Example 1 with LoginModuleConfig
use of org.glassfish.security.services.config.LoginModuleConfig in project Payara by payara.
the class LDAPAdminAccessConfigurator method updateSecurityProvider.
/* private String getNewRealmName(SecurityService ss) {
List<AuthRealm> realms = ss.getAuthRealm();
String pref = ORIG_ADMIN_REALM_NAME + "-";
int index = 0; //last one
for (AuthRealm realm : realms) {
if (realm.getName().indexOf(pref) >= 0) {
index = Integer.parseInt(realm.getName().substring(pref.length()));
}
}
return pref + (index+1);
}*/
private void updateSecurityProvider(final Transaction t, final SecurityProvider w_sp, final StringBuilder sb) throws TransactionFailure, PropertyVetoException {
for (SecurityProviderConfig spc : w_sp.getSecurityProviderConfig()) {
if ((spc instanceof LoginModuleConfig) && spc.getName().equals(ADMIN_FILE_LM_NAME)) {
final LoginModuleConfig w_lmConfig = t.enroll((LoginModuleConfig) spc);
w_lmConfig.setModuleClass(LDAPLoginModule.class.getName());
sb.append(lsm.getString("ldap.authProviderConfigOK", w_sp.getName()));
return;
}
}
throw new TransactionFailure(lsm.getString("ldap.noAuthProviderConfig", w_sp.getName(), ADMIN_FILE_LM_NAME));
}
Also used :
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
LoginModuleConfig(org.glassfish.security.services.config.LoginModuleConfig)
LDAPLoginModule(com.sun.enterprise.security.auth.login.LDAPLoginModule)
SecurityProviderConfig(org.glassfish.security.services.config.SecurityProviderConfig)
Example 2 with LoginModuleConfig
use of org.glassfish.security.services.config.LoginModuleConfig in project Payara by payara.
the class AuthenticationServiceImpl method initialize.
/**
* Initialize the Authentication Service configuration.
*
* Create the JAAS Configuration using the specified LoginModule configurations
*/
@Override
public void initialize(SecurityConfiguration securityServiceConfiguration) {
// org.glassfish.security.services.config.AuthenticationService as = (org.glassfish.security.services.config.AuthenticationService) securityServiceConfiguration;
// LOG.info("*** AuthenticationServiceImpl auth svc file realm provider module class: ");
// for (SecurityProvider sp : as.getSecurityProviders()) {
// LOG.info(" *** Provider name/type" + sp.getName() + "/" + sp.getType());
// if (sp.getSecurityProviderConfig() == null) {
// LOG.info(" *** getSecurityProviderConfig returned null");
// } else {
// for (SecurityProviderConfig spc : sp.getSecurityProviderConfig()) {
// LOG.info(" *** " + spc.getName());
// if (sp.getType().equals("LoginModule")) {
// LoginModuleConfig lmc = (LoginModuleConfig) spc;
// LOG.info(" *** LoginModule config: class is " + lmc.getModuleClass());
// }
// }
// }
// }
config = (org.glassfish.security.services.config.AuthenticationService) securityServiceConfiguration;
if (config == null)
return;
// JAAS LoginContext Name
name = config.getName();
// Determine if handling Realm password credential
usePasswordCredential = Boolean.valueOf(config.getUsePasswordCredential());
// Build JAAS Configuration based on the individual LoginModuleConfig settings
List<SecurityProvider> providers = config.getSecurityProviders();
if (providers != null) {
ArrayList<AppConfigurationEntry> lmEntries = new ArrayList<AppConfigurationEntry>();
for (SecurityProvider provider : providers) {
// If the provider is a LoginModule look for the LoginModuleConfig
if ("LoginModule".equalsIgnoreCase(provider.getType())) {
List<SecurityProviderConfig> providerConfig = provider.getSecurityProviderConfig();
if ((providerConfig != null) && (!providerConfig.isEmpty())) {
// Create the JAAS AppConfigurationEntry from the LoginModule settings
LoginModuleConfig lmConfig = (LoginModuleConfig) providerConfig.get(0);
Map<String, ?> lmOptions = lmConfig.getModuleOptions();
lmEntries.add(new AppConfigurationEntry(lmConfig.getModuleClass(), getLoginModuleControlFlag(lmConfig.getControlFlag()), lmOptions));
// Use the first LoginModule with auth-realm (i.e. unable to stack Realms)
if (usePasswordCredential && (realmName == null)) {
String authRealm = (String) lmOptions.get("auth-realm");
if ((authRealm != null) && (!authRealm.isEmpty()))
realmName = authRealm;
}
}
}
}
if (!lmEntries.isEmpty())
configuration = new AuthenticationJaasConfiguration(name, lmEntries);
}
// TODO - Reconcile initialization with SecurityLifeCycle
if (usePasswordCredential && (realmName != null)) {
RealmsManager realmsManager = locator.getService(RealmsManager.class);
realmsManager.createRealms();
}
}
Also used :
ArrayList(java.util.ArrayList)
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
RealmsManager(com.sun.enterprise.security.auth.realm.RealmsManager)
LoginModuleConfig(org.glassfish.security.services.config.LoginModuleConfig)
SecurityProvider(org.glassfish.security.services.config.SecurityProvider)
SecurityProviderConfig(org.glassfish.security.services.config.SecurityProviderConfig)
Example 3 with LoginModuleConfig
use of org.glassfish.security.services.config.LoginModuleConfig in project Payara by payara.
the class CreateLoginModuleConfig method execute.
/**
* Execute the create-login-module-config admin command.
*/
@Override
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Add LoginModule configuration to the security provider setup
// TODO - Add validation logic of the LoginModule config attributes
LoginModuleConfig config = null;
try {
config = (LoginModuleConfig) ConfigSupport.apply(new SingleConfigCode<SecurityProvider>() {
@Override
public Object run(SecurityProvider param) throws PropertyVetoException, TransactionFailure {
LoginModuleConfig lmConfig = param.createChild(LoginModuleConfig.class);
lmConfig.setName(name);
lmConfig.setModuleClass(moduleClass);
lmConfig.setControlFlag(controlFlag);
// TODO - Should prevent multiple security provider config entries
param.getSecurityProviderConfig().add(lmConfig);
return lmConfig;
}
}, provider);
} catch (TransactionFailure transactionFailure) {
report.setMessage("Unable to create login module config: " + transactionFailure.getMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(transactionFailure);
return;
}
// Setup LoginModule configuration options
if ((config != null) && (configuration != null) && (!configuration.isEmpty())) {
try {
ConfigSupport.apply(new SingleConfigCode<LoginModuleConfig>() {
@Override
public Object run(LoginModuleConfig param) throws PropertyVetoException, TransactionFailure {
for (Object configPropName : configuration.keySet()) {
Property prop = param.createChild(Property.class);
String propName = (String) configPropName;
prop.setName(propName);
prop.setValue(configuration.getProperty(propName));
param.getProperty().add(prop);
}
return param;
}
}, config);
} catch (TransactionFailure transactionFailure) {
report.setMessage("Unable to create login module options: " + transactionFailure.getMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(transactionFailure);
}
}
}
Also used :
PropertyVetoException(java.beans.PropertyVetoException)
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
LoginModuleConfig(org.glassfish.security.services.config.LoginModuleConfig)
SecurityProvider(org.glassfish.security.services.config.SecurityProvider)
ActionReport(org.glassfish.api.ActionReport)
Property(org.jvnet.hk2.config.types.Property)
Aggregations
LoginModuleConfig (org.glassfish.security.services.config.LoginModuleConfig)3
SecurityProvider (org.glassfish.security.services.config.SecurityProvider)2
SecurityProviderConfig (org.glassfish.security.services.config.SecurityProviderConfig)2
TransactionFailure (org.jvnet.hk2.config.TransactionFailure)2
LDAPLoginModule (com.sun.enterprise.security.auth.login.LDAPLoginModule)1
RealmsManager (com.sun.enterprise.security.auth.realm.RealmsManager)1
PropertyVetoException (java.beans.PropertyVetoException)1
ArrayList (java.util.ArrayList)1
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)1
ActionReport (org.glassfish.api.ActionReport)1
Property (org.jvnet.hk2.config.types.Property)1
