author | Dan Labrecque <Dan.Labrecque@oracle.com> |
Tue, 14 Dec 2010 14:54:59 -0500 | |
changeset 624 | 23c2892e582e |
parent 622 | 779060a588bc |
child 625 | 0ad7f2393529 |
permissions | -rw-r--r-- |
391 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
5 |
* Common Development and Distribution License (the "License"). |
|
6 |
* You may not use this file except in compliance with the License. |
|
7 |
* |
|
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
||
22 |
/* |
|
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
23 |
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. |
391 | 24 |
*/ |
25 |
||
26 |
package org.opensolaris.os.vp.client.common; |
|
27 |
||
28 |
import java.io.*; |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
29 |
import java.net.*; |
391 | 30 |
import java.security.*; |
31 |
import java.security.cert.*; |
|
32 |
import java.security.cert.Certificate; |
|
33 |
import java.util.*; |
|
438
5341dd3e7a04
14761 simplify login dialog
Stephen Talley <stephen.talley@sun.com>
parents:
433
diff
changeset
|
34 |
import javax.management.*; |
391 | 35 |
import javax.management.remote.*; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
36 |
import javax.swing.JOptionPane; |
438
5341dd3e7a04
14761 simplify login dialog
Stephen Talley <stephen.talley@sun.com>
parents:
433
diff
changeset
|
37 |
import org.opensolaris.os.rad.*; |
5341dd3e7a04
14761 simplify login dialog
Stephen Talley <stephen.talley@sun.com>
parents:
433
diff
changeset
|
38 |
import org.opensolaris.os.rad.api.pam.*; |
391 | 39 |
import org.opensolaris.os.rad.jmx.RadConnector; |
40 |
import org.opensolaris.os.vp.common.panel.MBeanUtil; |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
41 |
import org.opensolaris.os.vp.panel.common.*; |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
42 |
import org.opensolaris.os.vp.panel.common.action.*; |
391 | 43 |
import org.opensolaris.os.vp.util.misc.*; |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
44 |
import org.opensolaris.os.vp.util.misc.finder.Finder; |
391 | 45 |
|
46 |
public abstract class RadLoginManager { |
|
47 |
// |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
48 |
// Inner classes |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
49 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
50 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
51 |
private static interface AuthPrompter { |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
52 |
DialogMessage getInitialMessage(LoginRequest request); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
53 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
54 |
Block initiate(LoginRequest request, AuthenticatorMXBean auth) |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
55 |
throws ActionAbortedException, ObjectException; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
56 |
|
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
57 |
void prompt(LoginRequest request, List<LoginProperty> properties, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
58 |
LoginData data) throws ActionAbortedException, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
59 |
ActionRegressedException; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
60 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
61 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
62 |
private class LoginPrompter implements AuthPrompter { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
63 |
@Override |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
64 |
public DialogMessage getInitialMessage(LoginRequest request) { |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
65 |
return new DialogMessage(Finder.getString( |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
66 |
"login.message.userauth", request.getHost().getValue(), |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
67 |
request.getUser().getValue())); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
68 |
} |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
69 |
|
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
70 |
@Override |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
71 |
public Block initiate(LoginRequest request, |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
72 |
AuthenticatorMXBean auth) throws ActionAbortedException, |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
73 |
ObjectException { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
74 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
75 |
return auth.login(Locale.getDefault().getLanguage(), |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
76 |
request.getUser().getValue()); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
77 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
78 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
79 |
@Override |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
80 |
public void prompt(LoginRequest request, List<LoginProperty> properties, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
81 |
LoginData data) throws ActionAbortedException, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
82 |
ActionRegressedException { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
83 |
|
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
84 |
try { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
85 |
promptForUserAuth(request, properties); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
86 |
} finally { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
87 |
data.setUserAcknowledged(true); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
88 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
89 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
90 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
91 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
92 |
private class RolePrompter implements AuthPrompter { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
93 |
@Override |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
94 |
public DialogMessage getInitialMessage(LoginRequest request) { |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
95 |
return new DialogMessage(Finder.getString( |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
96 |
"login.message.roleauth", request.getHost().getValue(), |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
97 |
request.getUser().getValue(), request.getRole().getValue())); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
98 |
} |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
99 |
|
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
100 |
@Override |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
101 |
public Block initiate(LoginRequest request, |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
102 |
AuthenticatorMXBean auth) throws ActionAbortedException, |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
103 |
ObjectException { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
104 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
105 |
return auth.assume(Locale.getDefault().getLanguage(), |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
106 |
request.getRole().getValue()); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
107 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
108 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
109 |
@Override |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
110 |
public void prompt(LoginRequest request, List<LoginProperty> properties, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
111 |
LoginData data) throws ActionAbortedException, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
112 |
ActionRegressedException { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
113 |
|
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
114 |
try { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
115 |
promptForRoleAuth(request, properties); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
116 |
} finally { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
117 |
data.setRoleAcknowledged(true); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
118 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
119 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
120 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
121 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
122 |
private static class LoginData { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
123 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
124 |
// Instance data |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
125 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
126 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
127 |
private ConnectionInfo userInfo; |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
128 |
private ConnectionInfo roleInfo; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
129 |
private AuthenticatorMXBean auth; |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
130 |
private JMXConnector authConnector; |
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
131 |
private boolean userAcknowledged; |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
132 |
private boolean roleAcknowledged; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
133 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
134 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
135 |
// LoginData methods |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
136 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
137 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
138 |
public AuthenticatorMXBean getAuthBean(LoginRequest request) { |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
139 |
JMXConnector connector = |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
140 |
roleInfo != null ? roleInfo.getConnector() : |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
141 |
userInfo != null ? userInfo.getConnector() : null; |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
142 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
143 |
if (authConnector != connector || auth == null) { |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
144 |
authConnector = connector; |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
145 |
auth = null; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
146 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
147 |
if (connector != null) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
148 |
try { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
149 |
MBeanServerConnection mbsc = |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
150 |
connector.getMBeanServerConnection(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
151 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
152 |
ObjectName oName = MBeanUtil.makeObjectName( |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
153 |
"org.opensolaris.os.rad", "authentication"); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
154 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
155 |
auth = JMX.newMXBeanProxy(mbsc, oName, |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
156 |
AuthenticatorMXBean.class); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
157 |
} catch (IOException e) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
158 |
request.getMessages().add(new DialogMessage( |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
159 |
Finder.getString("login.err.io", |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
160 |
request.getHost().getValue()), |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
161 |
JOptionPane.ERROR_MESSAGE)); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
162 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
163 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
164 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
165 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
166 |
return auth; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
167 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
168 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
169 |
public ConnectionInfo getRoleConnectionInfo() { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
170 |
return roleInfo; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
171 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
172 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
173 |
public ConnectionInfo getUserConnectionInfo() { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
174 |
return userInfo; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
175 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
176 |
|
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
177 |
public boolean isRoleAcknowledged() { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
178 |
return roleAcknowledged; |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
179 |
} |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
180 |
|
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
181 |
public boolean isUserAcknowledged() { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
182 |
return userAcknowledged; |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
183 |
} |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
184 |
|
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
185 |
public void setRoleAcknowledged(boolean roleAcknowledged) { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
186 |
this.roleAcknowledged = roleAcknowledged; |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
187 |
if (roleAcknowledged) { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
188 |
setUserAcknowledged(true); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
189 |
} |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
190 |
} |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
191 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
192 |
public void setRoleConnectionInfo(ConnectionInfo roleInfo) { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
193 |
this.roleInfo = roleInfo; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
194 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
195 |
|
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
196 |
public void setUserAcknowledged(boolean userAcknowledged) { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
197 |
this.userAcknowledged = userAcknowledged; |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
198 |
if (!userAcknowledged) { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
199 |
setRoleAcknowledged(false); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
200 |
} |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
201 |
} |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
202 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
203 |
public void setUserConnectionInfo(ConnectionInfo userInfo) { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
204 |
this.userInfo = userInfo; |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
205 |
setRoleConnectionInfo(null); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
206 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
207 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
208 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
209 |
private static class ConnectorData { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
210 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
211 |
// Instance data |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
212 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
213 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
214 |
private JMXConnector connector; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
215 |
private boolean isLocal; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
216 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
217 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
218 |
// Constructors |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
219 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
220 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
221 |
public ConnectorData(JMXConnector connector, boolean isLocal) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
222 |
this.connector = connector; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
223 |
this.isLocal = isLocal; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
224 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
225 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
226 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
227 |
// ConnectorData methods |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
228 |
// |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
229 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
230 |
public JMXConnector getConnector() { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
231 |
return connector; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
232 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
233 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
234 |
public boolean isLocal() { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
235 |
return isLocal; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
236 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
237 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
238 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
239 |
// |
391 | 240 |
// Static data |
241 |
// |
|
242 |
||
243 |
public static final String TRUSTSTORE_PASSWORD = "trustpass"; |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
244 |
public static final String LOCAL_USER = System.getProperty("user.name"); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
245 |
public static final String LOCAL_HOST = "localhost"; |
391 | 246 |
|
247 |
// |
|
248 |
// Instance data |
|
249 |
// |
|
250 |
||
251 |
private ConnectionManager connManager; |
|
252 |
||
253 |
// |
|
254 |
// Constructors |
|
255 |
// |
|
256 |
||
257 |
public RadLoginManager(ConnectionManager connManager) { |
|
258 |
this.connManager = connManager; |
|
259 |
} |
|
260 |
||
261 |
// |
|
262 |
// RadLoginManager methods |
|
263 |
// |
|
264 |
||
265 |
/** |
|
266 |
* Creates an empty truststore file. |
|
267 |
*/ |
|
268 |
protected void createTrustStore(File truststore) throws KeyStoreException, |
|
269 |
IOException, NoSuchAlgorithmException, CertificateException { |
|
270 |
||
271 |
File truststoreDir = truststore.getParentFile(); |
|
272 |
||
273 |
if (!truststoreDir.exists()) { |
|
274 |
if (!truststoreDir.mkdirs()) { |
|
275 |
throw new IOException( |
|
276 |
"could not create truststore directory: " + |
|
277 |
truststoreDir.getAbsolutePath()); |
|
278 |
} |
|
279 |
} |
|
280 |
||
281 |
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
282 |
char[] password = getTrustStorePassword().toCharArray(); |
|
283 |
||
284 |
// Create empty keystore |
|
285 |
keyStore.load(null, password); |
|
286 |
||
287 |
FileOutputStream fos = new FileOutputStream(truststore); |
|
288 |
keyStore.store(fos, password); |
|
289 |
fos.close(); |
|
290 |
} |
|
291 |
||
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
292 |
/** |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
293 |
* Opens a connection to the server. This routine returns a two-element |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
294 |
* array consisting of: |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
295 |
* <p/> |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
296 |
* <ol> |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
297 |
* <li> |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
298 |
* a (new or existing) {@link ConnectionInfo} for the {@code user@host} |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
299 |
* connection, and |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
300 |
* </li> |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
301 |
* <li> |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
302 |
* a (new or existing) {@link ConnectionInfo} for the {@code role@host |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
303 |
* (via user)} connection, or {@code null} if the user did not choose to |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
304 |
* assume a role |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
305 |
* </li> |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
306 |
* </ol> |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
307 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
308 |
* @param request |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
309 |
* the {@link LoginRequest} encapsulating the preset values and |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
310 |
* editability of each core {@link LoginProperty} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
311 |
* |
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
312 |
* @param current |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
313 |
* if non-{@code null}, ensures that the user is aware of |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
314 |
* changes in host/user/role (preventing the use of cached |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
315 |
* connections without the user's knowledge) |
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
316 |
* |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
317 |
* @exception ActionAbortedException |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
318 |
* if the user cancels the operation |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
319 |
* |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
320 |
* @exception ActionFailedException |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
321 |
* if the given request fails |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
322 |
*/ |
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
323 |
public ConnectionInfo[] getConnectionInfo(LoginRequest request, |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
324 |
ConnectionInfo current) throws ActionAbortedException, |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
325 |
ActionFailedException { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
326 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
327 |
LoginData data = new LoginData(); |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
328 |
|
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
329 |
boolean done = false; |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
330 |
while (!done) { |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
331 |
gatherHostAndUserData(request, data); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
332 |
|
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
333 |
try { |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
334 |
gatherRoleData(request, data); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
335 |
done = true; |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
336 |
} catch (ActionRegressedException e) { |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
337 |
request.getHost().setErrored(false); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
338 |
request.getUser().setErrored(false); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
339 |
request.getRole().setErrored(false); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
340 |
request.getMessages().clear(); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
341 |
data.setUserConnectionInfo(null); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
342 |
} |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
343 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
344 |
|
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
345 |
ConnectionInfo userInfo = data.getUserConnectionInfo(); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
346 |
ConnectionInfo roleInfo = data.getRoleConnectionInfo(); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
347 |
|
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
348 |
// To prevent rogue connections, if the chosen connection has a |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
349 |
// different host/user/role than the current connection, ensure that the |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
350 |
// user has already acknowledged it at some point in the authentication |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
351 |
// process. If not, prompt for acknowledgement now. |
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
352 |
if (current != null && |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
353 |
(roleInfo == null ? |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
354 |
(!data.isUserAcknowledged() && |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
355 |
(!current.matchesHost(userInfo.getHost()) || |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
356 |
!current.matchesUser(userInfo.getUser()))) : |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
357 |
(!data.isRoleAcknowledged() && |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
358 |
(!current.matchesHost(roleInfo.getHost()) || |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
359 |
!current.matchesUser(roleInfo.getUser()) || |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
360 |
!current.matchesRole(roleInfo.getRole()))))) { |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
361 |
|
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
362 |
promptForAck(request); |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
363 |
} |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
364 |
|
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
365 |
return new ConnectionInfo[] { userInfo, roleInfo }; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
366 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
367 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
368 |
public ConnectionManager getConnectionManager() { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
369 |
return connManager; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
370 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
371 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
372 |
/** |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
373 |
* Gets the truststore file. |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
374 |
*/ |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
375 |
public abstract File getTrustStoreFile(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
376 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
377 |
/** |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
378 |
* Gets the truststore password. This default implementation returns |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
379 |
* "{@code trustpass}". |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
380 |
*/ |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
381 |
public String getTrustStorePassword() { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
382 |
return TRUSTSTORE_PASSWORD; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
383 |
} |
391 | 384 |
|
385 |
protected boolean handleCertFailure(String host, File truststore, |
|
386 |
Certificate certificate) throws ActionAbortedException, |
|
387 |
KeyStoreException, IOException, NoSuchAlgorithmException, |
|
388 |
CertificateException { |
|
389 |
||
390 |
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
391 |
char[] password = getTrustStorePassword().toCharArray(); |
|
392 |
||
393 |
// Load truststore |
|
394 |
FileInputStream fis = new FileInputStream(truststore); |
|
395 |
keyStore.load(fis, password); |
|
396 |
fis.close(); |
|
397 |
||
398 |
// Does the truststore already contain the certificate? |
|
399 |
String alias = keyStore.getCertificateAlias(certificate); |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
400 |
if (alias != null) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
401 |
return false; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
402 |
} |
391 | 403 |
|
404 |
boolean acceptNeeded = true; |
|
405 |
||
406 |
if (NetUtil.isLocalAddress(host)) { |
|
407 |
FileInputStream certFileIn = null; |
|
408 |
try { |
|
409 |
File certFile = new File("/etc/rad/cert.pem"); |
|
410 |
certFileIn = new FileInputStream(certFile); |
|
411 |
Certificate localCert = CertificateFactory. |
|
412 |
getInstance("X.509").generateCertificate(certFileIn); |
|
413 |
||
414 |
if (localCert.equals(certificate)) { |
|
415 |
acceptNeeded = false; |
|
416 |
} |
|
417 |
} catch (Throwable ignore) { |
|
418 |
} finally { |
|
419 |
IOUtil.closeIgnore(certFileIn); |
|
420 |
} |
|
421 |
} |
|
422 |
||
423 |
if (acceptNeeded) { |
|
424 |
// Display the certificate, prompt user to accept |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
425 |
promptForCertificate(host, certificate); |
391 | 426 |
} |
427 |
||
428 |
// Add certificate |
|
429 |
alias = ((X509Certificate)certificate).getIssuerDN().toString(); |
|
430 |
KeyStore.Entry entry = |
|
431 |
new KeyStore.TrustedCertificateEntry(certificate); |
|
432 |
keyStore.setEntry(alias, entry, null); |
|
433 |
||
434 |
FileOutputStream fos = new FileOutputStream(truststore); |
|
435 |
keyStore.store(fos, password); |
|
436 |
fos.close(); |
|
437 |
||
438 |
return true; |
|
439 |
} |
|
440 |
||
441 |
/** |
|
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
442 |
* Prompt the user to acknowledge or reject the imminent completion of the |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
443 |
* given request. |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
444 |
* |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
445 |
* @param request |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
446 |
* the {@link LoginRequest} encapsulating the preset values of |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
447 |
* each core {@link LoginProperty} |
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
448 |
* |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
449 |
* @exception ActionAbortedException |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
450 |
* if the user cancels the operation |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
451 |
*/ |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
452 |
protected abstract void promptForAck(LoginRequest request) |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
453 |
throws ActionAbortedException; |
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
454 |
|
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
455 |
/** |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
456 |
* Display the given {@code Certificate} details and prompt for user |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
457 |
* confirmation to add it to the truststore. |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
458 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
459 |
* @param host |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
460 |
* the owner of the {@code Certificate} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
461 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
462 |
* @param certificate |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
463 |
* the {@code Certificate} to verify |
391 | 464 |
* |
465 |
* @exception ActionAbortedException |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
466 |
* if the user cancels the operation |
391 | 467 |
*/ |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
468 |
protected abstract void promptForCertificate(String host, |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
469 |
Certificate certificate) throws ActionAbortedException; |
391 | 470 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
471 |
/** |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
472 |
* Prompts the user to acknowledge failure of the given request. |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
473 |
* |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
474 |
* @param request |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
475 |
* the {@link LoginRequest} encapsulating the values and |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
476 |
* error status of each core {@link LoginProperty} |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
477 |
*/ |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
478 |
protected abstract void promptForFailedRequest(LoginRequest request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
479 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
480 |
/** |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
481 |
* Prompt the user to enter host/user data, subject to the editability and |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
482 |
* preset values of the host and user {@link LoginProperty}s of the given |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
483 |
* request. |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
484 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
485 |
* @param request |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
486 |
* the {@link LoginRequest} encapsulating the preset values and |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
487 |
* editability of each core {@link LoginProperty} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
488 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
489 |
* @exception ActionAbortedException |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
490 |
* if the user cancels the operation |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
491 |
*/ |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
492 |
protected abstract void promptForHostAndUser(LoginRequest request) |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
493 |
throws ActionAbortedException; |
391 | 494 |
|
495 |
/** |
|
624
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
496 |
* Prompts the user to acknowledge lack of roles for user. |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
497 |
* |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
498 |
* @param request |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
499 |
* the {@link LoginRequest} encapsulating the values and |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
500 |
* error status of each core {@link LoginProperty} |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
501 |
*/ |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
502 |
protected abstract void promptForEnsureRoles(LoginRequest request); |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
503 |
|
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
504 |
/** |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
505 |
* Prompt the user to select a role, subject to the editability and preset |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
506 |
* value of the role {@link LoginProperty} of the given request. |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
507 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
508 |
* @param request |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
509 |
* the {@link LoginRequest} encapsulating the preset values and |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
510 |
* editability of each core {@link LoginProperty} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
511 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
512 |
* @param roles |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
513 |
* a list of valid roles for the selected user |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
514 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
515 |
* @exception ActionAbortedException |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
516 |
* if the user cancels the operation |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
517 |
* |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
518 |
* @exception ActionRegressedException |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
519 |
* if the chooses to re-edit the host or user fields |
391 | 520 |
*/ |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
521 |
protected abstract void promptForRole(LoginRequest request, |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
522 |
List<String> roles) throws ActionAbortedException, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
523 |
ActionRegressedException; |
391 | 524 |
|
525 |
/** |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
526 |
* Prompts the user to enter data for each of the given {@link |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
527 |
* LoginProperty}s required for role authentication by the server. |
391 | 528 |
* |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
529 |
* @param request |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
530 |
* the {@link LoginRequest} encapsulating the preset values and |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
531 |
* editability of each core {@link LoginProperty} |
391 | 532 |
* |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
533 |
* @param properties |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
534 |
* a {@code List} of {@link LoginProperty}s from the server |
391 | 535 |
* |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
536 |
* @exception ActionAbortedException |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
537 |
* if the user cancels the operation |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
538 |
* |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
539 |
* @exception ActionRegressedException |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
540 |
* if the chooses to re-edit the role field |
391 | 541 |
*/ |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
542 |
protected abstract void promptForRoleAuth(LoginRequest request, |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
543 |
List<LoginProperty> properties) throws ActionAbortedException, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
544 |
ActionRegressedException; |
391 | 545 |
|
546 |
/** |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
547 |
* Prompts the user to enter data for each of the given {@link |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
548 |
* LoginProperty}s required for user authentication by the server. |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
549 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
550 |
* @param request |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
551 |
* the {@link LoginRequest} encapsulating the preset values and |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
552 |
* editability of each core {@link LoginProperty} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
553 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
554 |
* @param properties |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
555 |
* a {@code List} of {@link LoginProperty}s from the server |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
556 |
* |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
557 |
* @exception ActionAbortedException |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
558 |
* if the user cancels the operation |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
559 |
* |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
560 |
* @exception ActionRegressedException |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
561 |
* if the chooses to re-edit the host or user fields |
391 | 562 |
*/ |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
563 |
protected abstract void promptForUserAuth(LoginRequest request, |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
564 |
List<LoginProperty> properties) throws ActionAbortedException, |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
565 |
ActionRegressedException; |
391 | 566 |
|
567 |
// |
|
568 |
// Private methods |
|
569 |
// |
|
570 |
||
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
571 |
@SuppressWarnings({"fallthrough"}) |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
572 |
private boolean authConverse(LoginRequest request, AuthenticatorMXBean auth, |
591
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
573 |
AuthPrompter prompter, LoginData data) throws ActionAbortedException, |
7c5752b99fd6
12473 panels should probably be run in a sandbox
Stephen Talley <stephen.talley@oracle.com>
parents:
496
diff
changeset
|
574 |
ActionRegressedException { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
575 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
576 |
List<DialogMessage> messages = request.getMessages(); |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
577 |
messages.add(prompter.getInitialMessage(request)); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
578 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
579 |
try { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
580 |
Block answer = prompter.initiate(request, auth); |
391 | 581 |
|
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
582 |
List<LoginProperty> properties = |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
583 |
new LinkedList<LoginProperty>(); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
584 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
585 |
BlockType type; |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
586 |
while (true) { |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
587 |
properties.clear(); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
588 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
589 |
switch (type = answer.getType()) { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
590 |
case success: |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
591 |
// Display any lingering messages from the server |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
592 |
if (!messages.isEmpty()) { |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
593 |
prompter.prompt(request, properties, data); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
594 |
messages.clear(); |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
595 |
} |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
596 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
597 |
auth.complete(); |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
598 |
return true; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
599 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
600 |
case error: |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
601 |
return false; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
602 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
603 |
default: |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
604 |
assert type == BlockType.conv; |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
605 |
case conv: |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
606 |
for (Message m : answer.getMessages()) { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
607 |
String text = m.getMessage(); |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
608 |
switch (m.getStyle()) { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
609 |
case prompt_echo_off: |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
610 |
properties.add(new PasswordLoginProperty( |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
611 |
text, new char[0], true)); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
612 |
break; |
468
7fa83d27b9f3
14970 python client misformats setattr requests
David Powell <David.Powell@sun.com>
parents:
442
diff
changeset
|
613 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
614 |
case prompt_echo_on: |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
615 |
properties.add(new StringLoginProperty( |
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
616 |
text, "", true)); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
617 |
break; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
618 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
619 |
case error_msg: |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
620 |
messages.add(new DialogMessage(text, |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
621 |
JOptionPane.ERROR_MESSAGE)); |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
622 |
break; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
623 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
624 |
case text_info: |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
625 |
messages.add(new DialogMessage(text, |
619
7c1f7535bc78
17587 rad text_info messages are shown as error messages in login dialog
Stephen Talley <stephen.talley@oracle.com>
parents:
615
diff
changeset
|
626 |
JOptionPane.INFORMATION_MESSAGE)); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
627 |
break; |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
628 |
} |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
629 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
630 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
631 |
if (!properties.isEmpty()) { |
496
3e406d128be1
15339 command line invocations shouldn't attempt to reuse connections
Stephen Talley <stephen.talley@oracle.com>
parents:
487
diff
changeset
|
632 |
prompter.prompt(request, properties, data); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
633 |
messages.clear(); |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
634 |
} |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
635 |
|
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
636 |
List<char[]> response = new LinkedList<char[]>(); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
637 |
for (LoginProperty property : properties) { |
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
638 |
if (property instanceof StringLoginProperty) { |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
639 |
String v = (String)property.getValue(); |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
640 |
if (v != null) { |
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
641 |
response.add(v.toCharArray()); |
622
779060a588bc
17589 generic message shouldn't preface every step in PAM conversation
Stephen Talley <stephen.talley@oracle.com>
parents:
620
diff
changeset
|
642 |
} |
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
643 |
} else if (property instanceof PasswordLoginProperty) { |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
644 |
response.add((char[])property.getValue()); |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
645 |
} |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
646 |
} |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
647 |
|
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
648 |
answer = auth.submit(response); |
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
649 |
// clear out passwords |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
650 |
for (char[] res : response) { |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
651 |
Arrays.fill(res, (char)0); |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
652 |
res = null; |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
653 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
654 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
655 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
656 |
} catch (ObjectException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
657 |
messages.add(new DialogMessage( |
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
658 |
Finder.getString("login.err.io", |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
659 |
request.getHost().getValue()), |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
660 |
JOptionPane.ERROR_MESSAGE)); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
661 |
return false; |
391 | 662 |
} |
663 |
} |
|
664 |
||
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
665 |
private ConnectorData createConnection(String host) |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
666 |
throws KeyStoreException, NoSuchAlgorithmException, |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
667 |
CertificateException, MalformedURLException, IOException, |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
668 |
ActionAbortedException { |
391 | 669 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
670 |
JMXConnector connector; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
671 |
boolean isLocal = NetUtil.isLocalAddress(host); |
391 | 672 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
673 |
if (isLocal) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
674 |
JMXServiceURL url = new JMXServiceURL( |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
675 |
RadConnector.PROTOCOL_UDS, "", 0, "/var/run/radsocket"); |
391 | 676 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
677 |
connector = JMXConnectorFactory.connect(url, null); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
678 |
} else { |
391 | 679 |
File truststore = getTrustStoreFile(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
680 |
if (!truststore.exists()) { |
391 | 681 |
createTrustStore(truststore); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
682 |
} |
391 | 683 |
|
684 |
Map<String, Object> env = new HashMap<String, Object>(); |
|
685 |
env.put(RadConnector.KEY_TLS_TRUSTSTORE, |
|
686 |
truststore.getAbsolutePath()); |
|
687 |
env.put(RadConnector.KEY_TLS_TRUSTPASS, |
|
688 |
getTrustStorePassword()); |
|
689 |
||
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
690 |
JMXServiceURL url = new JMXServiceURL( |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
691 |
"service:jmx:" + RadConnector.PROTOCOL_TLS + "://" + host); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
692 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
693 |
// Throws MalformedURLException |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
694 |
connector = JMXConnectorFactory.newJMXConnector(url, null); |
391 | 695 |
|
696 |
for (;;) { |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
697 |
RadTrustManager mtm = new RadTrustManager(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
698 |
env.put(RadConnector.KEY_TLS_RADMANAGER, mtm); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
699 |
|
391 | 700 |
try { |
701 |
connector.connect(env); |
|
702 |
break; |
|
703 |
} catch (IOException e) { |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
704 |
X509Certificate[] chain = mtm.getBadChain(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
705 |
if (chain == null) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
706 |
throw e; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
707 |
} |
391 | 708 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
709 |
if (!handleCertFailure(host, truststore, chain[0])) { |
391 | 710 |
throw e; |
711 |
} |
|
712 |
} |
|
713 |
} |
|
714 |
} |
|
715 |
||
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
716 |
return new ConnectorData(connector, isLocal); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
717 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
718 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
719 |
private ConnectorData createConnection(LoginRequest request) |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
720 |
throws ActionAbortedException { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
721 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
722 |
ConnectorData data = null; |
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
723 |
StringLoginProperty host = request.getHost(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
724 |
String hostVal = host.getValue(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
725 |
List<DialogMessage> messages = request.getMessages(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
726 |
boolean success = false; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
727 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
728 |
try { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
729 |
data = createConnection(hostVal); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
730 |
success = true; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
731 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
732 |
// Thrown by JMXConnector.connect |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
733 |
} catch (UnknownHostException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
734 |
messages.add(new DialogMessage(Finder.getString( |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
735 |
"login.err.host.unknown", hostVal), JOptionPane.ERROR_MESSAGE)); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
736 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
737 |
// Thrown by JMXConnector.connect |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
738 |
} catch (ConnectException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
739 |
messages.add(new DialogMessage(Finder.getString( |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
740 |
"login.err.host.refused", hostVal), JOptionPane.ERROR_MESSAGE)); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
741 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
742 |
// Thrown by JMXConnector.connect() |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
743 |
} catch (SecurityException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
744 |
messages.add(new DialogMessage(Finder.getString( |
481
e35a695aa20c
15629 cryptic message when logging in with root user when root is a role (client)
Stephen Talley <stephen.talley@oracle.com>
parents:
478
diff
changeset
|
745 |
"login.err.security", hostVal), |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
746 |
JOptionPane.ERROR_MESSAGE)); |
391 | 747 |
|
748 |
// Thrown by createTrustStore |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
749 |
} catch (KeyStoreException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
750 |
messages.add(new DialogMessage(Finder.getString( |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
751 |
"login.err.keystore", e.getMessage()), |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
752 |
JOptionPane.ERROR_MESSAGE)); |
391 | 753 |
|
754 |
// Thrown by createTrustStore |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
755 |
} catch (NoSuchAlgorithmException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
756 |
messages.add(new DialogMessage(Finder.getString( |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
757 |
"login.err.keystore", e.getMessage()), |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
758 |
JOptionPane.ERROR_MESSAGE)); |
391 | 759 |
|
760 |
// Thrown by getDaemonCertificateChain |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
761 |
} catch (CertificateException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
762 |
messages.add(new DialogMessage(Finder.getString( |
481
e35a695aa20c
15629 cryptic message when logging in with root user when root is a role (client)
Stephen Talley <stephen.talley@oracle.com>
parents:
478
diff
changeset
|
763 |
"login.err.nocerts", hostVal), |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
764 |
JOptionPane.ERROR_MESSAGE)); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
765 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
766 |
// Thrown by new JMXServiceURL |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
767 |
} catch (MalformedURLException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
768 |
messages.add(new DialogMessage(Finder.getString( |
481
e35a695aa20c
15629 cryptic message when logging in with root user when root is a role (client)
Stephen Talley <stephen.talley@oracle.com>
parents:
478
diff
changeset
|
769 |
"login.err.url.invalid"), |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
770 |
JOptionPane.ERROR_MESSAGE)); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
771 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
772 |
// Thrown by JMXConnector.connect et al |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
773 |
} catch (IOException e) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
774 |
messages.add(new DialogMessage(Finder.getString( |
481
e35a695aa20c
15629 cryptic message when logging in with root user when root is a role (client)
Stephen Talley <stephen.talley@oracle.com>
parents:
478
diff
changeset
|
775 |
"login.err.io", hostVal), |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
776 |
JOptionPane.ERROR_MESSAGE)); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
777 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
778 |
} finally { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
779 |
if (!success) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
780 |
host.setErrored(true); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
781 |
} |
391 | 782 |
} |
783 |
||
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
784 |
return data; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
785 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
786 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
787 |
private void gatherHostAndUserData(LoginRequest request, LoginData data) |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
788 |
throws ActionAbortedException, ActionFailedException { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
789 |
|
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
790 |
StringLoginProperty host = request.getHost(); |
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
791 |
StringLoginProperty user = request.getUser(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
792 |
List<DialogMessage> messages = request.getMessages(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
793 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
794 |
// Loop until connected to host and authenticated as user |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
795 |
while (true) { |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
796 |
// Refresh each iteration in case host/user.isEditableOnError |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
797 |
boolean hostEditable = host.isEditable(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
798 |
boolean userEditable = user.isEditable(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
799 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
800 |
// If host or user is in error, and cannot be fixed by the user... |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
801 |
if (!hostEditable && (host.isErrored() || |
615
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
802 |
(!userEditable && user.isErrored()))) { |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
803 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
804 |
promptForFailedRequest(request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
805 |
throw new ActionFailedException( |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
806 |
messages.isEmpty() ? null : messages.get(0).getText()); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
807 |
} |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
808 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
809 |
if (hostEditable || userEditable || !messages.isEmpty()) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
810 |
promptForHostAndUser(request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
811 |
data.setUserAcknowledged(true); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
812 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
813 |
// User only needs to see any message once, presumably |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
814 |
messages.clear(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
815 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
816 |
host.setErrored(false); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
817 |
user.setErrored(false); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
818 |
} |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
819 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
820 |
String hostVal = host.getValue(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
821 |
String userVal = user.getValue(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
822 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
823 |
if (hostVal == null || hostVal.isEmpty()) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
824 |
messages.add(new DialogMessage( |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
825 |
Finder.getString("login.err.host.empty"), |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
826 |
JOptionPane.ERROR_MESSAGE)); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
827 |
host.setErrored(true); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
828 |
continue; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
829 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
830 |
} else if (userVal == null || userVal.isEmpty()) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
831 |
messages.add(new DialogMessage( |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
832 |
Finder.getString("login.err.user.empty"), |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
833 |
JOptionPane.ERROR_MESSAGE)); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
834 |
user.setErrored(true); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
835 |
continue; |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
836 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
837 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
838 |
// Is there an existing ConnectionInfo for this host & user? |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
839 |
ConnectionInfo info = getConnectionManager().getConnection(hostVal, |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
840 |
userVal, null); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
841 |
if (info != null) { |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
842 |
data.setUserConnectionInfo(info); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
843 |
return; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
844 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
845 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
846 |
// Create connection, append to messages on error |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
847 |
ConnectorData conData = createConnection(request); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
848 |
if (conData != null) { |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
849 |
info = new ConnectionInfo(hostVal, userVal, null, |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
850 |
conData.getConnector()); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
851 |
data.setUserConnectionInfo(info); |
391 | 852 |
|
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
853 |
// No need to authenticate if local user on local host |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
854 |
if (conData.isLocal() && userVal.equals(LOCAL_USER)) { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
855 |
return; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
856 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
857 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
858 |
// Get/create auth bean, append to messages on error |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
859 |
AuthenticatorMXBean auth = data.getAuthBean(request); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
860 |
if (auth != null) { |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
861 |
try { |
615
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
862 |
AuthPrompter prompter = new LoginPrompter(); |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
863 |
do { |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
864 |
if (authConverse(request, auth, prompter, data)) { |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
865 |
return; |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
866 |
} |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
867 |
|
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
868 |
// Authentication failed |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
869 |
user.setErrored(true); |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
870 |
|
615
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
871 |
// Add generic auth failure message if not already |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
872 |
// provided by server |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
873 |
if (messages.isEmpty()) { |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
874 |
messages.add(new DialogMessage(Finder.getString( |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
875 |
"login.err.user.auth", hostVal, userVal), |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
876 |
JOptionPane.ERROR_MESSAGE)); |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
877 |
} |
391 | 878 |
|
615
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
879 |
// No chance to edit host/user, so keep iterating here |
d3970b657f35
17576 login is overly-verbose when read-only host/user fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
601
diff
changeset
|
880 |
} while (!host.isEditable() && !user.isEditable()); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
881 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
882 |
// Thrown by authConverse |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
883 |
} catch (ActionRegressedException e) { |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
884 |
host.setErrored(false); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
885 |
user.setErrored(false); |
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
886 |
messages.clear(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
887 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
888 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
889 |
} |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
890 |
|
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
891 |
// Could not create/authenticate connection -- reset and try again |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
892 |
data.setUserConnectionInfo(null); |
391 | 893 |
} |
894 |
} |
|
895 |
||
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
896 |
private void gatherRoleData(LoginRequest request, LoginData data) |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
897 |
throws ActionAbortedException, ActionFailedException, |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
898 |
ActionRegressedException { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
899 |
|
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
900 |
StringLoginProperty host = request.getHost(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
901 |
String hostVal = host.getValue(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
902 |
|
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
903 |
StringLoginProperty user = request.getUser(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
904 |
String userVal = user.getValue(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
905 |
|
600
c16a7e34499d
17304 - Implement password type
Shadrack Kilemba <Shadrack.Kilemba@Oracle.COM>
parents:
598
diff
changeset
|
906 |
StringLoginProperty role = request.getRole(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
907 |
List<DialogMessage> messages = request.getMessages(); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
908 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
909 |
// Loop until no role is chosen, or chosen role is authenticated |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
910 |
while (true) { |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
911 |
// Get/create auth bean, append to messages on error |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
912 |
AuthenticatorMXBean auth = data.getAuthBean(request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
913 |
if (auth == null) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
914 |
// Not likely, but handle it anyway |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
915 |
promptForFailedRequest(request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
916 |
throw new ActionRegressedException(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
917 |
} |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
918 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
919 |
// Get valid roles for this host/user |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
920 |
List<String> roles = auth.getroles(); |
624
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
921 |
if (request.getEnsureRoles() && roles.isEmpty()) { |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
922 |
String message = Finder.getString("login.err.role.none", |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
923 |
hostVal, userVal); |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
924 |
|
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
925 |
messages.add(new DialogMessage(message, |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
926 |
JOptionPane.ERROR_MESSAGE)); |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
927 |
|
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
928 |
promptForEnsureRoles(request); |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
929 |
throw new ActionFailedException(message); |
23c2892e582e
17520 - "Change role..." needs better behavior when no roles
Dan Labrecque <Dan.Labrecque@oracle.com>
parents:
622
diff
changeset
|
930 |
} |
391 | 931 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
932 |
String roleVal = role.getValue(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
933 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
934 |
if (roleVal != null && !roles.contains(roleVal)) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
935 |
String message = Finder.getString("login.err.role.invalid", |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
936 |
hostVal, userVal, roleVal); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
937 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
938 |
messages.add(new DialogMessage(message, |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
939 |
JOptionPane.ERROR_MESSAGE)); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
940 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
941 |
role.setErrored(true); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
942 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
943 |
if (role.isEditable()) { |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
944 |
role.setValue(null); |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
945 |
} else { |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
946 |
promptForFailedRequest(request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
947 |
throw new ActionFailedException(message); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
948 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
949 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
950 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
951 |
if ((role.isEditable() && !roles.isEmpty()) || !messages.isEmpty()) |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
952 |
{ |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
953 |
promptForRole(request, roles); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
954 |
data.setRoleAcknowledged(true); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
955 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
956 |
// User only needs to see any message once, presumably |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
957 |
messages.clear(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
958 |
|
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
959 |
role.setErrored(false); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
960 |
roleVal = role.getValue(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
961 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
962 |
|
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
963 |
if (roleVal == null) { |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
964 |
// No need to keep going |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
965 |
return; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
966 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
967 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
968 |
// Search for existing connection now that roleVal is definite |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
969 |
ConnectionInfo info = getConnectionManager().getConnection(hostVal, |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
970 |
userVal, roleVal); |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
971 |
if (info != null) { |
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
972 |
data.setRoleConnectionInfo(info); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
973 |
return; |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
974 |
} |
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
975 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
976 |
try { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
977 |
byte[] token = auth.createToken(); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
978 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
979 |
// Create connection, append to messages on error |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
980 |
ConnectorData conData = createConnection(request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
981 |
if (conData != null) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
982 |
JMXConnector connector = conData.getConnector(); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
983 |
info = new ConnectionInfo(hostVal, userVal, roleVal, |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
984 |
connector); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
985 |
data.setRoleConnectionInfo(info); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
986 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
987 |
// Create auth bean, append to messages on error |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
988 |
auth = data.getAuthBean(request); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
989 |
if (auth != null) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
990 |
auth.redeemToken(userVal, token); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
991 |
|
620
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
992 |
AuthPrompter prompter = new RolePrompter(); |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
993 |
do { |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
994 |
if (authConverse(request, auth, prompter, data)) { |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
995 |
return; |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
996 |
} |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
997 |
|
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
998 |
// Authentication failed |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
999 |
role.setErrored(true); |
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
1000 |
|
620
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1001 |
// Add generic auth failure message if not already |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1002 |
// provided by server |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1003 |
if (messages.isEmpty()) { |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1004 |
messages.add(new DialogMessage( |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1005 |
Finder.getString("login.err.role.auth", |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1006 |
hostVal, userVal, roleVal), |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1007 |
JOptionPane.ERROR_MESSAGE)); |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1008 |
} |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1009 |
|
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1010 |
// No chance to edit role, so keep iterating here |
faf036da4417
17588 login is overly-verbose when read-only role fails authentication
Stephen Talley <stephen.talley@oracle.com>
parents:
619
diff
changeset
|
1011 |
} while (!role.isEditable()); |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
1012 |
} |
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1013 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
1014 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1015 |
// Thrown by createToken/redeemToken |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1016 |
} catch (ObjectException e) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1017 |
messages.add(new DialogMessage(Finder.getString( |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1018 |
"login.err.io", hostVal), JOptionPane.ERROR_MESSAGE)); |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
1019 |
|
601
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1020 |
// Thrown by authConverse |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1021 |
} catch (ActionRegressedException e) { |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1022 |
host.setErrored(false); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1023 |
user.setErrored(false); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1024 |
role.setErrored(false); |
9d4e3e0ee603
7947 vp should fail if unable to connect to requested host
Stephen Talley <stephen.talley@oracle.com>
parents:
600
diff
changeset
|
1025 |
messages.clear(); |
391 | 1026 |
} |
473
18f221b572ce
14914 all local logins should use AF_UNIX connections
Stephen Talley <stephen.talley@oracle.com>
parents:
468
diff
changeset
|
1027 |
|
478
2aa1b1c14fb7
15505 role-based connections should hold a lock on the core user connection
Stephen Talley <stephen.talley@oracle.com>
parents:
474
diff
changeset
|
1028 |
// Could not create/authenticate connection -- reset and try again |
487
09d92217e10c
15685 login dialog should support "back" behavior
Stephen Talley <stephen.talley@oracle.com>
parents:
481
diff
changeset
|
1029 |
data.setRoleConnectionInfo(null); |
391 | 1030 |
} |
1031 |
} |
|
1032 |
} |