Glassfish example source code file (SecurityUpgradeService.java)
The Glassfish SecurityUpgradeService.java source code/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2011 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package com.sun.enterprise.security;
import com.sun.enterprise.config.serverbeans.*;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.grizzly.config.dom.Ssl;
import com.sun.logging.LogDomains;
import java.beans.PropertyVetoException;
import java.io.File;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.api.admin.ServerEnvironment;
import org.glassfish.api.admin.config.ConfigurationUpgrade;
import org.jvnet.hk2.annotations.Inject;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.PostConstruct;
import org.jvnet.hk2.config.ConfigSupport;
import org.jvnet.hk2.config.SingleConfigCode;
import org.jvnet.hk2.config.TransactionFailure;
import org.jvnet.hk2.config.types.Property;
/**
*The only thing that needs to added Extra for SecurityService migration
* is the addition of the new JACC provider. This would be required when
* migrating from V2, for V3-Prelude it is already present.
*
* The rest of the security related upgrade is handled implicitly by the actions of the
* upgrade service itself.
*
*/
@Service
public class SecurityUpgradeService implements ConfigurationUpgrade, PostConstruct {
@Inject
Configs configs;
@Inject
ServerEnvironment env;
private static final String DIR_GENERATED_POLICY = "generated" + File.separator + "policy";
private static final String DIR_CONFIG = "config";
private static final String JKS = ".jks";
private static final String NSS = ".db";
// private static final String KEYSTORE = "keystore.jks";
// private static final String TRUSTSTORE = "cacerts.jks";
private static final String JDBC_REALM_CLASSNAME = "com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm";
public static final String PARAM_DIGEST_ALGORITHM = "digest-algorithm";
private static final String GF_SSL_IMPL_NAME = "com.sun.enterprise.security.ssl.GlassfishSSLImpl";
private static final Logger _logger = LogDomains.getLogger(SecurityUpgradeService.class, LogDomains.SECURITY_LOGGER);
private static final LocalStringManagerImpl localStrings =
new LocalStringManagerImpl(SecurityUpgradeService.class);
public void postConstruct() {
for (Config config : configs.getConfig()) {
SecurityService service = config.getSecurityService();
if (service != null) {
upgradeJACCProvider(service);
}
populateSSLElement(config);
}
//Clear up the old policy files for applications
String instanceRoot = env.getInstanceRoot().getAbsolutePath();
File genPolicyDir = new File(instanceRoot, DIR_GENERATED_POLICY);
if(genPolicyDir != null) {
File[] applicationDirs = genPolicyDir.listFiles();
if(applicationDirs != null) {
for(File policyDir:applicationDirs) {
deleteFile(genPolicyDir);
}
}
}
//Update an existing JDBC realm-Change the digest algorithm to MD5 if none exists
//Since the default algorithm is SHA-256 in v3.1, but was MD5 prior to 3.1
for (Config config : configs.getConfig()) {
SecurityService service = config.getSecurityService();
List<AuthRealm> authRealms = service.getAuthRealm();
try {
for (AuthRealm authRealm : authRealms) {
if (JDBC_REALM_CLASSNAME.equals(authRealm.getClassname())) {
Property digestAlgoProp = authRealm.getProperty(PARAM_DIGEST_ALGORITHM);
if (digestAlgoProp != null) {
String digestAlgo = digestAlgoProp.getValue();
if (digestAlgo == null || digestAlgo.isEmpty()) {
digestAlgoProp.setValue("MD5");
}
} else {
ConfigSupport.apply(new SingleConfigCode<AuthRealm>() {
public Object run(AuthRealm updatedAuthRealm) throws PropertyVetoException, TransactionFailure {
Property prop1 = updatedAuthRealm.createChild(Property.class);
prop1.setName(PARAM_DIGEST_ALGORITHM);
prop1.setValue("MD5");
updatedAuthRealm.getProperty().add(prop1);
return null;
}
}, authRealm);
}
}
}
} catch (PropertyVetoException pve) {
_logger.log(Level.SEVERE, "security_upgrade_service_exception", pve);
throw new RuntimeException(pve);
} catch (TransactionFailure tf) {
_logger.log(Level.SEVERE, "security_upgrade_service_exception", tf);
throw new RuntimeException(tf);
}
}
//Detect an NSS upgrade scenario and point to the steps wiki
if (requiresSecureAdmin()) {
_logger.log(Level.WARNING, localStrings.getLocalString("enterprise.security.upgrade.warning", "Upgrade from v2 EE to v3.1 requires manual steps."
+ "Please refer to the v3.1 Upgrade Guide for details."));
}
//Fix for issue 14950 the classname attribute
//should be added to jmx-connector elements
// of the admin-service in the v3 instance during an
// upgrade from v2, if the v2 instance had the ssl
// sub-elements to the jmx-connector elements (in the admin-service )
for (Config config : configs.getConfig()) {
AdminService service = config.getAdminService();
for( JmxConnector jmxConnector : service.getJmxConnector()){
Ssl sslElement = jmxConnector.getSsl();
if(sslElement != null) {
try {
ConfigSupport.apply(new SingleConfigCode<Ssl>() {
public Object run(Ssl ssl) throws PropertyVetoException,
TransactionFailure {
ssl.setClassname(GF_SSL_IMPL_NAME);
return null;
}
}, sslElement);
} catch (TransactionFailure tf) {
_logger.log(Level.SEVERE, "security_upgrade_service_exception", tf);
throw new RuntimeException(tf);
}
}
}
}
}
/*
* Method to detect an NSS install.
*/
public boolean requiresSecureAdmin() {
String instanceRoot = env.getInstanceRoot().getAbsolutePath();
File configDir = new File(instanceRoot, "config");
//default KS password
if (configDir != null) {
for (File configFile : configDir.listFiles()) {
if (configFile.getName().endsWith(NSS)) {
return true;
}
}
}
return false;
}
private void populateSSLElement(Config config) {
IiopService iiopService = config.getIiopService();
for (IiopListener listener : iiopService.getIiopListener()) {
Ssl sslElement = listener.getSsl();
if (sslElement != null) {
try {
ConfigSupport.apply(new SingleConfigCode<Ssl>() {
public Object run(Ssl ssl) throws PropertyVetoException,
TransactionFailure {
ssl.setClassname(GF_SSL_IMPL_NAME);
return null;
}
}, sslElement);
} catch (TransactionFailure tf) {
_logger.log(Level.SEVERE, "security_upgrade_service_exception", tf);
throw new RuntimeException(tf);
}
}
}
}
private void upgradeJACCProvider(SecurityService securityService) {
try {
List<JaccProvider> jaccProviders = securityService.getJaccProvider();
for (JaccProvider jacc : jaccProviders) {
if ("com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory".equals(jacc.getPolicyConfigurationFactoryProvider())) {
//simple policy provider already present
return;
}
}
ConfigSupport.apply(new SingleConfigCode<SecurityService>() {
@Override
public Object run(SecurityService secServ) throws PropertyVetoException, TransactionFailure {
JaccProvider jacc = secServ.createChild(JaccProvider.class);
//add the simple provider to the domain's security service
jacc.setName("simple");
jacc.setPolicyConfigurationFactoryProvider("com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory");
jacc.setPolicyProvider("com.sun.enterprise.security.jacc.provider.SimplePolicyProvider");
secServ.getJaccProvider().add(jacc);
return secServ;
}
}, securityService);
} catch (TransactionFailure ex) {
Logger.getAnonymousLogger().log(Level.SEVERE, null, ex);
throw new RuntimeException(ex);
}
}
private boolean deleteFile(File path) {
if (path != null && path.exists()) {
if (path.isDirectory()) {
File[] files = path.listFiles();
for(File file:files) {
if(file.isDirectory()){
deleteFile(file);
file.delete();
}
else {
file.delete();
}
}
}
path.delete();
}
return true;
}
}
Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish SecurityUpgradeService.java source code file: |
The search page
Other Glassfish source code examples at this package level
Click here to learn more about this project
