Search in sources :

Example 1 with PrincipalMap

use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.

the class WorkContextHandlerImpl method getWorkContextMap.

/**
 * get the security work context map (if any) for the resource-adapter
 * look for <[raname]-principals-map> & <[raname]-groups-map> jvm-options
 * to generate the map
 *
 * @param raName resource-adapter name
 * @return security-map
 */
/*
    private Map getSecurityWorkContextMap(String raName) {
        HashMap eisASMap = new HashMap();

        String principalsMap = System.getProperty(raName + "-principals-map");
        if (principalsMap != null) {
            StringTokenizer tokenizer = new StringTokenizer(principalsMap, ",");
            while (tokenizer.hasMoreElements()) {
                String nameValue = (String) tokenizer.nextElement();
                if (nameValue != null && nameValue.contains("=")) {
                    int delimiterLocation = nameValue.indexOf("=");
                    String eisPrincipal = nameValue.substring(0, delimiterLocation);
                    String appserverPrincipal = nameValue.substring(delimiterLocation + 1);
                    eisASMap.put(new PrincipalImpl(eisPrincipal), new PrincipalImpl(appserverPrincipal));
                }
            }
        }

        //TODO V3 refactor (common code for principals & groups)
        String groupsMap = System.getProperty(raName + "-groups-map");
        if (groupsMap != null) {
            StringTokenizer tokenizer = new StringTokenizer(groupsMap, ",");
            while (tokenizer.hasMoreElements()) {
                String nameValue = (String) tokenizer.nextElement();
                if (nameValue != null && nameValue.contains("=")) {
                    int delimiterLocation = nameValue.indexOf("=");
                    String eisGroup = nameValue.substring(0, delimiterLocation);
                    String appserverGroup = nameValue.substring(delimiterLocation + 1);
                    eisASMap.put(new Group(eisGroup), new Group(appserverGroup));
                }
            }
            return eisASMap;
        }
        return null;
    }
*/
/**
 * Given a resource-adapter name, get all its work-context-map
 * @param raName resource-adapter-name
 * @return work-context-map
 */
private Map getWorkContextMap(String raName) {
    List<WorkSecurityMap> maps = runtime.getWorkSecurityMap(raName);
    List<PrincipalMap> principalsMap = getPrincipalsMap(maps);
    List<GroupMap> groupsMap = getGroupsMap(maps);
    HashMap eisASMap = new HashMap();
    for (PrincipalMap map : principalsMap) {
        eisASMap.put(new PrincipalImpl(map.getEisPrincipal()), new PrincipalImpl(map.getMappedPrincipal()));
    }
    for (GroupMap map : groupsMap) {
        eisASMap.put(new Group(map.getEisGroup()), new Group(map.getMappedGroup()));
    }
    return eisASMap;
}
Also used : Group(org.glassfish.security.common.Group) PrincipalMap(org.glassfish.connectors.config.PrincipalMap) GroupMap(org.glassfish.connectors.config.GroupMap) WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap) PrincipalImpl(org.glassfish.security.common.PrincipalImpl)

Example 2 with PrincipalMap

use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.

the class CreateConnectorWorkSecurityMap method execute.

// TODO common code replicated in ConnectorWorkSecurityMapManager
/**
 * Executes the command with the command parameters passed as Properties
 * where the keys are the paramter names and the values the parameter values
 *
 * @param context information
 */
public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    if (mapName == null) {
        report.setMessage(localStrings.getLocalString("create.connector.work.security.map.noMapName", "No mapname defined for connector work security map."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    if (raName == null) {
        report.setMessage(localStrings.getLocalString("create.connector.work.security.map.noRaName", "No raname defined for connector work security map."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    if (principalsMap == null && groupsMap == null) {
        report.setMessage(localStrings.getLocalString("create.connector.work.security.map.noMap", "No principalsmap or groupsmap defined for connector work security map."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    if (principalsMap != null && groupsMap != null) {
        report.setMessage(localStrings.getLocalString("create.connector.work.security.map.specifyPrincipalsOrGroupsMap", "A work-security-map can have either (any number of) group mapping  " + "or (any number of) principals mapping but not both. Specify" + "--principalsmap or --groupsmap."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // ensure we don't already have one of this name
    if (hasDuplicate(domain.getResources(), report))
        return;
    // TODO ASR : need similar validation while creating app-scoped-resource of w-s-m
    String appName = raName;
    if (!ConnectorsUtil.isStandAloneRA(raName)) {
        appName = ConnectorsUtil.getApplicationNameOfEmbeddedRar(raName);
        Application application = applications.getApplication(appName);
        if (application != null) {
            // embedded RAR
            String resourceAdapterName = ConnectorsUtil.getRarNameFromApplication(raName);
            Module module = application.getModule(resourceAdapterName);
            if (module != null) {
                Resources msr = module.getResources();
                if (msr != null) {
                    if (hasDuplicate(msr, report))
                        return;
                }
            }
        }
    } else {
        // standalone RAR
        Application application = applications.getApplication(appName);
        if (application != null) {
            Resources appScopedResources = application.getResources();
            if (appScopedResources != null) {
                if (hasDuplicate(appScopedResources, report))
                    return;
            }
        }
    }
    try {
        ConfigSupport.apply(new SingleConfigCode<Resources>() {

            public Object run(Resources param) throws PropertyVetoException, TransactionFailure {
                WorkSecurityMap workSecurityMap = param.createChild(WorkSecurityMap.class);
                workSecurityMap.setName(mapName);
                workSecurityMap.setResourceAdapterName(raName);
                if (principalsMap != null) {
                    for (Map.Entry e : principalsMap.entrySet()) {
                        PrincipalMap principalMap = workSecurityMap.createChild(PrincipalMap.class);
                        principalMap.setEisPrincipal((String) e.getKey());
                        principalMap.setMappedPrincipal((String) e.getValue());
                        workSecurityMap.getPrincipalMap().add(principalMap);
                    }
                } else if (groupsMap != null) {
                    for (Map.Entry e : groupsMap.entrySet()) {
                        GroupMap groupMap = workSecurityMap.createChild(GroupMap.class);
                        groupMap.setEisGroup((String) e.getKey());
                        groupMap.setMappedGroup((String) e.getValue());
                        workSecurityMap.getGroupMap().add(groupMap);
                    }
                } else {
                // no mapping
                }
                param.getResources().add(workSecurityMap);
                return workSecurityMap;
            }
        }, domain.getResources());
    } catch (TransactionFailure tfe) {
        Logger.getLogger(CreateConnectorWorkSecurityMap.class.getName()).log(Level.SEVERE, "create-connector-work-security-map failed", tfe);
        report.setMessage(localStrings.getLocalString("create.connector.work.security.map.fail", "Unable to create connector work security map {0}.", mapName) + " " + tfe.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(tfe);
        return;
    }
    report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
}
Also used : TransactionFailure(org.jvnet.hk2.config.TransactionFailure) PrincipalMap(org.glassfish.connectors.config.PrincipalMap) WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap) ActionReport(org.glassfish.api.ActionReport) PropertyVetoException(java.beans.PropertyVetoException) GroupMap(org.glassfish.connectors.config.GroupMap) Map(java.util.Map) PrincipalMap(org.glassfish.connectors.config.PrincipalMap) WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap) GroupMap(org.glassfish.connectors.config.GroupMap)

Example 3 with PrincipalMap

use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.

the class UpdateConnectorWorkSecurityMap method execute.

public void execute(AdminCommandContext context) {
    final ActionReport report = context.getActionReport();
    if (addPrincipals == null && addGroups == null && removeGroups == null && removePrincipals == null) {
        report.setMessage(localStrings.getLocalString("update.connector.work.security.map.noargs", "update-connector-work-security-map should be executed with atleast one optional argument of " + "either add(principals/usergroups) or remove(principals/usergroups)"));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    if (!WorkSecurityMapHelper.doesResourceAdapterNameExist(raName, domain.getResources())) {
        report.setMessage(localStrings.getLocalString("update.connector.work.security.map.noSuchRAFound", "Resource Adapter {0} does not exist. Please specify a resource adapter name.", raName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    if (!WorkSecurityMapHelper.doesMapNameExist(raName, securityMapName, domain.getResources())) {
        report.setMessage(localStrings.getLocalString("update.connector.work.security.map.mapNotExist", "WorkSecurity map {0} does not exist for resource adapter {1}. Please give a valid map name.", securityMapName, raName));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    // check if addPrincipals and removePrincipals have the same value
    if (addPrincipals != null && removePrincipals != null) {
        Iterator it_1 = addPrincipals.entrySet().iterator();
        while (it_1.hasNext()) {
            String ap = ((Map.Entry) it_1.next()).getKey().toString();
            for (String rp : removePrincipals) {
                if (rp.equals(ap)) {
                    report.setMessage(localStrings.getLocalString("update.connector.work.security.map.samePrincipalValues", "This value {0} is given in both --addprincipals and --removeprincipals. " + "The same value cannot given for these options.", ap));
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
            }
        }
    }
    // check if addUserGroups and removeUserGroups have the same value
    if (addGroups != null && removeGroups != null) {
        Iterator it_1 = addGroups.entrySet().iterator();
        while (it_1.hasNext()) {
            String ag = ((Map.Entry) it_1.next()).getKey().toString();
            for (String rg : removeGroups) {
                if (rg.equals(ag)) {
                    report.setMessage(localStrings.getLocalString("update.connector.work.security.map.sameUsergroupValues", "This value {0} is given in both --addusergroups and --removeusergroups. " + "The same value cannot given for these options.", ag));
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
            }
        }
    }
    WorkSecurityMap map = WorkSecurityMapHelper.getSecurityMap(securityMapName, raName, domain.getResources());
    final List<PrincipalMap> existingPrincipals = new ArrayList(map.getPrincipalMap());
    final List<GroupMap> existingUserGroups = new ArrayList(map.getGroupMap());
    if (existingPrincipals.isEmpty() && addPrincipals != null) {
        report.setMessage(localStrings.getLocalString("update.connector.work.security.map." + "addPrincipalToExistingUserGroupsWorkSecurityMap", "Failed to add principals to a security map with user groups."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    if (existingUserGroups.isEmpty() && addGroups != null) {
        report.setMessage(localStrings.getLocalString("update.connector.work.security.map." + "addUserGroupsToExistingPrincipalsWorkSecurityMap", "Failed to add user groups to a security map with principals."));
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return;
    }
    if (addPrincipals == null && addGroups == null) {
        boolean principalsEmpty = false;
        boolean userGroupsEmpty = false;
        if ((removePrincipals != null) && (removePrincipals.size() == existingPrincipals.size())) {
            principalsEmpty = true;
        }
        if ((removeGroups != null) && (removeGroups.size() == existingUserGroups.size())) {
            userGroupsEmpty = true;
        }
        if (userGroupsEmpty || principalsEmpty) {
            report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.principals_usergroups_will_be_null", "The values in your command will delete all principals and usergroups. You cannot " + "delete all principals and usergroups. Atleast one of them must exist."));
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
    }
    if (removePrincipals != null) {
        for (String rp : removePrincipals) {
            boolean principalExist = false;
            for (PrincipalMap pm : existingPrincipals) {
                if (pm.getEisPrincipal().equals(rp)) {
                    principalExist = true;
                    break;
                }
            }
            if (!principalExist) {
                report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.principalNotExists", "The principal {0} that you want to delete does not exist in security map {1}." + " Please give a valid principal name.", rp, securityMapName));
                report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                return;
            }
        }
    }
    if (removeGroups != null) {
        for (String rg : removeGroups) {
            boolean usergroupExist = false;
            for (GroupMap gm : existingUserGroups) {
                if (gm.getEisGroup().equals(rg)) {
                    usergroupExist = true;
                    break;
                }
            }
            if (!usergroupExist) {
                report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.usergroupNotExists", "The usergroup {0} that you want to delete does not exist in security map {1}. " + "Please give a valid user-group name.", rg, securityMapName));
                report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                return;
            }
        }
    }
    if (addPrincipals != null) {
        for (Map.Entry e : addPrincipals.entrySet()) {
            for (PrincipalMap pm : existingPrincipals) {
                if (pm.getEisPrincipal().equals(e.getKey())) {
                    report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.principalExists", "The principal {0} already exists in security map {1}. " + "Please give a different principal name.", e.getKey(), securityMapName));
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
            }
        }
    }
    if (addGroups != null) {
        for (Map.Entry e : addGroups.entrySet()) {
            for (GroupMap gm : existingUserGroups) {
                if (gm.getEisGroup().equals(e.getKey())) {
                    report.setMessage(localStrings.getLocalString("" + "update.connector.work.security.map.groupExists", "The Group {0} already exists in security map {1}. " + "Please give a different group name.", e.getKey(), securityMapName));
                    report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                    return;
                }
            }
        }
    }
    try {
        ConfigSupport.apply(new SingleConfigCode<WorkSecurityMap>() {

            public Object run(WorkSecurityMap wsm) throws PropertyVetoException, TransactionFailure {
                if (addGroups != null) {
                    for (Map.Entry e : addGroups.entrySet()) {
                        GroupMap gm = wsm.createChild(GroupMap.class);
                        gm.setEisGroup((String) e.getKey());
                        gm.setMappedGroup((String) e.getValue());
                        wsm.getGroupMap().add(gm);
                    }
                } else if (addPrincipals != null) {
                    for (Map.Entry e : addPrincipals.entrySet()) {
                        PrincipalMap pm = wsm.createChild(PrincipalMap.class);
                        pm.setEisPrincipal((String) e.getKey());
                        pm.setMappedPrincipal((String) e.getValue());
                        wsm.getPrincipalMap().add(pm);
                    }
                }
                if (removeGroups != null) {
                    for (String rg : removeGroups) {
                        for (GroupMap gm : existingUserGroups) {
                            if (gm.getEisGroup().equals(rg)) {
                                wsm.getGroupMap().remove(gm);
                            }
                        }
                    }
                } else if (removePrincipals != null) {
                    for (String rp : removePrincipals) {
                        for (PrincipalMap pm : existingPrincipals) {
                            if (pm.getEisPrincipal().equals(rp)) {
                                wsm.getPrincipalMap().remove(pm);
                            }
                        }
                    }
                }
                return wsm;
            }
        }, map);
        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
    } catch (TransactionFailure tfe) {
        Object[] params = { securityMapName, raName };
        report.setMessage(localStrings.getLocalString("update.connector.work.security.map.fail", "Unable to update security map {0} for resource adapter {1}.", params) + " " + tfe.getLocalizedMessage());
        report.setActionExitCode(ActionReport.ExitCode.FAILURE);
        report.setFailureCause(tfe);
    }
}
Also used : TransactionFailure(org.jvnet.hk2.config.TransactionFailure) PrincipalMap(org.glassfish.connectors.config.PrincipalMap) WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap) ActionReport(org.glassfish.api.ActionReport) PropertyVetoException(java.beans.PropertyVetoException) GroupMap(org.glassfish.connectors.config.GroupMap) PrincipalMap(org.glassfish.connectors.config.PrincipalMap) WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap) GroupMap(org.glassfish.connectors.config.GroupMap)

Example 4 with PrincipalMap

use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.

the class ConnectorWorkSecurityMapResourceManager method createConfigBean.

private WorkSecurityMap createConfigBean(Resources param) throws PropertyVetoException, TransactionFailure {
    WorkSecurityMap workSecurityMap = param.createChild(WorkSecurityMap.class);
    workSecurityMap.setName(mapName);
    workSecurityMap.setResourceAdapterName(raName);
    if (principalsMap != null) {
        for (Map.Entry e : principalsMap.entrySet()) {
            PrincipalMap principalMap = workSecurityMap.createChild(PrincipalMap.class);
            principalMap.setEisPrincipal((String) e.getKey());
            principalMap.setMappedPrincipal((String) e.getValue());
            workSecurityMap.getPrincipalMap().add(principalMap);
        }
    } else if (groupsMap != null) {
        for (Map.Entry e : groupsMap.entrySet()) {
            GroupMap groupMap = workSecurityMap.createChild(GroupMap.class);
            groupMap.setEisGroup((String) e.getKey());
            groupMap.setMappedGroup((String) e.getValue());
            workSecurityMap.getGroupMap().add(groupMap);
        }
    }
    return workSecurityMap;
}
Also used : PrincipalMap(org.glassfish.connectors.config.PrincipalMap) GroupMap(org.glassfish.connectors.config.GroupMap) WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap) HashMap(java.util.HashMap) Map(java.util.Map) PrincipalMap(org.glassfish.connectors.config.PrincipalMap) WorkSecurityMap(org.glassfish.connectors.config.WorkSecurityMap) GroupMap(org.glassfish.connectors.config.GroupMap)

Example 5 with PrincipalMap

use of org.glassfish.connectors.config.PrincipalMap in project Payara by payara.

the class ListConnectorWorkSecurityMaps method listWorkSecurityMap.

private void listWorkSecurityMap(WorkSecurityMap wsm, ActionReport.MessagePart mp) {
    List<PrincipalMap> principalList = wsm.getPrincipalMap();
    List<GroupMap> groupList = wsm.getGroupMap();
    for (PrincipalMap map : principalList) {
        final ActionReport.MessagePart part = mp.addChild();
        part.setMessage(localStrings.getLocalString("list.connector.work.security.maps.eisPrincipalAndMappedPrincipal", "{0}: EIS principal={1}, mapped principal={2}", wsm.getName(), map.getEisPrincipal(), map.getMappedPrincipal()));
    }
    for (GroupMap map : groupList) {
        final ActionReport.MessagePart part = mp.addChild();
        part.setMessage(localStrings.getLocalString("list.connector.work.security.maps.eisGroupAndMappedGroup", "{0}: EIS group={1}, mapped group={2}", wsm.getName(), map.getEisGroup(), map.getMappedGroup()));
    }
}
Also used : PrincipalMap(org.glassfish.connectors.config.PrincipalMap) GroupMap(org.glassfish.connectors.config.GroupMap) ActionReport(org.glassfish.api.ActionReport)

Aggregations

GroupMap (org.glassfish.connectors.config.GroupMap)5 PrincipalMap (org.glassfish.connectors.config.PrincipalMap)5 WorkSecurityMap (org.glassfish.connectors.config.WorkSecurityMap)4 ActionReport (org.glassfish.api.ActionReport)3 PropertyVetoException (java.beans.PropertyVetoException)2 Map (java.util.Map)2 TransactionFailure (org.jvnet.hk2.config.TransactionFailure)2 HashMap (java.util.HashMap)1 Group (org.glassfish.security.common.Group)1 PrincipalImpl (org.glassfish.security.common.PrincipalImpl)1