Example 1 with SecurityProvider
use of org.glassfish.security.services.config.SecurityProvider in project Payara by payara.
the class CLIUtil method findSecurityProvider.
public static SecurityProvider findSecurityProvider(final Domain domain, final String serviceName, final String providerName, final ActionReport report) {
// Get the security provider config
final SecurityConfiguration sc = findSecurityConfiguration(domain, serviceName, report);
if (sc == null) {
return null;
}
SecurityProvider provider = sc.getSecurityProviderByName(providerName);
if (provider == null) {
report.setMessage("Unable to locate security provider: " + providerName);
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return null;
}
return provider;
}
Also used :
SecurityProvider(org.glassfish.security.services.config.SecurityProvider)
SecurityConfiguration(org.glassfish.security.services.config.SecurityConfiguration)
Example 2 with SecurityProvider
use of org.glassfish.security.services.config.SecurityProvider in project Payara by payara.
the class AuthenticationServiceImpl method initialize.
/**
* Initialize the Authentication Service configuration.
*
* Create the JAAS Configuration using the specified LoginModule configurations
*/
@Override
public void initialize(SecurityConfiguration securityServiceConfiguration) {
// org.glassfish.security.services.config.AuthenticationService as = (org.glassfish.security.services.config.AuthenticationService) securityServiceConfiguration;
// LOG.info("*** AuthenticationServiceImpl auth svc file realm provider module class: ");
// for (SecurityProvider sp : as.getSecurityProviders()) {
// LOG.info(" *** Provider name/type" + sp.getName() + "/" + sp.getType());
// if (sp.getSecurityProviderConfig() == null) {
// LOG.info(" *** getSecurityProviderConfig returned null");
// } else {
// for (SecurityProviderConfig spc : sp.getSecurityProviderConfig()) {
// LOG.info(" *** " + spc.getName());
// if (sp.getType().equals("LoginModule")) {
// LoginModuleConfig lmc = (LoginModuleConfig) spc;
// LOG.info(" *** LoginModule config: class is " + lmc.getModuleClass());
// }
// }
// }
// }
config = (org.glassfish.security.services.config.AuthenticationService) securityServiceConfiguration;
if (config == null)
return;
// JAAS LoginContext Name
name = config.getName();
// Determine if handling Realm password credential
usePasswordCredential = Boolean.valueOf(config.getUsePasswordCredential());
// Build JAAS Configuration based on the individual LoginModuleConfig settings
List<SecurityProvider> providers = config.getSecurityProviders();
if (providers != null) {
ArrayList<AppConfigurationEntry> lmEntries = new ArrayList<AppConfigurationEntry>();
for (SecurityProvider provider : providers) {
// If the provider is a LoginModule look for the LoginModuleConfig
if ("LoginModule".equalsIgnoreCase(provider.getType())) {
List<SecurityProviderConfig> providerConfig = provider.getSecurityProviderConfig();
if ((providerConfig != null) && (!providerConfig.isEmpty())) {
// Create the JAAS AppConfigurationEntry from the LoginModule settings
LoginModuleConfig lmConfig = (LoginModuleConfig) providerConfig.get(0);
Map<String, ?> lmOptions = lmConfig.getModuleOptions();
lmEntries.add(new AppConfigurationEntry(lmConfig.getModuleClass(), getLoginModuleControlFlag(lmConfig.getControlFlag()), lmOptions));
// Use the first LoginModule with auth-realm (i.e. unable to stack Realms)
if (usePasswordCredential && (realmName == null)) {
String authRealm = (String) lmOptions.get("auth-realm");
if ((authRealm != null) && (!authRealm.isEmpty()))
realmName = authRealm;
}
}
}
}
if (!lmEntries.isEmpty())
configuration = new AuthenticationJaasConfiguration(name, lmEntries);
}
// TODO - Reconcile initialization with SecurityLifeCycle
if (usePasswordCredential && (realmName != null)) {
RealmsManager realmsManager = locator.getService(RealmsManager.class);
realmsManager.createRealms();
}
}
Also used :
ArrayList(java.util.ArrayList)
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
RealmsManager(com.sun.enterprise.security.auth.realm.RealmsManager)
LoginModuleConfig(org.glassfish.security.services.config.LoginModuleConfig)
SecurityProvider(org.glassfish.security.services.config.SecurityProvider)
SecurityProviderConfig(org.glassfish.security.services.config.SecurityProviderConfig)
Example 3 with SecurityProvider
use of org.glassfish.security.services.config.SecurityProvider in project Payara by payara.
the class RoleMappingServiceImpl method initialize.
/**
* Initialize the Role Mapping service with the configured role mapping provider.
*/
@Override
public void initialize(SecurityConfiguration securityServiceConfiguration) {
if (InitializationState.NOT_INITIALIZED != initialized) {
return;
}
try {
// Get the Role Mapping Service configuration
config = (org.glassfish.security.services.config.RoleMappingService) securityServiceConfiguration;
if (config != null) {
// Get the role mapping provider configuration
// Consider only one provider for now and take the first provider found!
List<SecurityProvider> providersConfig = config.getSecurityProviders();
SecurityProvider roleProviderConfig = null;
if (providersConfig != null)
roleProviderConfig = providersConfig.get(0);
if (roleProviderConfig != null) {
// Get the provider
String providerName = roleProviderConfig.getName();
if (isDebug()) {
logger.log(DEBUG_LEVEL, "Attempting to get Role Mapping Provider \"{0}\".", providerName);
}
provider = AccessController.doPrivileged(new PrivilegedLookup<RoleMappingProvider>(serviceLocator, RoleMappingProvider.class, providerName));
if (provider == null) {
throw new IllegalStateException(localStrings.getLocalString("service.role.not_provider", "Role Mapping Provider {0} not found.", providerName));
}
// Initialize the provider
provider.initialize(roleProviderConfig);
// Service setup complete
initialized = InitializationState.SUCCESS_INIT;
reasonInitFailed = null;
// Log initialized
logger.log(Level.INFO, ROLEMAPSVC_INITIALIZED);
}
}
} catch (Exception e) {
String eMsg = e.getMessage();
String eClass = e.getClass().getName();
reasonInitFailed = localStrings.getLocalString("service.role.init_failed", "Role Mapping Service initialization failed, exception {0}, message {1}", eClass, eMsg);
logger.log(Level.WARNING, ROLEMAPSVC_INIT_FAILED, new Object[] { eClass, eMsg });
throw new RuntimeException(reasonInitFailed, e);
} finally {
if (InitializationState.SUCCESS_INIT != initialized) {
initialized = InitializationState.FAILED_INIT;
}
}
}
Also used :
PrivilegedLookup(org.glassfish.security.services.common.PrivilegedLookup)
SecurityProvider(org.glassfish.security.services.config.SecurityProvider)
Example 4 with SecurityProvider
use of org.glassfish.security.services.config.SecurityProvider in project Payara by payara.
the class CreateLoginModuleConfig method execute.
/**
* Execute the create-login-module-config admin command.
*/
@Override
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Add LoginModule configuration to the security provider setup
// TODO - Add validation logic of the LoginModule config attributes
LoginModuleConfig config = null;
try {
config = (LoginModuleConfig) ConfigSupport.apply(new SingleConfigCode<SecurityProvider>() {
@Override
public Object run(SecurityProvider param) throws PropertyVetoException, TransactionFailure {
LoginModuleConfig lmConfig = param.createChild(LoginModuleConfig.class);
lmConfig.setName(name);
lmConfig.setModuleClass(moduleClass);
lmConfig.setControlFlag(controlFlag);
// TODO - Should prevent multiple security provider config entries
param.getSecurityProviderConfig().add(lmConfig);
return lmConfig;
}
}, provider);
} catch (TransactionFailure transactionFailure) {
report.setMessage("Unable to create login module config: " + transactionFailure.getMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(transactionFailure);
return;
}
// Setup LoginModule configuration options
if ((config != null) && (configuration != null) && (!configuration.isEmpty())) {
try {
ConfigSupport.apply(new SingleConfigCode<LoginModuleConfig>() {
@Override
public Object run(LoginModuleConfig param) throws PropertyVetoException, TransactionFailure {
for (Object configPropName : configuration.keySet()) {
Property prop = param.createChild(Property.class);
String propName = (String) configPropName;
prop.setName(propName);
prop.setValue(configuration.getProperty(propName));
param.getProperty().add(prop);
}
return param;
}
}, config);
} catch (TransactionFailure transactionFailure) {
report.setMessage("Unable to create login module options: " + transactionFailure.getMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(transactionFailure);
}
}
}
Also used :
PropertyVetoException(java.beans.PropertyVetoException)
TransactionFailure(org.jvnet.hk2.config.TransactionFailure)
LoginModuleConfig(org.glassfish.security.services.config.LoginModuleConfig)
SecurityProvider(org.glassfish.security.services.config.SecurityProvider)
ActionReport(org.glassfish.api.ActionReport)
Property(org.jvnet.hk2.config.types.Property)
Aggregations
SecurityProvider (org.glassfish.security.services.config.SecurityProvider)4
LoginModuleConfig (org.glassfish.security.services.config.LoginModuleConfig)2
RealmsManager (com.sun.enterprise.security.auth.realm.RealmsManager)1
PropertyVetoException (java.beans.PropertyVetoException)1
ArrayList (java.util.ArrayList)1
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)1
ActionReport (org.glassfish.api.ActionReport)1
PrivilegedLookup (org.glassfish.security.services.common.PrivilegedLookup)1
SecurityConfiguration (org.glassfish.security.services.config.SecurityConfiguration)1
SecurityProviderConfig (org.glassfish.security.services.config.SecurityProviderConfig)1
TransactionFailure (org.jvnet.hk2.config.TransactionFailure)1
Property (org.jvnet.hk2.config.types.Property)1
