|
Glassfish example source code file (LocalPasswordImpl.java)
The Glassfish LocalPasswordImpl.java source code/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved. * * The contents of this file are subject to the terms of either the GNU * General Public License Version 2 only ("GPL") or the Common Development * and Distribution License("CDDL") (collectively, the "License"). You * may not use this file except in compliance with the License. You can * obtain a copy of the License at * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html * or packager/legal/LICENSE.txt. See the License for the specific * language governing permissions and limitations under the License. * * When distributing the software, include this License Header Notice in each * file and include the License file at packager/legal/LICENSE.txt. * * GPL Classpath Exception: * Oracle designates this particular file as subject to the "Classpath" * exception as provided by Oracle in the GPL Version 2 section of the License * file that accompanied this code. * * Modifications: * If applicable, add the following below the License Header, with the fields * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyright [year] [name of copyright owner]" * * Contributor(s): * If you wish your version of this file to be governed by only the CDDL or * only the GPL Version 2, indicate your decision by adding "[Contributor] * elects to include this software in this distribution under the [CDDL or GPL * Version 2] license." If you don't indicate a single choice of license, a * recipient has the option to distribute your version of this file under * either the CDDL, the GPL Version 2 or to extend the choice of license to * its licensees as provided above. However, if you add GPL Version 2 code * and therefore, elected the GPL Version 2 license, then the option applies * only if the new code is made subject to such option by the copyright * holder. */ package com.sun.enterprise.v3.admin; import java.io.*; import java.util.logging.*; import java.security.SecureRandom; import org.jvnet.hk2.annotations.Inject; import org.jvnet.hk2.annotations.Service; import org.jvnet.hk2.annotations.Scoped; import org.jvnet.hk2.component.PostConstruct; import org.jvnet.hk2.component.Singleton; import org.glassfish.internal.api.*; import org.glassfish.api.admin.ServerEnvironment; /** * Manage a local password, which is a cryptographically secure random number * stored in a file with permissions that only allow the owner to read it. * A new local password is generated each time the server starts. The * asadmin client can use it to authenticate when executing local commands, * such as stop-domain, without the user needing to supply a password. * * @author Bill Shannon */ @Service @Scoped(Singleton.class) // only want one local password public class LocalPasswordImpl implements PostConstruct, Init, LocalPassword { @Inject ServerEnvironment env; private String password; private static final String LOCAL_PASSWORD_FILE = "local-password"; private static final int PASSWORD_BYTES = 20; private static final char[] hex = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; private final Logger logger = Logger.getAnonymousLogger(); /** * Generate a local password and save it in the local-password file. */ public void postConstruct() { logger.fine("Generating local password"); SecureRandom random = new SecureRandom(); byte[] pwd = new byte[PASSWORD_BYTES]; random.nextBytes(pwd); password = toHex(pwd); File localPasswordFile = new File(env.getConfigDirPath(), LOCAL_PASSWORD_FILE); PrintWriter w = null; try { if (!localPasswordFile.exists()) { localPasswordFile.createNewFile(); /* * XXX - There's a security hole here. * Between the time the file is created and the permissions * are changed to prevent others from opening it, someone * else could open it and wait for the data to be written. * Java needs the ability to create a file that's readable * only by the owner; coming in JDK 7. */ localPasswordFile.setWritable(false, false); // take from all localPasswordFile.setWritable(true, true); // owner only localPasswordFile.setReadable(false, false); // take from all localPasswordFile.setReadable(true, true); // owner only } w = new PrintWriter(localPasswordFile); w.println(password); } catch (IOException ex) { // ignore errors logger.log(Level.FINE, "Exception writing local password file", ex); } finally { if (w != null) w.close(); } } /** * Is the given password the local password? */ public boolean isLocalPassword(String p) { return password != null && password.equals(p); } /** * Get the local password. */ public String getLocalPassword() { return password; } /** * Convert the byte array to a hex string. */ private static String toHex(byte[] b) { char[] bc = new char[b.length * 2]; for (int i = 0, j = 0; i < b.length; i++) { byte bb = b[i]; bc[j++] = hex[(bb >> 4) & 0xF]; bc[j++] = hex[bb & 0xF]; } return new String(bc); } } Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish LocalPasswordImpl.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.