Class SecureAdminClientManager
- java.lang.Object
-
- com.sun.enterprise.admin.util.SecureAdminClientManager
-
public class SecureAdminClientManager extends Object
Encapsulates the implementation of secure admin.A process that needs to send admin messages to another server and might not have a user-provided username and password should inject this class and invoke
initClientAuthentication(char[], boolean, String, String, String, File)
before it sends a message to the admin listener. The code which actually prepares the message can then retrieve the initialized information from this class in constructing the outbound admin message.The class offers static accessors to the important values so, for example, RemoteAdminCommand (which is not a service and it therefore not subject to injection) can retrieve what it needs to build the outbound admin request.
This allows us to support CLI commands which need to connect to the DAS securely but will have neither a user-provided master password nor a human who we could prompt for the master password.
- Author:
- Tim Quinn
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description String
configuredAdminIndicatorValue()
static KeyManager[]
getKeyManagers()
Returns KeyManagers which access the SSL key store for use in performing client cert authentication.static void
initClientAuthentication(char[] commandMasterPassword, boolean isInteractive, String serverName, String nodeDir, String node, File nodeDirRoot)
Prepares the manager so SSL/TLS will provide the correct client cert when connecting to a remote admin port.boolean
isEnabled()
Reports whether the secure admin is enabled, according to the current configuration.KeyManager[]
keyManagers()
-
-
-
Method Detail
-
getKeyManagers
public static KeyManager[] getKeyManagers()
Returns KeyManagers which access the SSL key store for use in performing client cert authentication. The returned KeyManagers will most likely be passed toSSLContext.init(KeyManager[], TrustManager[], SecureRandom)
.- Returns:
- KeyManagers
-
initClientAuthentication
public static void initClientAuthentication(char[] commandMasterPassword, boolean isInteractive, String serverName, String nodeDir, String node, File nodeDirRoot)
Prepares the manager so SSL/TLS will provide the correct client cert when connecting to a remote admin port. The main result of invoking this method is to build an array of KeyManagers which can be passed to SSLContext.initClientAuthentication so SSL can use the managers to find certs that meet the requirements of the partner on the other end of the connection.This method opens the keystore, so it will need the master password. The calling command should pass the master password which the user specified in the file specified by the --passwordfile option (if any). Because the user-provided password might be wrong or missing, the caller also indicates whether a human user is present to respond to a prompt for the password. This will not be the case, for example, during an unattended start-up of an instance.
The caller also provides at least one of the server name, the node directory, or the node. These are used to locate where the domain.xml file is that contains security config information we need.
- Parameters:
commandMasterPassword
- master password provided by the user on the command line; null if noneisInteractive
- whether the caller is in a context where a human could be prompted to enter a passwordserverName
- name of the server where domain.xml residesnodeDir
- directory of the node where domain.xml residesnode
- name of the node whose directory contains domain.xml
-
isEnabled
public boolean isEnabled()
Reports whether the secure admin is enabled, according to the current configuration.- Returns:
- if secure admin is enabled
-
keyManagers
public KeyManager[] keyManagers()
-
configuredAdminIndicatorValue
public String configuredAdminIndicatorValue()
-
-