Example 1 with IASSecurityException
use of com.sun.enterprise.security.util.IASSecurityException in project Payara by payara.
the class SecurityDeployer method removePolicy.
private void removePolicy(DeploymentContext dc) throws DeploymentException {
OpsParams params = dc.getCommandParameters(OpsParams.class);
if (!params.origin.needsCleanArtifacts()) {
return;
}
String appName = params.name();
// Remove policy files only if managers are not destroyed by cleanup
try {
String[] webcontexts = wsmf.getContextsForApp(appName, false);
if (webcontexts != null) {
for (int i = 0; i < webcontexts.length; i++) {
if (webcontexts[i] != null) {
websecurityProbeProvider.policyDestructionStartedEvent(webcontexts[i]);
SecurityUtil.removePolicy(webcontexts[i]);
websecurityProbeProvider.policyDestructionEndedEvent(webcontexts[i]);
websecurityProbeProvider.policyDestructionEvent(webcontexts[i]);
}
}
}
} catch (IASSecurityException ex) {
String msg = "Error in removing security policy for " + appName;
_logger.log(Level.WARNING, msg, ex);
throw new DeploymentException(msg, ex);
}
// Destroy the managers if present
cleanSecurityContext(appName);
/*
* From V2 but keep commented until need is discovered //remove any remaining policy //This is to address the bug where
* the CONTEXT_ID in //WebSecurityManagerFactory is not properly populated. //We force the sub-modules to be removed in
* this case. //This should not impact undeploy performance on DAS. //This needs to be fixed better later. String
* policyRootDir = System.getProperty( "com.sun.enterprise.jaccprovider.property.repository"); if (policyRootDir !=
* null) { List<String> contextIds = new ArrayList<String>(); File policyDir = new File(policyRootDir + File.separator +
* appName); if (policyDir.exists()) { File[] policies = policyDir.listFiles(); for (int i = 0; i < policies.length;
* i++) { if (policies[i].isDirectory()) { contextIds.add(appName + '/' + policies[i].getName()); } } } else { //we
* tried. give up now. } if (contextIds.size() > 0) { for (String cId : contextIds) { SecurityUtil.removePolicy(cId); }
* } }
*/
}
Also used :
OpsParams(org.glassfish.api.deployment.OpsParams)
DeploymentException(org.glassfish.deployment.common.DeploymentException)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
Example 2 with IASSecurityException
use of com.sun.enterprise.security.util.IASSecurityException in project Payara by payara.
the class SecurityUtil method removePolicy.
/**
* Inform the policy module to take the named policy context out of service. The policy context is transitioned to the
* deleted state. In our provider implementation, the corresponding policy file is deleted, as the presence of a policy
* file in the repository is how we persistently remember which policy contexts are in service.
*
* @param String name - the module id which serves to identify the corresponding policy context. The name shall not be
* null.
*/
public static void removePolicy(String name) throws IASSecurityException {
assert name != null;
if (name == null) {
throw new IASSecurityException("Invalid Module Name");
}
try {
boolean wasInService = PolicyConfigurationFactory.getPolicyConfigurationFactory().inService(name);
// find the PolicyConfig and delete it.
PolicyConfiguration pc = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(name, false);
pc.delete();
// Only do refresh policy if the deleted context was in service
if (wasInService) {
Policy.getPolicy().refresh();
}
} catch (java.lang.ClassNotFoundException cnfe) {
String msg = localStrings.getLocalString("enterprise.security.securityutil.classnotfound", "Could not find PolicyConfigurationFactory class. Check javax.security.jacc.PolicyConfigurationFactory.provider property");
throw new IASSecurityException(msg);
} catch (javax.security.jacc.PolicyContextException pce) {
throw new IASSecurityException(pce.toString());
}
}
Also used :
javax.security.jacc(javax.security.jacc)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
Example 3 with IASSecurityException
use of com.sun.enterprise.security.util.IASSecurityException in project Payara by payara.
the class SecurityUtil method generatePolicyFile.
/**
* This method is called from the generated code to execute the method. This is a translation of method.invoke that the
* generated code needs to do, to invoke a particular ejb method. The method is invoked under a security Subject. This
* method is called from the generated code.
*
* @param Method beanClassMethod, the bean class method to be invoked
* @param Invocation inv, the current invocation object
* @param Object o, the object on which this method needs to be invoked,
* @param Object[] oa, the parameters to the methods,
* @param Container c, the container from which the appropriate subject is queried from.
*/
/*
* This method is now in EJBSecurityUtil in ejb/ejb-container module of V3 public static Object runMethod(Method
* beanClassMethod, Invocation inv, Object o, Object[] oa, Container c) throws Throwable { final Method meth =
* beanClassMethod; final Object obj = o; final Object[] objArr = oa; Object ret; EJBSecurityManager mgr =
* (EJBSecurityManager) c.getSecurityManager(); if (mgr == null) { throw new
* SecurityException("SecurityManager not set"); } // Optimization. Skip doAsPrivileged call if this is a local //
* invocation and the target ejb uses caller identity or the // System Security Manager is disabled. // Still need to
* execute it within the target bean's policy context. // see CR 6331550 if((inv.isLocal && mgr.getUsesCallerIdentity())
* || System.getSecurityManager() == null) { ret = mgr.runMethod(meth, obj, objArr); } else { try {
* PrivilegedExceptionAction pea = new PrivilegedExceptionAction(){ public java.lang.Object run() throws Exception {
* return meth.invoke(obj, objArr); } }; ret = mgr.doAsPrivileged(pea); } catch(PrivilegedActionException pae) {
* Throwable cause = pae.getCause(); if( cause instanceof InvocationTargetException ) { cause =
* ((InvocationTargetException) cause).getCause(); } throw cause; } } return ret; }
*/
/**
* This method is similiar to the runMethod, except it keeps the semantics same as the one in reflection. On failure, if
* the exception is caused due to reflection, it returns the InvocationTargetException. This method is called from the
* containers for ejbTimeout, WebService and MDBs.
*
* @param Method beanClassMethod, the bean class method to be invoked
* @param Invocation inv, the current invocation
* @param Object o, the object on which this method is to be invoked in this case the ejb,
* @param Object[] oa, the parameters for the method,
* @param Container c, the container instance,
* @param SecurityManager sm, security manager for this container, can be a null value, where in the container will be
* queried to find its security manager.
* @return Object, the result of the execution of the method.
*/
/*
* This method is now in EJBSecurityUtil in ejb/ejb-container module of V3 public static Object invoke(Method
* beanClassMethod, Invocation inv, Object o, Object[] oa, Container c, SecurityManager mgr) throws Throwable { final
* Method meth = beanClassMethod; final Object obj = o; final Object[] objArr = oa; Object ret = null;
* EJBSecurityManager ejbSecMgr = null; if(mgr == null) { if (c != null) { ejbSecMgr = (EJBSecurityManager)
* c.getSecurityManager(); } if (ejbSecMgr == null) { throw new SecurityException("SecurityManager not set"); } } else {
* ejbSecMgr = (EJBSecurityManager) mgr; } // Optimization. Skip doAsPrivileged call if this is a local // invocation
* and the target ejb uses caller identity or the // System Security Manager is disabled. // Still need to execute it
* within the target bean's policy context. // see CR 6331550 if((inv.isLocal && ejbSecMgr.getUsesCallerIdentity()) ||
* System.getSecurityManager() == null) { ret = ejbSecMgr.runMethod(meth, obj, objArr); } else {
* PrivilegedExceptionAction pea = new PrivilegedExceptionAction(){ public java.lang.Object run() throws Exception {
* return meth.invoke(obj, objArr); } }; try { ret = ejbSecMgr.doAsPrivileged(pea); } catch(PrivilegedActionException
* pae) { Throwable cause = pae.getCause(); throw cause; } } return ret; }
*/
/**
* This method obtains the policy configuration object corresponding to the name, and causes the corresponding policy
* statements to be put in service. This method also informs the policy module to refresh its in service policy
* contexts. Note that policy statements have already been added to the pc, this method works to put them in Service.
*
* @param String name - the module id which serves to identify the corresponding policy context. The name shall not be
* null. If the underlying PolicyModule is the RI PolicyModule, A SecurityRoleMapper must have been bound to the policy
* context before this method is called or the embedded call to pc.commit will throw an exception.
*/
public static void generatePolicyFile(String name) throws IASSecurityException {
assert name != null;
if (name == null) {
throw new IASSecurityException("Invalid Module Name");
}
try {
boolean inService = PolicyConfigurationFactory.getPolicyConfigurationFactory().inService(name);
if (!inService) {
// find the PolicyConfig using remove=false to ensure policy stmts
// are retained.
// Note that it is presumed that the pc exists, and that
// it is populated with the desired policy statements.
// If this is not true, the call to commit will not
// result in the correct policy statements being made
// available to the policy module.
PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
PolicyConfiguration pc = pcf.getPolicyConfiguration(name, false);
pc.commit();
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("JACC: committed policy for context: " + name);
}
}
Policy.getPolicy().refresh();
} catch (java.lang.ClassNotFoundException cnfe) {
// PolicyConfigurationFactory class. Check javax.security.jacc.PolicyConfigurationFactory.provider property");
throw new IASSecurityException(cnfe);
} catch (javax.security.jacc.PolicyContextException pce) {
throw new IASSecurityException(pce);
}
}
Also used :
javax.security.jacc(javax.security.jacc)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
Example 4 with IASSecurityException
use of com.sun.enterprise.security.util.IASSecurityException in project Payara by payara.
the class EjbDeployer method clean.
/**
* Clean any files and artifacts that were created during the execution
* of the prepare method.
*
* @param dc deployment context
*/
public void clean(DeploymentContext dc) {
// Both undeploy and shutdown scenarios are
// handled directly in EjbApplication.shutdown.
// But CMP drop tables should be handled here.
OpsParams params = dc.getCommandParameters(OpsParams.class);
if ((params.origin.isUndeploy() || params.origin.isDeploy()) && isDas()) {
// If CMP beans are present, cmpDeployer should've been initialized in unload()
if (cmpDeployer != null) {
cmpDeployer.clean(dc);
}
Properties appProps = dc.getAppProps();
String uniqueAppId = appProps.getProperty(APP_UNIQUE_ID_PROP);
try {
if (getTimeoutStatusFromApplicationInfo(params.name()) && uniqueAppId != null) {
String target = ((params.origin.isDeploy()) ? dc.getCommandParameters(DeployCommandParameters.class).target : dc.getCommandParameters(UndeployCommandParameters.class).target);
if (DeploymentUtils.isDomainTarget(target)) {
List<String> targets = (List<String>) dc.getTransientAppMetaData(DeploymentProperties.PREVIOUS_TARGETS, List.class);
if (targets == null) {
targets = domain.getAllReferencedTargetsForApplication(params.name());
}
if (targets != null && targets.size() > 0) {
target = targets.get(0);
}
}
EJBTimerService timerService = null;
boolean tsInitialized = false;
ProgressTracker tracker = dc.getTransientAppMetaData(ExtendedDeploymentContext.TRACKER, ProgressTracker.class);
if (tracker == null || !tracker.get("initialized", EngineRef.class).isEmpty()) {
timerService = EJBTimerService.getEJBTimerService(target, false);
tsInitialized = true;
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "EjbDeployer APP ID of a Timeout App? " + uniqueAppId);
_logger.log(Level.FINE, "EjbDeployer TimerService: " + timerService);
}
if (tsInitialized) {
if (timerService == null) {
_logger.log(Level.WARNING, "EJB Timer Service is not available. Timers for application with id " + uniqueAppId + " will not be deleted");
} else {
if (getKeepStateFromApplicationInfo(params.name())) {
_logger.log(Level.INFO, "Timers will not be destroyed since keepstate is true for application {0}", params.name());
} else {
timerService.destroyAllTimers(Long.parseLong(uniqueAppId));
}
}
}
}
} catch (Exception e) {
_logger.log(Level.WARNING, "Failed to delete timers for application with id " + uniqueAppId, e);
}
}
// Security related cleanup is to be done for the undeploy event
if (params.origin.isUndeploy() || params.origin.isDeploy() || params.origin.isLoad()) {
// Removing EjbSecurityManager for undeploy case
String appName = params.name();
String[] contextIds = ejbSecManagerFactory.getContextsForApp(appName, false);
if (contextIds != null) {
for (String contextId : contextIds) {
try {
// TODO:appName is not correct, we need the module name
// from the descriptor.
probeProvider.policyDestructionStartedEvent(contextId);
SecurityUtil.removePolicy(contextId);
probeProvider.policyDestructionEndedEvent(contextId);
probeProvider.policyDestructionEvent(contextId);
} catch (IASSecurityException ex) {
_logger.log(Level.WARNING, "Error removing the policy file " + "for application " + appName + " " + ex);
}
ArrayList<EJBSecurityManager> managers = ejbSecManagerFactory.getManagers(contextId, false);
if (managers != null) {
for (EJBSecurityManager m : managers) {
m.destroy();
}
}
}
}
// Removing the RoleMapper
SecurityUtil.removeRoleMapper(dc);
}
}
Also used :
EJBSecurityManager(org.glassfish.ejb.security.application.EJBSecurityManager)
ProgressTracker(org.glassfish.internal.data.ProgressTracker)
OpsParams(org.glassfish.api.deployment.OpsParams)
EJBTimerService(com.sun.ejb.containers.EJBTimerService)
DeploymentProperties(org.glassfish.deployment.common.DeploymentProperties)
Properties(java.util.Properties)
EngineRef(org.glassfish.internal.data.EngineRef)
DeploymentException(org.glassfish.deployment.common.DeploymentException)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
DeployCommandParameters(org.glassfish.api.deployment.DeployCommandParameters)
UndeployCommandParameters(org.glassfish.api.deployment.UndeployCommandParameters)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 5 with IASSecurityException
use of com.sun.enterprise.security.util.IASSecurityException in project Payara by payara.
the class SecurityDeployer method linkPolicies.
/**
* Links the policy contexts of the application
*
* @param app
* @param webs
*/
private void linkPolicies(Application app, Collection<WebBundleDescriptor> webs) throws DeploymentException {
try {
String linkName = null;
boolean lastInService = false;
for (WebBundleDescriptor wbd : webs) {
String name = SecurityUtil.getContextID(wbd);
lastInService = SecurityUtil.linkPolicyFile(name, linkName, lastInService);
linkName = name;
}
// reset link name
linkName = null;
Set<EjbBundleDescriptor> ejbs = app.getBundleDescriptors(EjbBundleDescriptor.class);
for (EjbBundleDescriptor ejbd : ejbs) {
String name = SecurityUtil.getContextID(ejbd);
lastInService = SecurityUtil.linkPolicyFile(name, linkName, lastInService);
linkName = name;
}
// extra commit (see above)
} catch (IASSecurityException se) {
String msg = "Error in linking security policy for " + app.getRegistrationName();
throw new DeploymentException(msg, se);
}
}
Also used :
EjbBundleDescriptor(com.sun.enterprise.deployment.EjbBundleDescriptor)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
DeploymentException(org.glassfish.deployment.common.DeploymentException)
IASSecurityException(com.sun.enterprise.security.util.IASSecurityException)
Aggregations
IASSecurityException (com.sun.enterprise.security.util.IASSecurityException)6
javax.security.jacc (javax.security.jacc)3
DeploymentException (org.glassfish.deployment.common.DeploymentException)3
OpsParams (org.glassfish.api.deployment.OpsParams)2
EJBTimerService (com.sun.ejb.containers.EJBTimerService)1
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1
WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
Properties (java.util.Properties)1
DeployCommandParameters (org.glassfish.api.deployment.DeployCommandParameters)1
UndeployCommandParameters (org.glassfish.api.deployment.UndeployCommandParameters)1
DeploymentProperties (org.glassfish.deployment.common.DeploymentProperties)1
EJBSecurityManager (org.glassfish.ejb.security.application.EJBSecurityManager)1
EngineRef (org.glassfish.internal.data.EngineRef)1
ProgressTracker (org.glassfish.internal.data.ProgressTracker)1
