Example 1 with PermissionEntry
use of com.sun.enterprise.security.provider.PolicyParser.PermissionEntry in project Payara by payara.
the class PolicyConfigurationImpl method generatePermissions.
private void generatePermissions() throws java.io.FileNotFoundException, java.io.IOException {
if (!writeOnCommit)
return;
// otherwise proceed to write policy file
Map roleToSubjectMap = null;
SecurityRoleMapperFactory factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
if (rolePermissionsTable != null) {
// Make sure a role to subject map has been defined for the Policy Context
if (factory != null) {
// the rolemapper is stored against the
// appname, for a web app get the appname for this contextid
SecurityRoleMapper srm = factory.getRoleMapper(CONTEXT_ID);
if (srm != null) {
roleToSubjectMap = srm.getRoleToSubjectMapping();
}
if (roleToSubjectMap != null) {
// make sure all liked PC's have the same roleToSubjectMap
Set linkSet = (Set) fact.getLinkTable().get(CONTEXT_ID);
if (linkSet != null) {
Iterator it = linkSet.iterator();
while (it.hasNext()) {
String contextId = (String) it.next();
if (!CONTEXT_ID.equals(contextId)) {
SecurityRoleMapper otherSrm = factory.getRoleMapper(contextId);
Map otherRoleToSubjectMap = null;
if (otherSrm != null) {
otherRoleToSubjectMap = otherSrm.getRoleToSubjectMapping();
}
if (otherRoleToSubjectMap != roleToSubjectMap) {
String defMsg = "Linked policy contexts have different roleToSubjectMaps (" + CONTEXT_ID + ")<->(" + contextId + ")";
String msg = localStrings.getLocalString("pc.linked_with_different_role_maps", defMsg, new Object[] { CONTEXT_ID, contextId });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(defMsg);
}
}
}
}
}
}
}
if (roleToSubjectMap == null && rolePermissionsTable != null) {
String defMsg = "This application has no role mapper factory defined";
String msg = localStrings.getLocalString("pc.role_map_not_defined_at_commit", defMsg, new Object[] { CONTEXT_ID });
logger.log(Level.SEVERE, msg);
throw new RuntimeException(localStrings.getLocalString("enterprise.deployment.deployment.norolemapperfactorydefine", defMsg));
}
PolicyParser parser = new PolicyParser(false);
// load unchecked grants in parser
if (uncheckedPermissions != null) {
Enumeration pEnum = uncheckedPermissions.elements();
if (pEnum.hasMoreElements()) {
GrantEntry grant = new GrantEntry();
while (pEnum.hasMoreElements()) {
Permission p = (Permission) pEnum.nextElement();
PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
grant.add(entry);
}
parser.add(grant);
}
}
// load role based grants in parser
if (rolePermissionsTable != null) {
Iterator roleIt = rolePermissionsTable.keySet().iterator();
while (roleIt.hasNext()) {
boolean withPrincipals = false;
String roleName = (String) roleIt.next();
Permissions rolePerms = getRolePermissions(roleName);
Subject rolePrincipals = (Subject) roleToSubjectMap.get(roleName);
if (rolePrincipals != null) {
Iterator pit = rolePrincipals.getPrincipals().iterator();
while (pit.hasNext()) {
Principal prin = (Principal) pit.next();
if (prin != null) {
withPrincipals = true;
PrincipalEntry prinEntry = new PrincipalEntry(prin.getClass().getName(), escapeName(prin.getName()));
GrantEntry grant = new GrantEntry();
grant.principals.add(prinEntry);
Enumeration pEnum = rolePerms.elements();
while (pEnum.hasMoreElements()) {
Permission perm = (Permission) pEnum.nextElement();
PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
grant.add(permEntry);
}
parser.add(grant);
} else {
String msg = localStrings.getLocalString("pc.non_principal_mapped_to_role", "non principal mapped to role " + roleName, new Object[] { prin, roleName });
logger.log(Level.WARNING, msg);
}
}
}
/**
* JACC MR8 add grant for the any authenticated user role '**'
*/
if (!withPrincipals && ("**".equals(roleName))) {
withPrincipals = true;
PrincipalEntry prinEntry = new PrincipalEntry(PrincipalEntry.WILDCARD_CLASS, PrincipalEntry.WILDCARD_NAME);
GrantEntry grant = new GrantEntry();
grant.principals.add(prinEntry);
Enumeration pEnum = rolePerms.elements();
while (pEnum.hasMoreElements()) {
Permission perm = (Permission) pEnum.nextElement();
PermissionEntry permEntry = new PermissionEntry(perm.getClass().getName(), perm.getName(), perm.getActions());
grant.add(permEntry);
}
parser.add(grant);
if (logger.isLoggable(Level.FINE)) {
logger.fine("JACC Policy Provider: added role grant for any authenticated user");
}
}
if (!withPrincipals) {
String msg = localStrings.getLocalString("pc.no_principals_mapped_to_role", "no principals mapped to role " + roleName, new Object[] { roleName });
logger.log(Level.WARNING, msg);
}
}
}
writeOnCommit = createPolicyFile(true, parser, writeOnCommit);
// load excluded perms in excluded parser
if (excludedPermissions != null) {
PolicyParser excludedParser = new PolicyParser(false);
Enumeration pEnum = excludedPermissions.elements();
if (pEnum.hasMoreElements()) {
GrantEntry grant = new GrantEntry();
while (pEnum.hasMoreElements()) {
Permission p = (Permission) pEnum.nextElement();
PermissionEntry entry = new PermissionEntry(p.getClass().getName(), p.getName(), p.getActions());
grant.add(entry);
}
excludedParser.add(grant);
}
writeOnCommit = createPolicyFile(false, excludedParser, writeOnCommit);
}
if (!writeOnCommit)
wasRefreshed = false;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Enumeration(java.util.Enumeration)
SecurityRoleMapper(org.glassfish.deployment.common.SecurityRoleMapper)
PrincipalEntry(com.sun.enterprise.security.provider.PolicyParser.PrincipalEntry)
Subject(javax.security.auth.Subject)
SecurityRoleMapperFactory(org.glassfish.deployment.common.SecurityRoleMapperFactory)
Iterator(java.util.Iterator)
PermissionEntry(com.sun.enterprise.security.provider.PolicyParser.PermissionEntry)
HashMap(java.util.HashMap)
Map(java.util.Map)
GrantEntry(com.sun.enterprise.security.provider.PolicyParser.GrantEntry)
Example 2 with PermissionEntry
use of com.sun.enterprise.security.provider.PolicyParser.PermissionEntry in project Payara by payara.
the class PolicyConfigurationImpl method loadExcludedPolicy.
@SuppressWarnings("unchecked")
private Permissions loadExcludedPolicy() {
Permissions result = null;
String name = getPolicyFileName(false);
PolicyParser parser = new PolicyParser(false);
FileReader reader = null;
try {
captureFileTime(false);
reader = new FileReader(name);
parser.read(reader);
} catch (FileNotFoundException fnf) {
// Just means there is no excluded Policy file, which
// is the typical case
parser = null;
} catch (IOException ioe) {
String defMsg = "Error reading Policy file: " + name;
logger.log(SEVERE, localStrings.getLocalString("pc.file_read_error", defMsg, new Object[] { name, ioe }));
throw new RuntimeException(defMsg);
} catch (ParsingException pe) {
String defMsg = "Unable to parse Policy file: " + name;
logger.log(SEVERE, localStrings.getLocalString("pc.policy_parsing_exception", defMsg, new Object[] { name, pe }));
throw new RuntimeException(defMsg);
} finally {
if (reader != null) {
try {
reader.close();
} catch (Exception e) {
String defMsg = "Unable to close Policy file: " + name;
logger.log(SEVERE, localStrings.getLocalString("pc.file_close_error", defMsg, new Object[] { name, e }));
throw new RuntimeException(defMsg);
}
}
}
if (parser != null) {
for (GrantEntry grant : list((Enumeration<GrantEntry>) parser.grantElements())) {
if (grant.codeBase != null || grant.signedBy != null || grant.principals.size() != 0) {
logger.log(WARNING, localStrings.getLocalString("pc.excluded_grant_context_ignored", "ignore excluded grant context", new Object[] { grant }));
} else {
for (PermissionEntry entry : list((Enumeration<PermissionEntry>) grant.permissionEntries.elements())) {
Permission permission = loadPermission(entry.permission, entry.name, entry.action);
if (result == null) {
result = new Permissions();
}
result.add(permission);
}
}
}
}
return result;
}
Also used :
FileNotFoundException(java.io.FileNotFoundException)
IOException(java.io.IOException)
PolicyContextException(javax.security.jacc.PolicyContextException)
FileNotFoundException(java.io.FileNotFoundException)
ParsingException(com.sun.enterprise.security.provider.PolicyParser.ParsingException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ParsingException(com.sun.enterprise.security.provider.PolicyParser.ParsingException)
Permissions(java.security.Permissions)
PermissionEntry(com.sun.enterprise.security.provider.PolicyParser.PermissionEntry)
Permission(java.security.Permission)
SecurityPermission(java.security.SecurityPermission)
FileReader(java.io.FileReader)
GrantEntry(com.sun.enterprise.security.provider.PolicyParser.GrantEntry)
Aggregations
GrantEntry (com.sun.enterprise.security.provider.PolicyParser.GrantEntry)2
PermissionEntry (com.sun.enterprise.security.provider.PolicyParser.PermissionEntry)2
ParsingException (com.sun.enterprise.security.provider.PolicyParser.ParsingException)1
PrincipalEntry (com.sun.enterprise.security.provider.PolicyParser.PrincipalEntry)1
FileNotFoundException (java.io.FileNotFoundException)1
FileReader (java.io.FileReader)1
IOException (java.io.IOException)1
MalformedURLException (java.net.MalformedURLException)1
Permission (java.security.Permission)1
Permissions (java.security.Permissions)1
SecurityPermission (java.security.SecurityPermission)1
Enumeration (java.util.Enumeration)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Iterator (java.util.Iterator)1
Map (java.util.Map)1
Set (java.util.Set)1
Subject (javax.security.auth.Subject)1
PolicyContextException (javax.security.jacc.PolicyContextException)1
SecurityRoleMapper (org.glassfish.deployment.common.SecurityRoleMapper)1
