All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.glassfish.admin.rest.cli.SecurityUtil Maven / Gradle / Ivy

There is a newer version: 7.2024.1.Alpha1
Show newest version
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 1997-2012 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
 * or packager/legal/LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at packager/legal/LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */
// Portions Copyright [2018-2019] [Payara Foundation and/or its affiliates]

package org.glassfish.admin.rest.cli;

import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;

import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.internal.api.Globals;
import org.jvnet.hk2.config.types.Property;

import com.sun.enterprise.config.serverbeans.AuthRealm;
import com.sun.enterprise.config.serverbeans.Config;
import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.security.auth.WebAndEjbToJaasBridge;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.auth.realm.RealmsManager;
import com.sun.enterprise.security.auth.realm.User;

/**
 * AMX Realms implementation.
 * Note that realms don't load until {@link #loadRealms} is called.
 * @author ludovic champenosi
 */
public class SecurityUtil {
    private static final String DAS_CONFIG = "server-config";
    private static final String ADMIN_REALM = "admin-realm";
    private static final String FILE_REALM_CLASSNAME = "com.sun.enterprise.security.auth.realm.file.FileRealm";
    
    private static final Logger LOGGER = Logger.getLogger(SecurityUtil.class.getCanonicalName());

    private final Domain domain;

    public SecurityUtil(Domain domain) {
        this.domain = domain;
        _loadRealms();
    }

    public RealmsManager getRealmsManager() {
        return Globals.getDefaultHabitat().getService(RealmsManager.class);
    }

    private SecurityService getSecurityService() {

        Config config = domain.getConfigs().getConfig().get(0);

        return config.getSecurityService();
    }

    private void _loadRealms() {


        List authRealmConfigs = getSecurityService().getAuthRealm();

        List goodRealms = new ArrayList();
        for (AuthRealm authRealm : authRealmConfigs) {
            List propConfigs = authRealm.getProperty();
            Properties props = new Properties();
            for (Property p : propConfigs) {
                String value = p.getValue();
                props.setProperty(p.getName(), value);
            }
            try {
                Realm.instantiate(authRealm.getName(), authRealm.getClassname(), props);
                goodRealms.add(authRealm.getName());
            } catch (Exception e) {
                LOGGER.log(Level.SEVERE, null, e);
            }
        }

        if (!goodRealms.isEmpty()) {
            //not used String goodRealm = goodRealms.iterator().next();
            try {
                String defaultRealm = getSecurityService().getDefaultRealm();
                /*Realm r = */Realm.getInstance(defaultRealm);
                Realm.setDefaultRealm(defaultRealm);
            } catch (Exception e) {
                Realm.setDefaultRealm(goodRealms.iterator().next());
                LOGGER.log(Level.SEVERE, null, e);

            }
        }

    }

    private String[] _getRealmNames() {

        Enumeration es = getRealmsManager().getRealmNames();
        List realmNamesList = new ArrayList();
        while (es.hasMoreElements()) {
            realmNamesList.add(es.nextElement());
        }
        return realmNamesList.toArray(new String[realmNamesList.size()]);

    }

    public String[] getRealmNames() {
        try {
            return _getRealmNames();
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, null, e);
            return null;

        }
    }

    public String[] getPredefinedAuthRealmClassNames() {
        List items = getRealmsManager().getPredefinedAuthRealmClassNames();
        return items.toArray(new String[items.size()]);
    }

    public String getDefaultRealmName() {
        return getRealmsManager().getDefaultRealmName();
    }

    public void setDefaultRealmName(String realmName) {
        getRealmsManager().setDefaultRealmName(realmName);
    }

    private Realm getRealm(String realmName) {
        Realm realm = getRealmsManager().getFromLoadedRealms(realmName);
        if (realm == null) {
            throw new IllegalArgumentException("No such realm: " + realmName);
        }
        return realm;
    }

    public void addUser(
            String realmName,
            String user,
            String password,
            String[] groupList) {
        checkSupportsUserManagement(realmName);

        try {
            Realm realm = getRealm(realmName);
            realm.addUser(user, password.toCharArray(), groupList);
            realm.persist();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void updateUser(
            String realmName,
            String existingUser,
            String newUser,
            String password,
            String[] groupList) {
        checkSupportsUserManagement(realmName);

        try {
            Realm realm = getRealm(realmName);
            realm.updateUser(existingUser, newUser, password.toCharArray(), groupList);
            realm.persist();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void removeUser(String realmName, String user) {
        checkSupportsUserManagement(realmName);

        try {
            Realm realm = getRealm(realmName);
            realm.removeUser(user);
            realm.persist();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public boolean supportsUserManagement(String realmName) {
        return getRealm(realmName).supportsUserManagement();
    }

    private void checkSupportsUserManagement(String realmName) {
        if (!supportsUserManagement(realmName)) {
            throw new IllegalStateException("Realm " + realmName + " does not support user management");
        }
    }

    public String[] getUserNames(String realmName) {
        try {

            Enumeration userNamesEnumeration = getRealm(realmName).getUserNames();
            List userNamesList = new ArrayList();
            while (userNamesEnumeration.hasMoreElements()) {
                userNamesList.add(userNamesEnumeration.nextElement());
            }
                    return userNamesList.toArray(new String[userNamesList.size()]);


        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String[] getGroupNames(String realmName) {
        try {

            Enumeration es = getRealm(realmName).getGroupNames();
            List groupNamesList = new ArrayList();
            while (es.hasMoreElements()) {
                groupNamesList.add(es.nextElement());
            }
        return groupNamesList.toArray(new String[groupNamesList.size()]);

        } catch (Exception e) {
            throw new RuntimeException(e);
        }

    }

    public String[] getGroupNames(String realmName, String user) {

        try {

            Enumeration es = getRealm(realmName).getGroupNames(user);
            List groupNamesList = new ArrayList();
            while (es.hasMoreElements()) {
                groupNamesList.add(es.nextElement());
            }
        return groupNamesList.toArray(new String[groupNamesList.size()]);

        } catch (Exception e) {
            throw new RuntimeException(e);
        }


    }

    public Map getUserAttributes(String realmName, String username) {
        try {
            User user = getRealm(realmName).getUser(username);
            Map m = new HashMap();
            Enumeration e = user.getAttributeNames();
            List attrNames = new ArrayList();
            while (e.hasMoreElements()) {
                attrNames.add(e.nextElement());
            }
            for (String attrName : attrNames) {
                m.put(attrName, user.getAttribute(attrName));
            }
            return m;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String getAnonymousUser(ServiceLocator habitat) {
        String user = null;
        // find the ADMIN_REALM
        AuthRealm adminFileAuthRealm = null;

        for (AuthRealm auth : domain.getConfigNamed(DAS_CONFIG).getSecurityService().getAuthRealm()) {
            if (auth.getName().equals(ADMIN_REALM)) {
                adminFileAuthRealm = auth;
                break;
            }
        }

        if (adminFileAuthRealm == null) {
            // There must always be an admin realm
            throw new IllegalStateException("Cannot find admin realm");
        }

        // Get FileRealm class name
        String fileRealmClassName = adminFileAuthRealm.getClassname();
        if (fileRealmClassName != null && !fileRealmClassName.equals(FILE_REALM_CLASSNAME)) {
            // This condition can arise if admin-realm is not a File realm. Then the API to extract
            // the anonymous user should be integrated for the logic below this line of code. for now,
            // we treat this as an error and instead of throwing exception return false;
            return null;
        }

        List props = adminFileAuthRealm.getProperty();


        Property keyfileProp = null;

        for (Property prop : props) {
            if ("file".equals(prop.getName())) {
                keyfileProp = prop;
            }
        }
        if (keyfileProp == null) {
            throw new IllegalStateException("Cannot find property 'file'");
        }
        String keyFile = keyfileProp.getValue();
        if (keyFile == null) {
            throw new IllegalStateException("Cannot find key file");
        }

        String[] usernames = getUserNames(adminFileAuthRealm.getName());
        if (usernames.length == 1) {
            try {
                habitat.getService(com.sun.enterprise.security.SecurityLifecycle.class);
                WebAndEjbToJaasBridge.login(usernames[0], new char[0], ADMIN_REALM);
                user = usernames[0];
            } catch (Exception e) {
            }
        }

        return user;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy