use of org.jvnet.hk2.config in project Payara by payara.
the class GetGroupNamesCommand method getGroupNames.
private String[] getGroupNames(String realmName, String userName) throws NoSuchRealmException, BadRealmException, InvalidOperationException, NoSuchUserException {
// account for updates to file-realm contents from outside this config
// which are sharing the same keyfile
realmsManager.refreshRealm(config.getName(), realmName);
Realm r = realmsManager.getFromLoadedRealms(config.getName(), realmName);
if (r != null) {
return getGroupNames(r, userName);
}
List<AuthRealm> authRealmConfigs = config.getSecurityService().getAuthRealm();
for (AuthRealm authRealm : authRealmConfigs) {
if (realmName.equals(authRealm.getName())) {
List<Property> propConfigs = authRealm.getProperty();
Properties props = new Properties();
for (Property p : propConfigs) {
String value = p.getValue();
props.setProperty(p.getName(), value);
}
r = Realm.instantiate(authRealm.getName(), authRealm.getClassname(), props, config.getName());
return getGroupNames(r, userName);
}
}
throw new NoSuchRealmException(_localStrings.getLocalString("NO_SUCH_REALM", "No Such Realm: {0}", new Object[] { realmName }));
}
use of org.jvnet.hk2.config in project Payara by payara.
the class SynchronizeRealmFromConfig method instantiateRealm.
private boolean instantiateRealm(Config cfg, String realmName) throws BadRealmException, NoSuchRealmException {
List<AuthRealm> authRealmConfigs = cfg.getSecurityService().getAuthRealm();
for (AuthRealm authRealm : authRealmConfigs) {
if (realmName.equals(authRealm.getName())) {
List<Property> propConfigs = authRealm.getProperty();
Properties props = new Properties();
for (Property p : propConfigs) {
String value = p.getValue();
props.setProperty(p.getName(), value);
}
Realm.instantiate(authRealm.getName(), authRealm.getClassname(), props, cfg.getName());
return true;
}
}
throw new NoSuchRealmException(_localStrings.getLocalString("NO_SUCH_REALM", "No Such Realm: {0}", new Object[] { realmName }));
}
use of org.jvnet.hk2.config in project Payara by payara.
the class CreateMessageSecurityProvider method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are parameter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
List<MessageSecurityConfig> mscs = secService.getMessageSecurityConfig();
// Let's find the correct MessageSecurityConfig. As of now,
// there can be only two of them - one for SOAP and one for
// HttpServlet
MessageSecurityConfig msgSecCfg = null;
for (MessageSecurityConfig msc : mscs) {
if (msc.getAuthLayer().equals(authLayer)) {
msgSecCfg = msc;
}
}
// then, add a new provider config under it provided it is not duplicate
if (msgSecCfg != null) {
// check if there exists a provider config by the
// specified provider name; if so return failure.
List<ProviderConfig> pcs = msgSecCfg.getProviderConfig();
for (ProviderConfig pc : pcs) {
if (pc.getProviderId().equals(providerId)) {
report.setMessage(localStrings.getLocalString("create.message.security.provider.duplicatefound", "Message security provider named {0} exists. " + "Cannot add duplicate.", providerId));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
// No duplicate message security providers found. So add one.
try {
ConfigSupport.apply(new SingleConfigCode<MessageSecurityConfig>() {
public Object run(MessageSecurityConfig param) throws PropertyVetoException, TransactionFailure {
ProviderConfig newPC = param.createChild(ProviderConfig.class);
populateProviderConfigElement(newPC);
param.getProviderConfig().add(newPC);
// security config object
if (isDefaultProvider) {
if (providerType.equals(SERVER) || providerType.equals(CLIENT_SERVER))
param.setDefaultProvider(providerId);
if (providerType.equals(CLIENT) || providerType.equals(CLIENT_SERVER))
param.setDefaultClientProvider(providerId);
}
return newPC;
}
}, msgSecCfg);
} catch (TransactionFailure e) {
report.setMessage(localStrings.getLocalString("create.message.security.provider.fail", "Creation of message security provider named {0} failed", providerId));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
report.setMessage(localStrings.getLocalString("create.message.security.provider.success", "Creation of message security provider named {0} completed " + "successfully", providerId));
} else // Now if there is NO message security config for this type of layer
// then, first add a message security config for the layer and then
// add a provider config under this message security config
{
try {
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
MessageSecurityConfig newMSC = param.createChild(MessageSecurityConfig.class);
newMSC.setAuthLayer(authLayer);
param.getMessageSecurityConfig().add(newMSC);
ProviderConfig newPC = newMSC.createChild(ProviderConfig.class);
populateProviderConfigElement(newPC);
newMSC.getProviderConfig().add(newPC);
// security config object
if (isDefaultProvider) {
if (providerType.equals(SERVER) || providerType.equals(CLIENT_SERVER))
newMSC.setDefaultProvider(providerId);
if (providerType.equals(CLIENT) || providerType.equals(CLIENT_SERVER))
newMSC.setDefaultClientProvider(providerId);
}
return newMSC;
}
}, secService);
} catch (TransactionFailure e) {
report.setMessage(localStrings.getLocalString("create.message.security.provider.fail", "Creation of message security provider named {0} failed", providerId));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
/* report.setMessage(localStrings.getLocalString(
"create.message.security.provider.success",
"Creation of message security provider named {0} completed " +
"successfully", providerId)); */
}
}
use of org.jvnet.hk2.config in project Payara by payara.
the class DeleteFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("delete.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
final String kFile = keyFile;
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("delete.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(kFile)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { kFile, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// hypothetically ?.
try {
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
public Object run(SecurityService param) throws PropertyVetoException, TransactionFailure {
try {
realmsManager.createRealms(config);
final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
fr.removeUser(userName);
fr.persist();
CreateFileUser.refreshRealm(config.getName(), authRealmName);
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (NoSuchUserException e) {
report.setMessage(localStrings.getLocalString("delete.file.user.usernotfound", "There is no such existing user {0} in the file realm {1}.", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
} catch (BadRealmException e) {
report.setMessage(localStrings.getLocalString("delete.file.user.realmcorrupted", "Configured file realm {0} is corrupted.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
} catch (Exception e) {
e.printStackTrace();
report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
return null;
}
}, securityService);
} catch (Exception e) {
report.setMessage(localStrings.getLocalString("delete.file.user.userdeletefailed", "Removing User {0} from file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
use of org.jvnet.hk2.config in project Payara by payara.
the class UpdateFileUser method execute.
/**
* Executes the command with the command parameters passed as Properties
* where the keys are the paramter names and the values the parameter values
*
* @param context information
*/
public void execute(AdminCommandContext context) {
final ActionReport report = context.getActionReport();
// Get FileRealm class name, match it with what is expected.
String fileRealmClassName = fileAuthRealm.getClassname();
// Report error if provided impl is not the one expected
if (fileRealmClassName != null && !fileRealmClassName.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
report.setMessage(localStrings.getLocalString("update.file.user.realmnotsupported", "Configured file realm {0} is not supported.", fileRealmClassName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// ensure we have the file associated with the authrealm
String keyFile = null;
for (Property fileProp : fileAuthRealm.getProperty()) {
if (fileProp.getName().equals("file"))
keyFile = fileProp.getValue();
}
if (keyFile == null) {
report.setMessage(localStrings.getLocalString("update.file.user.keyfilenotfound", "There is no physical file associated with file realm {0}", authRealmName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
boolean exists = (new File(keyFile)).exists();
if (!exists) {
report.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", new Object[] { keyFile, authRealmName }));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// Now get all inputs ready. userid and groups are straightforward but
// password is tricky. It is stored in the file passwordfile passed
// through the CLI options. It is stored under the name
// AS_ADMIN_USERPASSWORD. Fetch it from there.
// fetchPassword(report);
String password = userpassword;
if (password == null && groups == null) {
report.setMessage(localStrings.getLocalString("update.file.user.keyfilenotreadable", "None of password or groups have been specified for update," + "Password for user {0} has to be specified" + "through AS_ADMIN_USERPASSWORD property in the file specified " + "in --passwordfile option", userName));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
// Issue 17525 Fix - Check for null passwords for admin-realm if secureadmin is enabled
if (password != null) {
secureAdmin = domain.getSecureAdmin();
if ((SecureAdmin.Util.isEnabled(secureAdmin)) && (adminService.getAuthRealmName().equals(authRealmName))) {
if ((password.isEmpty())) {
report.setMessage(localStrings.getLocalString("null_empty_password", "The admin user password is empty"));
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
return;
}
}
}
// even though update-file-user is not an update to the security-service
// do we need to make it transactional by referncing the securityservice
// hypothetically ?.
// TODO: check and enclose the code below inside ConfigSupport.apply(...)
FileRealm fr = null;
try {
realmsManager.createRealms(config);
fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), authRealmName);
if (fr == null) {
throw new NoSuchRealmException(authRealmName);
}
} catch (NoSuchRealmException e) {
report.setMessage(localStrings.getLocalString("update.file.user.realmnotsupported", "Configured file realm {0} does not exist.", authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
return;
}
// now updating user
try {
CreateFileUser.handleAdminGroup(authRealmName, groups);
String[] groups1 = (groups == null) ? null : groups.toArray(new String[groups.size()]);
fr.updateUser(userName, userName, password, groups1);
fr.persist();
report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
} catch (Exception e) {
report.setMessage(localStrings.getLocalString("update.file.user.userupdatefailed", "Updating user {0} in file realm {1} failed", userName, authRealmName) + " " + e.getLocalizedMessage());
report.setActionExitCode(ActionReport.ExitCode.FAILURE);
report.setFailureCause(e);
}
}
Aggregations