| /* |
| * Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved. |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Public License v. 2.0, which is available at |
| * http://www.eclipse.org/legal/epl-2.0. |
| * |
| * This Source Code may also be made available under the following Secondary |
| * Licenses when the conditions for such availability set forth in the |
| * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, |
| * version 2 with the GNU Classpath Exception, which is available at |
| * https://www.gnu.org/software/classpath/license.html. |
| * |
| * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 |
| */ |
| |
| package com.sun.enterprise.config.serverbeans; |
| |
| import java.util.Collections; |
| import java.util.List; |
| import org.glassfish.api.I18n; |
| import org.glassfish.api.admin.RuntimeType; |
| import org.glassfish.config.support.Create; |
| import org.glassfish.config.support.Delete; |
| import org.glassfish.config.support.Listing; |
| import org.glassfish.config.support.TypeAndNameResolver; |
| import org.glassfish.hk2.api.ServiceLocator; |
| import org.jvnet.hk2.config.Attribute; |
| import org.jvnet.hk2.config.ConfigBeanProxy; |
| import org.jvnet.hk2.config.Configured; |
| import org.jvnet.hk2.config.DuckTyped; |
| import org.jvnet.hk2.config.Element; |
| import org.jvnet.hk2.config.Transaction; |
| |
| @Configured |
| /** |
| * Represents the admin security settings for the domain. |
| * |
| */ |
| public interface SecureAdmin extends ConfigBeanProxy { |
| |
| @Element |
| @Create(value = "enable-secure-admin-principal", decorator = SecureAdminPrincipal.CrDecorator.class, i18n = @I18n("enable.secure.admin.principal.command"), cluster = @org.glassfish.api.admin.ExecuteOn(value = { |
| RuntimeType.DAS, RuntimeType.INSTANCE })) |
| @Delete(value = "disable-secure-admin-principal", resolver = SecureAdminPrincipal.Resolver.class, i18n = @I18n("disable.secure.admin.principal.command"), cluster = @org.glassfish.api.admin.ExecuteOn(value = { |
| RuntimeType.DAS, RuntimeType.INSTANCE })) |
| @Listing(value = "list-secure-admin-principals", i18n = @I18n("list.secure.admin.principals.command")) |
| public List<SecureAdminPrincipal> getSecureAdminPrincipal(); |
| |
| @Element |
| @Create(value = "enable-secure-admin-internal-user", decorator = SecureAdminInternalUser.CrDecorator.class, i18n = @I18n("enable.secure.admin.internal.user.command"), cluster = @org.glassfish.api.admin.ExecuteOn(value = { |
| RuntimeType.DAS, RuntimeType.INSTANCE })) |
| @Delete(value = "disable-secure-admin-internal-user", resolver = TypeAndNameResolver.class, i18n = @I18n("disable.secure.admin.internal.user.command"), cluster = @org.glassfish.api.admin.ExecuteOn(value = { |
| RuntimeType.DAS, RuntimeType.INSTANCE })) |
| @Listing(value = "list-secure-admin-internal-users", i18n = @I18n("list.secure.admin.internal.user.command")) |
| public List<SecureAdminInternalUser> getSecureAdminInternalUser(); |
| |
| /** |
| * Gets whether admin security is turned on. |
| * |
| * @return {@link String } containing the type |
| */ |
| @Attribute(defaultValue = "false", dataType = Boolean.class) |
| String getEnabled(); |
| |
| /** |
| * Sets whether admin security is turned on. |
| * |
| * @param value whether admin security should be on or off ("true" or "false") |
| */ |
| void setEnabled(String value); |
| |
| @Attribute(defaultValue = Util.ADMIN_INDICATOR_DEFAULT_VALUE) |
| String getSpecialAdminIndicator(); |
| |
| void setSpecialAdminIndicator(String value); |
| |
| @Attribute(defaultValue = Duck.DEFAULT_ADMIN_ALIAS) |
| String dasAlias(); |
| |
| void setDasAlias(String alias); |
| |
| @Attribute(defaultValue = Duck.DEFAULT_INSTANCE_ALIAS) |
| String instanceAlias(); |
| |
| void setInstanceAlias(String alias); |
| |
| /** |
| * Returns the SecureAdminPrincipal corresponding to the Principal the instances use to authenticate themselves using |
| * SSL/TLS |
| * |
| * @return the SecureAdminPrincipal for the instances |
| */ |
| @DuckTyped |
| String getInstanceAlias(); |
| |
| @DuckTyped |
| String getDasAlias(); |
| |
| @DuckTyped |
| boolean isEnabled(); |
| |
| class Duck { |
| |
| public final static String DEFAULT_INSTANCE_ALIAS = "glassfish-instance"; |
| public final static String DEFAULT_ADMIN_ALIAS = "s1as"; |
| |
| public static String getInstanceAlias(final SecureAdmin secureAdmin) { |
| return secureAdmin.instanceAlias(); |
| } |
| |
| public static String getDasAlias(final SecureAdmin secureAdmin) { |
| return secureAdmin.dasAlias(); |
| } |
| } |
| |
| public static class Util { |
| |
| public static final String ADMIN_INDICATOR_HEADER_NAME = "X-GlassFish-admin"; |
| public static final String ADMIN_INDICATOR_DEFAULT_VALUE = "true"; |
| public static final String ADMIN_ONE_TIME_AUTH_TOKEN_HEADER_NAME = "X-GlassFish-authToken"; |
| |
| private static volatile SecureAdminHelper _secureAdminHelper = null; |
| |
| /** |
| * Reports whether secure admin is enabled. |
| * |
| * @param secureAdmin the SecureAdmin, typically returned from domain.getSecureAdmin() |
| * @return true if secure admin is enabled; false otherwise |
| */ |
| public static boolean isEnabled(final SecureAdmin secureAdmin) { |
| return (secureAdmin != null && Boolean.parseBoolean(secureAdmin.getEnabled())); |
| } |
| |
| /** |
| * Returns the configured (which could be the default) value for the special admin indicator. |
| * |
| * @param secureAdmin the SecureAdmin, typically returned from domain.getSecureAdmin() |
| * @return the current value for the admin indicator |
| */ |
| public static String configuredAdminIndicator(final SecureAdmin secureAdmin) { |
| return (secureAdmin == null ? ADMIN_INDICATOR_DEFAULT_VALUE : secureAdmin.getSpecialAdminIndicator()); |
| } |
| |
| public static String DASAlias(final SecureAdmin secureAdmin) { |
| return (secureAdmin == null) ? Duck.DEFAULT_ADMIN_ALIAS : secureAdmin.getDasAlias(); |
| } |
| |
| public static String instanceAlias(final SecureAdmin secureAdmin) { |
| return (secureAdmin == null) ? Duck.DEFAULT_INSTANCE_ALIAS : secureAdmin.getInstanceAlias(); |
| } |
| |
| public static List<SecureAdminInternalUser> secureAdminInternalUsers(final SecureAdmin secureAdmin) { |
| return (secureAdmin == null) ? Collections.EMPTY_LIST : secureAdmin.getSecureAdminInternalUser(); |
| } |
| |
| public static SecureAdminInternalUser secureAdminInternalUser(final SecureAdmin secureAdmin) { |
| final List<SecureAdminInternalUser> secureAdminUsers = secureAdminInternalUsers(secureAdmin); |
| return (secureAdminUsers.isEmpty() ? null : secureAdminUsers.get(0)); |
| } |
| |
| public static boolean isUsingUsernamePasswordAuth(final SecureAdmin secureAdmin) { |
| return !secureAdminInternalUsers(secureAdmin).isEmpty(); |
| } |
| |
| public static List<SecureAdminPrincipal> secureAdminPrincipals(final SecureAdmin secureAdmin, final ServiceLocator habitat) { |
| List<SecureAdminPrincipal> result = Collections.EMPTY_LIST; |
| if (secureAdmin != null) { |
| result = secureAdmin.getSecureAdminPrincipal(); |
| if (result.isEmpty()) { |
| try { |
| final Transaction t = new Transaction(); |
| final SecureAdmin secureAdmin_w = t.enroll(secureAdmin); |
| result = secureAdmin_w.getSecureAdminPrincipal(); |
| final SecureAdminPrincipal dasPrincipal = secureAdmin_w.createChild(SecureAdminPrincipal.class); |
| dasPrincipal.setDn(secureAdminHelper(habitat).getDN(secureAdmin.dasAlias(), true)); |
| result.add(dasPrincipal); |
| |
| final SecureAdminPrincipal instancePrincipal = secureAdmin_w.createChild(SecureAdminPrincipal.class); |
| instancePrincipal.setDn(secureAdminHelper(habitat).getDN(secureAdmin.instanceAlias(), true)); |
| result.add(instancePrincipal); |
| t.commit(); |
| } catch (Exception ex) { |
| throw new RuntimeException(ex); |
| } |
| } |
| } |
| return result; |
| } |
| |
| private static synchronized SecureAdminHelper secureAdminHelper(final ServiceLocator habitat) { |
| if (_secureAdminHelper == null) { |
| _secureAdminHelper = habitat.getService(SecureAdminHelper.class); |
| } |
| return _secureAdminHelper; |
| } |
| } |
| } |