Examples of com.sun.enterprise.security.auth.realm.file.FileRealm

• com.sun.enterprise.security.auth.realm.file.FileRealm
  Realm wrapper for supporting file password authentication.

  In addition to the basic realm functionality, this class provides administration methods for the file realm.

  Format of the keyfile used by this class is one line per user containing username;password;groups where:

  • username - Name string.
  • password - A salted SHA hash (SSHA) of the user password.
  • groups - A comma separated list of group memberships.

  The file realm needs the following properties in its configuration:

  • file - Full path to the keyfile to load
  • jaas-ctx - JAAS context name used to access LoginModule for authentication.

  @author Harry Singh @author Jyri Virkki @author Shing Wai Chan

    }
    private FileRealm adminRealm() throws BadRealmException, NoSuchRealmException {
        final AuthRealm ar = as.getAssociatedAuthRealm();
        if (FileRealm.class.getName().equals(ar.getClassname())) {
            String adminKeyFilePath = ar.getPropertyValue("file");
            FileRealm fr = new FileRealm(adminKeyFilePath);
            return fr;
        }
        return null;
    }

     * @throws NoSuchRealmException
     * @throws NoSuchUserException
     */
    @Override
    public boolean isAnyAdminUserWithoutPassword() throws Exception {
        final FileRealm adminRealm = adminRealm();
        for (final Enumeration<String> e = adminRealm.getUserNames(); e.hasMoreElements(); ) {
            final String username = e.nextElement();
            /*
                * Try to authenticate this user with an empty password.  If it
                * works we can stop.
                */
            final String[] groupNames = adminRealm.authenticate(username, emptyPassword);
            if (groupNames != null) {
                for (String groupName : groupNames) {
                    if (DOMAIN_ADMIN_GROUP_NAME.equals(groupName)) {
                        return true;
                    }

        if (as.usesFileRealm()) {
            try {
                AuthRealm ar = as.getAssociatedAuthRealm();
                if (FileRealm.class.getName().equals(ar.getClassname())) {
                    String adminKeyFilePath = ar.getPropertyValue("file");
                    FileRealm fr = new FileRealm(adminKeyFilePath);
                    if (!fr.hasAuthenticatableUser()) {
                        ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mSecureAdminEmptyPassword);
                        throw new IllegalStateException(ADMSEC_LOGGER.getResourceBundle()
                                .getString(AdminLoggerInfo.mSecureAdminEmptyPassword));
                    }
                }

            //an incompletely formed file property or the file property points to a non-existent file, can't allow access
            ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
            return null;
        }
        try {
            FileRealm fr = new FileRealm(rf.getAbsolutePath());
            String candidateDefaultAdminUser = null;
            for (Enumeration users = fr.getUserNames(); users.hasMoreElements();) {
                String au = (String) users.nextElement();
                FileRealmUser fru = (FileRealmUser)fr.getUser(au);
                for (String group : fru.getGroups()) {
                    if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
                        if (candidateDefaultAdminUser != null) {
                            ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
                            return null;

        if (as.usesFileRealm()) {
            try {
                AuthRealm ar = as.getAssociatedAuthRealm();
                if (FileRealm.class.getName().equals(ar.getClassname())) {
                    String adminKeyFilePath = ar.getPropertyValue("file");
                    FileRealm fr = new FileRealm(adminKeyFilePath);
                    if (!fr.hasAuthenticatableUser()) {
                        ADMSEC_LOGGER.log(Level.SEVERE, AdminLoggerInfo.mSecureAdminEmptyPassword);
                        throw new IllegalStateException(ADMSEC_LOGGER.getResourceBundle()
                                .getString(AdminLoggerInfo.mSecureAdminEmptyPassword));
                    }
                }

            //an incompletely formed file property or the file property points to a non-existent file, can't allow access
            ADMSEC_LOGGER.fine("CAN'T FIND DEFAULT ADMIN USER: THE KEYFILE DOES NOT EXIST");
            return null;
        }
        try {
            FileRealm fr = new FileRealm(rf.getAbsolutePath());
            String candidateDefaultAdminUser = null;
            for (Enumeration users = fr.getUserNames(); users.hasMoreElements();) {
                String au = (String) users.nextElement();
                FileRealmUser fru = (FileRealmUser)fr.getUser(au);
                for (String group : fru.getGroups()) {
                    if (group.equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME)) {
                        if (candidateDefaultAdminUser != null) {
                            ADMSEC_LOGGER.log(Level.FINE, "There are multiple admin users so we cannot use any as a default");
                            return null;

            throw new RuntimeException(Strings.get("errVal"), ex);
        }
    }

    private void validateUser(final String username) throws BadRealmException, NoSuchRealmException {
        final FileRealm fr = adminRealm();
        try {
            FileRealmUser fru = (FileRealmUser)fr.getUser(username);
            if (isInAdminGroup(fru)) {
                return;
            }
            /*
             * The user is valid but is not in the admin group.

    }
    private FileRealm adminRealm() throws BadRealmException, NoSuchRealmException {
        final AuthRealm ar = as.getAssociatedAuthRealm();
        if (FileRealm.class.getName().equals(ar.getClassname())) {
            String adminKeyFilePath = ar.getPropertyValue("file");
            FileRealm fr = new FileRealm(adminKeyFilePath);
            return fr;
        }
        return null;
    }

     * @throws NoSuchRealmException
     * @throws NoSuchUserException
     */
    @Override
    public boolean isAnyAdminUserWithoutPassword() throws Exception {
        final FileRealm adminRealm = adminRealm();
        for (final Enumeration<String> e = adminRealm.getUserNames(); e.hasMoreElements(); ) {
            final String username = e.nextElement();
            /*
                * Try to authenticate this user with an empty password.  If it
                * works we can stop.
                */
            final String[] groupNames = adminRealm.authenticate(username, emptyPassword);
            if (groupNames != null) {
                for (String groupName : groupNames) {
                    if (DOMAIN_ADMIN_GROUP_NAME.equals(groupName)) {
                        return true;
                    }

            throw new RuntimeException(Strings.get("errVal"), ex);
        }
    }

    private void validateUser(final String username) throws BadRealmException, NoSuchRealmException {
        final FileRealm fr = adminRealm();
        try {
            FileRealmUser fru = (FileRealmUser)fr.getUser(username);
            if (isInAdminGroup(fru)) {
                return;
            }
            /*
             * The user is valid but is not in the admin group.