Example 1 with PrincipalMap
use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.
the class WorkContextHandlerImpl method getWorkContextMap.
/**
* get the security work context map (if any) for the resource-adapter
* look for <[raname]-principals-map> & <[raname]-groups-map> jvm-options
* to generate the map
*
* @param raName resource-adapter name
* @return security-map
*/
/*
private Map getSecurityWorkContextMap(String raName) {
HashMap eisASMap = new HashMap();
String principalsMap = System.getProperty(raName + "-principals-map");
if (principalsMap != null) {
StringTokenizer tokenizer = new StringTokenizer(principalsMap, ",");
while (tokenizer.hasMoreElements()) {
String nameValue = (String) tokenizer.nextElement();
if (nameValue != null && nameValue.contains("=")) {
int delimiterLocation = nameValue.indexOf("=");
String eisPrincipal = nameValue.substring(0, delimiterLocation);
String appserverPrincipal = nameValue.substring(delimiterLocation + 1);
eisASMap.put(new PrincipalImpl(eisPrincipal), new PrincipalImpl(appserverPrincipal));
}
}
}
//TODO V3 refactor (common code for principals & groups)
String groupsMap = System.getProperty(raName + "-groups-map");
if (groupsMap != null) {
StringTokenizer tokenizer = new StringTokenizer(groupsMap, ",");
while (tokenizer.hasMoreElements()) {
String nameValue = (String) tokenizer.nextElement();
if (nameValue != null && nameValue.contains("=")) {
int delimiterLocation = nameValue.indexOf("=");
String eisGroup = nameValue.substring(0, delimiterLocation);
String appserverGroup = nameValue.substring(delimiterLocation + 1);
eisASMap.put(new Group(eisGroup), new Group(appserverGroup));
}
}
return eisASMap;
}
return null;
}
*/
/**
* Given a resource-adapter name, get all its work-context-map
* @param raName resource-adapter-name
* @return work-context-map
*/
private Map getWorkContextMap(String raName) {
List<WorkSecurityMap> maps = runtime.getWorkSecurityMap(raName);
List<PrincipalMap> principalsMap = getPrincipalsMap(maps);
List<GroupMap> groupsMap = getGroupsMap(maps);
HashMap eisASMap = new HashMap();
for (PrincipalMap map : principalsMap) {
eisASMap.put(new PrincipalImpl(map.getEisPrincipal()), new PrincipalImpl(map.getMappedPrincipal()));
}
for (GroupMap map : groupsMap) {
eisASMap.put(new Group(map.getEisGroup()), new Group(map.getMappedGroup()));
}
return eisASMap;
}
Also used :
Group(org.glassfish.security.common.Group)
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
GroupMap(org.glassfish.connectors.config.GroupMap)
WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap)
PrincipalImpl(org.glassfish.security.common.PrincipalImpl)
Example 2 with PrincipalMap
use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.
the class CreateConnectorWorkSecurityMap method execute.
// TODO common code replicated in ConnectorWorkSecurityMapManager
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
if (mapName == null) {
report.setMessage(localStrings.getLocalString("create.connector.work.security.map.noMapName", "No mapname defined for connector work security map."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
if (raName == null) {
report.setMessage(localStrings.getLocalString("create.connector.work.security.map.noRaName", "No raname defined for connector work security map."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
if (principalsMap == null && groupsMap == null) {
report.setMessage(localStrings.getLocalString("create.connector.work.security.map.noMap", "No principalsmap or groupsmap defined for connector work security map."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
if (principalsMap != null && groupsMap != null) {
report.setMessage(localStrings.getLocalString("create.connector.work.security.map.specifyPrincipalsOrGroupsMap", "A work-security-map can have either (any number of) group mapping " + "or (any number of) principals mapping but not both. Specify" + "--principalsmap or --groupsmap."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we don't already have one of this name
if (hasDuplicate(domain.getResources(), report))
return;
// TODO ASR : need similar validation while creating app-scoped-resource of w-s-m
String appName = raName;
if (!ConnectorsUtil.isStandAloneRA(raName)) {
appName = ConnectorsUtil.getApplicationNameOfEmbeddedRar(raName);
Application application = applications.getApplication(appName);
if (application != null) {
// embedded RAR
String resourceAdapterName = ConnectorsUtil.getRarNameFromApplication(raName);
Module module = application.getModule(resourceAdapterName);
if (module != null) {
Resources msr = module.getResources();
if (msr != null) {
if (hasDuplicate(msr, report))
return;
}
}
}
} else {
// standalone RAR
Application application = applications.getApplication(appName);
if (application != null) {
Resources appScopedResources = application.getResources();
if (appScopedResources != null) {
if (hasDuplicate(appScopedResources, report))
return;
}
}
}
try {
ConfigSupport.apply(new SingleConfigCode<Resources>() {
public Object run(Resources param) throws PropertyVetoException, TransactionFailure {
WorkSecurityMap workSecurityMap = param.createChild(WorkSecurityMap.class);
workSecurityMap.setName(mapName);
workSecurityMap.setResourceAdapterName(raName);
if (principalsMap != null) {
for (Map.Entry e : principalsMap.entrySet()) {
PrincipalMap principalMap = workSecurityMap.createChild(PrincipalMap.class);
principalMap.setEisPrincipal((String) e.getKey());
principalMap.setMappedPrincipal((String) e.getValue());
workSecurityMap.getPrincipalMap().add(principalMap);
}
} else if (groupsMap != null) {
for (Map.Entry e : groupsMap.entrySet()) {
GroupMap groupMap = workSecurityMap.createChild(GroupMap.class);
groupMap.setEisGroup((String) e.getKey());
groupMap.setMappedGroup((String) e.getValue());
workSecurityMap.getGroupMap().add(groupMap);
}
} else {
// no mapping
}
param.getResources().add(workSecurityMap);
return workSecurityMap;
}
}, domain.getResources());
} catch (TransactionFailure tfe) {
Logger.getLogger(CreateConnectorWorkSecurityMap.class.getName()).log(Level.SEVERE, "create-connector-work-security-map failed", tfe);
report.setMessage(localStrings.getLocalString("create.connector.work.security.map.fail", "Unable to create connector work security map {0}.", mapName) + " " + tfe.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(tfe);
return;
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
}
Also used :
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap)
ActionReport(org.glassfish.api.ActionReport)
PropertyVetoException(java.beans.PropertyVetoException)
GroupMap(org.glassfish.connectors.config.GroupMap)
Map(java.util.Map)
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap)
GroupMap(org.glassfish.connectors.config.GroupMap)
Example 3 with PrincipalMap
use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.
the class UpdateConnectorWorkSecurityMap method execute.
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
if (addPrincipals == null && addGroups == null && removeGroups == null && removePrincipals == null) {
report.setMessage(localStrings.getLocalString("update.connector.work.security.map.noargs", "update-connector-work-security-map should be executed with atleast one optional argument of " + "either add(principals/usergroups) or remove(principals/usergroups)"));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
if (!WorkSecurityMapHelper.doesResourceAdapterNameExist(raName, domain.getResources())) {
report.setMessage(localStrings.getLocalString("update.connector.work.security.map.noSuchRAFound", "Resource Adapter {0} does not exist. Please specify a resource adapter name.", raName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
if (!WorkSecurityMapHelper.doesMapNameExist(raName, securityMapName, domain.getResources())) {
report.setMessage(localStrings.getLocalString("update.connector.work.security.map.mapNotExist", "WorkSecurity map {0} does not exist for resource adapter {1}. Please give a valid map name.", securityMapName, raName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// check if addPrincipals and removePrincipals have the same value
if (addPrincipals != null && removePrincipals != null) {
Iterator it_1 = addPrincipals.entrySet().iterator();
while (it_1.hasNext()) {
String ap = ((Map.Entry) it_1.next()).getKey().toString();
for (String rp : removePrincipals) {
if (rp.equals(ap)) {
report.setMessage(localStrings.getLocalString("update.connector.work.security.map.samePrincipalValues", "This value {0} is given in both --addprincipals and --removeprincipals. " + "The same value cannot given for these options.", ap));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
}
// check if addUserGroups and removeUserGroups have the same value
if (addGroups != null && removeGroups != null) {
Iterator it_1 = addGroups.entrySet().iterator();
while (it_1.hasNext()) {
String ag = ((Map.Entry) it_1.next()).getKey().toString();
for (String rg : removeGroups) {
if (rg.equals(ag)) {
report.setMessage(localStrings.getLocalString("update.connector.work.security.map.sameUsergroupValues", "This value {0} is given in both --addusergroups and --removeusergroups. " + "The same value cannot given for these options.", ag));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
}
WorkSecurityMap map = WorkSecurityMapHelper.getSecurityMap(securityMapName, raName, domain.getResources());
final List<PrincipalMap> existingPrincipals = new ArrayList(map.getPrincipalMap());
final List<GroupMap> existingUserGroups = new ArrayList(map.getGroupMap());
if (existingPrincipals.isEmpty() && addPrincipals != null) {
report.setMessage(localStrings.getLocalString("update.connector.work.security.map." + "addPrincipalToExistingUserGroupsWorkSecurityMap", "Failed to add principals to a security map with user groups."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
if (existingUserGroups.isEmpty() && addGroups != null) {
report.setMessage(localStrings.getLocalString("update.connector.work.security.map." + "addUserGroupsToExistingPrincipalsWorkSecurityMap", "Failed to add user groups to a security map with principals."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
if (addPrincipals == null && addGroups == null) {
boolean principalsEmpty = false;
boolean userGroupsEmpty = false;
if ((removePrincipals != null) && (removePrincipals.size() == existingPrincipals.size())) {
principalsEmpty = true;
}
if ((removeGroups != null) && (removeGroups.size() == existingUserGroups.size())) {
userGroupsEmpty = true;
}
if (userGroupsEmpty || principalsEmpty) {
report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.principals_usergroups_will_be_null", "The values in your command will delete all principals and usergroups. You cannot " + "delete all principals and usergroups. Atleast one of them must exist."));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
if (removePrincipals != null) {
for (String rp : removePrincipals) {
boolean principalExist = false;
for (PrincipalMap pm : existingPrincipals) {
if (pm.getEisPrincipal().equals(rp)) {
principalExist = true;
break;
}
}
if (!principalExist) {
report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.principalNotExists", "The principal {0} that you want to delete does not exist in security map {1}." + " Please give a valid principal name.", rp, securityMapName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
if (removeGroups != null) {
for (String rg : removeGroups) {
boolean usergroupExist = false;
for (GroupMap gm : existingUserGroups) {
if (gm.getEisGroup().equals(rg)) {
usergroupExist = true;
break;
}
}
if (!usergroupExist) {
report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.usergroupNotExists", "The usergroup {0} that you want to delete does not exist in security map {1}. " + "Please give a valid user-group name.", rg, securityMapName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
if (addPrincipals != null) {
for (Map.Entry e : addPrincipals.entrySet()) {
for (PrincipalMap pm : existingPrincipals) {
if (pm.getEisPrincipal().equals(e.getKey())) {
report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.principalExists", "The principal {0} already exists in security map {1}. " + "Please give a different principal name.", e.getKey(), securityMapName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
}
if (addGroups != null) {
for (Map.Entry e : addGroups.entrySet()) {
for (GroupMap gm : existingUserGroups) {
if (gm.getEisGroup().equals(e.getKey())) {
report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.groupExists", "The Group {0} already exists in security map {1}. " + "Please give a different group name.", e.getKey(), securityMapName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
}
try {
ConfigSupport.apply(new SingleConfigCode<WorkSecurityMap>() {
public Object run(WorkSecurityMap wsm) throws PropertyVetoException, TransactionFailure {
if (addGroups != null) {
for (Map.Entry e : addGroups.entrySet()) {
GroupMap gm = wsm.createChild(GroupMap.class);
gm.setEisGroup((String) e.getKey());
gm.setMappedGroup((String) e.getValue());
wsm.getGroupMap().add(gm);
}
} else if (addPrincipals != null) {
for (Map.Entry e : addPrincipals.entrySet()) {
PrincipalMap pm = wsm.createChild(PrincipalMap.class);
pm.setEisPrincipal((String) e.getKey());
pm.setMappedPrincipal((String) e.getValue());
wsm.getPrincipalMap().add(pm);
}
}
if (removeGroups != null) {
for (String rg : removeGroups) {
for (GroupMap gm : existingUserGroups) {
if (gm.getEisGroup().equals(rg)) {
wsm.getGroupMap().remove(gm);
}
}
}
} else if (removePrincipals != null) {
for (String rp : removePrincipals) {
for (PrincipalMap pm : existingPrincipals) {
if (pm.getEisPrincipal().equals(rp)) {
wsm.getPrincipalMap().remove(pm);
}
}
}
}
return wsm;
}
}, map);
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (TransactionFailure tfe) {
Object[] params = { securityMapName, raName };
report.setMessage(localStrings.getLocalString("update.connector.work.security.map.fail", "Unable to update security map {0} for resource adapter {1}.", params) + " " + tfe.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(tfe);
}
}
Also used :
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap)
ActionReport(org.glassfish.api.ActionReport)
PropertyVetoException(java.beans.PropertyVetoException)
GroupMap(org.glassfish.connectors.config.GroupMap)
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap)
GroupMap(org.glassfish.connectors.config.GroupMap)
Example 4 with PrincipalMap
use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.
the class ConnectorWorkSecurityMapResourceManager method createConfigBean.
private WorkSecurityMap createConfigBean(Resources param) throws PropertyVetoException, TransactionFailure {
WorkSecurityMap workSecurityMap = param.createChild(WorkSecurityMap.class);
workSecurityMap.setName(mapName);
workSecurityMap.setResourceAdapterName(raName);
if (principalsMap != null) {
for (Map.Entry e : principalsMap.entrySet()) {
PrincipalMap principalMap = workSecurityMap.createChild(PrincipalMap.class);
principalMap.setEisPrincipal((String) e.getKey());
principalMap.setMappedPrincipal((String) e.getValue());
workSecurityMap.getPrincipalMap().add(principalMap);
}
} else if (groupsMap != null) {
for (Map.Entry e : groupsMap.entrySet()) {
GroupMap groupMap = workSecurityMap.createChild(GroupMap.class);
groupMap.setEisGroup((String) e.getKey());
groupMap.setMappedGroup((String) e.getValue());
workSecurityMap.getGroupMap().add(groupMap);
}
}
return workSecurityMap;
}
Also used :
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
GroupMap(org.glassfish.connectors.config.GroupMap)
WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap)
GroupMap(org.glassfish.connectors.config.GroupMap)
Example 5 with PrincipalMap
use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.
the class ListConnectorWorkSecurityMaps method listWorkSecurityMap.
private void listWorkSecurityMap(WorkSecurityMap wsm, ActionReport.MessagePart mp) {
List<PrincipalMap> principalList = wsm.getPrincipalMap();
List<GroupMap> groupList = wsm.getGroupMap();
for (PrincipalMap map : principalList) {
final ActionReport.MessagePart part = mp.addChild();
part.setMessage(localStrings.getLocalString("list.connector.work.security.maps.eisPrincipalAndMappedPrincipal", "{0}: EIS principal={1}, mapped principal={2}", wsm.getName(), map.getEisPrincipal(), map.getMappedPrincipal()));
}
for (GroupMap map : groupList) {
final ActionReport.MessagePart part = mp.addChild();
part.setMessage(localStrings.getLocalString("list.connector.work.security.maps.eisGroupAndMappedGroup", "{0}: EIS group={1}, mapped group={2}", wsm.getName(), map.getEisGroup(), map.getMappedGroup()));
}
}
Also used :
PrincipalMap(org.glassfish.connectors.config.PrincipalMap)
GroupMap(org.glassfish.connectors.config.GroupMap)
ActionReport(org.glassfish.api.ActionReport)
Aggregations
GroupMap (org.glassfish.connectors.config.GroupMap)5
PrincipalMap (org.glassfish.connectors.config.PrincipalMap)5
WorkSecurityMap (org.glassfish.connectors.config.WorkSecurityMap)4
ActionReport (org.glassfish.api.ActionReport)3
PropertyVetoException (java.beans.PropertyVetoException)2
Map (java.util.Map)2
TransactionFailure (org.jvnet.hk2.config.TransactionFailure)2
HashMap (java.util.HashMap)1
Group (org.glassfish.security.common.Group)1
PrincipalImpl (org.glassfish.security.common.PrincipalImpl)1
