/** Returns true if the classname of associated authrealm is same as fully qualified FileRealm classname. * * @param as "This" Admin Service * @return true if associated authrealm is nonnull and its classname equals "com.sun.enterprise.security.auth.realm.file.FileRealm", false otherwise */ public static boolean usesFileRealm(AdminService as) { boolean usesFR = false; AuthRealm ar = as.getAssociatedAuthRealm(); //Note: This is type unsafe. if (ar != null && "com.sun.enterprise.security.auth.realm.file.FileRealm".equals(ar.getClassname())) usesFR = true; return usesFR; } }
/** Returns true if the classname of associated authrealm is same as fully qualified FileRealm classname. * * @param as "This" Admin Service * @return true if associated authrealm is nonnull and its classname equals "com.sun.enterprise.security.auth.realm.file.FileRealm", false otherwise */ public static boolean usesFileRealm(AdminService as) { boolean usesFR = false; AuthRealm ar = as.getAssociatedAuthRealm(); //Note: This is type unsafe. if (ar != null && "com.sun.enterprise.security.auth.realm.file.FileRealm".equals(ar.getClassname())) usesFR = true; return usesFR; } }
private FileRealm adminRealm() throws BadRealmException, NoSuchRealmException { final AuthRealm ar = as.getAssociatedAuthRealm(); if (FileRealm.class.getName().equals(ar.getClassname())) { String adminKeyFilePath = ar.getPropertyValue("file"); FileRealm fr = new FileRealm(adminKeyFilePath); return fr; } return null; }
private boolean isInAdminGroup(final String user, final String realm) { return (as.getAssociatedAuthRealm().getGroupMapping() == null) || ensureGroupMembership(user, realm); }
@Override public synchronized void postConstruct() { secureAdmin = domain.getSecureAdmin(); // Ensure that the admin password is set as required if (as.usesFileRealm()) { try { AuthRealm ar = as.getAssociatedAuthRealm(); if (FileRealm.class.getName().equals(ar.getClassname())) { String adminKeyFilePath = ar.getPropertyValue("file"); FileRealm fr = new FileRealm(adminKeyFilePath); if (!fr.hasAuthenticatableUser()) { ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mSecureAdminEmptyPassword); throw new IllegalStateException(ADMSEC_LOGGER.getResourceBundle() .getString(AdminLoggerInfo.mSecureAdminEmptyPassword)); } } } catch (Exception ex) { ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mUnexpectedException, ex); throw new RuntimeException(ex); } } }
AuthRealm realm = as.getAssociatedAuthRealm(); if (realm == null) {
AuthRealm realm = as.getAssociatedAuthRealm(); if (realm == null) {
private void validateUser(final String username) throws BadRealmException, NoSuchRealmException { final AuthRealm ar = as.getAssociatedAuthRealm(); if (FileRealm.class.getName().equals(ar.getClassname())) { String adminKeyFilePath = ar.getPropertyValue("file"); FileRealm fr = new FileRealm(adminKeyFilePath); try { FileRealmUser fru = (FileRealmUser)fr.getUser(username); for (String group : fru.getGroups()) { if (group.equals(DOMAIN_ADMIN_GROUP_NAME)) { return; } } /* * The user is valid but is not in the admin group. */ throw new RuntimeException(Strings.get("notAdminUser", username)); } catch (NoSuchUserException ex) { /* * The user is not valid, but use the same error as if the user * IS present but is not an admin user. This provides a would-be * intruder a little less information by not distinguishing * between a valid user that's not an admin user and an * invalid user. */ throw new RuntimeException(Strings.get("notAdminUser", username)); } } }
AuthRealm ar = as.getAssociatedAuthRealm(); if (FileRealm.class.getName().equals(ar.getClassname())) { String adminKeyFilePath = ar.getPropertyValue("file");
authenticated = true; final boolean isConsideredInAdminGroup = ( (as.getAssociatedAuthRealm().getGroupMapping() == null) || ensureGroupMembership(user, realm)); return isConsideredInAdminGroup