Package com.sun.enterprise.admin.util

Class GenericAdminAuthenticator

java.lang.Object
com.sun.enterprise.admin.util.GenericAdminAuthenticator
All Implemented Interfaces:
JMXAuthenticator, org.glassfish.hk2.api.PostConstruct, org.glassfish.internal.api.AdminAccessController
@Service @ContractsProvided({javax.management.remote.JMXAuthenticator.class,org.glassfish.internal.api.AdminAccessController.class}) public class GenericAdminAuthenticator extends Object implements org.glassfish.internal.api.AdminAccessController, JMXAuthenticator, org.glassfish.hk2.api.PostConstruct
Implementation of AdminAccessController that delegates to LoginContextDriver.
Since:
GlassFish v3
Author:
Kedar Mhaswade (km@dev.java.net) This is still being developed. This particular implementation both authenticates and authorizes the users directly or indirectly.

  • Authentication works by either calling FileRealm.authenticate() or by calling LoginContextDriver.login
  • The admin users in case of administration file realm are always in a fixed group called "asadmin". In case of LDAP, the specific group relationships are enforced.
Note that admin security is tested only with FileRealm and LDAPRealm.
See Also:
  • com.sun.enterprise.security.cli.LDAPAdminAccessConfigurator
  • CreateFileUser

  • Constructor Details

    • GenericAdminAuthenticator

      public GenericAdminAuthenticator()

  • Method Details

    • postConstruct

      public void postConstruct()
      Specified by:
      postConstruct in interface org.glassfish.hk2.api.PostConstruct

    • loginAsAdmin

      public Subject loginAsAdmin(String user, String password, String realm, String originHost) throws LoginException
      Attempts to authenticate the user as an administrator.
      Specified by:
      loginAsAdmin in interface org.glassfish.internal.api.AdminAccessController
      Parameters:
      user - String representing the user name of the user doing an admin opearation
      password - String representing clear-text password of the user doing an admin operation
      realm - String representing the name of the admin realm for given server
      originHost - the host from which the request was sent
      Returns:
      Subject representing the authenticated user
      Throws:
      LoginException - if authentication fails
      org.glassfish.internal.api.RemoteAdminAccessException - if the connection is remote but secure admin is disabled

    • loginAsAdmin

      public Subject loginAsAdmin(org.glassfish.grizzly.http.server.Request request) throws LoginException
      Attempts to authenticate the user as an administrator
      Specified by:
      loginAsAdmin in interface org.glassfish.internal.api.AdminAccessController
      Parameters:
      request - the Grizzly request containing the admin request
      Returns:
      Subject representing the authenticated user
      Throws:
      LoginException - if authentication fails
      org.glassfish.internal.api.RemoteAdminAccessException - if the connection is remote but secure admin is disabled

    • loginAsAdmin

      public Subject loginAsAdmin(org.glassfish.grizzly.http.server.Request request, String hostname) throws LoginException
      Attempts to authenticate the user submitting the request as an administrator.
      Specified by:
      loginAsAdmin in interface org.glassfish.internal.api.AdminAccessController
      Parameters:
      request - the admin request
      hostname - the host from which the connection originated (if non-null, this hostname overrides the host in the request)
      Returns:
      Subject representing the authenticated user
      Throws:
      LoginException - if authentication fails
      org.glassfish.internal.api.RemoteAdminAccessException - if the connection is remote but secure admin is disabled

    • authenticate

      public Subject authenticate(Object credentials)
      The JMXAUthenticator's authenticate method.
      Specified by:
      authenticate in interface JMXAuthenticator