users@glassfish.java.net

Re: Does the administrators group have a fixed name of 'asadmin'?

From: <glassfish_at_javadesktop.org>
Date: Thu, 17 Apr 2008 11:48:42 PDT

So Line 52 of ASLoginDriverImpl.java has the ASADMIN_GROUP 'hard coded'.
glassfish/appserv-core/src/java/com/sun/enterprise/admin/server/core/jmx/auth/ASLoginDriverImpl.java

My work around was to copy some files from glassfish, make a few changes and use
the new classes when defining the admin-realm. You have GOT to love open source!!

Steps taken:
1a) Copy the LDAPRealm.java class to and made changed to package from com.sun... to com.blackdoorinc....
glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/ldap/LDAPRealm.java
1b) Changed the class it extends from IASRealm to AppservRealm (can not remember why I did this at this point)
         public final class LDAPRealm extends AppservRealm
1c) Added these three lines:
        public static final String PARAM_ADMIN_GRP_NAME="admin-group-name"; //Param to specify the LDAP admin group to key off of when determining authorization.
        public static final String DEFAULT_ADMIN_GRP_NAME="asadmin"; // Redeclared this but may not needed to.
        private boolean authBasedOnDefaultAdminGrpName = true; //a boolean to help determine if the default admin group will be in LDAP or use a different group

1d) Added this to the init method.
                String adminGroupName = props.getProperty(PARAM_ADMIN_GRP_NAME, DEFAULT_ADMIN_GRP_NAME);
        this.setProperty(PARAM_ADMIN_GRP_NAME, adminGroupName);
                if(! DEFAULT_ADMIN_GRP_NAME.equals(adminGroupName) )
                {
            _logger.log(Level.INFO, "LDAPRealm : Mapping users with LDAP group '" + adminGroupName + "' to '" + DEFAULT_ADMIN_GRP_NAME + "' enabled.");
                        this.authBasedOnDefaultAdminGrpName = false;
                }
1e) Added the line to findAndBind() method right before setGroupNames() was called.
        grpList = addDefaultAdminGroup(grpList);

1f) Added this method:
    protected String[] addDefaultAdminGroup(String[] grps) {
        String[] resultGroups = grps;

                if(! authBasedOnDefaultAdminGrpName)
                {
                        List<String> groupList = new ArrayList<String>();
            if (grps != null && grps.length > 0) {
                for (String grp : grps) {
                    groupList.add(grp);
                }
            }

                        String adminGroupName = this.getProperty(PARAM_ADMIN_GRP_NAME);
                        _logger.log(Level.FINE, "LDAPRealm (addDefaultAdminGroup): Is user part of LDAP group " + adminGroupName + "?");
                        if(groupList.contains(adminGroupName) && !groupList.contains(DEFAULT_ADMIN_GRP_NAME))
                        {
                                groupList.add(DEFAULT_ADMIN_GRP_NAME);
                                _logger.log(Level.INFO, "LDAPRealm (addDefaultAdminGroup): User is in LDAP group '" + adminGroupName + "'. Added '" + DEFAULT_ADMIN_GRP_NAME + "' to group list.");
                        }
            resultGroups = groupList.toArray(new String[groupList.size()]);
                }

        return resultGroups;
        }

2a) Copied the LDAPLoginModule.java
       glassfish/??/src/java/com/sun/enterprise/security/auth/login/LDAPLoginModule.java
2b) Changed package and imports to reflect the change from com.sun... to com.blackdoorinc....
     import com.blackdoorinc.enterprise.security.auth.realm.ldap.LDAPRealm;

3) Modified the login.conf file to include the new files.
blackdoorincLdapRealm {
        com.blackdoorinc.enterprise.security.auth.login.LDAPLoginModule required;
};

FYI: The domain.xml has the following for the admin-realm:
        <auth-realm classname="com.blackdoorinc.enterprise.security.auth.realm.ldap.LDAPRealm" name="admin-realm">
          <property name="admin-group-name" value="MIDTIERAdmin"/>
          <property name="group-search-filter" value="member=%d"/>
          <property name="search-bind-password" value="adminadmin"/>
          <property name="search-bind-dn" value="cn=admin,dc=blackdoorinc,dc=com"/>
          <property name="jaas-context" value="blackdoorincLdapRealm"/>
          <property name="base-dn" value="dc=blackdoorinc,dc=com"/>
          <property name="directory" value="ldap://localhost:389"/>
        </auth-realm>
[Message sent by forum member 'blackdoorinc' (blackdoorinc)]

http://forums.java.net/jive/thread.jspa?messageID=269815