Fish 8925 adding epicyro implementation

appserver/admin/gf_template/src/main/resources/config/domain.xml

@@ -147,7 +147,7 @@
                 <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
                     <property value="true" name="certificate-validation"/>
                 </auth-realm>
-                <jacc-provider policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl" policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default"></jacc-provider>
+                <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
                 <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
                     <property value="false" name="auditOn" />
                 </audit-module>
@@ -279,6 +279,7 @@
                 <!-- Hotswap Agent -->
                 <jvm-options>[Dynamic Code Evolution-11.0.10|]-XX:HotswapAgent=core</jvm-options>
                 <jvm-options>[Dynamic Code Evolution-11.0.10|]-Xlog:redefine+class*=info</jvm-options>
+                <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
             </java-config>
             <availability-service>
                 <web-container-availability />
@@ -377,7 +378,7 @@
                 <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
                     <property name="certificate-validation" value="true" />
                 </auth-realm>
-                <jacc-provider policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl" policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default"></jacc-provider>
+                <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
                 <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
                     <property value="false" name="auditOn" />
                 </audit-module>
@@ -516,6 +517,7 @@
                 <!-- Hotswap Agent -->
                 <jvm-options>[Dynamic Code Evolution-11.0.10|]-XX:HotswapAgent=core</jvm-options>
                 <jvm-options>[Dynamic Code Evolution-11.0.10|]-Xlog:redefine+class*=info</jvm-options>
+                <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
             </java-config>
             <availability-service>
                 <web-container-availability />

appserver/admin/gf_template_web/src/main/resources/config/domain.xml

@@ -142,7 +142,7 @@
         <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
           <property value="true" name="certificate-validation"/>
         </auth-realm>
-        <jacc-provider policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl" policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default"></jacc-provider>
+        <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
         <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
           <property value="false" name="auditOn" />
         </audit-module>
@@ -274,6 +274,7 @@
         <!-- Hotswap Agent -->
         <jvm-options>[Dynamic Code Evolution-11.0.10|]-XX:HotswapAgent=core</jvm-options>
         <jvm-options>[Dynamic Code Evolution-11.0.10|]-Xlog:redefine+class*=info</jvm-options>
+        <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
       </java-config>
       <availability-service>
         <web-container-availability />
@@ -368,7 +369,7 @@
         <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
           <property value="true" name="certificate-validation"/>
         </auth-realm>
-        <jacc-provider policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl" policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default"></jacc-provider>
+        <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
         <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
           <property value="false" name="auditOn" />
         </audit-module>
@@ -506,6 +507,7 @@
         <!-- Hotswap Agent -->
         <jvm-options>[Dynamic Code Evolution-11.0.10|]-XX:HotswapAgent=core</jvm-options>
         <jvm-options>[Dynamic Code Evolution-11.0.10|]-Xlog:redefine+class*=info</jvm-options>
+        <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
       </java-config>
       <availability-service>
         <web-container-availability />

appserver/admin/production_domain_template/src/main/resources/config/domain.xml

@@ -124,7 +124,7 @@
           <property value="fileRealm" name="jaas-context" />
         </auth-realm>
         <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
-        <jacc-provider policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl" policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default"></jacc-provider>
+        <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
         <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
           <property value="false" name="auditOn" />
         </audit-module>
@@ -225,6 +225,7 @@
         <jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
         <!-- allow asadmin command enable-monitoring -->
         <jvm-options>-Djdk.attach.allowAttachSelf=true</jvm-options>
+        <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
       </java-config>
       <availability-service>
         <web-container-availability />
@@ -328,7 +329,7 @@
           <property name="jaas-context" value="fileRealm" />
         </auth-realm>
         <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
-        <jacc-provider policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default" policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl"></jacc-provider>
+        <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
         <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
           <property value="false" name="auditOn" />
         </audit-module>
@@ -438,6 +439,7 @@
         <jvm-options>-Dorg.jboss.weld.serialization.beanIdentifierIndexOptimization=false</jvm-options>
         <!-- Grizzly NPN Bootstrap compatible with used JDK version -->
         <jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
+        <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
       </java-config>
       <availability-service>
         <web-container-availability />

appserver/admin/production_domain_template_web/src/main/resources/config/domain.xml

@@ -147,7 +147,7 @@
           <property value="fileRealm" name="jaas-context" />
         </auth-realm>
         <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
-        <jacc-provider policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl" policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default"></jacc-provider>
+        <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
         <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
           <property value="false" name="auditOn" />
         </audit-module>
@@ -248,6 +248,7 @@
         <jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
         <!-- allow asadmin command enable-monitoring -->
         <jvm-options>-Djdk.attach.allowAttachSelf=true</jvm-options>
+        <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
       </java-config>
       <availability-service>
         <web-container-availability />
@@ -346,7 +347,7 @@
           <property name="jaas-context" value="fileRealm" />
         </auth-realm>
         <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
-        <jacc-provider policy-provider="fish.payara.security.jacc.provider.PolicyProviderImpl" name="default" policy-configuration-factory-provider="fish.payara.security.jacc.provider.PolicyConfigurationFactoryImpl"></jacc-provider>
+        <jacc-provider policy-provider="org.glassfish.exousia.modules.def.DefaultPolicy" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.def.DefaultPolicyConfigurationFactory"></jacc-provider>
         <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
           <property value="false" name="auditOn" />
         </audit-module>
@@ -455,6 +456,7 @@
         <jvm-options>-Dorg.jboss.weld.serialization.beanIdentifierIndexOptimization=false</jvm-options>
         <!-- Grizzly NPN Bootstrap compatible with used JDK version -->
         <jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
+        <jvm-options>-Djakarta.security.jacc.policy.provider=org.glassfish.exousia.modules.def.DefaultPolicy</jvm-options>
       </java-config>
       <availability-service>
         <web-container-availability />

appserver/admingui/common/src/main/java/org/glassfish/admingui/common/security/AdminConsoleAuthModule.java

@@ -37,7 +37,7 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
-// Portions Copyright [2016-2021] [Payara Foundation and/or its affiliates]
+// Portions Copyright [2016-2024] [Payara Foundation and/or its affiliates]
 
 package org.glassfish.admingui.common.security;
 
@@ -244,9 +244,7 @@ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthEx
 
     private AuthStatus doNothing(Subject clientSubject) throws AuthException {
         try {
-            // The JASPIC protocol for "do nothing"
             handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) });
-
             return SUCCESS;
         } catch (IOException | UnsupportedCallbackException e) {
             throw (AuthException) new AuthException().initCause(e);

appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/acc/AppClientContainerSecurityHelper.java

@@ -38,12 +38,15 @@
  * holder.
  */
 
+// Portions Copyright [2024] [Payara Foundation and/or its affiliates]
+
 package org.glassfish.appclient.client.acc;
 
 import com.sun.enterprise.container.common.spi.util.InjectionException;
 import com.sun.enterprise.container.common.spi.util.InjectionManager;
 import com.sun.enterprise.deployment.ApplicationClientDescriptor;
 import com.sun.enterprise.security.appclient.integration.AppClientSecurityInfo;
+import jakarta.inject.Inject;
 import java.io.File;
 import java.io.IOException;
 import java.lang.reflect.InvocationHandler;
@@ -53,17 +56,13 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.Properties;
-import java.util.logging.Level;
 import java.util.logging.Logger;
-import jakarta.inject.Inject;
 import javax.security.auth.callback.CallbackHandler;
 import org.glassfish.appclient.client.acc.config.ClientCredential;
 import org.glassfish.appclient.client.acc.config.MessageSecurityConfig;
 import org.glassfish.appclient.client.acc.config.TargetServer;
-//import org.glassfish.enterprise.iiop.api.GlassFishORBHelper;
-
-import org.jvnet.hk2.annotations.Service;
 import org.glassfish.hk2.api.PerLookup;
+import org.jvnet.hk2.annotations.Service;
 
 /**
  *
@@ -83,26 +82,22 @@ public class AppClientContainerSecurityHelper {
 
     private ClassLoader classLoader;
 
-    void init(
-            final TargetServer[] targetServers,
-            final List<MessageSecurityConfig> msgSecConfigs,
-            final Properties containerProperties,
-            final ClientCredential clientCredential,
-            final CallbackHandler callerSuppliedCallbackHandler,
-            final ClassLoader classLoader,
-            final ApplicationClientDescriptor acDesc,
-            final boolean isTextAuth) throws InstantiationException, IllegalAccessException, InjectionException, ClassNotFoundException, IOException {
+    void init(final TargetServer[] targetServers, final List<MessageSecurityConfig> msgSecConfigs,
+            final Properties containerProperties, final ClientCredential clientCredential,
+            final CallbackHandler callerSuppliedCallbackHandler, final ClassLoader classLoader,
+            final ApplicationClientDescriptor acDesc, final boolean isTextAuth) 
+            throws InstantiationException, IllegalAccessException, InjectionException, ClassNotFoundException, IOException {
 
         this.classLoader = (classLoader == null) ? Thread.currentThread().getContextClassLoader() : classLoader;
 
         initLoginConfig();
         CallbackHandler callbackHandler = 
                 initSecurity(callerSuppliedCallbackHandler, acDesc);
 
-        secInfo.initializeSecurity(Arrays.asList(targetServers),
+        secInfo.initializeSecurity(
+                Arrays.asList(targetServers),
                 msgSecConfigs,
                 callbackHandler,
-                AppClientSecurityInfo.CredentialType.USERNAME_PASSWORD,
                 (clientCredential == null ? null : clientCredential.getUserName()),
                 (clientCredential == null || 
                     clientCredential.getPassword() == null ||

appserver/common/container-common/src/main/java/com/sun/enterprise/container/common/impl/managedbean/ManagedBeanManagerImpl.java

@@ -37,27 +37,42 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
-// Portions Copyright [2016-2021] [Payara Foundation]
+// Portions Copyright [2016-2024] [Payara Foundation]
 
 package com.sun.enterprise.container.common.impl.managedbean;
 
+import com.sun.enterprise.container.common.spi.InterceptorInvoker;
+import com.sun.enterprise.container.common.spi.JCDIService;
+import com.sun.enterprise.container.common.spi.JavaEEInterceptorBuilder;
+import com.sun.enterprise.container.common.spi.JavaEEInterceptorBuilderFactory;
+import com.sun.enterprise.container.common.spi.ManagedBeanManager;
+import com.sun.enterprise.container.common.spi.util.ComponentEnvManager;
+import com.sun.enterprise.container.common.spi.util.InjectionManager;
+import com.sun.enterprise.container.common.spi.util.InterceptorInfo;
+import com.sun.enterprise.deployment.Application;
+import com.sun.enterprise.deployment.ApplicationClientDescriptor;
+import com.sun.enterprise.deployment.BundleDescriptor;
+import com.sun.enterprise.deployment.EjbBundleDescriptor;
+import com.sun.enterprise.deployment.EjbDescriptor;
+import com.sun.enterprise.deployment.InterceptorDescriptor;
+import com.sun.enterprise.deployment.JndiNameEnvironment;
+import com.sun.enterprise.deployment.LifecycleCallbackDescriptor;
+import com.sun.enterprise.deployment.ManagedBeanDescriptor;
+import com.sun.enterprise.deployment.WebBundleDescriptor;
+import com.sun.logging.LogDomains;
+import jakarta.inject.Inject;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
-import java.security.AccessController;
-import java.security.PrivilegedExceptionAction;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-
-import jakarta.inject.Inject;
 import javax.naming.InitialContext;
-
 import org.glassfish.api.admin.ProcessEnvironment;
 import org.glassfish.api.admin.ProcessEnvironment.ProcessType;
 import org.glassfish.api.event.EventListener;
@@ -72,26 +87,6 @@
 import org.glassfish.internal.deployment.Deployment;
 import org.jvnet.hk2.annotations.Service;
 
-import com.sun.enterprise.container.common.spi.InterceptorInvoker;
-import com.sun.enterprise.container.common.spi.JCDIService;
-import com.sun.enterprise.container.common.spi.JavaEEInterceptorBuilder;
-import com.sun.enterprise.container.common.spi.JavaEEInterceptorBuilderFactory;
-import com.sun.enterprise.container.common.spi.ManagedBeanManager;
-import com.sun.enterprise.container.common.spi.util.ComponentEnvManager;
-import com.sun.enterprise.container.common.spi.util.InjectionManager;
-import com.sun.enterprise.container.common.spi.util.InterceptorInfo;
-import com.sun.enterprise.deployment.Application;
-import com.sun.enterprise.deployment.ApplicationClientDescriptor;
-import com.sun.enterprise.deployment.BundleDescriptor;
-import com.sun.enterprise.deployment.EjbBundleDescriptor;
-import com.sun.enterprise.deployment.EjbDescriptor;
-import com.sun.enterprise.deployment.InterceptorDescriptor;
-import com.sun.enterprise.deployment.JndiNameEnvironment;
-import com.sun.enterprise.deployment.LifecycleCallbackDescriptor;
-import com.sun.enterprise.deployment.ManagedBeanDescriptor;
-import com.sun.enterprise.deployment.WebBundleDescriptor;
-import com.sun.logging.LogDomains;
-
 /**
  */
 @Service(name="ManagedBeanManagerImpl")
@@ -623,14 +618,9 @@ public void destroyManagedBean(Object managedBean, boolean validate)  {
 
                 Field proxyField = managedBean.getClass().getDeclaredField("__ejb31_delegate");
 
-                final Field finalF = proxyField;
-                PrivilegedExceptionAction<Void> action = () -> {
-                    if (!finalF.isAccessible()) {
-                        finalF.setAccessible(true);
-                    }
-                    return null;
-                };
-                AccessController.doPrivileged(action);
+                if (!proxyField.isAccessible()) {
+                    proxyField.setAccessible(true);
+                }
 
                 Proxy proxy = (Proxy) proxyField.get(managedBean);