com.sun.enterprise.security.auth.realm.RealmsManager Maven / Gradle / Ivy
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2013 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
// Portions Copyright [2018] [Payara Foundation and/or its affiliates]
package com.sun.enterprise.security.auth.realm;
import static com.sun.enterprise.security.SecurityLoggerInfo.noRealmsError;
import static com.sun.enterprise.security.auth.realm.Realm.RI_DEFAULT;
import static java.util.Collections.synchronizedMap;
import static java.util.logging.Level.SEVERE;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.glassfish.api.admin.ServerEnvironment;
import org.glassfish.hk2.api.ActiveDescriptor;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.hk2.utilities.BuilderHelper;
import org.glassfish.internal.api.Globals;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.config.types.Property;
import com.sun.enterprise.config.serverbeans.AuthRealm;
import com.sun.enterprise.config.serverbeans.Config;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.security.SecurityLoggerInfo;
/**
*
* @author kumar.jayanti
*/
@Service
@Singleton
public class RealmsManager {
// Per domain list of loaded Realms
// Wanted to get rid of Hashtable but the API exporting Enumeration is preventing
// it for now.
private final Map> loadedRealms = synchronizedMap(new HashMap<>());
// Keep track of name of default realm for this domain. This is updated during startup
// using value from server.xml
private volatile String defaultRealmName = "default";
private final RealmsProbeProvider probeProvider = new RealmsProbeProvider();
private static final Logger _logger = SecurityLoggerInfo.getLogger();
@Inject
@Named(ServerEnvironment.DEFAULT_INSTANCE_NAME)
private Config config;
private String defaultDigestAlgorithm = null;
private static final String DEFAULT_DIGEST_ALGORITHM = "default-digest-algorithm";
public RealmsManager() {
}
/**
* Checks if the given realm name is loaded/valid.
*
* @param name of the realm to check.
* @return true if realm present, false otherwise.
*/
public boolean isValidRealm(String name) {
if (name == null) {
return false;
}
return configContainsRealm(name, config.getName());
}
/**
* Checks if the given realm name is loaded/valid.
*
* @param name of the realm to check.
* @return true if realm present, false otherwise.
*/
public boolean isValidRealm(String configName, String name) {
if (name == null) {
return false;
}
return configContainsRealm(name, configName);
}
/**
* Returns the names of accessible realms.
*
* @return set of realm names
*/
public Enumeration getRealmNames() {
return getRealmNames(config.getName());
}
Realm _getInstance(String configName, String name) {
Realm retval = configGetRealmInstance(configName, name);
// Some tools as well as numerous other locations assume that
// getInstance("default") always works; keep them from breaking
// until code can be properly cleaned up. 4628429
// Also note that for example the appcontainer will actually create
// a Subject always containing realm='default' so this notion
// needs to be fixed/handled.
if (retval == null && RI_DEFAULT.equals(name)) {
retval = configGetRealmInstance(configName, getDefaultRealmName());
}
return retval;
}
Realm _getInstance(String name) {
return _getInstance(config.getName(), name);
}
public void removeFromLoadedRealms(String realmName) {
Realm r = removeFromLoadedRealms(config.getName(), realmName);
if (r != null) {
probeProvider.realmRemovedEvent(realmName);
}
}
void putIntoLoadedRealms(String realmName, Realm realm) {
putIntoLoadedRealms(config.getName(), realmName, realm);
probeProvider.realmAddedEvent(realmName);
}
public Realm getFromLoadedRealms(String realmName) {
return configGetRealmInstance(config.getName(), realmName);
}
public Realm getFromLoadedRealms(String configName, String realmName) {
return configGetRealmInstance(configName, realmName);
}
public synchronized String getDefaultRealmName() {
return defaultRealmName;
}
public synchronized void setDefaultRealmName(String defaultRealmName) {
this.defaultRealmName = defaultRealmName;
}
/**
* Returns names of predefined AuthRealms' classes supported by security service.
*
* @returns array of predefind AuthRealms' classes
*
*/
public List getPredefinedAuthRealmClassNames() {
ServiceLocator habitat = Globals.getDefaultHabitat();
List> collection = habitat.getDescriptors(BuilderHelper.createContractFilter(Realm.class.getName()));
List arr = new ArrayList();
for (ActiveDescriptor it : collection) {
arr.add(it.getImplementation());
}
return arr;
}
public void createRealms() {
createRealms(config.getSecurityService(), config);
}
public void createRealms(Config cfg) {
if (cfg == null) {
return;
}
createRealms(cfg.getSecurityService(), cfg);
}
private void setDefaultDigestAlgorithm() {
SecurityService service = config.getSecurityService();
if (service == null) {
return;
}
List props = service.getProperty();
if (props == null) {
return;
}
Iterator propsIterator = props.iterator();
while (propsIterator != null && propsIterator.hasNext()) {
Property prop = propsIterator.next();
if (prop != null && DEFAULT_DIGEST_ALGORITHM.equals(prop.getName())) {
this.defaultDigestAlgorithm = prop.getValue();
break;
}
}
}
public String getDefaultDigestAlgorithm() {
return defaultDigestAlgorithm;
}
/**
* Load all configured realms from server.xml and initialize each one. Initialization is done by calling
* Realm.initialize() with its name, class and properties. The name of the default realm is also saved in the Realm
* class for reference during server operation.
*
*
* This method superceeds the RI RealmManager.createRealms() method.
*
*/
private void createRealms(SecurityService securityBean, Config cfg) {
// check if realms are already loaded by admin GUI ?
if (realmsAlreadyLoaded(cfg.getName())) {
return;
}
setDefaultDigestAlgorithm();
try {
_logger.fine("Initializing configured realms from SecurityService in Domain.xml....");
if (securityBean == null) {
securityBean = cfg.getSecurityService();
assert (securityBean != null);
}
// grab default realm name
String defaultRealm = securityBean.getDefaultRealm();
// get set of auth-realms and process each
List realms = securityBean.getAuthRealm();
assert (realms != null);
RealmConfig.createRealms(defaultRealm, realms, cfg.getName());
} catch (Exception e) {
_logger.log(SEVERE, noRealmsError, e);
}
}
private boolean realmsAlreadyLoaded(String cfgName) {
Enumeration en = getRealmNames(cfgName);
return (en != null && en.hasMoreElements()) ? true : false;
}
private boolean configContainsRealm(String name, String configName) {
Hashtable containedRealms = loadedRealms.get(configName);
return (containedRealms != null) ? containedRealms.containsKey(name) : false;
}
private Enumeration getRealmNames(String configName) {
Hashtable containedRealms = loadedRealms.get(configName);
return (containedRealms != null) ? containedRealms.keys() : null;
}
private Realm configGetRealmInstance(String configName, String realm) {
Hashtable containedRealms = loadedRealms.get(configName);
return (containedRealms != null) ? (Realm) containedRealms.get(realm) : null;
}
public Realm removeFromLoadedRealms(String configName, String realmName) {
Hashtable containedRealms = loadedRealms.get(configName);
return (containedRealms != null) ? (Realm) containedRealms.remove(realmName) : null;
}
public void putIntoLoadedRealms(String configName, String realmName, Realm realm) {
Hashtable containedRealms = loadedRealms.get(configName);
if (containedRealms == null) {
containedRealms = new Hashtable();
if (configName == null) {
configName = config.getName();
}
loadedRealms.put(configName, containedRealms);
}
containedRealms.put(realmName, realm);
}
public void refreshRealm(String configName, String realmName) {
if (realmName != null && realmName.length() > 0) {
try {
Realm realm = Realm.getInstance(configName, realmName);
if (realm != null) {
realm.refresh(configName);
}
} catch (NoSuchRealmException | BadRealmException nre) {
// _logger.fine("Realm: "+realmName+" is not configured");
}
}
}
}