Package com.sun.enterprise.admin.util

Class SecureAdminClientManager

  • public class SecureAdminClientManager
extends Object
    Encapsulates the implementation of secure admin.

    A process that needs to send admin messages to another server and might not have a user-provided username and password should inject this class and invoke initClientAuthentication(char[], boolean, String, String, String, File) before it sends a message to the admin listener. The code which actually prepares the message can then retrieve the initialized information from this class in constructing the outbound admin message.

    The class offers static accessors to the important values so, for example, RemoteAdminCommand (which is not a service and it therefore not subject to injection) can retrieve what it needs to build the outbound admin request.

    This allows us to support CLI commands which need to connect to the DAS securely but will have neither a user-provided master password nor a human who we could prompt for the master password.

    Author:
    Tim Quinn

    • Method Detail

      • initClientAuthentication

        public static void initClientAuthentication​(char[] commandMasterPassword,
                                            boolean isInteractive,
                                            String serverName,
                                            String nodeDir,
                                            String node,
                                            File nodeDirRoot)
        Prepares the manager so SSL/TLS will provide the correct client cert when connecting to a remote admin port. The main result of invoking this method is to build an array of KeyManagers which can be passed to SSLContext.initClientAuthentication so SSL can use the managers to find certs that meet the requirements of the partner on the other end of the connection.

        This method opens the keystore, so it will need the master password. The calling command should pass the master password which the user specified in the file specified by the --passwordfile option (if any). Because the user-provided password might be wrong or missing, the caller also indicates whether a human user is present to respond to a prompt for the password. This will not be the case, for example, during an unattended start-up of an instance.

        The caller also provides at least one of the server name, the node directory, or the node. These are used to locate where the domain.xml file is that contains security config information we need.

        Parameters:
        commandMasterPassword - master password provided by the user on the command line; null if none
        isInteractive - whether the caller is in a context where a human could be prompted to enter a password
        serverName - name of the server where domain.xml resides
        nodeDir - directory of the node where domain.xml resides
        node - name of the node whose directory contains domain.xml

      • isEnabled

        public boolean isEnabled()
        Reports whether the secure admin is enabled, according to the current configuration.
        Returns:
        if secure admin is enabled

      • configuredAdminIndicatorValue

        public String configuredAdminIndicatorValue()