[Jboss-cvs] JBossAS SVN: r56359 - trunk/server/src/main/org/jboss/ejb/plugins
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Aug 28 16:51:12 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-08-28 16:51:11 -0400 (Mon, 28 Aug 2006)
New Revision: 56359
Modified:
trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
Log:
JBAS-3576: Security Context
Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java 2006-08-28 20:50:35 UTC (rev 56358)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java 2006-08-28 20:51:11 UTC (rev 56359)
@@ -34,6 +34,7 @@
import org.jboss.security.SecurityAssociation;
import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityContext;
/** A collection of privileged actions for this package
* @author Scott.Stark at jboss.org
@@ -474,4 +475,57 @@
void setContextClassLoader(Thread thread, ClassLoader cl);
}
+
+ private static class GetSecurityContextAction implements PrivilegedAction
+ {
+ static PrivilegedAction ACTION = new GetSecurityContextAction();
+ public Object run()
+ {
+ Object sc = SecurityAssociation.getSecurityContext();
+ return sc;
+ }
+ }
+
+ private static class SetSecurityContextAction implements PrivilegedAction
+ {
+ private SecurityContext securityContext;
+ SetSecurityContextAction(SecurityContext sc)
+ {
+ this.securityContext = sc;
+ }
+
+ public Object run()
+ {
+ SecurityAssociation.setSecurityContext(securityContext);
+ return null;
+ }
+ }
+
+ private static class ClearSecurityContextAction implements PrivilegedAction
+ {
+ static PrivilegedAction ACTION = new ClearSecurityContextAction();
+ public Object run()
+ {
+ SecurityAssociation.setSecurityContext(null);
+ return null;
+ }
+ }
+
+ static void clearSecurityContext()
+ {
+ ClearSecurityContextAction action = new ClearSecurityContextAction();
+ AccessController.doPrivileged(action);
+ }
+
+ static SecurityContext getSecurityContext()
+ {
+ GetSecurityContextAction action = new GetSecurityContextAction();
+ return (SecurityContext)AccessController.doPrivileged(action);
+ }
+
+ static void setSecurityContext(SecurityContext sc)
+ {
+ SetSecurityContextAction action = new SetSecurityContextAction(sc);
+ AccessController.doPrivileged(action);
+ }
}
Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-08-28 20:50:35 UTC (rev 56358)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-08-28 20:51:11 UTC (rev 56359)
@@ -32,6 +32,7 @@
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
import org.jboss.security.audit.AuditContext;
import org.jboss.security.audit.AuditEvent;
import org.jboss.security.audit.AuditLevel;
@@ -105,6 +106,11 @@
//Fallback Security Domain
protected String defaultAuthorizationSecurityDomain = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
+ /**
+ * Flag whether this interceptor added a fresh security context
+ */
+ protected boolean addedSecurityContext = false;
+
/** Called by the super class to set the container to which this interceptor
belongs. We obtain the security manager and runAs identity to use here.
*/
@@ -158,6 +164,8 @@
public Object invokeHome(Invocation mi) throws Exception
{
+ this.checkSecurityContext();
+
// Authenticate the subject and apply any declarative security checks
checkSecurityAssociation(mi);
@@ -168,19 +176,22 @@
SecurityActions.pushRunAsIdentity(runAsIdentity);
try
- {
+ {
Object returnValue = getNext().invokeHome(mi);
return returnValue;
}
finally
{
+ clearSecurityContext();
SecurityActions.popRunAsIdentity();
SecurityActions.popSubjectContext();
}
}
+
public Object invoke(Invocation mi) throws Exception
- {
+ {
+ this.checkSecurityContext();
// Authenticate the subject and apply any declarative security checks
checkSecurityAssociation(mi);
@@ -197,6 +208,7 @@
}
finally
{
+ clearSecurityContext();
SecurityActions.popRunAsIdentity();
SecurityActions.popSubjectContext();
}
@@ -297,9 +309,7 @@
{
isAuthorized = false;
if(trace)
- log.trace("Error in authorization:",e);
- else
- log.error("Error in authorization:"+e.getLocalizedMessage());
+ log.trace("Error in authorization:",e);
authorizationAudit(AuditLevel.ERROR,ejbResource,e);
}
String msg = "Denied: caller=" + caller;
@@ -379,4 +389,21 @@
cmap.put("method", methodName);
return cmap;
}
+
+ private void checkSecurityContext()
+ {
+ SecurityContext sc = SecurityActions.getSecurityContext();
+ if(sc == null)
+ {
+ SecurityActions.setSecurityContext(new SecurityContext());
+ this.addedSecurityContext = true;
+ }
+ }
+
+ private void clearSecurityContext()
+ {
+ if(addedSecurityContext)
+ SecurityActions.clearSecurityContext();
+ }
+
}
More information about the jboss-cvs-commits
mailing list