|
Glassfish example source code file (LDAPAdminAccessConfigurator.java)
The Glassfish LDAPAdminAccessConfigurator.java source code/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2006-2010 Oracle and/or its affiliates. All rights reserved. * * The contents of this file are subject to the terms of either the GNU * General Public License Version 2 only ("GPL") or the Common Development * and Distribution License("CDDL") (collectively, the "License"). You * may not use this file except in compliance with the License. You can * obtain a copy of the License at * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html * or packager/legal/LICENSE.txt. See the License for the specific * language governing permissions and limitations under the License. * * When distributing the software, include this License Header Notice in each * file and include the License file at packager/legal/LICENSE.txt. * * GPL Classpath Exception: * Oracle designates this particular file as subject to the "Classpath" * exception as provided by Oracle in the GPL Version 2 section of the License * file that accompanied this code. * * Modifications: * If applicable, add the following below the License Header, with the fields * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyright [year] [name of copyright owner]" * * Contributor(s): * If you wish your version of this file to be governed by only the CDDL or * only the GPL Version 2, indicate your decision by adding "[Contributor] * elects to include this software in this distribution under the [CDDL or GPL * Version 2] license." If you don't indicate a single choice of license, a * recipient has the option to distribute your version of this file under * either the CDDL, the GPL Version 2 or to extend the choice of license to * its licensees as provided above. However, if you add GPL Version 2 code * and therefore, elected the GPL Version 2 license, then the option applies * only if the new code is made subject to such option by the copyright * holder. */ package com.sun.enterprise.security.cli; //import com.sun.enterprise.config.serverbeans.*; import com.sun.enterprise.config.serverbeans.AdminService; import com.sun.enterprise.config.serverbeans.AuthRealm; import com.sun.enterprise.config.serverbeans.Config; import com.sun.enterprise.config.serverbeans.ConfigBeansUtilities; import com.sun.enterprise.config.serverbeans.Configs; import com.sun.enterprise.config.serverbeans.SecurityService; import com.sun.enterprise.config.serverbeans.Server; import com.sun.enterprise.security.auth.realm.Realm; import com.sun.enterprise.security.auth.realm.ldap.LDAPRealm; import com.sun.enterprise.util.i18n.StringManager; import com.sun.enterprise.util.StringUtils; import com.sun.enterprise.util.SystemPropertyConstants; import com.sun.logging.LogDomains; import org.glassfish.api.ActionReport; import org.glassfish.api.Param; import org.glassfish.api.admin.AdminCommand; import org.glassfish.api.admin.AdminCommandContext; import org.jvnet.hk2.annotations.Inject; import org.jvnet.hk2.annotations.Service; import org.jvnet.hk2.annotations.Scoped; import org.jvnet.hk2.config.ConfigSupport; import org.jvnet.hk2.config.SingleConfigCode; import org.jvnet.hk2.config.TransactionFailure; import org.jvnet.hk2.config.types.Property; import org.jvnet.hk2.component.PerLookup; import javax.naming.Context; import javax.naming.InitialContext; import java.beans.PropertyVetoException; import java.security.KeyStoreException; import java.util.List; import java.util.Properties; import java.util.logging.Logger; import javax.naming.AuthenticationNotSupportedException; import org.glassfish.api.admin.ExecuteOn; import org.glassfish.api.admin.RuntimeType; import org.glassfish.config.support.CommandTarget; import org.glassfish.config.support.TargetType; import org.glassfish.internal.api.RelativePathResolver; import org.jvnet.hk2.annotations.Scoped; import org.jvnet.hk2.component.PerLookup; /** A convenience command to configure LDAP for administration. There are several properties and attributes that * user needs to remember and that's rather user unfriendly. That's why this command is being developed. * @author केदा? (km@dev.java.net) * @since GlassFish V3 */ @Service(name="configure-ldap-for-admin") @Scoped(PerLookup.class) @ExecuteOn({RuntimeType.DAS, RuntimeType.INSTANCE}) @TargetType({CommandTarget.DAS,CommandTarget.STANDALONE_INSTANCE,CommandTarget.CLUSTER, CommandTarget.CONFIG}) public class LDAPAdminAccessConfigurator implements AdminCommand { @Param (name="basedn", shortName="b", optional=false) public volatile String basedn; @Param(name="url", optional=true) public volatile String url = "ldap://localhost:389"; // the default port for LDAP on localhost @Param(name="ldap-group", shortName="g", optional=true) public volatile String ldapGroupName; @Inject private Configs allConfigs; //TODO: not sure what to do with --target here @Param(name = "target", optional = true, defaultValue = SystemPropertyConstants.DEFAULT_SERVER_INSTANCE_NAME) private String target; private final static String ADMIN_SERVER = "server"; //this needs to be at central place, oh well private static final StringManager lsm = StringManager.getManager(LDAPAdminAccessConfigurator.class); private static final String DIR_P = "directory"; private static final String BASEDN_P = "base-dn"; private static final String JAAS_P = "jaas-context"; private static final String JAAS_V = "ldapRealm"; public static final String LDAP_SOCKET_FACTORY = "java.naming.ldap.factory.socket"; public static final String DEFAULT_SSL_LDAP_SOCKET_FACTORY = "com.sun.enterprise.security.auth.realm.ldap.CustomSocketFactory"; public static final String LDAPS_URL = "ldaps://"; private static final Logger logger = LogDomains.getLogger(LDAPAdminAccessConfigurator.class, LogDomains.SECURITY_LOGGER); /** Field denoting the name of the realm used for administration. This is fixed in entire of v3. Note that * the same name is used in admin GUI's web.xml and sun-web.xml. The name of the realm is the key, the * underlying backend (LDAP, File, Database) can change. */ public static final String FIXED_ADMIN_REALM_NAME = "admin-realm"; public static final String ORIG_ADMIN_REALM_NAME = "admin-realm-original"; @Override public void execute(AdminCommandContext context) { ActionReport rep = context.getActionReport(); StringBuilder sb = new StringBuilder(); if(url != null) { if (!url.startsWith("ldap://") && !url.startsWith("ldaps://")) { url = "ldap://" + url; //it's ok to accept just host:port } } if (!pingLDAP(sb)) { rep.setMessage(sb.toString()); rep.setActionExitCode(ActionReport.ExitCode.FAILURE); return; } try { configure(sb); //Realm.getInstance(FIXED_ADMIN_REALM_NAME).refresh(); rep.setMessage(sb.toString()); rep.setActionExitCode(ActionReport.ExitCode.SUCCESS); } catch(TransactionFailure tf) { rep.setMessage(tf.getMessage()); rep.setActionExitCode(ActionReport.ExitCode.FAILURE); } catch (PropertyVetoException e) { rep.setMessage(e.getMessage()); rep.setActionExitCode(ActionReport.ExitCode.FAILURE); } /* catch (NoSuchRealmException e) { ActionReport ar = rep.addSubActionsReport(); ar.setMessage(lsm.getString("realm.not.refreshed")); ar.setActionExitCode(ActionReport.ExitCode.WARNING); } catch (BadRealmException e) { ActionReport ar = rep.addSubActionsReport(); ar.setMessage(lsm.getString("realm.not.refreshed")); ar.setActionExitCode(ActionReport.ExitCode.WARNING); } */ } private void configure(StringBuilder sb) throws TransactionFailure, PropertyVetoException { Server s = ConfigBeansUtilities.getServerNamed(ADMIN_SERVER); String ac = s.getConfigRef(); Config asc = null; //admin server config, that needs the configuration for (Config cfg : allConfigs.getConfig()) { if (cfg.getName().equals(ac)) { asc = cfg; break; } } //following things should happen transactionally - TODO replace SingleConfigCode by ConfigCode ... //createBackupRealm(sb, getAdminRealm(asc.getSecurityService()), getNewRealmName(asc.getSecurityService())); deleteRealm(asc.getSecurityService(), sb); createRealm(asc.getSecurityService(), sb); configureAdminService(asc.getAdminService()); //configure(asc.getSecurityService(), asc.getAdminService(), sb); } private String getNewRealmName(SecurityService ss) { List<AuthRealm> realms = ss.getAuthRealm(); String pref = ORIG_ADMIN_REALM_NAME + "-"; int index = 0; //last one for (AuthRealm realm : realms) { if (realm.getName().indexOf(pref) >= 0) { index = Integer.parseInt(realm.getName().substring(pref.length())); } } return pref + (index+1); } private AuthRealm getAdminRealm(SecurityService ss) { List<AuthRealm> realms = ss.getAuthRealm(); for (AuthRealm realm : realms) { if (FIXED_ADMIN_REALM_NAME.equals(realm.getName())) return realm; } return null; //unlikely - represents an assertion } private void configureAdminService(AdminService as) throws PropertyVetoException, TransactionFailure { SingleConfigCode<AdminService> scc = new SingleConfigCode Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish LDAPAdminAccessConfigurator.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.