deployment.norolemapperfactorydefine", defMsg));
    }
    PolicyParser parser = new PolicyParser(false);
    // load unchecked grants in parser
    if (uncheckedPermissions != null) {
        Enumeration pEnum = uncheckedPermissions.elements();
        if (pEnum.hasMoreElements()) {
            GrantEntry grant = new GrantEntry();
            while (pEnum.hasMoreElements()) {
                Permission p = (Permission) pEnum.nextElement();
                PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
                grant.add(entry);
            }
            parser.add(grant);
        }
    }
    // load role based grants in parser
    if (rolePermissionsTable != null) {
        Iterator roleIt = rolePermissionsTable.keySet().iterator();
        while (roleIt.hasNext()) {
            boolean withPrincipals = false;
            String roleName = (String) roleIt.next();
            Permissions rolePerms = getRolePermissions(roleName);
            Subject rolePrincipals = (Subject) roleToSubjectMap.get(roleName);
            if (rolePrincipals != null) {
                Iterator pit = rolePrincipals.getPrincipals().iterator();
                while (pit.hasNext()) {
                    Principal prin = (Principal) pit.next();
                    if (prin != null) {
                        withPrincipals = true;
                        PrincipalEntry prinEntry = new PrincipalEntry(prin.getClass().getName(), escapeName(prin.getName()));
                        GrantEntry grant = new GrantEntry();
                        grant.principals.add(prinEntry);
                        Enumeration pEnum = rolePerms.elements();
                        while (pEnum.hasMoreElements()) {
                            Permission perm = (Permission) pEnum.nextElement();
                            PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
                            grant.add(permEntry);
                        }
                        parser.add(grant);
                    } else {
                        String msg = localStrings.getLocalString("pc.non_principal_mapped_to_role", "non principal mapped to role " + roleName, new Object[] { prin, roleName });
                        logger.log(Level.WARNING, msg);
                    }
                }
            }
            /**
             * JACC MR8 add grant for the any authenticated user role '**'
             */
            if (!withPrincipals && ("**".equals(roleName))) {
                withPrincipals = true;
                PrincipalEntry prinEntry = new PrincipalEntry(PrincipalEntry.WILDCARD_CLASS, PrincipalEntry.WILDCARD_NAME);
                GrantEntry grant = new GrantEntry();
                grant.principals.add(prinEntry);
                Enumeration pEnum = rolePerms.elements();
                while (pEnum.hasMoreElements()) {
                    Permission perm = (Permission) pEnum.nextElement();
                    PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
                    grant.add(permEntry);
                }
                parser.add(grant);
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("JACC Policy Provider: added role grant for any authenticated user");
                }
            }
            if (!withPrincipals) {
                String msg = localStrings.getLocalString("pc.no_principals_mapped_to_role", "no principals mapped to role " + roleName, new Object[] { roleName });
                logger.log(Level.WARNING, msg);
            }
        }
    }
    writeOnCommit = createPolicyFile(true, parser, writeOnCommit);
    // load excluded perms in excluded parser
    if (excludedPermissions != null) {
        PolicyParser excludedParser = new PolicyParser(false);
        Enumeration pEnum = excludedPermissions.elements();
        if (pEnum.hasMoreElements()) {
            GrantEntry grant = new GrantEntry();
            while (pEnum.hasMoreElements()) {
                Permission p = (Permission) pEnum.nextElement();
                PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
                grant.add(entry);
            }
            excludedParser.add(grant);
        }
        writeOnCommit = createPolicyFile(false, excludedParser, writeOnCommit);
    }
    if (!writeOnCommit)
        wasRefreshed = false;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Enumeration(java.util.Enumeration) SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper) PrincipalEntry(com.sun.enterprise.security.provider.PolicyParser.PrincipalEntry) Subject(javax.security.auth.Subject) SecurityRoleMapperFactory(org.glassfish.deployment.common.SecurityRoleMapperFactory) Iterator(java.util.Iterator) PermissionEntry(com.sun.enterprise.security.provider.PolicyParser.PermissionEntry) HashMap(java.util.HashMap) Map(java.util.Map) GrantEntry(com.sun.enterprise.security.provider.PolicyParser.GrantEntry)

Example 2 with GrantEntry

use of com.sun.enterprise.security.provider.PolicyParser.GrantEntry in project Payara by payara.

the class PolicyConfigurationImpl method loadExcludedPolicy.

private Permissions loadExcludedPolicy() {
    Permissions result = null;
    String name = getPolicyFileName(false);
    FileReader reader = null;
    PolicyParser parser = new PolicyParser(false);
    try {
        captureFileTime(false);
        reader = new FileReader(name);
        parser.read(reader);
    } catch (java.io.FileNotFoundException fnf) {
        // Just means there is no excluded Policy file, which
        // is the typical case
        parser = null;
    } catch (java.io.IOException ioe) {
        String defMsg = "Error reading Policy file: " + name;
        String msg = localStrings.getLocalString("pc.file_read_error", defMsg, new Object[] { name, ioe });
        logger.log(Level.SEVERE, msg);
        throw new RuntimeException(defMsg);
    } catch (ParsingException pe) {
        String defMsg = "Unable to parse Policy file: " + name;
        String msg = localStrings.getLocalString("pc.policy_parsing_exception", defMsg, new Object[] { name, pe });
        logger.log(Level.SEVERE, msg);
        throw new RuntimeException(defMsg);
    } finally {
        if (reader != null) {
            try {
                reader.close();
            } catch (Exception e) {
                String defMsg = "Unable to close Policy file: " + name;
                String msg = localStrings.getLocalString("pc.file_close_error", defMsg, new Object[] { name, e });
                logger.log(Level.SEVERE, msg);
                throw new RuntimeException(defMsg);
            }
        }
    }
    if (parser != null) {
        Enumeration grants = parser.grantElements();
        while (grants.hasMoreElements()) {
            GrantEntry grant = (GrantEntry) grants.nextElement();
            if (grant.codeBase != null || grant.signedBy != null || grant.principals.size() != 0) {
                String msg = localStrings.getLocalString("pc.excluded_grant_context_ignored", "ignore excluded grant context", new Object[] { grant });
                logger.log(Level.WARNING, msg);
            } else {
                Enumeration perms = grant.permissionEntries.elements();
                while (perms.hasMoreElements()) {
                    PermissionEntry entry = (PermissionEntry) perms.nextElement();
                    Permission p = loadPermission(entry.permission, entry.name, entry.action);
                    if (result == null) {
                        result = new Permissions();
                    }
                    result.add(p);
                }
            }
        }
    }
    return result;
}
Also used : Enumeration(java.util.Enumeration) java.io(java.io) ParsingException(com.sun.enterprise.security.provider.PolicyParser.ParsingException) ParsingException(com.sun.enterprise.security.provider.PolicyParser.ParsingException) PermissionEntry(com.sun.enterprise.security.provider.PolicyParser.PermissionEntry) GrantEntry(com.sun.enterprise.security.provider.PolicyParser.GrantEntry)

Aggregations

GrantEntry (com.sun.enterprise.security.provider.PolicyParser.GrantEntry)2 PermissionEntry (com.sun.enterprise.security.provider.PolicyParser.PermissionEntry)2 Enumeration (java.util.Enumeration)2 ParsingException (com.sun.enterprise.security.provider.PolicyParser.ParsingException)1 PrincipalEntry (com.sun.enterprise.security.provider.PolicyParser.PrincipalEntry)1 java.io (java.io)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Iterator (java.util.Iterator)1 Map (java.util.Map)1 Set (java.util.Set)1 Subject (javax.security.auth.Subject)1 SecurityRoleMapper (org.glassfish.deployment.common.SecurityRoleMapper)1 SecurityRoleMapperFactory (org.glassfish.deployment.common.SecurityRoleMapperFactory)1