Package com.sun.enterprise.admin.util

Class GenericAdminAuthenticator

  • All Implemented Interfaces:
    JMXAuthenticator, org.glassfish.hk2.api.PostConstruct, AdminAccessController
    @Service
@ContractsProvided({javax.management.remote.JMXAuthenticator.class,AdminAccessController.class})
public class GenericAdminAuthenticator
extends Object
implements AdminAccessController, JMXAuthenticator, org.glassfish.hk2.api.PostConstruct
    Implementation of AdminAccessController that delegates to LoginContextDriver.
    Since:
    GlassFish v3
    Author:
    Kedar Mhaswade ([email protected]) This is still being developed. This particular implementation both authenticates and authorizes the users directly or indirectly.

    • Authentication works by either calling FileRealm.authenticate() or by calling LoginContextDriver.login
    • The admin users in case of administration file realm are always in a fixed group called "asadmin". In case of LDAP, the specific group relationships are enforced.
    Note that admin security is tested only with FileRealm and LDAPRealm.
    See Also:
    com.sun.enterprise.security.cli.LDAPAdminAccessConfigurator, CreateFileUser

    • Constructor Detail

      • GenericAdminAuthenticator

        public GenericAdminAuthenticator()

    • Method Detail

      • postConstruct

        public void postConstruct()
        Specified by:
        postConstruct in interface org.glassfish.hk2.api.PostConstruct

      • loginAsAdmin

        public Subject loginAsAdmin​(String user,
                            String password,
                            String realm,
                            String originHost)
                     throws LoginException
        Attempts to authenticate the user as an administrator.
        Specified by:
        loginAsAdmin in interface AdminAccessController
        Parameters:
        user - String representing the user name of the user doing an admin opearation
        password - String representing clear-text password of the user doing an admin operation
        realm - String representing the name of the admin realm for given server
        originHost - the host from which the request was sent
        Returns:
        Subject representing the authenticated user
        Throws:
        LoginException - if authentication fails
        RemoteAdminAccessException - if the connection is remote but secure admin is disabled

      • loginAsAdmin

        public Subject loginAsAdmin​(org.glassfish.grizzly.http.server.Request request)
                     throws LoginException
        Attempts to authenticate the user as an administrator
        Specified by:
        loginAsAdmin in interface AdminAccessController
        Parameters:
        request - the Grizzly request containing the admin request
        Returns:
        Subject representing the authenticated user
        Throws:
        LoginException - if authentication fails
        RemoteAdminAccessException - if the connection is remote but secure admin is disabled

      • loginAsAdmin

        public Subject loginAsAdmin​(org.glassfish.grizzly.http.server.Request request,
                            String hostname)
                     throws LoginException
        Attempts to authenticate the user submitting the request as an administrator.
        Specified by:
        loginAsAdmin in interface AdminAccessController
        Parameters:
        request - the admin request
        hostname - the host from which the connection originated (if non-null, this hostname overrides the host in the request)
        Returns:
        Subject representing the authenticated user
        Throws:
        LoginException - if authentication fails
        RemoteAdminAccessException - if the connection is remote but secure admin is disabled