Java > Open Source Codes > com > sun > enterprise > admin > mbeans > AuthRealmMBean


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23
24 /*
25  * $Id: AuthRealmMBean.java,v 1.4 2006/03/03 19:25:53 kravtch Exp $
26  */
27
28 package com.sun.enterprise.admin.mbeans;
29
30 //jdk imports
31 import java.util.ArrayList ;
32 import java.util.Enumeration ;
33 import java.util.logging.Level ;
34 import java.util.logging.Logger ;
35
36 import java.io.IOException ;
37
38 //JMX imports
39 import javax.management.AttributeList ;
40 import javax.management.ObjectName ;
41 import javax.management.MBeanException ;
42 import javax.management.MBeanServer ;
43 import javax.management.AttributeNotFoundException ;
44 import javax.management.modelmbean.ModelMBeanInfo ;
45
46
47 import com.sun.enterprise.admin.common.constant.AdminConstants;
48
49 //config imports
50 import com.sun.enterprise.config.ConfigContext;
51 import com.sun.enterprise.config.ConfigException;
52 import com.sun.enterprise.config.serverbeans.ServerTags;
53 import com.sun.enterprise.config.serverbeans.PropertyResolver;
54 import com.sun.enterprise.config.serverbeans.ServerHelper;
55 import com.sun.enterprise.config.serverbeans.Server;
56 import com.sun.enterprise.config.serverbeans.JmxConnector;
57
58 import com.sun.enterprise.admin.common.constant.AdminConstants;
59
60 import com.sun.enterprise.admin.config.BaseConfigMBean;
61 import com.sun.enterprise.admin.config.MBeanConfigException;
62 import com.sun.enterprise.admin.meta.MBeanRegistryFactory;
63
64 //security stuff
65 import com.sun.enterprise.security.auth.realm.Realm;
66 import com.sun.enterprise.security.auth.realm.file.FileRealm;
67 import com.sun.enterprise.security.auth.realm.BadRealmException;
68 import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
69 import com.sun.enterprise.security.auth.realm.NoSuchUserException;
70 import com.sun.enterprise.security.util.IASSecurityException;
71
72 //event handling
73 import com.sun.enterprise.admin.event.EventContext;
74 import com.sun.enterprise.admin.event.UserMgmtEvent;
75 import com.sun.enterprise.admin.AdminContext;
76 import com.sun.enterprise.admin.MBeanHelper;
77
78 // Logging
79 import java.util.logging.Level ;
80 import com.sun.enterprise.util.i18n.StringManager;
81
82 import com.sun.enterprise.admin.mbeanapi.IAuthRealmMBean;
83
84 public class AuthRealmMBean extends BaseConfigMBean
85     implements IAuthRealmMBean
86 {
87
88 static final String FILE_NAME_PROPERTY = "file";
89 /**
90      */
91     private static final StringManager localStrings =
92         StringManager.getManager(AuthRealmMBean.class);
93
94     public AuthRealmMBean()
95     {
96     }
97
98     /*
99      */
100     // ****************************************************************************
101 //Security Realms keyfile operations
102 // ****************************************************************************
103 /**
104      * Returns names of all the users from instance realm keyfile
105      */
106     public String [] getUserNames() throws MBeanConfigException
107     {
108         checkFileTypeRealm();
109         
110         FileRealm realm = getRealmKeyFile();
111         try
112         {
113             return convertEnumerationToStringArray(realm.getUserNames());
114         }
115         catch(BadRealmException bre)
116         {
117             //String msg = localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);
118 throw new MBeanConfigException(bre.getMessage());
119         }
120     }
121
122     /**
123      * Returns names of all the groups from the instance realm keyfile
124      */
125     public String [] getGroupNames() throws MBeanConfigException
126     {
127         checkFileTypeRealm();
128         
129         FileRealm realm = getRealmKeyFile();
130         try
131         {
132             return convertEnumerationToStringArray(realm.getGroupNames());
133         }
134         catch(BadRealmException bre)
135         {
136             //String msg = localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);
137 throw new MBeanConfigException(bre.getMessage());
138         }
139     }
140
141     /**
142      * Returns the name of all the groups that this user belongs to from the instance realm keyfile
143      */
144     public String [] getUserGroupNames(String userName) throws MBeanConfigException
145     {
146         if(userName==null)
147            return getGroupNames();
148
149         checkFileTypeRealm();
150         
151         FileRealm realm = getRealmKeyFile();
152         try
153         {
154             return convertEnumerationToStringArray(realm.getGroupNames(userName));
155         }
156         catch(NoSuchUserException nse)
157         {
158             //String msg = localStrings.getString( "admin.server.core.mbean.config.no_such_user", mInstanceName, userName);
159 throw new MBeanConfigException(nse.getMessage());
160         }
161     }
162
163
164     /**
165      * Adds new user to file realm. User cannot exist already.
166      */
167     public void addUser(String userName, String password, String [] groupList)
168                 throws MBeanConfigException
169     {
170         checkFileTypeRealm();
171         
172         FileRealm realm = getRealmKeyFile();
173         try
174         {
175             realm.addUser(userName, password, groupList);
176             saveInstanceRealmKeyFile(realm);
177         }
178         catch(BadRealmException bre)
179         {
180             //String msg = localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);
181 throw new MBeanConfigException(bre.getMessage());
182         }
183         catch(IASSecurityException ise)
184         {
185             //String msg = localStrings.getString( "admin.server.core.mbean.config.security_exception", mInstanceName, userName, bre.getMessage());
186 throw new MBeanConfigException(ise.getMessage());
187         }
188
189         EmitUserMgmtEvent(UserMgmtEvent.ACTION_USERADD, userName, groupList);
190
191     }
192
193     /**
194      * Remove user from file realm. User must exist.
195      */
196     public void removeUser(String userName) throws MBeanConfigException
197     {
198         checkFileTypeRealm();
199         
200         if(isLastAdminUser(userName))
201         {
202             String msg = localStrings.getString("authRealmMBean.removeLastAdminUser",
203                                         AdminConstants.DOMAIN_ADMIN_GROUP_NAME);
204             throw new MBeanConfigException(msg);
205         }
206             
207         FileRealm realm = getRealmKeyFile();
208         try
209         {
210             realm.removeUser(userName);
211             saveInstanceRealmKeyFile(realm);
212         }
213         catch(NoSuchUserException nse)
214         {
215             //String msg = localStrings.getString( "admin.server.core.mbean.config.no_such_user", mInstanceName, userName);
216 throw new MBeanConfigException(nse.getMessage());
217         }
218         EmitUserMgmtEvent(UserMgmtEvent.ACTION_USERREMOVE, userName, null);
219     }
220
221     /**
222      * Update data for an existing user. User must exist. This is equivalent to calling removeUser() followed by addUser().
223      */
224     public void updateUser(String userName, String password, String [] groupList) throws MBeanConfigException
225     {
226         checkFileTypeRealm();
227         
228         if(!isBelogsTo(groupList, AdminConstants.DOMAIN_ADMIN_GROUP_NAME) &&
229            isLastAdminUser(userName))
230         {
231             String msg = localStrings.getString("authRealmMBean.removeLastAdminUser",
232                                         AdminConstants.DOMAIN_ADMIN_GROUP_NAME);
233             throw new MBeanConfigException(msg);
234         }
235
236         FileRealm realm = getRealmKeyFile();
237         try
238         {
239             realm.updateUser(userName, userName, password, groupList);
240             saveInstanceRealmKeyFile(realm);
241         }
242         catch(BadRealmException bre)
243         {
244             //String msg = localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);
245 throw new MBeanConfigException(bre.getMessage());
246         }
247         catch(NoSuchUserException nse)
248         {
249             //String msg = localStrings.getString( "admin.server.core.mbean.config.no_such_user", mInstanceName, userName);
250 throw new MBeanConfigException(nse.getMessage());
251         }
252         catch(IASSecurityException ise)
253         {
254             //String msg = localStrings.getString( "admin.server.core.mbean.config.security_exception", mInstanceName, userName, bre.getMessage());
255 throw new MBeanConfigException(ise.getMessage());
256         }
257         EmitUserMgmtEvent(UserMgmtEvent.ACTION_USERUPDATE, userName, groupList);
258     }
259     
260     // ****************************************************************************
261 private String getRealmKeyFileName()
262     {
263         return getProperty(FILE_NAME_PROPERTY);
264     }
265     // ****************************************************************************
266 private FileRealm getRealmKeyFile() throws MBeanConfigException
267     {
268         try
269         {
270             /*
271             String name = (String)getAttribute(ServerTags.NAME);
272             Realm realm = Realm.getInstance(name);
273             if(realm==null)
274             {
275                 String msg = localStrings.getString("authRealmMBean.realm_not_registered", name);
276                 throw new MBeanConfigException(msg);
277             }
278             if(!(realm instanceof FileRealm))
279             {
280                 String msg = localStrings.getString("authRealmMBean.unsupported_type");
281                 throw new MBeanConfigException(msg);
282             }
283             return (FileRealm)realm;
284             */
285             return new FileRealm(getRealmKeyFileName());
286         }
287  // catch(MBeanConfigException mce)
288 // {
289 // throw mce;
290 // }
291 catch(Exception e)
292         {
293             //String msg = localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);
294 throw new MBeanConfigException(e.getMessage());
295         }
296 /* catch(BadRealmException bre)
297         {
298             //String msg = localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);
299             throw new MBeanConfigException(bre.getMessage());
300         }
301         catch(NoSuchRealmException nsr)
302         {
303             //String msg = localStrings.getString( "admin.server.core.mbean.config.no_such_realm", mInstanceName);
304             throw new MBeanConfigException(nsr.getMessage());
305         }
306 */
307     }
308
309     // ****************************************************************************
310 private void saveInstanceRealmKeyFile(FileRealm realm) throws MBeanConfigException
311     {
312         try
313         {
314             final String filePath = getRealmKeyFileName();
315             _sLogger.log(Level.INFO, "filerealm.write", filePath);
316             realm.writeKeyFile(filePath);
317         }
318         catch(IOException ioe)
319         {
320             //String msg = localStrings.getString( "admin.server.core.mbean.config.realm_io_error", mInstanceName);
321 _sLogger.log(Level.WARNING, "filerealm.writeerror", ioe);
322             throw new MBeanConfigException(ioe.getMessage());
323         }
324 /* catch(BadRealmException bre)
325         {
326             //String msg = localStrings.getString( "admin.server.core.mbean.config.bad_realm", mInstanceName);
327             throw new MBeanConfigException(bre.getMessage());
328         }
329 */
330  }
331
332     // ****************************************************************************
333 private String [] convertEnumerationToStringArray(Enumeration ee)
334     {
335         ArrayList list = new ArrayList ();
336         while(ee.hasMoreElements())
337             list.add(ee.nextElement());
338         return (String [])list.toArray(new String [list.size()]);
339     }
340     // ****************************************************************************
341 private void checkFileTypeRealm() throws MBeanConfigException
342     {
343         String className = null;
344         try
345         {
346             className = (String )getAttribute(ServerTags.CLASSNAME);
347         }
348         catch (Exception e)
349         {}
350         if( className==null ||
351           !className.equals("com.sun.enterprise.security.auth.realm.file.FileRealm"))
352         {
353             String msg = localStrings.getString("authRealmMBean.unsupported_type");
354             throw new MBeanConfigException(msg);
355         }
356     }
357
358     /**
359      *
360      */
361     private String getProperty(String name)
362     {
363         try
364         {
365             String unresolved = (String )invoke("getPropertyValue", new Object []{name}, new String []{"java.lang.String"});
366             //This needs to be changed for SE/EE. The instanceName cant
367 //be assumed to be the das server instance name.
368 final String instanceName = MBeanRegistryFactory.getAdminContext().
369                     getServerName();
370             final String resolved = new PropertyResolver(getConfigContext(),
371                     instanceName).resolve(unresolved);
372             return resolved;
373         }
374         catch (Exception e)
375         {
376             return null;
377         }
378     }
379     
380     private void EmitUserMgmtEvent(int action, String user, String [] groups) throws MBeanConfigException
381     {
382         try
383         {
384             AdminContext adminContext = MBeanRegistryFactory.getAdminContext();
385             String instanceName = adminContext.getServerName();
386             String name = (String )getAttribute(ServerTags.NAME);
387             UserMgmtEvent event = new UserMgmtEvent(instanceName, name, action, user, groups);
388             event.setTargetDestination(getParentConfigName());
389             EventContext.addEvent(event);
390         }
391         catch (Exception e)
392         {
393             throw new MBeanConfigException(e.getMessage());
394         }
395     }
396
397     /**
398      * Check if this is the last admin user in DAS admin-auth
399      */
400     private boolean isSystemAdminRealm()
401             throws MBeanConfigException
402     {
403         try {
404             Server das = ServerHelper.getDAS(getConfigContext());
405             String dasConfigName = das.getConfigRef();
406             if(!getParentConfigName().equals(dasConfigName))
407                 return false; //from another config
408
409             JmxConnector jmxc = ServerHelper.getServerSystemConnector(
410                     getConfigContext(),
411                     das.getName());
412             return jmxc.getAuthRealmName().equals(getName());
413         } catch (Exception e) {
414             throw new MBeanConfigException(e.getMessage());
415         }
416     }
417     
418     /**
419      * @returns name of config element which realm belongs to
420      */
421     private String getParentConfigName() throws Exception
422     {
423         return MBeanHelper.getLocation((ModelMBeanInfo )this.getMBeanInfo())[1];
424     }
425     
426     //returns realm name (id)
427 private String getName() throws Exception
428     {
429         return (String )getAttribute(ServerTags.NAME);
430     }
431     // ****************************************************************************
432 private boolean isBelogsTo(Enumeration ee, Object objectToCheck)
433     {
434         while(ee.hasMoreElements())
435             if(ee.nextElement().equals(objectToCheck))
436                 return true;
437         return false;
438     }
439     // ****************************************************************************
440 private boolean isBelogsTo(Object [] arr, Object objectToCheck)
441     {
442         for(int i=0; i<arr.length; i++)
443             if(objectToCheck.equals(arr[i]))
444                 return true;
445         return false;
446     }
447
448     
449     /**
450      *
451      */
452     private boolean isUserLastInGroup(String userName, String groupName) throws MBeanConfigException
453     {
454         checkFileTypeRealm();
455         
456         FileRealm realm = getRealmKeyFile();
457
458         try
459         {
460             if(!isBelogsTo(realm.getGroupNames(userName), groupName))
461                 return false; // user not in the group at all
462
463             Enumeration users = realm.getUserNames();
464             while(users.hasMoreElements())
465             {
466                 String user = (String )users.nextElement();
467                 if(!userName.equals(user) &&
468                     isBelogsTo(realm.getGroupNames(user), groupName))
469                    return false;
470             }
471         }
472         catch(Exception nse)
473         {
474             //String msg = localStrings.getString( "admin.server.core.mbean.config.no_such_user", mInstanceName, userName);
475 throw new MBeanConfigException(nse.getMessage());
476         }
477         return true;
478     }
479
480     /**
481      *
482      */
483     private boolean isLastAdminUser(String userName) throws MBeanConfigException
484     {
485         return (isSystemAdminRealm() &&
486             isUserLastInGroup(userName,AdminConstants.DOMAIN_ADMIN_GROUP_NAME));
487     }
488 }
489

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags