Examples of com.sun.enterprise.security.auth.realm.file.FileRealm

• com.sun.enterprise.security.auth.realm.file.FileRealm
  Realm wrapper for supporting file password authentication.

  In addition to the basic realm functionality, this class provides administration methods for the file realm.

  Format of the keyfile used by this class is one line per user containing username;password;groups where:

  • username - Name string.
  • password - A salted SHA hash (SSHA) of the user password.
  • groups - A comma separated list of group memberships.

  The file realm needs the following properties in its configuration:

  • file - Full path to the keyfile to load
  • jaas-ctx - JAAS context name used to access LoginModule for authentication.

  @author Harry Singh @author Jyri Virkki @author Shing Wai Chan

    /**
     * Adds new user to file realm. User cannot exist already.
     */
    public void addUser(String userName, String password, String[] groupList) throws MBeanConfigException
    {
        FileRealm realm = getInstanceRealmKeyFile();
        try
        {
            realm.addUser(userName, password, groupList);
            saveInstanceRealmKeyFile(realm);
        }
        catch(BadRealmException bre)
        {
            //String msg =  localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);

    /**
     * Remove user from file realm. User must exist.
     */
    public void removeUser(String userName) throws MBeanConfigException
    {
        FileRealm realm = getInstanceRealmKeyFile();
        try
        {
            realm.removeUser(userName);
            saveInstanceRealmKeyFile(realm);
        }
        catch(NoSuchUserException nse)
        {
            //String msg =  localStrings.getString( "admin.server.core.mbean.config.no_such_user", mInstanceName, userName);

    /**
     * Update data for an existing user. User must exist. This is equivalent to calling removeUser() followed by addUser().
     */
    public void updateUser(String userName, String password, String[] groupList) throws MBeanConfigException
    {
        FileRealm realm = getInstanceRealmKeyFile();
        try
        {
            realm.updateUser(userName, userName, password, groupList);
            saveInstanceRealmKeyFile(realm);
        }
        catch(BadRealmException bre)
        {
            //String msg =  localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);

    {
        if (!(_currentRealm instanceof FileRealm)) {
            String msg = sm.getString("filelm.badrealm");
            throw new LoginException(msg);
        }
        FileRealm fileRealm = (FileRealm)_currentRealm;

        String[] grpList = fileRealm.authenticate(_username, _password);

        if (grpList == null) {  // JAAS behavior
            String msg = sm.getString("filelm.faillogin", _username);
            throw new LoginException(msg);
        }

        if (as.usesFileRealm()) {
            try {
                AuthRealm ar = as.getAssociatedAuthRealm();
                if (FileRealm.class.getName().equals(ar.getClassname())) {
                    String adminKeyFilePath = ar.getPropertyValue("file");
                    FileRealm fr = new FileRealm(adminKeyFilePath);
                    if (!fr.hasAuthenticatableUser()) {
                        ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mSecureAdminEmptyPassword);
                        throw new IllegalStateException(ADMSEC_LOGGER.getResourceBundle()
                                .getString(AdminLoggerInfo.mSecureAdminEmptyPassword));
                    }
                }

            //an incompletely formed file property or the file property points to a non-existent file, can't allow access
            ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
            return null;
        }
        try {
            FileRealm fr = new FileRealm(rf.getAbsolutePath());
            String candidateDefaultAdminUser = null;
            for (Enumeration users = fr.getUserNames(); users.hasMoreElements();) {
                String au = (String) users.nextElement();
                FileRealmUser fru = (FileRealmUser)fr.getUser(au);
                for (String group : fru.getGroups()) {
                    if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
                        if (candidateDefaultAdminUser != null) {
                            ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
                            return null;

        if (as.usesFileRealm()) {
            try {
                AuthRealm ar = as.getAssociatedAuthRealm();
                if (FileRealm.class.getName().equals(ar.getClassname())) {
                    String adminKeyFilePath = ar.getPropertyValue("file");
                    FileRealm fr = new FileRealm(adminKeyFilePath);
                    if (!fr.hasAuthenticatableUser()) {
                        String emsg = lsm.getLocalString("secure.admin.empty.password",
                            "The server requires a valid admin password to be set before it can start. Please set a password using the change-admin-password command.");
                        logger.log(Level.SEVERE, emsg);
                        throw new IllegalStateException(emsg);
                    }

        try {
            AuthRealm ar = as.getAssociatedAuthRealm();
            if (FileRealm.class.getName().equals(ar.getClassname())) {
                String adminKeyFilePath = ar.getPropertyValue("file");
                FileRealm fr = new FileRealm(adminKeyFilePath);
                FileRealmUser fru = (FileRealmUser)fr.getUser(user);
                for (String group : fru.getGroups()) {
                    if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME))
                        return fr.authenticate(user, password.toCharArray()) != null; //this is indirect as all admin-keyfile users are in group "asadmin"
                }
                return false;
            }
        } catch(NoSuchUserException ue) {
            return false;       // if fr.getUser fails to find the user name

            //an incompletely formed file property or the file property points to a non-existent file, can't allow access
            logger.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
            return null;
        }
        try {
            FileRealm fr = new FileRealm(rf.getAbsolutePath());
            Enumeration users = fr.getUserNames();
            if (users.hasMoreElements()) {
                String au = (String) users.nextElement();
                if (!users.hasMoreElements()) {
                    FileRealmUser fru = (FileRealmUser)fr.getUser(au);
                    for (String group : fru.getGroups()) {
                        if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME))
                            // there is only one admin user, in the right group, default to it
                            logger.log(Level.FINE, "Attempting access using default admin user: {0}", au);
                            return au;

            throw new RuntimeException(Strings.get("errVal"), ex);
        }
    }

    private void validateUser(final String username) throws BadRealmException, NoSuchRealmException {
        final FileRealm fr = adminRealm();
        try {
            FileRealmUser fru = (FileRealmUser)fr.getUser(username);
            if (isInAdminGroup(fru)) {
                return;
            }
            /*
             * The user is valid but is not in the admin group.