Commits

Anonymous committed d883efe

User contribution: weblogic providers

Comments (0)

Files changed (4)

lib/build/weblogic-management-security-7-stub.jar

Binary file added.

src/java/com/opensymphony/user/provider/weblogic/WeblogicAccessProvider.java

+/*
+ * Copyright (c) 2002-2003 by OpenSymphony
+ * All rights reserved.
+ */
+package com.opensymphony.user.provider.weblogic;
+
+import com.opensymphony.user.provider.AccessProvider;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import weblogic.management.security.authentication.GroupMemberListerMBean;
+import weblogic.management.security.authentication.MemberGroupListerMBean;
+import weblogic.management.security.authentication.UserReaderMBean;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * Provider to check group access based on weblogic's configured security groups.
+ * Required properties:
+ * <ul>
+ *    <li>username - The name of an admin user</li>
+ *    <li>password - The admin user's password</li>
+ *    <li>serverurl - (e.g. t3://localhost:7001)</li>
+ * </ul>
+ * Optional properties:
+ * <ul>
+ *    <li>maxrecords - (default: Integer.MAX_VALUE)</li>
+ * </ul>
+ *
+ * This currently is read-only because the only Authenticator I use (IPlanet)
+ * doesn't implement GroupEditorMBean nor UserEditorMBean If someone in the
+ * future wants to implement this functionality, you can (probably) just
+ * uncomment the code in the appropriate method and remove the "return false;".
+ * You will also have to set it up to loop through the all the UserEditorMBeans
+ * and all the GroupEditorMBeans.
+ *
+ * @author Dave Brondsema
+ */
+public class WeblogicAccessProvider extends WeblogicProvider implements AccessProvider {
+    //~ Static fields/initializers /////////////////////////////////////////////
+
+    private static final Log log = LogFactory.getLog(WeblogicAccessProvider.class);
+
+    //~ Methods ////////////////////////////////////////////////////////////////
+
+    public boolean addToGroup(String username, String groupname) {
+        /*
+        try {
+            groupEditor.addMemberToGroup(groupname, username);
+
+            if (log.isDebugEnabled()) {
+                log.debug("Added user " + username + " to group " + groupname);
+            }
+
+            return true;
+        } catch (Exception ex) {
+            log.error("Error assigning user " + username + " to group " + groupname, ex);
+
+            return false;
+        }
+        */
+        return false;
+    }
+
+    public boolean create(String name) {
+        /*
+        try {
+            groupEditor.createGroup(name, null);
+
+            return true;
+        } catch (Exception ex) {
+            log.error("Error creating group " + name, ex);
+            return false;
+        }
+        */
+        return false;
+    }
+
+    public boolean handles(String name) {
+        try {
+            for (Iterator i = userReaders.iterator(); i.hasNext();) {
+                if (((UserReaderMBean) i.next()).userExists(name)) {
+                    return true;
+                }
+            }
+
+            for (Iterator i = groupMemberListers.iterator(); i.hasNext();) {
+                GroupMemberListerMBean groupMemberLister = (GroupMemberListerMBean) i.next();
+
+                if (groupMemberLister.groupExists(name)) {
+                    return true;
+                }
+            }
+
+            return false;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    public boolean inGroup(String username, String groupname) {
+        try {
+            for (Iterator i = memberGroupListers.iterator(); i.hasNext();) {
+                if (((MemberGroupListerMBean) i.next()).isMember(groupname, username, true)) {
+                    return true;
+                }
+            }
+
+            return false;
+        } catch (Exception ex) {
+            log.error("Error checking inGroup(" + username + ", " + groupname + ")", ex);
+
+            return false;
+        }
+    }
+
+    public List list() {
+        try {
+            List groups = new ArrayList();
+
+            for (Iterator i = memberGroupListers.iterator(); i.hasNext();) {
+                MemberGroupListerMBean memberGroupLister = (MemberGroupListerMBean) i.next();
+                String cursor = memberGroupLister.listGroups("*", maxRecords);
+
+                while (memberGroupLister.haveCurrent(cursor)) {
+                    String groupName = memberGroupLister.getCurrentName(cursor);
+
+                    if (!groups.contains(groupName)) {
+                        groups.add(groupName);
+                    }
+
+                    memberGroupLister.advance(cursor);
+                }
+
+                memberGroupLister.close(cursor);
+            }
+
+            return Collections.unmodifiableList(groups);
+        } catch (Exception ex) {
+            log.error("Error getting list of groups", ex);
+
+            return null;
+        }
+    }
+
+    public List listGroupsContainingUser(String username) {
+        try {
+            List groups = new ArrayList();
+
+            for (Iterator i = memberGroupListers.iterator(); i.hasNext();) {
+                MemberGroupListerMBean memberGroupLister = (MemberGroupListerMBean) i.next();
+                String cursor = memberGroupLister.listMemberGroups(username);
+
+                while (memberGroupLister.haveCurrent(cursor)) {
+                    String userName = memberGroupLister.getCurrentName(cursor);
+                    groups.add(userName);
+                    memberGroupLister.advance(cursor);
+                }
+
+                memberGroupLister.close(cursor);
+            }
+
+            return groups;
+        } catch (Exception ex) {
+            log.error("Error listing groups of user " + username, ex);
+
+            return null;
+        }
+    }
+
+    public List listUsersInGroup(String groupname) {
+        try {
+            List users = new ArrayList();
+
+            for (Iterator i = groupMemberListers.iterator(); i.hasNext();) {
+                GroupMemberListerMBean groupMemberLister = (GroupMemberListerMBean) i.next();
+                String cursor = groupMemberLister.listGroupMembers(groupname, "*", maxRecords);
+
+                while (groupMemberLister.haveCurrent(cursor)) {
+                    String userName = groupMemberLister.getCurrentName(cursor);
+                    users.add(userName);
+                    groupMemberLister.advance(cursor);
+                }
+
+                groupMemberLister.close(cursor);
+            }
+
+            return users;
+        } catch (Exception ex) {
+            log.error("Error listing members of group " + groupname, ex);
+
+            return null;
+        }
+    }
+
+    public boolean remove(String name) {
+        /*
+        try {
+            groupEditor.removeGroup(name);
+
+            if (log.isDebugEnabled()) {
+                log.debug("Removed " + name);
+            }
+
+            return true;
+        } catch (Exception ex) {
+            log.error("Error removing group " + name, ex);
+
+            return false;
+        }
+        */
+        return false;
+    }
+
+    public boolean removeFromGroup(String username, String groupname) {
+        /*
+        try {
+            groupEditor.removeMemberFromGroup(groupname, username);
+
+            if (log.isDebugEnabled()) {
+                log.debug("Removed user " + username + " from group " + groupname);
+            }
+
+            return true;
+        } catch (Exception ex) {
+            log.error("Error removing user " + username + " from group " + groupname, ex);
+
+            return false;
+        }
+        */
+        return false;
+    }
+}

src/java/com/opensymphony/user/provider/weblogic/WeblogicCredentialsProvider.java

+/*
+ * Copyright (c) 2002-2003 by OpenSymphony
+ * All rights reserved.
+ */
+package com.opensymphony.user.provider.weblogic;
+
+import com.opensymphony.user.provider.CredentialsProvider;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import weblogic.management.security.authentication.UserPasswordEditorMBean;
+import weblogic.management.security.authentication.UserReaderMBean;
+
+import weblogic.management.utils.NotFoundException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * Provider to check credentials based on weblogic's configured user security.
+ * Required properties:
+ * <ul>
+ *    <li>username - The name of an admin user</li>
+ *    <li>password - The admin user's password</li>
+ *    <li>serverurl - (e.g. t3://localhost:7001)</li>
+ * </ul>
+ * Optional properties:
+ * <ul>
+ *    <li>maxrecords - (default: Integer.MAX_VALUE)</li>
+ * </ul>
+ *
+ * This currently is read-only because the only Authenticator I use (IPlanet)
+ * doesn't implement GroupEditorMBean nor UserEditorMBean If someone in the
+ * future wants to implement this functionality, you can (probably) just
+ * uncomment the code in the appropriate method and remove the "return false;".
+ * You will also have to set it up to loop through the all the UserEditorMBeans
+ * and all the GroupEditorMBeans.
+ *
+ * @author Dave Brondsema
+ */
+public class WeblogicCredentialsProvider extends WeblogicProvider implements CredentialsProvider {
+    //~ Static fields/initializers /////////////////////////////////////////////
+
+    private static final Log log = LogFactory.getLog(WeblogicCredentialsProvider.class);
+
+    //~ Methods ////////////////////////////////////////////////////////////////
+
+    public boolean authenticate(String name, String password) {
+        try {
+            // must get the home bean again otherwise (for unknown reason), we get "NoAccessRuntimeException: Access not allowed for subject: principals=[]"
+            findHome();
+
+            boolean valid = false;
+
+            for (Iterator i = userPasswordEditors.iterator(); i.hasNext();) {
+                UserPasswordEditorMBean userPasswordEditor = (UserPasswordEditorMBean) i.next();
+
+                try {
+                    userPasswordEditor.changeUserPassword(name, password, password);
+                    valid = true;
+                } catch (NotFoundException e) {
+                    // catch it so we can try any further editors
+                }
+            }
+
+            return valid;
+        } catch (Exception ex) {
+            log.warn("unable to authenticate for user " + name, ex);
+
+            return false;
+        }
+    }
+
+    public boolean changePassword(String name, String password) {
+        try {
+            boolean changed = false;
+
+            for (Iterator i = userPasswordEditors.iterator(); i.hasNext();) {
+                try {
+                    UserPasswordEditorMBean userPasswordEditor = (UserPasswordEditorMBean) i.next();
+                    userPasswordEditor.resetUserPassword(name, password);
+                    changed = true;
+                } catch (NotFoundException e) {
+                    // catch it so we can try any further editors
+                }
+            }
+
+            return changed;
+        } catch (Exception ex) {
+            log.warn("unable to change password for user " + name, ex);
+
+            return false;
+        }
+    }
+
+    public boolean create(String name) {
+        return false;
+    }
+
+    public boolean handles(String name) {
+        try {
+            for (Iterator i = userReaders.iterator(); i.hasNext();) {
+                if (((UserReaderMBean) i.next()).userExists(name)) {
+                    return true;
+                }
+            }
+
+            return false;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    public List list() {
+        try {
+            List result = new ArrayList();
+
+            for (Iterator i = userReaders.iterator(); i.hasNext();) {
+                UserReaderMBean u = (UserReaderMBean) i.next();
+                String cursor = u.listUsers("*", maxRecords);
+
+                while (u.haveCurrent(cursor)) {
+                    String uName = u.getCurrentName(cursor);
+                    result.add(uName);
+                    u.advance(cursor);
+                }
+
+                u.close(cursor);
+            }
+
+            return Collections.unmodifiableList(result);
+        } catch (Exception ex) {
+            log.error("Error getting list of users", ex);
+
+            return null;
+        }
+    }
+
+    public boolean remove(String name) {
+        return false;
+    }
+}

src/java/com/opensymphony/user/provider/weblogic/WeblogicProvider.java

+/*
+ * Copyright (c) 2002-2003 by OpenSymphony
+ * All rights reserved.
+ */
+package com.opensymphony.user.provider.weblogic;
+
+import com.opensymphony.user.Entity;
+import com.opensymphony.user.provider.UserProvider;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import weblogic.management.MBeanHome;
+
+import weblogic.management.security.authentication.AuthenticationProviderMBean;
+import weblogic.management.security.authentication.GroupEditorMBean;
+import weblogic.management.security.authentication.GroupMemberListerMBean;
+import weblogic.management.security.authentication.MemberGroupListerMBean;
+import weblogic.management.security.authentication.UserEditorMBean;
+import weblogic.management.security.authentication.UserPasswordEditorMBean;
+import weblogic.management.security.authentication.UserReaderMBean;
+import weblogic.management.security.credentials.CredentialMapperMBean;
+import weblogic.management.security.credentials.UserPasswordCredentialMapEditorMBean;
+import weblogic.management.security.credentials.UserPasswordCredentialMapReaderMBean;
+
+import java.io.IOException;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+
+/*
+ * @author Dave Brondsema
+ */
+public abstract class WeblogicProvider implements UserProvider {
+    //~ Static fields/initializers /////////////////////////////////////////////
+
+    private static final Log log = LogFactory.getLog(WeblogicProvider.class);
+
+    //~ Instance fields ////////////////////////////////////////////////////////
+
+    protected transient MBeanHome home;
+
+    //private List groupEditors; // type GroupEditorMBean
+    //private List userEditors; // type UserEditorMBean
+    protected List groupMemberListers; // type GroupMemberListerMBean
+    protected List memberGroupListers; // type MemberGroupListerMBean
+    protected List userPasswordEditors; // type UserPasswordEditorMBean
+    protected List userReaders; // type UserReaderMBean
+    protected Properties originalProperties;
+    protected int maxRecords;
+
+    //~ Methods ////////////////////////////////////////////////////////////////
+
+    public void flushCaches() {
+    }
+
+    public boolean init(Properties properties) {
+        try {
+            originalProperties = properties;
+
+            String maxRecordsProperty = properties.getProperty("maxrecords");
+
+            if (maxRecordsProperty != null) {
+                maxRecords = Integer.parseInt(maxRecordsProperty);
+            } else {
+                maxRecords = Integer.MAX_VALUE;
+            }
+
+            groupMemberListers = new ArrayList();
+            memberGroupListers = new ArrayList();
+            userReaders = new ArrayList();
+            userPasswordEditors = new ArrayList();
+
+            findHome();
+
+            AuthenticationProviderMBean[] authProviders = home.getActiveDomain().getSecurityConfiguration().findDefaultRealm().getAuthenticationProviders();
+            CredentialMapperMBean[] credMappers = home.getActiveDomain().getSecurityConfiguration().findDefaultRealm().getCredentialMappers();
+
+            if (log.isDebugEnabled()) {
+                log.debug("ignore credential mapping = " + home.getActiveDomain().getSecurityConfiguration().findDefaultRealm().isDeployCredentialMappingIgnored());
+            }
+
+            //RoleMapperMBean[] roleMappers = home.getActiveDomain().getSecurityConfiguration().findDefaultRealm().getRoleMappers();
+            for (int i = 0; i < authProviders.length; i++) {
+                if (log.isDebugEnabled()) {
+                    log.debug("provider: " + authProviders[i].wls_getDisplayName());
+                }
+
+                if (authProviders[i] instanceof UserEditorMBean) {
+                    log.debug("UserEditorMBean: " + authProviders[i].wls_getDisplayName());
+                }
+
+                if (authProviders[i] instanceof GroupEditorMBean) {
+                    log.debug("GroupEditorMBean: " + authProviders[i].wls_getDisplayName());
+                }
+
+                if (authProviders[i] instanceof MemberGroupListerMBean) {
+                    log.debug("MemberGroupListerMBean: " + authProviders[i].wls_getDisplayName());
+                    groupMemberListers.add(authProviders[i]);
+                }
+
+                if (authProviders[i] instanceof GroupMemberListerMBean) {
+                    log.debug("GroupMemberListerMBean: " + authProviders[i].wls_getDisplayName());
+                    memberGroupListers.add(authProviders[i]);
+                }
+
+                if (authProviders[i] instanceof UserReaderMBean) {
+                    log.debug("UserReaderMBean: " + authProviders[i].wls_getDisplayName());
+                    userReaders.add(authProviders[i]);
+                }
+
+                /* etc */
+            }
+
+            if (log.isDebugEnabled()) {
+                log.debug(credMappers.length + " credmappers");
+            }
+
+            for (int i = 0; i < credMappers.length; i++) {
+                if (log.isDebugEnabled()) {
+                    log.debug("credMapper: " + credMappers[i].wls_getDisplayName());
+                }
+
+                if (authProviders[i] instanceof UserPasswordCredentialMapReaderMBean) {
+                    log.debug("UserPasswordCredentialMapReaderMBean: " + credMappers[i].wls_getDisplayName());
+                }
+
+                if (authProviders[i] instanceof UserPasswordCredentialMapEditorMBean) {
+                    log.debug("UserPasswordCredentialMapEditorMBean: " + credMappers[i].wls_getDisplayName());
+                }
+
+                if (authProviders[i] instanceof UserPasswordEditorMBean) {
+                    log.debug("UserPasswordEditorMBean: " + credMappers[i].wls_getDisplayName());
+                    userPasswordEditors.add(authProviders[i]);
+                }
+            }
+
+            if (log.isDebugEnabled()) {
+                log.debug(groupMemberListers.size() + " groupMemberListers");
+            }
+
+            if (log.isDebugEnabled()) {
+                log.debug(memberGroupListers.size() + " memberGroupListers");
+            }
+
+            if (log.isDebugEnabled()) {
+                log.debug(userReaders.size() + " userReaders");
+            }
+
+            return true;
+        } catch (Exception ex) {
+            log.error("Error in init(" + properties + ")", ex);
+
+            return false;
+        }
+    }
+
+    public boolean load(String name, Entity.Accessor accessor) {
+        accessor.setMutable(true);
+
+        return true;
+    }
+
+    public boolean store(String name, Entity.Accessor accessor) {
+        return true;
+    }
+
+    protected void findHome() {
+        home = weblogic.management.Helper.getAdminMBeanHome(originalProperties.getProperty("username"), originalProperties.getProperty("password"), originalProperties.getProperty("serverurl"));
+    }
+
+    private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
+        in.defaultReadObject();
+        init(null);
+    }
+}