Examples of com.sun.enterprise.security.auth.realm.file.FileRealm

Package com.sun.enterprise.security.auth.realm.file

Examples of com.sun.enterprise.security.auth.realm.file.FileRealm

com.sun.enterprise.security.auth.realm.file.FileRealm
Realm wrapper for supporting file password authentication.
In addition to the basic realm functionality, this class provides administration methods for the file realm.
Format of the keyfile used by this class is one line per user containing username;password;groups where:
- username - Name string.
- password - A salted SHA hash (SSHA) of the user password.
- groups - A comma separated list of group memberships.
The file realm needs the following properties in its configuration:
- file - Full path to the keyfile to load
- jaas-ctx - JAAS context name used to access LoginModule for authentication.
@author Harry Singh @author Jyri Virkki @author Shing Wai Chan

    }
    private FileRealm adminRealm() throws BadRealmException, NoSuchRealmException {
        final AuthRealm ar = as.getAssociatedAuthRealm();
        if (FileRealm.class.getName().equals(ar.getClassname())) {
            String adminKeyFilePath = ar.getPropertyValue("file");
            FileRealm fr = new FileRealm(adminKeyFilePath);
            return fr;
        }
        return null;
    }

View Full Code Here

     * @throws NoSuchRealmException
     * @throws NoSuchUserException 
     */
    @Override
    public boolean isAnyAdminUserWithoutPassword() throws Exception {
        final FileRealm adminRealm = adminRealm();
        /*
         * If the user has configured the admin realm to use a realm other than 
         * the default file realm bypass the check that makes sure no admin users have
         * an empty password.
         */
        if (adminRealm == null) {
            return true;
        }
        for (final Enumeration<String> e = adminRealm.getUserNames(); e.hasMoreElements(); ) {
            final String username = e.nextElement();
            /*
                * Try to authenticate this user with an empty password.  If it 
                * works we can stop.
                */
            final String[] groupNames = adminRealm.authenticate(username, emptyPassword);
            if (groupNames != null) {
                for (String groupName : groupNames) {
                    if (DOMAIN_ADMIN_GROUP_NAME.equals(groupName)) {
                        return true;
                    }

View Full Code Here


        try {
            AuthRealm ar = as.getAssociatedAuthRealm();
            if (FileRealm.class.getName().equals(ar.getClassname())) {
                String adminKeyFilePath = ar.getPropertyValue("file");
                FileRealm fr = new FileRealm(adminKeyFilePath);
                FileRealmUser fru = (FileRealmUser)fr.getUser(user);
                for (String group : fru.getGroups()) {
                    if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME))
                        return fr.authenticate(user, password.toCharArray()) != null; //this is indirect as all admin-keyfile users are in group "asadmin"
                }
                return false;
            }
        } catch(NoSuchUserException ue) {
            return false;       // if fr.getUser fails to find the user name

View Full Code Here

            //an incompletely formed file property or the file property points to a non-existent file, can't allow access
            logger.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
            return null;
        }
        try {
            FileRealm fr = new FileRealm(rf.getAbsolutePath());
            Enumeration users = fr.getUserNames();
            if (users.hasMoreElements()) {
                String au = (String) users.nextElement();
                if (!users.hasMoreElements()) {
                    FileRealmUser fru = (FileRealmUser)fr.getUser(au);
                    for (String group : fru.getGroups()) {
                        if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME))
                            // there is only one admin user, in the right group, default to it
                            logger.log(Level.FINE, "Attempting access using default admin user: {0}", au);
                            return au;

View Full Code Here

            throw new RuntimeException(Strings.get("errVal"), ex);
        }
    }
    
    private void validateUser(final String username) throws BadRealmException, NoSuchRealmException {
        final FileRealm fr = adminRealm();
        try {
            FileRealmUser fru = (FileRealmUser)fr.getUser(username);
            if (isInAdminGroup(fru)) {
                    return;
            }
            /*
             * The user is valid but is not in the admin group.

View Full Code Here

    
    private FileRealm adminRealm() throws BadRealmException, NoSuchRealmException {
        final AuthRealm ar = as.getAssociatedAuthRealm();
        if (FileRealm.class.getName().equals(ar.getClassname())) {
            String adminKeyFilePath = ar.getPropertyValue("file");
            FileRealm fr = new FileRealm(adminKeyFilePath);
            return fr;
        }
        return null;
    }

View Full Code Here

     * @throws BadRealmException
     * @throws NoSuchRealmException
     * @throws NoSuchUserException 
     */
    public boolean isAnyAdminUserWithoutPassword() throws Exception {
        final FileRealm adminRealm = adminRealm();
        for (final Enumeration<String> e = adminRealm.getUserNames(); e.hasMoreElements(); ) {
            final String username = e.nextElement();
            final FileRealmUser fru;
            try {
                fru = (FileRealmUser) adminRealm.getUser(username);
                
                /*
                 * Try to authenticate this user with an empty password.  If it 
                 * works we can stop.
                 */
                final String[] groupNames = adminRealm.authenticate(username, emptyPassword);
                if (groupNames != null) {
                    for (String groupName : groupNames) {
                        if (DOMAIN_ADMIN_GROUP_NAME.equals(groupName)) {
                            return true;
                        }

View Full Code Here

                        throws PropertyVetoException, TransactionFailure {
                    try {
                        realmsManager.createRealms(config);
                        //If the (shared) keyfile is updated by an external process, load the users first
                        refreshRealm(config.getName(),authRealmName);
                        final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(),authRealmName);
                        CreateFileUser.handleAdminGroup(authRealmName, groups);
                        String[] groups1 = groups.toArray(new String[groups.size()]);
                        try {
                            fr.addUser(userName, password.toCharArray(), groups1);
                        }catch(BadRealmException br) {
                            //Check if the server environment is  DAS. If is not  DAS (user creation was
                            //successful on DAS), then the error is caused in the instances because of shared keyfile between
                            // DAS and cluster instances - ignore the exception for instances.


                            if(se != null && se.isDas()) {
                                throw new BadRealmException(br);
                            }
                        }
                        fr.persist();
                        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
                    } catch (Exception e) {
                        String localalizedErrorMsg = (e.getLocalizedMessage() == null)?"":e.getLocalizedMessage();
                        report.setMessage(
                                localStrings.getLocalString("create.file.user.useraddfailed",

View Full Code Here

            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;                                            
        }
                            
        // We have the right impl so let's get to updating existing user 
        FileRealm fr = null;
        try {
            realmsManager.createRealms(config);
            fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(), fileAuthRealm.getName());
            if (fr == null) {
                throw new NoSuchRealmException(fileAuthRealm.getName());
            }
        }  catch(NoSuchRealmException e) {
            report.setMessage(
                localStrings.getLocalString(
                    "change.admin.password.realmnotsupported",
                    "Configured admin realm does not exist.") +
                "  " + e.getLocalizedMessage());
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            report.setFailureCause(e);
            return;
        }


        //now updating admin user password
        try {
            Enumeration en = fr.getGroupNames(userName);            
            int size = 0;
            while (en.hasMoreElements()) { 
                size++; 
                en.nextElement(); 
            }            
            String[] groups = new String[size];            
            en = fr.getGroupNames(userName);            
            for (int i = 0; i < size; i++) {
                groups[i] = (String) en.nextElement();
            }
            fr.updateUser(userName,userName, newpassword.toCharArray(), groups);
            fr.persist();
            report.setActionExitCode(ActionReport.ExitCode.SUCCESS);            
        } catch (Exception e) {
            report.setMessage(
                localStrings.getLocalString(
                    "change.admin.password.userupdatefailed",

View Full Code Here

        
        //even though update-file-user is not an update to the security-service
        //do we need to make it transactional by referncing the securityservice
        //hypothetically ?.
        //TODO: check and enclose the code below inside ConfigSupport.apply(...)
        FileRealm fr = null;
        try {
            realmsManager.createRealms(config);
            fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(),authRealmName);
            if (fr == null) {
                throw new NoSuchRealmException(authRealmName);
            }
        } catch(NoSuchRealmException e) {
            report.setMessage(
                localStrings.getLocalString(
                    "update.file.user.realmnotsupported",
                    "Configured file realm {0} does not exist.", authRealmName) +
                "  " + e.getLocalizedMessage());
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            report.setFailureCause(e);
            return;
        }


        //now updating user
        try {
            CreateFileUser.handleAdminGroup(authRealmName, groups);
            String[] groups1 = (groups == null) ? null: groups.toArray(new String[groups.size()]);
            fr.updateUser(userName, userName, password, groups1);
            fr.persist();
            report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
        } catch (Exception e) {
            report.setMessage(
                localStrings.getLocalString("update.file.user.userupdatefailed",
                "Updating user {0} in file realm {1} failed",

View Full Code Here

0 1 2 3 4 5 6 7

TOP

Related Classes of com.sun.enterprise.security.auth.realm.file.FileRealm

com.sun.enterprise.admin.mbeans.AuthRealmMBean

com.sun.enterprise.admin.server.core.mbean.config.ManagedServerInstance

com.sun.enterprise.admin.servermgmt.RepositoryManager

com.sun.enterprise.admin.util.GenericAdminAuthenticator

com.sun.enterprise.config.serverbeans.SecurityService

com.sun.enterprise.container.common.GenericAdminAuthenticator

com.sun.enterprise.management.offline.AuthRealmMBeanX

com.sun.enterprise.security.admin.cli.SecureAdminHelperImpl

com.sun.enterprise.security.auth.login.FileLoginModule

com.sun.enterprise.security.cli.ChangeAdminPassword

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.