Examples with RemoteAdminAccessException org.glassfish.internal.api.RemoteAdminAccessException used on opensource projects

Example 1 with RemoteAdminAccessException

use of org.glassfish.internal.api.RemoteAdminAccessException in project Payara by payara.

the class GenericAdminAuthenticator method authenticate.

private Subject authenticate(String user, final char[] password, final String realm, final String host) throws LoginException {
    if (user.isEmpty()) {
        user = getDefaultAdminUser();
    }
    if (!isInAdminGroup(user, realm)) {
        throw new LoginException();
    }
    Subject s;
    try {
        rejectRemoteAdminIfDisabled(host);
        s = authService.login(user, password, null);
        if (ADMSEC_LOGGER.isLoggable(Level.FINE)) {
            ADMSEC_LOGGER.log(Level.FINE, "*** Login worked\n  user={0}\n  host={1}\n", new Object[] { user, host });
        }
        return s;
    } catch (RemoteAdminAccessException ex) {
        /*
             * Rethrow RemoteAdminAccessException explicitly to avoid it being
             * caught and processed by the LoginException catch block.
             */
        if (ADMSEC_LOGGER.isLoggable(Level.FINE)) {
            ADMSEC_LOGGER.log(Level.FINE, "*** RemoteAdminAccessException during auth\n  user={0}\n  host={1}\n  realm={2}\n", new Object[] { user, host, realm });
        }
        throw ex;
    } catch (LoginException lex) {
        if (ADMSEC_LOGGER.isLoggable(Level.FINE)) {
            ADMSEC_LOGGER.log(Level.FINE, "*** LoginException during auth\n  user={0}\n  host={1}\n  realm={2}", new Object[] { user, host, realm });
        }
        throw lex;
    }
}

Example 2 with RemoteAdminAccessException

use of org.glassfish.internal.api.RemoteAdminAccessException in project Payara by payara.

the class RestAdapter method service.

@Override
public void service(Request req, Response res) {
    RestLogging.restLogger.log(Level.FINER, "Received resource request: {0}", req.getRequestURI());
    try {
        res.setCharacterEncoding(Constants.ENCODING);
        if (latch.await(20L, TimeUnit.SECONDS)) {
            if (serverEnvironment.isInstance()) {
                if (!Method.GET.equals(req.getMethod()) && !getRestResourceProvider().enableModifAccessToInstances()) {
                    reportError(req, res, HttpURLConnection.HTTP_FORBIDDEN, localStrings.getLocalString("rest.resource.only.GET.on.instance", "Only GET requests are allowed on an instance that is not DAS."));
                    return;
                }
            }
            if (adminAuthenticator != null) {
                final Subject subject = adminAuthenticator.loginAsAdmin(req);
                req.setAttribute(Constants.REQ_ATTR_SUBJECT, subject);
            }
            String context = getContextRoot();
            if ((context != null) && (!"".equals(context)) && (adapter == null)) {
                RestLogging.restLogger.log(Level.FINE, "Exposing rest resource context root: {0}", context);
                adapter = exposeContext();
                RestLogging.restLogger.log(Level.INFO, RestLogging.REST_INTERFACE_INITIALIZED, context);
            }
            // delegate to adapter managed by Jersey.
            adapter.service(req, res);
        } else {
            // !latch.await(...)
            reportError(req, res, HttpURLConnection.HTTP_UNAVAILABLE, localStrings.getLocalString("rest.adapter.server.wait", "Server cannot process this command at this time, please wait"));
        }
    } catch (InterruptedException e) {
        reportError(req, res, HttpURLConnection.HTTP_UNAVAILABLE, localStrings.getLocalString("rest.adapter.server.wait", // service unavailable
        "Server cannot process this command at this time, please wait"));
    } catch (IOException e) {
        reportError(req, res, HttpURLConnection.HTTP_UNAVAILABLE, localStrings.getLocalString("rest.adapter.server.ioexception", // service unavailable
        "REST: IO Exception " + e.getLocalizedMessage()));
    } catch (RemoteAdminAccessException e) {
        reportError(req, res, HttpURLConnection.HTTP_FORBIDDEN, localStrings.getLocalString("rest.adapter.auth.forbidden", "Remote access not allowed. If you desire remote access, please turn on secure admin"));
    } catch (LoginException e) {
        int status = HttpURLConnection.HTTP_UNAUTHORIZED;
        String msg = localStrings.getLocalString("rest.adapter.auth.userpassword", "Invalid user name or password");
        res.setHeader(HEADER_AUTHENTICATE, "BASIC");
        reportError(req, res, status, msg);
    } catch (Exception e) {
        // TODO: This string is duplicated.  Can we pull this text out of the logging bundle?
        String msg = localStrings.getLocalString("rest.adapter.server.exception", "An error occurred while processing the request. Please see the server logs for details.");
        RestLogging.restLogger.log(Level.INFO, RestLogging.SERVER_ERROR, e);
        // service unavailable
        reportError(req, res, HttpURLConnection.HTTP_UNAVAILABLE, msg);
    }
}

Example 3 with RemoteAdminAccessException

use of org.glassfish.internal.api.RemoteAdminAccessException in project Payara by payara.

the class GenericAdminAuthenticator method authenticate.

private Subject authenticate(final Request req, final String alternateHostname) throws IOException, LoginException {
    final AdminCallbackHandler cbh = new AdminCallbackHandler(habitat, req, alternateHostname, getDefaultAdminUser(), localPassword);
    Subject s;
    try {
        s = authService.login(cbh, null);
        /*
             * Enforce remote access restrictions, if any.
             */
        rejectRemoteAdminIfDisabled(cbh);
        consumeTokenIfPresent(req);
        if (ADMSEC_LOGGER.isLoggable(Level.FINE)) {
            ADMSEC_LOGGER.log(Level.FINE, "*** Login worked\n  user={0}\n  dn={1}\n  tkn={2}\n  admInd={3}\n  host={4}\n", new Object[] { cbh.pw().getUserName(), cbh.clientPrincipal() == null ? "null" : cbh.clientPrincipal().getName(), cbh.tkn(), cbh.adminIndicator(), cbh.remoteHost() });
        }
        return s;
    } catch (RemoteAdminAccessException ex) {
        /*
             * Rethrow RemoteAdminAccessException explicitly to avoid it being
             * caught and processed by the LoginException catch block.
             */
        final String cmd = req.getContextPath();
        if (ADMSEC_LOGGER.isLoggable(Level.FINE)) {
            ADMSEC_LOGGER.log(Level.FINE, "*** RemoteAdminAccessException during auth for {5}\n  user={0}\n  dn={1}\n  tkn={2}\n  admInd={3}\n  host={4}\n", new Object[] { cbh.pw().getUserName(), cbh.clientPrincipal() == null ? "null" : cbh.clientPrincipal().getName(), cbh.tkn(), cbh.adminIndicator(), cbh.remoteHost(), cmd });
        }
        throw ex;
    } catch (LoginException lex) {
        final String cmd = req.getContextPath();
        if (ADMSEC_LOGGER.isLoggable(Level.FINE)) {
            ADMSEC_LOGGER.log(Level.FINE, "*** LoginException during auth for {5}\n  user={0}\n  dn={1}\n  tkn={2}\n  admInd={3}\n  host={4}\n", new Object[] { cbh.pw().getUserName(), cbh.clientPrincipal() == null ? "null" : cbh.clientPrincipal().getName(), cbh.tkn(), cbh.adminIndicator(), cbh.remoteHost(), cmd });
        }
        throw lex;
    }
}

Example 4 with RemoteAdminAccessException

use of org.glassfish.internal.api.RemoteAdminAccessException in project Payara by payara.

the class SessionsResource method create.

/**
 * Get a new session with GlassFish Rest service
 * If a request lands here when authentication has been turned on => it has been authenticated.
 * @return a new session with GlassFish Rest service
 */
@POST
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.APPLICATION_FORM_URLENCODED })
@Produces({ MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response create(HashMap<String, String> data) {
    if (data == null) {
        data = new HashMap<String, String>();
    }
    final RestConfig restConfig = ResourceUtil.getRestConfig(locatorBridge.getRemoteLocator());
    Response.ResponseBuilder responseBuilder = Response.status(UNAUTHORIZED);
    RestActionReporter ar = new RestActionReporter();
    Request grizzlyRequest = request.get();
    // If the call flow reached here, the request has been authenticated by logic in RestAdapater
    // probably with an admin username and password.  The remoteHostName value
    // in the data object is the actual remote host of the end-user who is
    // using the console (or, conceivably, some other client).  We need to
    // authenticate here once again with that supplied remoteHostName to
    // make sure we enforce remote access rules correctly.
    String hostName = data.get("remoteHostName");
    boolean isAuthorized = false;
    boolean responseErrorStatusSet = false;
    Subject subject = null;
    try {
        // subject = ResourceUtil.authenticateViaAdminRealm(Globals.getDefaultHabitat(), grizzlyRequest, hostName);
        subject = ResourceUtil.authenticateViaAdminRealm(locatorBridge.getRemoteLocator(), grizzlyRequest, hostName);
        isAuthorized = ResourceUtil.isAuthorized(locatorBridge.getRemoteLocator(), subject, "domain/rest-sessions/rest-session", "create");
    } catch (RemoteAdminAccessException e) {
        responseBuilder.status(FORBIDDEN);
        responseErrorStatusSet = true;
    } catch (Exception e) {
        ar.setMessage("Error while authenticating " + e);
    }
    if (isAuthorized) {
        responseBuilder.status(OK);
        // Check to see if the username has been set (anonymous user case)
        String username = (String) grizzlyRequest.getAttribute("restUser");
        if (username != null) {
            ar.getExtraProperties().put("username", username);
        }
        ar.getExtraProperties().put("token", sessionManager.createSession(grizzlyRequest.getRemoteAddr(), subject, chooseTimeout(restConfig)));
    } else {
        if (!responseErrorStatusSet) {
            responseBuilder.status(UNAUTHORIZED);
        }
    }
    return responseBuilder.entity(new ActionReportResult(ar)).build();
}