Examples of com.sun.enterprise.security.auth.realm.file.FileRealm

Package com.sun.enterprise.security.auth.realm.file

Examples of com.sun.enterprise.security.auth.realm.file.FileRealm

com.sun.enterprise.security.auth.realm.file.FileRealm
Realm wrapper for supporting file password authentication.
In addition to the basic realm functionality, this class provides administration methods for the file realm.
Format of the keyfile used by this class is one line per user containing username;password;groups where:
- username - Name string.
- password - A salted SHA hash (SSHA) of the user password.
- groups - A comma separated list of group memberships.
The file realm needs the following properties in its configuration:
- file - Full path to the keyfile to load
- jaas-ctx - JAAS context name used to access LoginModule for authentication.
@author Harry Singh @author Jyri Virkki @author Shing Wai Chan

            ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
                public Object run(SecurityService param)
                        throws PropertyVetoException, TransactionFailure {
                    try {
                        realmsManager.createRealms(config);
                        final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(),authRealmName);
                        fr.removeUser(userName);
                        fr.persist();
                        CreateFileUser.refreshRealm(config.getName(),authRealmName);
                        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
                    } catch (NoSuchUserException e) {
                        report.setMessage(
                                localStrings.getLocalString("delete.file.user.usernotfound",

View Full Code Here

        if (as.usesFileRealm()) {
            try {
                AuthRealm ar = as.getAssociatedAuthRealm();
                if (FileRealm.class.getName().equals(ar.getClassname())) {
                    String adminKeyFilePath = ar.getPropertyValue("file");
                    FileRealm fr = new FileRealm(adminKeyFilePath);
                    if (!fr.hasAuthenticatableUser()) {
                        ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mSecureAdminEmptyPassword);
                        throw new IllegalStateException(ADMSEC_LOGGER.getResourceBundle()
                                .getString(AdminLoggerInfo.mSecureAdminEmptyPassword));
                    }
                }

View Full Code Here

            //an incompletely formed file property or the file property points to a non-existent file, can't allow access
            ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
            return null;
        }
        try {
            FileRealm fr = new FileRealm(rf.getAbsolutePath());
            String candidateDefaultAdminUser = null;
            for (Enumeration users = fr.getUserNames(); users.hasMoreElements();) {
                String au = (String) users.nextElement();
                FileRealmUser fru = (FileRealmUser)fr.getUser(au);
                for (String group : fru.getGroups()) {
                    if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
                        if (candidateDefaultAdminUser != null) {
                            ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
                            return null;

View Full Code Here

        if (as.usesFileRealm()) {
            try {
                AuthRealm ar = as.getAssociatedAuthRealm();
                if (FileRealm.class.getName().equals(ar.getClassname())) {
                    String adminKeyFilePath = ar.getPropertyValue("file");
                    FileRealm fr = new FileRealm(adminKeyFilePath);
                    if (!fr.hasAuthenticatableUser()) {
                        ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mSecureAdminEmptyPassword);
                        throw new IllegalStateException(ADMSEC_LOGGER.getResourceBundle()
                                .getString(AdminLoggerInfo.mSecureAdminEmptyPassword));
                    }
                }

View Full Code Here

            //an incompletely formed file property or the file property points to a non-existent file, can't allow access
            ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
            return null;
        }
        try {
            FileRealm fr = new FileRealm(rf.getAbsolutePath());
            String candidateDefaultAdminUser = null;
            for (Enumeration users = fr.getUserNames(); users.hasMoreElements();) {
                String au = (String) users.nextElement();
                FileRealmUser fru = (FileRealmUser)fr.getUser(au);
                for (String group : fru.getGroups()) {
                    if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
                        if (candidateDefaultAdminUser != null) {
                            ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
                            return null;

View Full Code Here

                new Object[]{keyFile, authRealmName}));
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        // We have the right impl so let's try to remove one 
        FileRealm fr = null;
        try {
            realmsManager.createRealms(config);
            //account for updates to realms from outside this config sharing
            //same keyfile
            CreateFileUser.refreshRealm(config.getName(), authRealmName);
            fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(),authRealmName);
            if (fr == null) {
                throw new NoSuchRealmException(authRealmName);
            }
        }  catch(NoSuchRealmException e) {
            report.setMessage(
                localStrings.getLocalString(
                    "list.file.user.realmnotsupported",
                    "Configured file realm {0} is not supported.", authRealmName) +
                "  " + e.getLocalizedMessage());
            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            report.setFailureCause(e);
            return;
        }


        try {
            Enumeration users = fr.getUserNames();
            List userList = new ArrayList();
            
            while (users.hasMoreElements()) {
                final ActionReport.MessagePart part = report.getTopMessagePart().addChild();
                String userName = (String) users.nextElement();
                part.setMessage(userName);
                Map userMap = new HashMap();
                userMap.put("name", userName);
                try {
                    userMap.put("groups", Collections.list(fr.getGroupNames(userName)));
                } catch (NoSuchUserException ex) {
                    // This should never be thrown since we just got the user name from the realm
                }
                userList.add(userMap);
            }

View Full Code Here

    
    private void validateUser(final String username) throws BadRealmException, NoSuchRealmException {
        final AuthRealm ar = as.getAssociatedAuthRealm();
        if (FileRealm.class.getName().equals(ar.getClassname())) {
            String adminKeyFilePath = ar.getPropertyValue("file");
            FileRealm fr = new FileRealm(adminKeyFilePath);
            try {
                FileRealmUser fru = (FileRealmUser)fr.getUser(username);
                for (String group : fru.getGroups()) {
                    if (group.equals(DOMAIN_ADMIN_GROUP_NAME)) {
                        return;
                    }
                }

View Full Code Here

        }


        try {
            // Get all users of this file realm. If a username has
            // been passed in through the --name CLI option use that
            FileRealm fr = getFileRealm(securityService, fileAuthRealm, report);


            if (fr == null) {
                // the getFileRealm method would have filled
                // in the right cause of this situation
                return;
            }
            
            Enumeration groups = null;
            if (fileUserName != null) {
                groups = fr.getGroupNames(fileUserName);
            } else {
                groups = fr.getGroupNames();
            }


            report.getTopMessagePart().setMessage(localStrings.getLocalString(
                "list.file.group.success",
                "list-file-groups successful"));

View Full Code Here

            report.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return null;
        }


        // We have the right impl so let's try to remove one
        FileRealm fr = null;
        try {
            realmsManager.createRealms(config);
            fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(),authRealmName);
            if (fr == null) {
                throw new NoSuchRealmException(authRealmName);

View Full Code Here

                        throws PropertyVetoException, TransactionFailure {
                    try {
                        realmsManager.createRealms(config);
                        //If the (shared) keyfile is updated by an external process, load the users first
                        refreshRealm(config.getName(),authRealmName);
                        final FileRealm fr = (FileRealm) realmsManager.getFromLoadedRealms(config.getName(),authRealmName);
                        CreateFileUser.handleAdminGroup(authRealmName, groups);
                        String[] groups1 = groups.toArray(new String[groups.size()]);
                        try {
                            fr.addUser(userName, password.toCharArray(), groups1);
                        }catch(BadRealmException br) {
                            //Check if the server environment is  DAS. If is not  DAS (user creation was
                            //successful on DAS), then the error is caused in the instances because of shared keyfile between
                            // DAS and cluster instances - ignore the exception for instances.


                            if(se != null && se.isDas()) {
                                throw new BadRealmException(br);
                            }
                        }
                        if (Util.isEmbeddedServer()) {
                            fr.writeKeyFile(Util.writeConfigFileToTempDir(kf).getAbsolutePath());
                        } else {
                            fr.writeKeyFile(kf);
                        }
                        //Since this is done prior to adding the user, it is redundant here.
                       //refreshRealm(authRealmName);
                        report.setActionExitCode(ActionReport.ExitCode.SUCCESS);
                    } catch (Exception e) {

View Full Code Here

0 1 2 3 4 5 6 7

TOP

Related Classes of com.sun.enterprise.security.auth.realm.file.FileRealm

com.sun.enterprise.admin.mbeans.AuthRealmMBean

com.sun.enterprise.admin.server.core.mbean.config.ManagedServerInstance

com.sun.enterprise.admin.servermgmt.RepositoryManager

com.sun.enterprise.admin.util.GenericAdminAuthenticator

com.sun.enterprise.config.serverbeans.SecurityService

com.sun.enterprise.container.common.GenericAdminAuthenticator

com.sun.enterprise.management.offline.AuthRealmMBeanX

com.sun.enterprise.security.admin.cli.SecureAdminHelperImpl

com.sun.enterprise.security.auth.login.FileLoginModule

com.sun.enterprise.security.cli.ChangeAdminPassword

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.