[jboss-cvs] JBossAS SVN: r58750 - in projects/security/security-spi/trunk: . src src/main/org/jboss src/main/org/jboss/security src/main/org/jboss/security/audit src/main/org/jboss/security/authorization src/main/org/jboss/security/mapping
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Nov 29 13:39:43 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-11-29 13:39:38 -0500 (Wed, 29 Nov 2006)
New Revision: 58750
Removed:
projects/security/security-spi/trunk/src/main/org/jboss/crypto/
projects/security/security-spi/trunk/src/main/org/jboss/security/AbstractSecurityProxy.java
projects/security/security-spi/trunk/src/main/org/jboss/security/AltClientLoginModule.java
projects/security/security-spi/trunk/src/main/org/jboss/security/AnybodyPrincipal.java
projects/security/security-spi/trunk/src/main/org/jboss/security/AppPolicy.java
projects/security/security-spi/trunk/src/main/org/jboss/security/AuthenticationInfo.java
projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationInfo.java
projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationManagerFactory.java
projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Encoder.java
projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Utils.java
projects/security/security-spi/trunk/src/main/org/jboss/security/CertificatePrincipal.java
projects/security/security-spi/trunk/src/main/org/jboss/security/ClientLoginModule.java
projects/security/security-spi/trunk/src/main/org/jboss/security/IAppPolicyStore.java
projects/security/security-spi/trunk/src/main/org/jboss/security/NestableGroup.java
projects/security/security-spi/trunk/src/main/org/jboss/security/NestablePrincipal.java
projects/security/security-spi/trunk/src/main/org/jboss/security/NobodyPrincipal.java
projects/security/security-spi/trunk/src/main/org/jboss/security/RunAsIdentity.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityActions.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociation.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationActions.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationAuthenticator.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRoleRef.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRolesAssociation.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SimpleGroup.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SimplePrincipal.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxy.java
projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxyFactory.java
projects/security/security-spi/trunk/src/main/org/jboss/security/Util.java
projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditContext.java
projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditManager.java
projects/security/security-spi/trunk/src/main/org/jboss/security/audit/providers/
projects/security/security-spi/trunk/src/main/org/jboss/security/auth/
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/EJBResource.java
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/SecurityActions.java
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/config/
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/modules/
projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/sunxacml/
projects/security/security-spi/trunk/src/main/org/jboss/security/config/
projects/security/security-spi/trunk/src/main/org/jboss/security/jacc/
projects/security/security-spi/trunk/src/main/org/jboss/security/jce/
projects/security/security-spi/trunk/src/main/org/jboss/security/jndi/
projects/security/security-spi/trunk/src/main/org/jboss/security/mapping/config/
projects/security/security-spi/trunk/src/main/org/jboss/security/mapping/providers/
projects/security/security-spi/trunk/src/main/org/jboss/security/plugins/
projects/security/security-spi/trunk/src/main/org/jboss/security/propertyeditor/
projects/security/security-spi/trunk/src/main/org/jboss/security/ssl/
projects/security/security-spi/trunk/src/tests/
Modified:
projects/security/security-spi/trunk/.classpath
projects/security/security-spi/trunk/pom.xml
projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityContext.java
Log:
SECURITY-25:Subproject for security spi
Modified: projects/security/security-spi/trunk/.classpath
===================================================================
--- projects/security/security-spi/trunk/.classpath 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/.classpath 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,24 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src/main"/>
- <classpathentry kind="src" output="output/test-classes" path="src/tests"/>
- <classpathentry kind="src" path="target/generated-sources/javacc"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-mbeans/5.0-SNAPSHOT/jboss-mbeans-5.0-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.8/log4j-1.2.8.jar"/>
- <classpathentry kind="var" path="M2_REPO/oswego-concurrent/concurrent/1.3.4/concurrent-1.3.4.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-xacml/sun-xacml/2.0/sun-xacml-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jbossxb/jbossxb/1.0.1.TEST/jbossxb-1.0.1.TEST.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jboss-j2ee/SNAPSHOT/jboss-j2ee-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jnpserver/5.0-SNAPSHOT/jnpserver-5.0-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-xacml/sunxacml-support/2.0/sunxacml-support-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-j2se/5.0-SNAPSHOT/jboss-j2se-5.0-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-core/2.0.2.GA/jboss-common-core-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.2.GA/jboss-logging-spi-2.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-system/5.0-SNAPSHOT/jboss-system-5.0-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/sun-javamail/mail/1.3.1/mail-1.3.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-transaction/5.0-SNAPSHOT/jboss-transaction-5.0-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.4.GA/javassist-3.4.GA.jar"/>
<classpathentry kind="output" path="output/classes"/>
</classpath>
Modified: projects/security/security-spi/trunk/pom.xml
===================================================================
--- projects/security/security-spi/trunk/pom.xml 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/pom.xml 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,366 +1,148 @@
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <groupId>jboss</groupId>
- <artifactId>jboss-security</artifactId>
- <packaging>jar</packaging>
- <version>2.0.0.snapshot</version>
- <name>JBoss Security</name>
- <url>http://labs.jboss.org/portal/jbosssecurity/</url>
- <description>JBoss Security is a cross cutting project that handles security
- for the JEMS projects</description>
- <licenses>
- <license>
- <name>lgpl</name>
- <url>http://repository.jboss.com/licenses/lgpl.txt</url>
- </license>
- </licenses>
- <organization>
- <name>JBoss Inc.</name>
- <url>http://www.jboss.org</url>
- </organization>
- <repositories>
- <repository>
- <id>jboss</id>
- <name>JBoss Inc. Repository</name>
- <layout>default</layout>
- <url>http://repository.jboss.com/maven2/</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>jbosspluginrepo</id>
- <name>jboss plugin repository</name>
- <url>http://repository.jboss.com/maven2</url>
- <layout>default</layout>
- <snapshots>
- <enabled>false</enabled>
- <updatePolicy>never</updatePolicy>
- </snapshots>
- </pluginRepository>
- <pluginRepository>
- <id>Maven Snapshots</id>
- <url>http://snapshots.maven.codehaus.org/maven2/</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </pluginRepository>
- <pluginRepository>
- <id>LSU ibiblio</id>
- <url>http://ibiblio.lsu.edu/main/pub/packages/maven2/</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </pluginRepository>
- </pluginRepositories>
- <build>
- <sourceDirectory>src/main</sourceDirectory>
- <finalName>${artifactId}</finalName>
- <outputDirectory>output/classes</outputDirectory>
- <plugins>
- <!-- define how we want compilation to take place
- here, we accept most of the defaults but say that we want the
- optimization flag set, and define the source and target to be 1.4,
- these setting will be inherited by child projects -->
- <plugin>
- <artifactId>maven-compiler-plugin</artifactId>
- <version>2.0</version>
- <configuration>
- <optimize>true</optimize>
- <source>1.5</source>
- <target>1.5</target>
- </configuration>
- </plugin>
- <!-- define that we wish to create src jars -->
- <plugin>
- <artifactId>maven-source-plugin</artifactId>
- <version>2.0</version>
- <inherited>true</inherited>
- <executions>
- <execution>
- <goals>
- <goal>jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <!-- generate java files from grammar -->
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>javacc-maven-plugin</artifactId>
- <version>0.6.1.1</version>
- <configuration>
- <packageName>org/jboss/security/auth/login</packageName>
- <sourceDirectory>src/main</sourceDirectory>
- <isStatic>false</isStatic>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>javacc</goal>
- </goals>
- <id>javacc</id>
- </execution>
- </executions>
- </plugin>
- <!-- handle the retrieval and unpacking of dependencies
- required for the sar -->
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>dependency-maven-plugin</artifactId>
- <executions>
- <execution>
- <id>unpack-jboss</id>
- <phase>process-classes</phase>
- <goals>
- <goal>unpack</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>jboss</groupId>
- <artifactId>jboss</artifactId>
- <version>5.0-SNAPSHOT</version>
- <type>jar</type>
- <outputDirectory>${project.build.directory}/dependencies</outputDirectory>
- </artifactItem>
- </artifactItems>
- <outputDirectory>${project.build.directory}</outputDirectory>
- <overWriteReleases>false</overWriteReleases>
- <overWriteSnapshots>true</overWriteSnapshots>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <goals>
- <goal>jar</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <jarName>jbossx</jarName>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <version>2.1</version>
- <configuration>
- <archive>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
- </configuration>
- </plugin>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ <packaging>jar</packaging>
+ <version>2.0.0.snapshot</version>
+ <name>JBoss Security SPI</name>
+ <url>http://labs.jboss.org/portal/jbosssecurity/</url>
+ <description>JBoss Security is a cross cutting project that handles security for the JEMS projects</description>
+ <licenses>
+ <license>
+ <name>lgpl</name>
+ <url>http://repository.jboss.com/licenses/lgpl.txt</url>
+ </license>
+ </licenses>
+ <organization>
+ <name>JBoss Inc.</name>
+ <url>http://www.jboss.org</url>
+ </organization>
+ <repositories>
+ <repository>
+ <id>jboss</id>
+ <name>JBoss Inc. Repository</name>
+ <layout>default</layout>
+ <url>http://repository.jboss.com/maven2/</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+ <pluginRepositories>
+ <pluginRepository>
+ <id>jbosspluginrepo</id>
+ <name>jboss plugin repository</name>
+ <url>http://repository.jboss.com/maven2</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>false</enabled>
+ <updatePolicy>never</updatePolicy>
+ </snapshots>
+ </pluginRepository>
+ <pluginRepository>
+ <id>Maven Snapshots</id>
+ <url>http://snapshots.maven.codehaus.org/maven2/</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ <pluginRepository>
+ <id>LSU ibiblio</id>
+ <url>http://ibiblio.lsu.edu/main/pub/packages/maven2/</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ </pluginRepositories>
+ <build>
+ <sourceDirectory>src/main</sourceDirectory>
+ <finalName>${artifactId}</finalName>
+ <outputDirectory>output/classes</outputDirectory>
+ <plugins>
+ <!-- define how we want compilation to take place here, we accept most of the defaults but say that we want the optimization flag set, and define the source and target to be 1.4, these setting will be inherited by child projects -->
+ <plugin>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0</version>
+ <configuration>
+ <optimize>true</optimize>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+
+ <!-- define that we wish to create src jars -->
+ <plugin>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>2.0</version>
+ <inherited>true</inherited>
+ <executions>
+ <execution>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.1</version>
+ <configuration>
+ <archive>
+ <addMavenDescriptor>false</addMavenDescriptor>
+ </archive>
+ </configuration>
+ </plugin>
- <plugin>
- <artifactId>maven-antrun-plugin</artifactId>
- <version>1.1</version>
- <inherited>true</inherited>
- <executions>
- <execution>
- <id>buildjar</id>
- <phase>package</phase>
- <configuration>
- <tasks>
- <mkdir dir="${basedir}/output/lib"/>
- <copy todir="${basedir}/output/classes">
- <fileset dir="${basedir}/src/main">
- <include name="org/jboss/security/jacc/*.xml"/>
- </fileset>
- </copy>
- <!-- Define the pattern sets for the spi and the jbosssx impl -->
- <patternset id="spi-includes">
- <include name="org/jboss/security/**"/>
- <exclude name="org/jboss/crypto/**"/>
- <exclude name="org/jboss/security/audit/providers/**"/>
- <exclude name="org/jboss/security/auth/**"/>
- <exclude name="org/jboss/security/authorization/config/**"/>
- <exclude name="org/jboss/security/authorization/modules/**"/>
- <exclude name="org/jboss/security/authorization/sunxacml/**"/>
- <exclude name="org/jboss/security/config/**"/>
- <exclude name="org/jboss/security/jce/**"/>
- <exclude name="org/jboss/security/jndi/**"/>
- <exclude name="org/jboss/security/mapping/config/**"/>
- <exclude name="org/jboss/security/mapping/providers/**"/>
- <exclude name="org/jboss/security/jacc/**"/>
- <exclude name="org/jboss/security/plugins/**"/>
- <exclude name="org/jboss/security/propertyeditor/**"/>
- <exclude name="org/jboss/security/ssl/**"/>
- </patternset>
- <patternset id="jbosssx-includes">
- <include name="org/jboss/crypto/**"/>
- <include name="org/jboss/security/audit/providers/**"/>
- <include name="org/jboss/security/auth/**"/>
- <include name="org/jboss/security/authorization/config/**"/>
- <include name="org/jboss/security/authorization/modules/**"/>
- <include name="org/jboss/security/authorization/sunxacml/**"/>
- <include name="org/jboss/security/config/**"/>
- <include name="org/jboss/security/jce/**"/>
- <include name="org/jboss/security/jndi/**"/>
- <include name="org/jboss/security/mapping/config/**"/>
- <include name="org/jboss/security/mapping/providers/**"/>
- <include name="org/jboss/security/jacc/**"/>
- <include name="org/jboss/security/plugins/**"/>
- <include name="org/jboss/security/propertyeditor/**"/>
- <include name="org/jboss/security/ssl/**"/>
- </patternset>
- <!-- Build the Security SPI -->
- <jar jarfile="${basedir}/output/lib/jboss-security-spi.jar" manifest="${basedir}/src/etc/default.mf">
- <fileset dir="${basedir}/output/classes">
- <patternset refid="spi-includes"/>
- </fileset>
- <fileset file="${basedir}/JBossORG-EULA.txt"/>
- </jar>
- <!-- Build jbosssx.jar -->
- <jar jarfile="${basedir}/output/lib/jbosssx.jar" manifest="${basedir}/src/etc/default.mf">
- <fileset dir="${basedir}/output/classes">
- <patternset refid="jbosssx-includes"/>
- </fileset>
- <fileset dir="${basedir}/src/resources">
- <include name="dtd/security-policy.dtd"/>
- </fileset>
- <fileset file="${basedir}/JBossORG-EULA.txt"/>
- </jar>
- <!-- Build jbosssx-client.jar -->
- <jar jarfile="${basedir}/output/lib/jbosssx-client.jar" manifest="${basedir}/src/etc/default.mf">
- <fileset dir="${basedir}/output/classes">
- <exclude name="META-INF/MANIFEST.MF"/>
- <!-- HACK -->
- <include name="org/jboss/crypto/JBossSXProvider.class"/>
- <include name="org/jboss/crypto/digest/*"/>
- <include name="org/jboss/security/*"/>
- <include name="org/jboss/security/auth/callback/*"/>
- <include name="org/jboss/security/auth/login/*"/>
- <exclude name="org/jboss/security/auth/login/XMLLoginConfig.class"/>
- <exclude name="org/jboss/security/auth/login/XMLLoginConfigMBean.class"/>
- <include name="org/jboss/security/jndi/LoginInitialContextFactory.class"/>
- <include name="org/jboss/security/jndi/JndiLoginInitialContextFactory.class"/>
- <include name="org/jboss/security/plugins/PBEUtils.class"/>
- <include name="org/jboss/security/ssl/ClientSocketFactory.class"/>
- <include name="org/jboss/security/ssl/RMISSLClientSocketFactory.class"/>
- </fileset>
- <fileset file="${basedir}/JBossORG-EULA.txt"/>
- </jar>
- <!-- Build jbosssx-tests.jar -->
- <mkdir dir="${basedir}/output/test/lib"/>
- <jar jarfile="${basedir}/output/test/lib/jbosssx-tests.jar" manifest="${basedir}/src/etc/default.mf">
- <fileset dir="${basedir}/output/classes">
- <include name="org/jboss/test/TestLoginModule.class"/>
- </fileset>
- <fileset file="${basedir}/JBossORG-EULA.txt"/>
- </jar>
- </tasks>
- </configuration>
- <goals>
- <goal>run</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-j2ee</artifactId>
- <version>SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-common-core</artifactId>
- <version>2.0.2.GA</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-spi</artifactId>
- <version>2.0.2.GA</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-logging-log4j</artifactId>
- <version>2.0.2.GA</version>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-j2se</artifactId>
- <version>5.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-system</artifactId>
- <version>5.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-transaction</artifactId>
- <version>5.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss</artifactId>
- <version>5.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jnpserver</artifactId>
- <version>5.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jboss-mbeans</artifactId>
- <version>5.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>jboss</groupId>
- <artifactId>jbossxb</artifactId>
- <version>1.0.0.CR8</version>
- </dependency>
- <dependency>
- <groupId>javassist</groupId>
- <artifactId>javassist</artifactId>
- <version>3.4.GA</version>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>3.8.1</version>
- </dependency>
- <dependency>
- <groupId>oswego-concurrent</groupId>
- <artifactId>concurrent</artifactId>
- <version>1.3.4</version>
- </dependency>
- <dependency>
- <groupId>sun-xacml</groupId>
- <artifactId>sun-xacml</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>sun-xacml</groupId>
- <artifactId>sunxacml-support</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>sun-javamail</groupId>
- <artifactId>mail</artifactId>
- <version>1.3.1</version>
- </dependency>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <version>1.1</version>
+ <inherited>true</inherited>
+ <executions>
+ <execution>
+ <id>buildjar</id>
+ <phase>package</phase>
+ <configuration>
+ <tasks>
+ <mkdir dir="${basedir}/output/lib"/>
- </dependencies>
+ <!-- Define the pattern sets for the spi-->
+ <patternset id="spi-includes">
+ <include name="org/jboss/security/**"/>
+ </patternset>
+
+ <!-- Build the Security SPI -->
+ <jar jarfile="${basedir}/output/lib/jboss-security-spi.jar" manifest="${basedir}/src/etc/default.mf">
+ <fileset dir="${basedir}/output/classes">
+ <patternset refid="spi-includes"/>
+ </fileset>
+ <fileset file="${basedir}/JBossORG-EULA.txt"/>
+ </jar>
+
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-j2ee</artifactId>
+ <version>SNAPSHOT</version>
+ </dependency>
+ </dependencies>
</project>
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/AbstractSecurityProxy.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/AbstractSecurityProxy.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/AbstractSecurityProxy.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,313 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import javax.ejb.EJBContext;
-
-/**
- * An abstract implementation of SecurityProxy that wraps a non-SecurityProxy
- * object. Subclasses of this class are used to create a SecurityProxy given
- * a security delegate that implements methods in the EJB home or remote
- * interface for security checks. This allows custom security classes to be
- * written without using a JBoss specific interface. It also allows the security
- * delegate to follow a natural proxy pattern implementation.
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public abstract class AbstractSecurityProxy implements SecurityProxy
-{
- /** The HashMap<Method, Method> from the EJB interface methods to the
- * corresponding delegate method
- */
- private HashMap methodMap;
- /** The optional setContext delegate method */
- private Method setContextMethod;
- /** The optional setContext delegate method */
- private Method setBeanMethod;
- /** The optional setContext delegate method */
- protected Object delegate;
- /** Flag which sets whether the method mapping will be performed in a strict
- * fashion. The proxy delegate must provide an implementation of all methods.
- * If set to 'true', a security exception will be thrown during
- * initialisation if a method is found for which the delegate doesn't have
- * a matching method. This defaults to false and is obtained via reflection
- * on the proxy delegate's 'boolean isStrict()' method.
- */
- protected boolean strict = false;
-
- AbstractSecurityProxy(Object delegate)
- {
- this.delegate = delegate;
- methodMap = new HashMap();
- }
-
- /**
- * Subclasses implement this method to actually invoke the given home
- * method on the proxy delegate.
- *
- * @param m, the delegate method that was mapped from the ejb home method.
- * @param args, the method invocation arguments.
- * @param delegate, the proxy delegate object associated with the
- * AbstractSecurityProxy
- *
- * @see invokeHome(Method, Object[])
- */
- protected abstract void invokeHomeOnDelegate(Method m, Object[] args,
- Object delegate) throws Exception;
-
- /**
- * Subclasses implement this method to actually invoke the given remote
- * method on the proxy delegate.
- *
- * @param m, the delegate method that was mapped from the ejb remote method.
- * @param args, the method invocation arguments.
- * @param delegate, the proxy delegate object associated with the AbstractSecurityProxy
- *
- * @see invoke(Method, Object[], Object)
- */
- protected abstract void invokeOnDelegate(Method m, Object[] args, Object delegate)
- throws Exception;
-
- /**
- *
- * This version invokes init(beanHome, beanRemote, null, null, securityMgr)
- *
- * @see #init(Class, Class, Class, Class, Object)
- * @param beanHome, the class for the EJB home interface
- * @param beanRemote, the class for the EJB remote interface
- * @param securityMgr, The security manager instance assigned to the container.
- * It is not used by this class.
- */
- public void init(Class beanHome, Class beanRemote, Object securityMgr)
- throws InstantiationException
- {
- init(beanHome, beanRemote, null, null, securityMgr);
- }
-
- /** This method is called by the container SecurityInterceptor to intialize
- * the proxy with the EJB home and remote interface classes that the
- * container is housing. This method creates a mapping from the home and
- * remote classes to the proxy delegate instance. The mapping is based on
- * method name and paramter types. In addition, the proxy delegate is
- * inspected for a setEJBContext(EJBContext) and a setBean(Object) method
- * so that the active EJBContext and EJB instance can be passed to the
- * delegate prior to method invocations.
- *
- * @param beanHome The EJB remote home interface class
- * @param beanRemote The EJB remote interface class
- * @param beanLocalHome The EJB local home interface class
- * @param beanLocal The EJB local interface class
- * @param securityMgr The security manager from the security domain
- * @throws InstantiationException
- */
- public void init(Class beanHome, Class beanRemote,
- Class beanLocalHome, Class beanLocal, Object securityMgr)
- throws InstantiationException
- {
- // Get any methods from the bean home interface
- mapHomeMethods(beanHome);
- // Get any methods from the bean local home interface
- mapHomeMethods(beanLocalHome);
- // Get any methods from the bean remote interface
- mapRemoteMethods(beanRemote);
- // Get any methods from the bean local interface
- mapRemoteMethods(beanLocal);
- // Get the setEJBContext(EJBContext) method
- try
- {
- Class[] parameterTypes = {EJBContext.class};
- setContextMethod = delegate.getClass().getMethod("setEJBContext", parameterTypes);
- }
- catch(Exception ignore)
- {
- }
-
- // Get the setBean(Object) method
- try
- {
- Class[] parameterTypes = {Object.class};
- setBeanMethod = delegate.getClass().getMethod("setBean", parameterTypes);
- }
- catch(Exception ignore)
- {
- }
-
- // Check for a boolean isStrict() strict flag accessor
- try
- {
- Class[] parameterTypes = {};
- Object[] args = {};
- Method isStrict = delegate.getClass().getMethod("isStrict", parameterTypes);
- Boolean flag = (Boolean) isStrict.invoke(delegate, args);
- strict = flag.booleanValue();
- }
- catch(Exception ignore)
- {
- }
- }
-
- /** Called by the SecurityProxyInterceptor prior to a method invocation
- * to set the context for the call.
- *
- * @param ctx the bean's EJBContext
- */
- public void setEJBContext(EJBContext ctx)
- {
- if(setContextMethod != null)
- {
- Object[] args = {ctx};
- try
- {
- setContextMethod.invoke(delegate, args);
- }
- catch(Exception e)
- {
- e.printStackTrace();
- }
- }
- }
-
- /** Called by the SecurityProxyInterceptor to allow the proxy delegate to
- * perform a security check of the indicated home interface method.
- *
- * @param m, the EJB home interface method
- * @param args, the method arguments
- */
- public void invokeHome(final Method m, Object[] args)
- throws Exception
- {
- Method delegateMethod = (Method)methodMap.get(m);
- if( delegateMethod != null )
- invokeHomeOnDelegate(delegateMethod, args, delegate);
- }
-
- /**
- * Called by the SecurityProxyInterceptor to allow the proxy delegate to perform
- * a security check of the indicated remote interface method.
- * @param m, the EJB remote interface method
- * @param args, the method arguments
- * @param bean, the EJB bean instance
- */
- public void invoke(final Method m, final Object[] args, final Object bean)
- throws Exception
- {
- Method delegateMethod = (Method)methodMap.get(m);
- if( delegateMethod != null )
- {
- if( setBeanMethod != null )
- {
- Object[] bargs = {bean};
- try
- {
- setBeanMethod.invoke(delegate, bargs);
- }
- catch(Exception e)
- {
- e.printStackTrace();
- throw new SecurityException("Failed to set bean on proxy" + e.getMessage());
- }
- }
- invokeOnDelegate(delegateMethod, args, delegate);
- }
- }
-
- /** Performs a mapping from the methods declared in the beanHome class to
- * the proxy delegate class. This allows the methods to be either named
- * the same as the home interface method "create(...)" or as the bean
- * class method "ejbCreate(...)". This handles both local home and
- * remote home interface methods.
- */
- protected void mapHomeMethods(Class beanHome)
- {
- if( beanHome == null )
- return;
-
- Class delegateClass = delegate.getClass();
- Method[] methods = beanHome.getMethods();
- for(int m = 0; m < methods.length; m++)
- {
- // Check for ejbCreate... methods
- Method hm = methods[m];
- Class[] parameterTypes = hm.getParameterTypes();
- String name = hm.getName();
- name = "ejb" + Character.toUpperCase(name.charAt(0)) + name.substring(1);
- try
- {
- Method match = delegateClass.getMethod(name, parameterTypes);
- methodMap.put(hm, match);
- }
- catch(NoSuchMethodException e)
- {
- // Try for the home interface name without the ejb prefix
- name = hm.getName();
- try
- {
- Method match = delegateClass.getMethod(name, parameterTypes);
- methodMap.put(hm, match);
- }
- catch(NoSuchMethodException e2)
- {
- if( strict )
- {
- String msg = "Missing home method:" + hm + " in delegate";
- throw new SecurityException(msg);
- }
- }
- }
- }
- }
-
- /** Performs a mapping from the methods declared in the beanRemote class to
- * the proxy delegate class. This handles both local and remote interface
- * methods.
- */
- protected void mapRemoteMethods(Class beanRemote)
- {
- if( beanRemote == null )
- return;
-
- Class delegateClass = delegate.getClass();
- Method[] methods = beanRemote.getMethods();
- for(int m = 0; m < methods.length; m++)
- {
- Method rm = methods[m];
- Class[] parameterTypes = rm.getParameterTypes();
- String name = rm.getName();
- try
- {
- Method match = delegateClass.getMethod(name, parameterTypes);
- methodMap.put(rm, match);
- }
- catch(NoSuchMethodException e)
- {
- if( strict )
- {
- String msg = "Missing method:" + rm + " in delegate";
- throw new SecurityException(msg);
- }
- }
- }
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/AltClientLoginModule.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/AltClientLoginModule.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/AltClientLoginModule.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,221 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-
-import java.util.Map;
-import java.util.Set;
-import java.security.Principal;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-
-/** A simple implementation of LoginModule for use by JBoss clients for
- the establishment of the caller identity and credentials. This simply sets
- the SecurityAssociation principal to the value of the NameCallback
- filled in by the CallbackHandler, and the SecurityAssociation credential
- to the value of the PasswordCallback filled in by the CallbackHandler.
- This is a variation of the original ClientLoginModule that does not set the
- SecurityAssociation information until commit and that uses the Subject
- principal over a SimplePrincipal if available.
-
- It has the following options:
- <ul>
- <li>multi-threaded=[true|false]
- When the multi-threaded option is set to true, the SecurityAssociation.setServer()
- so that each login thread has its own principal and credential storage.
- <li>password-stacking=tryFirstPass|useFirstPass
- When password-stacking option is set, this module first looks for a shared
- username and password using "javax.security.auth.login.name" and
- "javax.security.auth.login.password" respectively. This allows a module configured
- prior to this one to establish a valid username and password that should be passed
- to JBoss.
- </ul>
-
- @author Scott.Stark at jboss.org
- @version $Revision$
- */
-public class AltClientLoginModule implements LoginModule
-{
- private static Logger log = Logger.getLogger(AltClientLoginModule.class);
- private Subject subject;
- private CallbackHandler callbackHandler;
- /** Shared state between login modules */
- private Map sharedState;
- /** Flag indicating if the shared password should be used */
- private boolean useFirstPass;
- private String username;
- private char[] password = null;
- private boolean trace;
-
- /**
- * Initialize this LoginModule.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- this.trace = log.isTraceEnabled();
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.sharedState = sharedState;
-
- //log securityDomain, if set.
- if(trace)
- log.trace("Security domain: " +
- (String)options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
-
- // Check for multi-threaded option
- String mt = (String) options.get("multi-threaded");
- if( Boolean.valueOf(mt).booleanValue() == true )
- {
- /* Turn on the server mode which uses thread local storage for
- the principal information.
- */
- if(trace)
- log.trace("Enabling multi-threaded mode");
- SecurityAssociationActions.setServer();
- }
-
- /* Check for password sharing options. Any non-null value for
- password_stacking sets useFirstPass as this module has no way to
- validate any shared password.
- */
- String passwordStacking = (String) options.get("password-stacking");
- useFirstPass = passwordStacking != null;
- if(trace && useFirstPass)
- log.trace("Enabling useFirstPass mode");
- }
-
- /**
- * Method to authenticate a Subject (phase 1).
- */
- public boolean login() throws LoginException
- {
- // If useFirstPass is true, look for the shared password
- if( useFirstPass == true )
- {
- return true;
- }
-
- /* There is no password sharing or we are the first login module. Get
- the username and password from the callback hander.
- */
- if (callbackHandler == null)
- throw new LoginException("Error: no CallbackHandler available " +
- "to garner authentication information from the user");
-
- PasswordCallback pc = new PasswordCallback("Password: ", false);
- NameCallback nc = new NameCallback("User name: ", "guest");
- Callback[] callbacks = {nc, pc};
- try
- {
- char[] tmpPassword;
-
- callbackHandler.handle(callbacks);
- username = nc.getName();
- tmpPassword = pc.getPassword();
- if (tmpPassword != null)
- {
- password = new char[tmpPassword.length];
- System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
- pc.clearPassword();
- }
- }
- catch (java.io.IOException ioe)
- {
- throw new LoginException(ioe.toString());
- }
- catch (UnsupportedCallbackException uce)
- {
- throw new LoginException("Error: " + uce.getCallback().toString() +
- " not available to garner authentication information " +
- "from the user");
- }
- return true;
- }
-
- /** Method to commit the authentication process (phase 2). This is where the
- * SecurityAssociation information is set. The principal is obtained from:
- * The shared state javax.security.auth.login.name property when useFirstPass
- * is true. If the value is a Principal it is used as is, else a SimplePrincipal
- * using the value.toString() as its name is used. If useFirstPass the
- * username obtained from the callback handler is used to build the
- * SimplePrincipal. Both may be overriden if the resulting authenticated
- * Subject principals set it not empty.
- *
- */
- public boolean commit() throws LoginException
- {
- Set principals = subject.getPrincipals();
- Principal p = null;
- Object credential = password;
- if( useFirstPass == true )
- {
- Object user = sharedState.get("javax.security.auth.login.name");
- if( (user instanceof Principal) == false )
- {
- username = user != null ? user.toString() : "";
- p = new SimplePrincipal(username);
- }
- else
- {
- p = (Principal) user;
- }
- credential = sharedState.get("javax.security.auth.login.password");
- }
- else
- {
- p = new SimplePrincipal(username);
- }
-
- if( principals.isEmpty() == false )
- p = (Principal) principals.iterator().next();
- SecurityAssociationActions.setPrincipalInfo(p, credential, subject);
- return true;
- }
-
- /**
- * Method to abort the authentication process (phase 2).
- */
- public boolean abort() throws LoginException
- {
- int length = password != null ? password.length : 0;
- for(int n = 0; n < length; n ++)
- password[n] = 0;
- SecurityAssociationActions.clear();
- return true;
- }
-
- public boolean logout() throws LoginException
- {
- SecurityAssociationActions.clear();
- return true;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/AnybodyPrincipal.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/AnybodyPrincipal.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/AnybodyPrincipal.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,82 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-
-/** An implementation of Principal and Comparable that represents any role.
-Any Principal or name of a Principal when compared to an AnybodyPrincipal
-using {@link #equals(Object) equals} or {@link #compareTo(Object) compareTo}
-will always be found equals to the AnybodyPrincipal.
-
-Note that this class is not likely to operate correctly in a collection
-since the hashCode() and equals() methods are not correlated.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class AnybodyPrincipal implements Comparable, Principal
-{
- public static final String ANYBODY = "<ANYBODY>";
- public static final AnybodyPrincipal ANYBODY_PRINCIPAL = new AnybodyPrincipal();
-
- public int hashCode()
- {
- return ANYBODY.hashCode();
- }
-
- /**
- @return "<ANYBODY>"
- */
- public String getName()
- {
- return ANYBODY;
- }
-
- public String toString()
- {
- return ANYBODY;
- }
-
- /** This method always returns 0 to indicate equality for any argument.
- This is only meaningful when comparing against other Principal objects
- or names of Principals.
-
- @return true to indicate equality for any argument.
- */
- public boolean equals(Object another)
- {
- return true;
- }
-
- /** This method always returns 0 to indicate equality for any argument.
- This is only meaningful when comparing against other Principal objects
- or names of Principals.
-
- @return 0 to indicate equality for any argument.
- */
- public int compareTo(Object o)
- {
- return 0;
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/AppPolicy.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/AppPolicy.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/AppPolicy.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,169 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.AccessController;
-import java.security.AllPermission;
-import java.security.CodeSource;
-import java.security.KeyStore;
-import java.security.PermissionCollection;
-import java.security.Permissions;
-import javax.security.auth.Subject;
-import javax.security.auth.login.AppConfigurationEntry;
-
-/** A combination of keystore, authentication and authorization entries.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class AppPolicy
-{
- /** A PermissionCollection that allows no permissions */
- public static final PermissionCollection NO_PERMISSIONS = new Permissions();
- /** A PermissionCollection that allows all permissions */
- private static PermissionCollection ALL_PERMISSIONS;
-
- /**
- * @label defaultAppPolicy
- */
- private static AppPolicy defaultAppPolicy;
-
- // Setup the class statics
- static
- {
- // A PermissionCollection that allows all permissions
- AllPermission all = new AllPermission();
- ALL_PERMISSIONS = all.newPermissionCollection();
- ALL_PERMISSIONS.add(all);
- // A default policy with no authentication and NO_PERMISSIONS
- defaultAppPolicy = new AppPolicy("other");
- }
-
- private String appName;
- private KeyStore keyStore;
-
- /**
- * @label permissions
- */
- private AuthorizationInfo permissionInfo;
-
- /**
- * @label login
- */
- private AuthenticationInfo loginInfo;
-
- public KeyStore getKeyStore()
- {
- return keyStore;
- }
- public void setKeyStore(KeyStore keyStore)
- {
- this.keyStore = keyStore;
- }
-
- public static void setDefaultAppPolicy(AppPolicy policy)
- {
- if( policy == null )
- throw new IllegalArgumentException("The policy argument cannot be null");
- defaultAppPolicy = policy;
- }
- public static AppPolicy getDefaultAppPolicy()
- {
- return defaultAppPolicy;
- }
-
- public AppPolicy(String appName)
- {
- this.appName = appName;
- }
-
- public AuthenticationInfo getLoginInfo()
- {
- AccessController.checkPermission(AuthenticationInfo.GET_CONFIG_ENTRY_PERM);
- return loginInfo;
- }
- public void setLoginInfo(AuthenticationInfo loginInfo)
- {
- AccessController.checkPermission(AuthenticationInfo.SET_CONFIG_ENTRY_PERM);
- this.loginInfo = loginInfo;
- }
- public AuthorizationInfo getPermissionInfo()
- {
- return permissionInfo;
- }
- public void setPermissionInfo(AuthorizationInfo permissionInfo)
- {
- this.permissionInfo = permissionInfo;
- }
-
- public AppConfigurationEntry[] getAppConfigurationEntry()
- {
- AppConfigurationEntry[] appConfig = null;
- if( loginInfo != null )
- appConfig = loginInfo.getAppConfigurationEntry();
- if( appConfig == null && this != defaultAppPolicy )
- appConfig = defaultAppPolicy.getAppConfigurationEntry();
- AppConfigurationEntry[] copy = null;
- if( appConfig != null )
- {
- copy = new AppConfigurationEntry[appConfig.length];
- for(int c = 0; c < copy.length; c ++)
- {
- AppConfigurationEntry e0 = appConfig[c];
- AppConfigurationEntry e1 = new AppConfigurationEntry(
- e0.getLoginModuleName(),
- e0.getControlFlag(),
- e0.getOptions()
- );
- copy[c] = e1;
- }
- }
- return copy;
- }
- public PermissionCollection getPermissions(Subject subject, CodeSource codesource)
- {
- PermissionCollection perms = NO_PERMISSIONS;
- AuthorizationInfo info = getPermissionInfo();
- if( info == null )
- info = defaultAppPolicy.getPermissionInfo();
- if( info != null )
- {
- perms = info.getPermissions(subject, codesource);
- }
-
- return perms;
- }
-
- public String toString()
- {
- StringBuffer buffer = new StringBuffer(appName);
- buffer.append('\n');
- buffer.append("AuthenticationInfo:\n");
- if( loginInfo != null )
- buffer.append(loginInfo);
- buffer.append("AuthorizationInfo:\n");
- if( permissionInfo != null )
- buffer.append(permissionInfo);
- return buffer.toString();
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/AuthenticationInfo.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/AuthenticationInfo.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/AuthenticationInfo.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,68 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.AccessController;
-import javax.security.auth.AuthPermission;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.AppConfigurationEntry;
-
-/** The login module configuration information.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class AuthenticationInfo
-{
- public static final AuthPermission GET_CONFIG_ENTRY_PERM = new AuthPermission("getLoginConfiguration");
- public static final AuthPermission SET_CONFIG_ENTRY_PERM = new AuthPermission("setLoginConfiguration");
- private AppConfigurationEntry[] loginModules;
- private CallbackHandler callbackHandler;
-
- /** Get an application authentication configuration. This requires an
- AuthPermission("getLoginConfiguration") access.
- */
- public AppConfigurationEntry[] getAppConfigurationEntry()
- {
- AccessController.checkPermission(GET_CONFIG_ENTRY_PERM);
- return loginModules;
- }
- /** Set an application authentication configuration. This requires an
- AuthPermission("setLoginConfiguration") access.
- */
- public void setAppConfigurationEntry(AppConfigurationEntry[] loginModules)
- {
- AccessController.checkPermission(SET_CONFIG_ENTRY_PERM);
- this.loginModules = loginModules;
- }
-
- /**
- */
- public CallbackHandler getAppCallbackHandler()
- {
- return callbackHandler;
- }
- public void setAppCallbackHandler(CallbackHandler handler)
- {
- this.callbackHandler = handler;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationInfo.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationInfo.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationInfo.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,193 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.CodeSource;
-import java.security.Permission;
-import java.security.PermissionCollection;
-import java.security.Permissions;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Set;
-import javax.security.auth.Subject;
-
-/**
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class AuthorizationInfo
-{
- private static Set emptySet = new HashSet();
- private ArrayList policyMap = new ArrayList();
- private PolicyEntry[] policyEntries;
-
- /** An inner class that represents a grant entry in policyMap. It is composed
- *of a CodeSource and an array of Prinicpals along with the granted
- *permissions.
- */
- static class PolicyEntry
- {
- private CodeSource cs;
- private Principal[] principals;
- private ArrayList permissions;
-
- PolicyEntry(CodeSource cs, Principal[] principals, ArrayList permissions)
- {
- this.cs = cs;
- this.principals = principals;
- this.permissions = permissions;
- }
-
- public void getPermissions(PermissionCollection perms)
- {
- int length = permissions == null ? 0 : permissions.size();
- for(int n = 0; n < length; n ++)
- {
- Permission permission = (Permission) permissions.get(n);
- perms.add(permission);
- }
- }
-
- public boolean implies(CodeSource codesrc, Set subjectPrincipals)
- {
- boolean implies = false;
- // Check codesources
- if( this.cs == codesrc )
- { // Both null or the same object
- implies = true;
- }
- else if( this.cs != null && codesrc != null && this.cs.implies(codesrc) )
- {
- implies = true;
- }
-
- // Check Principals
- if( implies == true )
- {
- if( this.principals != null )
- { // Every one of our principals must be in subjectPrincipals
- for(int p = 0; p < this.principals.length; p ++)
- {
- if( subjectPrincipals.contains(this.principals[p]) == false )
- {
- implies = false;
- break;
- }
- }
- }
- }
-
- return implies;
- }
- public boolean equals(Object obj)
- {
- PolicyEntry key = (PolicyEntry) obj;
- boolean equals = this.cs == key.cs;
- if( equals == false )
- {
- if( this.cs != null && key.cs != null )
- equals = this.cs.equals(key.cs);
- if( equals == true )
- { // Every principal in this must equal
- if( this.principals != null && key.principals != null && this.principals.length == key.principals.length )
- {
- for(int p = 0; p < this.principals.length; p ++)
- {
- if( this.principals[p].equals(key.principals[p]) == false )
- {
- equals = false;
- break;
- }
- }
- }
- else if( this.principals != null || key.principals != null )
- {
- equals = false;
- }
- }
- }
- return equals;
- }
- public int hashCode()
- {
- int hashCode = 0;
- if( cs != null )
- hashCode = cs.hashCode();
- int length = (this.principals == null ? 0 : this.principals.length);
- for(int p = 0; p < length; p ++)
- {
- hashCode += this.principals[p].hashCode();
- }
- return hashCode;
- }
-
- public String toString()
- {
- StringBuffer buffer = new StringBuffer();
- buffer.append("cs=");
- buffer.append(cs);
- buffer.append("; principals=");
- for(int p = 0; principals != null && p < principals.length; p ++)
- buffer.append(principals[p]);
- buffer.append("; permissions=");
- buffer.append(permissions);
- return buffer.toString();
- }
- }
-
- public AuthorizationInfo()
- {
- }
-
- public PermissionCollection getPermissions(Subject subject, CodeSource codesource)
- {
- PermissionCollection perms = new Permissions();
- Set subjectPrincipals = emptySet;
- if( subject != null )
- subjectPrincipals = subject.getPrincipals();
- for(int n = 0; n < policyMap.size(); n ++)
- {
- PolicyEntry entry = (PolicyEntry) policyMap.get(n);
- if( entry.implies(codesource, subjectPrincipals) == true )
- entry.getPermissions(perms);
- }
- return perms;
- }
-
- public String toString()
- {
- StringBuffer buffer = new StringBuffer("permissions:");
- return buffer.toString();
- }
-
- public void grant(CodeSource cs, ArrayList permissions)
- {
- grant(cs, permissions, null);
- }
- public void grant(CodeSource cs, ArrayList permissions, Principal[] principals)
- {
- PolicyEntry entry = new PolicyEntry(cs, principals, permissions);
- policyMap.add(entry);
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationManagerFactory.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationManagerFactory.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/AuthorizationManagerFactory.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,55 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security;
-
-import javax.management.MBeanServer;
-
-import org.jboss.logging.Logger;
-import org.jboss.mx.util.MBeanProxyExt;
-import org.jboss.mx.util.MBeanServerLocator;
-import org.jboss.security.plugins.AuthorizationManagerServiceMBean;
-
-//$Id$
-
-/**
- * Factory for obtaining the AuthorizationManager
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jan 4, 2006
- * @version $Revision$
- */
-public class AuthorizationManagerFactory
-{
- private static Logger log = Logger.getLogger(AuthorizationManagerFactory.class);
-
- public static AuthorizationManager getAuthorizationManager( String securityDomain)
- {
- log.debug("Enter getAuthorizationManager with securityDomain=" + securityDomain);
- AuthorizationManager manager = null;
- MBeanServer server = MBeanServerLocator.locateJBoss();
- AuthorizationManagerServiceMBean mbean =(AuthorizationManagerServiceMBean)
- MBeanProxyExt.create(AuthorizationManagerServiceMBean.class,
- AuthorizationManagerServiceMBean.OBJECT_NAME, server);
- manager = mbean.getAuthorizationManager(securityDomain);
- log.debug("return getAuthorizationManager=" + manager);
- return manager;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Encoder.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Encoder.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Encoder.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,264 +0,0 @@
-/*
- * Copyright (c) 2004 World Wide Web Consortium,
- *
- * (Massachusetts Institute of Technology, European Research Consortium for
- * Informatics and Mathematics, Keio University). All Rights Reserved. This
- * work is distributed under the W3C(r) Software License [1] in the hope that
- * it will be useful, but WITHOUT ANY WARRANTY; without even the implied
- * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * [1] http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
- */
-package org.jboss.security; // for the time being ...
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-/**
- * BASE64 encoder implementation.
- * Provides encoding methods, using the BASE64 encoding rules, as defined
- * in the MIME specification, <a href="http://ietf.org/rfc/rfc1521.txt">rfc1521</a>.
- *
- *
- * This class is a modified version based on code
- * obtained from the w3 consortium website,
- * which is subject to their generic copyright notice:
- *
- * <dl>
- * <dd><a href="http://www.w3.org/Consortium/Legal/">Copyright</a> � [$date-of-software] <a
- * HREF="http://www.w3.org/">World Wide Web Consortium</a>, (<a
- * HREF="http://www.lcs.mit.edu/">Massachusetts Institute of Technology</a>, <a
- * HREF="http://www.inria.fr/">Institut National de Recherche en Informatique et en
- * Automatique</a>, <a HREF="http://www.keio.ac.jp/">Keio University</a>). All Rights
- * Reserved. This program is distributed under the <a
- * HREF="http://www.w3.org/Consortium/Legal/copyright-software-19980720.html">W3C's Software
- * Intellectual Property License</a>. This program is distributed in the hope that it will be
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See W3C License <a
- * href="http://www.w3.org/Consortium/Legal/">http://www.w3.org/Consortium/Legal/</a> for
- * more details. </dd>
- *</dl>
- *
- *
- */
-public final class Base64Encoder
-{
- private static final int BUFFER_SIZE = 1024 ;
- private static final byte encoding[] =
- {
- (byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D',
- (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', // 0-7
- (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L',
- (byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', // 8-15
- (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T',
- (byte) 'U', (byte) 'V', (byte) 'W', (byte) 'X', // 16-23
- (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b',
- (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f', // 24-31
- (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j',
- (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', // 32-39
- (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r',
- (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', // 40-47
- (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z',
- (byte) '0', (byte) '1', (byte) '2', (byte) '3', // 48-55
- (byte) '4', (byte) '5', (byte) '6', (byte) '7',
- (byte) '8', (byte) '9', (byte) '+', (byte) '/', // 56-63
- (byte) '=' // 64
- };
-
-
- /**
- * Encodes data from supplied input to output.
- * @param in The input stream to be encoded.
- * @param out The output stream, to write encoded data to.
- */
- public static void encode(InputStream in, OutputStream out) throws IOException
- {
- process(in, out);
- }
-
- /**
- * Encode the supplied byte array and write the encoded
- * data to the OutputStream <i>out</i>.
- */
- public static void encode(byte input[], OutputStream out) throws IOException
- {
- ByteArrayInputStream in = new ByteArrayInputStream(input);
- process(in, out);
- }
-
- /**
- * Encode the given string,and return the encoded version as a string.
- *
- * @return A String, representing the encoded content of the input String.
- */
- public static String encode(String input) throws IOException
- {
- byte bytes[] ;
- bytes = input.getBytes("ISO-8859-1");
- return encode (bytes);
- }
-
- /**
- * Encode the given byte array and return the result as a string.
- */
- public static String encode(byte bytes[]) throws IOException
- {
- ByteArrayInputStream in = new ByteArrayInputStream(bytes);
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- process(in, out);
- return out.toString("ISO-8859-1");
- }
-
- /**
- * Run with one argument, prints the encoded version of it.
- * With two, the second is assumed to be the name of a MessageDigest to
- * be applied to the string before encoding (useful for generating
- * password hashes).
- * <p>
- * Alternatively, use the openssl utility, for example:
- * <p>
- * echo -n "password" | openssl dgst -sha1 -binary | openssl base64
- *
- */
- public static void main (String args[]) throws Exception
- {
- if(args.length == 1)
- {
- System.out.println ("["+ Base64Encoder.encode(args[0])+"]");
- // joe:eoj -> am9lOmVvag==
- // 12345678:87654321 -> MTIzNDU2Nzg6ODc2NTQzMjE=
- }
- else if (args.length == 2)
- {
- byte[] hash = java.security.MessageDigest.getInstance(args[1]).digest(args[0].getBytes());
- System.out.println ("["+ Base64Encoder.encode(hash)+"]");
- }
- else
- {
- System.out.println("Usage: Base64Encoder <string> <optional hash algorithm>");
- }
- }
-
-// Private ----------------------------------------------------------------
-
- private static int get1(byte buf[], int off)
- {
- return (buf[off] & 0xfc) >> 2 ;
- }
-
- private static int get2(byte buf[], int off)
- {
- return ((buf[off]&0x3) << 4) | ((buf[off+1]&0xf0) >>> 4) ;
- }
-
- private static int get3(byte buf[], int off)
- {
- return ((buf[off+1] & 0x0f) << 2) | ((buf[off+2] & 0xc0) >>> 6) ;
- }
-
- private static int get4(byte buf[], int off)
- {
- return buf[off+2] & 0x3f ;
- }
-
- /**
- * Process the data: encode the input stream to the output stream.
- * This method runs through the input stream, encoding it to the output
- * stream.
- * @exception IOException If we weren't able to access the input stream or
- * the output stream.
- */
- private static void process(InputStream in, OutputStream out) throws IOException
- {
- byte buffer[] = new byte[BUFFER_SIZE] ;
- int got = -1 ;
- int off = 0 ;
- int count = 0 ;
- while ((got = in.read(buffer, off, BUFFER_SIZE-off)) > 0)
- {
- if ( got >= 3 )
- {
- got += off;
- off = 0;
- while (off + 3 <= got)
- {
- int c1 = get1(buffer,off);
- int c2 = get2(buffer,off);
- int c3 = get3(buffer,off);
- int c4 = get4(buffer,off);
- switch (count)
- {
- case 73:
- out.write(encoding[c1]);
- out.write(encoding[c2]);
- out.write(encoding[c3]);
- out.write ('\n') ;
- out.write(encoding[c4]);
- count = 1 ;
- break ;
- case 74:
- out.write(encoding[c1]);
- out.write(encoding[c2]);
- out.write ('\n') ;
- out.write(encoding[c3]);
- out.write(encoding[c4]) ;
- count = 2 ;
- break ;
- case 75:
- out.write(encoding[c1]);
- out.write ('\n') ;
- out.write(encoding[c2]);
- out.write(encoding[c3]);
- out.write(encoding[c4]) ;
- count = 3 ;
- break ;
- case 76:
- out.write('\n') ;
- out.write(encoding[c1]);
- out.write(encoding[c2]);
- out.write(encoding[c3]);
- out.write(encoding[c4]);
- count = 4;
- break;
- default:
- out.write(encoding[c1]);
- out.write(encoding[c2]);
- out.write(encoding[c3]);
- out.write(encoding[c4]);
- count += 4;
- break;
- }
- off += 3;
- }
- // Copy remaining bytes to beginning of buffer:
- for ( int i = 0 ; i < 3 ;i++)
- buffer[i] = (i < got-off) ? buffer[off+i] : ((byte) 0);
- off = got-off ;
- }
- else
- {
- // Total read amount is less then 3 bytes:
- off += got;
- }
- }
- // Manage the last bytes, from 0 to off:
- switch (off) {
- case 1:
- out.write(encoding[get1(buffer, 0)]);
- out.write(encoding[get2(buffer, 0)]);
- out.write('=');
- out.write('=');
- break ;
- case 2:
- out.write(encoding[get1(buffer, 0)]);
- out.write(encoding[get2(buffer, 0)]);
- out.write(encoding[get3(buffer, 0)]);
- out.write('=');
- }
- return;
- }
-}
-
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Utils.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Utils.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/Base64Utils.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,184 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-/** Base64 encoding/decoding utilities
- *
- * @author Scott.Stark at jboss.org
- * @version $Revison:$
- */
-public class Base64Utils
-{
- private static final char[] base64Table =
- "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./".toCharArray();
- public static final String BASE64_ENCODING = "BASE64";
- public static final String BASE16_ENCODING = "HEX";
-
- // These functions assume that the byte array has MSB at 0, LSB at end.
- // Reverse the byte array (not the String) if this is not the case.
- // All base64 strings are in natural order, least significant digit last.
- public static String tob64(byte[] buffer)
- {
- boolean notleading = false;
- int len = buffer.length, pos = len % 3, c;
- byte b0 = 0, b1 = 0, b2 = 0;
- StringBuffer sb = new StringBuffer();
-
- switch(pos)
- {
- case 1:
- b2 = buffer[0];
- break;
- case 2:
- b1 = buffer[0];
- b2 = buffer[1];
- break;
- }
- do
- {
- c = (b0 & 0xfc) >>> 2;
- if(notleading || c != 0)
- {
- sb.append(base64Table[c]);
- notleading = true;
- }
- c = ((b0 & 3) << 4) | ((b1 & 0xf0) >>> 4);
- if(notleading || c != 0)
- {
- sb.append(base64Table[c]);
- notleading = true;
- }
- c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >>> 6);
- if(notleading || c != 0)
- {
- sb.append(base64Table[c]);
- notleading = true;
- }
- c = b2 & 0x3f;
- if(notleading || c != 0)
- {
- sb.append(base64Table[c]);
- notleading = true;
- }
- if(pos >= len)
- break;
- else
- {
- try
- {
- b0 = buffer[pos++];
- b1 = buffer[pos++];
- b2 = buffer[pos++];
- }
- catch(ArrayIndexOutOfBoundsException e)
- {
- break;
- }
- }
- } while(true);
-
- if(notleading)
- return sb.toString();
- else
- return "0";
- }
-
- public static byte[] fromb64(String str) throws NumberFormatException
- {
- int len = str.length();
- if(len == 0)
- throw new NumberFormatException("Empty Base64 string");
-
- byte[] a = new byte[len + 1];
- char c;
- int i, j;
-
- for(i = 0; i < len; ++i)
- {
- c = str.charAt(i);
- try
- {
- for(j = 0; c != base64Table[j]; ++j)
- ;
- } catch(Exception e)
- {
- throw new NumberFormatException("Illegal Base64 character");
- }
- a[i] = (byte) j;
- }
-
- i = len - 1;
- j = len;
- try
- {
- while(true)
- {
- a[j] = a[i];
- if(--i < 0)
- break;
- a[j] |= (a[i] & 3) << 6;
- --j;
- a[j] = (byte) ((a[i] & 0x3c) >>> 2);
- if(--i < 0)
- break;
- a[j] |= (a[i] & 0xf) << 4;
- --j;
- a[j] = (byte) ((a[i] & 0x30) >>> 4);
- if(--i < 0)
- break;
- a[j] |= (a[i] << 2);
-
- // Nasty, evil bug in Microsloth's Java interpreter under
- // Netscape: The following three lines of code are supposed
- // to be equivalent, but under the Windows NT VM (Netscape3.0)
- // using either of the two commented statements would cause
- // the zero to be placed in a[j] *before* decrementing j.
- // Weeeeird.
- a[j-1] = 0; --j;
- // a[--j] = 0;
- // --j; a[j] = 0;
-
- if(--i < 0)
- break;
- }
- }
- catch(Exception e)
- {
-
- }
-
- try
- {
- while(a[j] == 0)
- ++j;
- }
- catch(Exception e)
- {
- return new byte[1];
- }
-
- byte[] result = new byte[len - j + 1];
- System.arraycopy(a, j, result, 0, len - j + 1);
- return result;
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/CertificatePrincipal.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/CertificatePrincipal.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/CertificatePrincipal.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,42 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-
-/** An interface for converting an X509 cert to a Principal
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public interface CertificatePrincipal
-{
- /**
- * Return the Principal associated with the specified chain of X509
- * client certificates. If there is none, return <code>null</code>.
- *
- * @param certs Array of client certificates, with the first one in
- * the array being the certificate of the client itself.
- */
- public Principal toPrinicipal(X509Certificate[] certs);
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/ClientLoginModule.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/ClientLoginModule.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,271 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-
-/** A simple implementation of LoginModule for use by JBoss clients for
- the establishment of the caller identity and credentials. This simply sets
- the SecurityAssociation principal to the value of the NameCallback
- filled in by the CallbackHandler, and the SecurityAssociation credential
- to the value of the PasswordCallback filled in by the CallbackHandler.
-
- It has the following options:
- <ul>
- <li>multi-threaded=[true|false]
- When the multi-threaded option is set to true, the SecurityAssociation.setServer()
- so that each login thread has its own principal and credential storage.
- <li>restore-login-identity=[true|false]
- When restore-login-identity is true, the SecurityAssociation principal
- and credential seen on entry to the login() method are saved and restored
- on either abort or logout. When false (the default), the abort and logout
- simply clears the SecurityAssociation. A restore-login-identity of true is
- needed if one need to change identities and then restore the original
- caller identity.
- <li>password-stacking=tryFirstPass|useFirstPass
- When password-stacking option is set, this module first looks for a shared
- username and password using "javax.security.auth.login.name" and
- "javax.security.auth.login.password" respectively. This allows a module configured
- prior to this one to establish a valid username and password that should be passed
- to JBoss.
- </ul>
-
- @author <a href="mailto:on at ibis.odessa.ua">Oleg Nitz</a>
- @author Scott.Stark at jboss.org
- */
-public class ClientLoginModule implements LoginModule
-{
- private static Logger log = Logger.getLogger(ClientLoginModule.class);
- private Subject subject;
- private CallbackHandler callbackHandler;
- /** The principal set during login() */
- private Principal loginPrincipal;
- /** The credential set during login() */
- private Object loginCredential;
- /** Shared state between login modules */
- private Map sharedState;
- /** Flag indicating if the shared password should be used */
- private boolean useFirstPass;
- /** Flag indicating if the SecurityAssociation existing at login should
- be restored on logout.
- */
- private boolean restoreLoginIdentity;
- private boolean trace;
-
- /** Initialize this LoginModule. This checks for the options:
- multi-threaded
- restore-login-identity
- password-stacking
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
- {
- this.trace = log.isTraceEnabled();
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.sharedState = sharedState;
-
- //log securityDomain, if set.
- if(trace)
- log.trace("Security domain: " +
- (String)options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
-
- // Check for multi-threaded option
- String flag = (String) options.get("multi-threaded");
- if (Boolean.valueOf(flag).booleanValue() == true)
- {
- /* Turn on the server mode which uses thread local storage for
- the principal information.
- */
- if(trace)
- log.trace("Enabling multi-threaded mode");
- SecurityAssociationActions.setServer();
- }
-
- flag = (String) options.get("restore-login-identity");
- restoreLoginIdentity = Boolean.valueOf(flag).booleanValue();
- if(trace)
- log.trace("Enabling restore-login-identity mode");
-
- /* Check for password sharing options. Any non-null value for
- password_stacking sets useFirstPass as this module has no way to
- validate any shared password.
- */
- String passwordStacking = (String) options.get("password-stacking");
- useFirstPass = passwordStacking != null;
- if(trace && useFirstPass)
- log.trace("Enabling useFirstPass mode");
- }
-
- /**
- * Method to authenticate a Subject (phase 1).
- */
- public boolean login() throws LoginException
- {
- if( trace )
- log.trace("Begin login");
- // If useFirstPass is true, look for the shared password
- if (useFirstPass == true)
- {
- try
- {
- Object name = sharedState.get("javax.security.auth.login.name");
- if ((name instanceof Principal) == false)
- {
- String username = name != null ? name.toString() : "";
- loginPrincipal = new SimplePrincipal(username);
- } else
- {
- loginPrincipal = (Principal) name;
- }
- loginCredential = sharedState.get("javax.security.auth.login.password");
- return true;
- }
- catch (Exception e)
- { // Dump the exception and continue
- log.debug("Failed to obtain shared state", e);
- }
- }
-
- /* There is no password sharing or we are the first login module. Get
- the username and password from the callback hander.
- */
- if (callbackHandler == null)
- throw new LoginException("Error: no CallbackHandler available " +
- "to garner authentication information from the user");
-
- PasswordCallback pc = new PasswordCallback("Password: ", false);
- NameCallback nc = new NameCallback("User name: ", "guest");
- Callback[] callbacks = {nc, pc};
- try
- {
- String username;
- char[] password = null;
- char[] tmpPassword;
-
- callbackHandler.handle(callbacks);
- username = nc.getName();
- loginPrincipal = new SimplePrincipal(username);
- tmpPassword = pc.getPassword();
- if (tmpPassword != null)
- {
- password = new char[tmpPassword.length];
- System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
- pc.clearPassword();
- }
- loginCredential = password;
- if( trace )
- {
- String credType = "null";
- if( loginCredential != null )
- credType = loginCredential.getClass().getName();
- log.trace("Obtained login: "+loginPrincipal
- +", credential.class: " + credType);
- }
- }
- catch (IOException ioe)
- {
- LoginException ex = new LoginException(ioe.toString());
- ex.initCause(ioe);
- throw ex;
- }
- catch (UnsupportedCallbackException uce)
- {
- LoginException ex = new LoginException("Error: " + uce.getCallback().toString() +
- ", not able to use this callback for username/password");
- ex.initCause(uce);
- throw ex;
- }
- if( trace )
- log.trace("End login");
- return true;
- }
-
- /**
- * Method to commit the authentication process (phase 2).
- */
- public boolean commit() throws LoginException
- {
- if( trace )
- log.trace("commit, subject="+subject);
- // Set the login principal and credential and subject
- SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
-
- // Add the login principal to the subject if is not there
- Set principals = subject.getPrincipals();
- if (principals.contains(loginPrincipal) == false)
- principals.add(loginPrincipal);
- return true;
- }
-
- /**
- * Method to abort the authentication process (phase 2).
- */
- public boolean abort() throws LoginException
- {
- if( trace )
- log.trace("abort");
- if( restoreLoginIdentity == true )
- {
- SecurityAssociationActions.popPrincipalInfo();
- }
- else
- {
- // Clear the entire security association stack
- SecurityAssociationActions.clear();
- }
-
- return true;
- }
-
- public boolean logout() throws LoginException
- {
- if( trace )
- log.trace("logout");
- if( restoreLoginIdentity == true )
- {
- SecurityAssociationActions.popPrincipalInfo();
- }
- else
- {
- // Clear the entire security association stack
- SecurityAssociationActions.clear();
- }
- Set principals = subject.getPrincipals();
- principals.remove(loginPrincipal);
- return true;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/IAppPolicyStore.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/IAppPolicyStore.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/IAppPolicyStore.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,41 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-
-/** An interface describing an AppPolicy security store. It is used by
-the SecurityPolicy class to isolate the source of security information
-from the SecurityPolicy.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public interface IAppPolicyStore
-{
- public AppPolicy getAppPolicy(String appName);
- public void refresh();
-
- /** @link aggregation
- * @supplierCardinality 1..*
- * @clientCardinality 1*/
- /*#AppPolicy lnkAppPolicy;*/
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/NestableGroup.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/NestableGroup.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/NestableGroup.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,165 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.LinkedList;
-
-//$Id$
-
-/** An implementation of Group that allows that acts as a stack of Groups
-with a single Group member active at any time.
-When one adds a Group to a NestableGroup the Group is pushed onto
-the active Group stack and any of the Group methods operate as though the
-NestableGroup contains only the Group. When removing the Group that
-corresponds to the active Group, the active Group is popped from the stack and
-the new active Group is set to the new top of the stack.
-
-The typical usage of this class is when doing a JAAS LoginContext login
-to runAs a new Principal with a new set of roles that should be added
-without destroying the current identity and roles.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class NestableGroup extends SimplePrincipal implements Group, Cloneable
-{
- /** The serialVersionUID */
- private static final long serialVersionUID = 1752783303935807441L;
- /** The stack of the Groups. Elements are pushed/poped by
- inserting/removing element 0.
- */
- private LinkedList rolesStack;
-
- /** Creates new NestableGroup with the given name
- */
- public NestableGroup(String name)
- {
- super(name);
- rolesStack = new LinkedList();
- }
-
-// --- Begin Group interface methods
- /** Returns an enumeration that contains the single active Principal.
- @return an Enumeration of the single active Principal.
- */
- public Enumeration members()
- {
- return new IndexEnumeration();
- }
-
- /** Removes the first occurence of user from the Principal stack.
-
- @param user the principal to remove from this group.
- @return true if the principal was removed, or
- * false if the principal was not a member.
- */
- public boolean removeMember(Principal user)
- {
- return rolesStack.remove(user);
- }
-
- /** Pushes the group onto the Group stack and makes it the active
- Group.
- @param group the instance of Group that contains the roles to set as the
- active Group.
- @exception IllegalArgumentException thrown if group is not an instance of Group.
- @return true always.
- */
- public boolean addMember(Principal group) throws IllegalArgumentException
- {
- if( (group instanceof Group) == false )
- throw new IllegalArgumentException("The addMember argument must be a Group");
-
- rolesStack.addFirst(group);
- return true;
- }
-
- /** Returns true if the passed principal is a member of the active group.
- This method does a recursive search, so if a principal belongs to a
- group which is a member of this group, true is returned.
-
- @param member the principal whose membership is to be checked.
-
- @return true if the principal is a member of this group, false otherwise.
- */
- public boolean isMember(Principal member)
- {
- if( rolesStack.size() == 0 )
- return false;
- Group activeGroup = (Group) rolesStack.getFirst();
- boolean isMember = activeGroup.isMember(member);
- return isMember;
- }
-
- public String toString()
- {
- StringBuffer tmp = new StringBuffer(getName());
- tmp.append("(members:");
- Enumeration iter = members();
- while( iter.hasMoreElements() )
- {
- tmp.append(iter.nextElement());
- tmp.append(',');
- }
- tmp.setCharAt(tmp.length()-1, ')');
- return tmp.toString();
- }
-
- public synchronized Object clone() throws CloneNotSupportedException
- {
- NestableGroup clone = (NestableGroup) super.clone();
- if(clone != null)
- clone.rolesStack = (LinkedList)this.rolesStack.clone();
- return clone;
- }
-
-// --- End Group interface methods
-
- private class IndexEnumeration implements Enumeration
- {
- private Enumeration iter;
-
- IndexEnumeration()
- {
- if( rolesStack.size() > 0 )
- {
- Group grp = (Group) rolesStack.get(0);
- iter = grp.members();
- }
- }
- public boolean hasMoreElements()
- {
- boolean hasMore = iter != null && iter.hasMoreElements();
- return hasMore;
- }
- public Object nextElement()
- {
- Object next = null;
- if( iter != null )
- next = iter.nextElement();
- return next;
- }
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/NestablePrincipal.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/NestablePrincipal.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/NestablePrincipal.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,142 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.LinkedList;
-
-//$Id$
-
-/** An implementation of Group that allows that acts as a stack of Principals
-with a single Principal Group member active at any time.
-When one adds a Principal to a NestablePrincipal the Principal is pushed onto
-the active Princpal stack and any of the Group methods operate as though the
-Group contains only the Principal. When removing the Principal that corresponds
-to the active Principal, the active Principal is popped from the stack and
-the new active Principal is effectively set to the new top of the stack.
-
-The typical usage of this class is when doing a JAAS LoginContext login
-to runAs a new Principal with a new CallerPrincipal identity
-without destroying the current CallerPrincipal identity and roles.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class NestablePrincipal extends SimplePrincipal implements Group, Cloneable
-{
- /** The serialVersionUID */
- private static final long serialVersionUID = 4628473920470890923L;
-
- /** The stack of the Principals. Elements are pushed/poped by
- inserting/removing element 0.
- */
- private LinkedList principalStack;
-
- /** Creates new NestablePrincipal with the given name
- */
- public NestablePrincipal(String name)
- {
- super(name);
- principalStack = new LinkedList();
- }
-
-// --- Begin Group interface methods
- /** Returns an enumeration that contains the single active Principal.
- @return an Enumeration of the single active Principal.
- */
- public Enumeration members()
- {
- return new IndexEnumeration();
- }
-
- /** Removes the first occurence of user from the Principal stack.
-
- @param user the principal to remove from this group.
- @return true if the principal was removed, or
- * false if the principal was not a member.
- */
- public boolean removeMember(Principal user)
- {
- return principalStack.remove(user);
- }
-
- /** Pushes the user onto the Principal stack and makes it the active
- Principal.
- @return true always.
- */
- public boolean addMember(Principal user)
- {
- principalStack.addFirst(user);
- return true;
- }
-
- /**
- * Returns true if the passed principal is a member of the group.
- * This method does a recursive search, so if a principal belongs to a
- * group which is a member of this group, true is returned.
- *
- * @param member the principal whose membership is to be checked.
- *
- * @return true if the principal is a member of this group,
- * false otherwise.
- */
- public boolean isMember(Principal member)
- {
- if( principalStack.size() == 0 )
- return false;
-
- Object activePrincipal = principalStack.getFirst();
- return member.equals(activePrincipal);
- }
-
- public synchronized Object clone() throws CloneNotSupportedException
- {
- NestablePrincipal clone = (NestablePrincipal) super.clone();
- if(clone != null)
- clone.principalStack = (LinkedList)this.principalStack.clone();
- return clone;
- }
-
-// --- End Group interface methods
-
- private class IndexEnumeration implements Enumeration
- {
- private boolean hasMoreElements;
-
- IndexEnumeration()
- {
- hasMoreElements = principalStack.size() > 0;
- }
- public boolean hasMoreElements()
- {
- return hasMoreElements;
- }
- public Object nextElement()
- {
- Object next = principalStack.getFirst();
- hasMoreElements = false;
- return next;
- }
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/NobodyPrincipal.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/NobodyPrincipal.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/NobodyPrincipal.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,82 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-
-/** An implementation of Principal and Comparable that represents no role.
-Any Principal or name of a Principal when compared to an NobodyPrincipal
-using {@link #equals(Object) equals} or {@link #compareTo(Object) compareTo}
-will always be found not equal to the NobodyPrincipal.
-
-Note that this class is not likely to operate correctly in a collection
-since the hashCode() and equals() methods are not correlated.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class NobodyPrincipal implements Comparable, Principal
-{
- public static final String NOBODY = "<NOBODY>";
- public static final NobodyPrincipal NOBODY_PRINCIPAL = new NobodyPrincipal();
-
- public int hashCode()
- {
- return NOBODY.hashCode();
- }
-
- /**
- @return "<NOBODY>"
- */
- public String getName()
- {
- return NOBODY;
- }
-
- public String toString()
- {
- return NOBODY;
- }
-
- /** This method always returns 0 to indicate equality for any argument.
- This is only meaningful when comparing against other Principal objects
- or names of Principals.
-
- @return false to indicate inequality for any argument.
- */
- public boolean equals(Object another)
- {
- return false;
- }
-
- /** This method always returns 1 to indicate inequality for any argument.
- This is only meaningful when comparing against other Principal objects
- or names of Principals.
-
- @return 1 to indicate inequality for any argument.
- */
- public int compareTo(Object o)
- {
- return 1;
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/RunAsIdentity.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/RunAsIdentity.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/RunAsIdentity.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,156 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-//$Id$
-
-/**
- * The RunAsIdentity is a Principal that associates the run-as principal
- * with his run-as role(s).
- *
- * @author Thomas.Diesler at jboss.org
- * @author Scott.Stark at jboss.org
- * @author Anil.Saldhana at jboss.org
- * @version $Revision$
- */
-public class RunAsIdentity extends SimplePrincipal implements Cloneable
-{
- /** @since 4.0.2 */
- private static final long serialVersionUID = -3236178735180485083L;
-
- /** The run-as role principals */
- private HashSet runAsRoles = new HashSet();
- private HashSet principalsSet;
-
- private static final String ANOYMOUS_PRINCIPAL = "anonymous";
-
- /**
- * Construct an inmutable instance of a RunAsIdentity
- */
- public RunAsIdentity(String roleName, String principalName)
- {
- // we don't support run-as credetials
- super(principalName != null ? principalName : ANOYMOUS_PRINCIPAL);
-
- if (roleName == null)
- throw new IllegalArgumentException("The run-as identity must have at least one role");
-
- runAsRoles.add(new SimplePrincipal(roleName));
- }
-
- /**
- * Construct an inmutable instance of a RunAsIdentity
- */
- public RunAsIdentity(String roleName, String principalName, Set extraRoleNames)
- {
- this(roleName, principalName);
-
- // these come from the assembly-descriptor
- if (extraRoleNames != null)
- {
- Iterator it = extraRoleNames.iterator();
- while (it.hasNext())
- {
- String extraRoleName = (String) it.next();
- runAsRoles.add(new SimplePrincipal(extraRoleName));
- }
- }
- }
-
- /**
- Return a set with the configured run-as role
- @return Set<Principal> for the run-as roles
- */
- public Set getRunAsRoles()
- {
- return new HashSet(runAsRoles);
- }
-
- /**
- Return a set with the configured run-as principal and a Group("Roles")
- with teh run-as roles
-
- @return Set<Principal> for the run-as principal and roles
- */
- public synchronized Set getPrincipalsSet()
- {
- if( principalsSet == null )
- {
- principalsSet = new HashSet();
- principalsSet.add(this);
- SimpleGroup roles = new SimpleGroup("Roles");
- principalsSet.add(roles);
- Iterator iter = runAsRoles.iterator();
- while( iter.hasNext() )
- {
- Principal role = (Principal) iter.next();
- roles.addMember(role);
- }
- }
- return principalsSet;
- }
-
- public boolean doesUserHaveRole(Principal role)
- {
- return runAsRoles.contains(role);
- }
-
- /**
- * True if the run-as principal has any of the method roles
- */
- public boolean doesUserHaveRole(Set methodRoles)
- {
- Iterator it = methodRoles.iterator();
- while (it.hasNext())
- {
- Principal role = (Principal) it.next();
- if (doesUserHaveRole(role))
- return true;
- }
- return false;
- }
-
- /**
- * Returns a string representation of the object.
- * @return a string representation of the object.
- */
- public String toString()
- {
- return "[roles=" + runAsRoles + ",principal=" + getName() + "]";
- }
-
- public synchronized Object clone() throws CloneNotSupportedException
- {
- RunAsIdentity clone = (RunAsIdentity) super.clone();
- if(clone != null)
- {
- clone.principalsSet = (HashSet)this.principalsSet.clone();
- clone.runAsRoles = (HashSet)this.runAsRoles.clone();
- }
- return clone;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityActions.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityActions.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityActions.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,81 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-/**
- * Priviledged actions for this package
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-class SecurityActions
-{
- interface SystemPropertyAction
- {
- SystemPropertyAction PRIVILEGED = new SystemPropertyAction()
- {
- public String getProperty(final String name, final String defaultValue)
- {
- String prop = (String) AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- String p = System.getProperty(name, defaultValue);
- return p;
- }
- }
- );
- return prop;
- }
- };
-
- SystemPropertyAction NON_PRIVILEGED = new SystemPropertyAction()
- {
- public String getProperty(final String name, final String defaultValue)
- {
- String prop = System.getProperty(name, defaultValue);
- return prop;
- }
- };
-
- String getProperty(final String name, final String defaultValue);
- }
-
- static String getProperty(final String name, final String defaultValue)
- {
- SecurityManager sm = System.getSecurityManager();
- String prop;
- if( sm != null )
- {
- prop = SystemPropertyAction.PRIVILEGED.getProperty(name, defaultValue);
- }
- else
- {
- prop = SystemPropertyAction.NON_PRIVILEGED.getProperty(name, defaultValue);
- }
- return prop;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociation.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociation.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociation.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,928 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-
-import javax.security.auth.Subject;
-
-import org.jboss.logging.Logger;
-
-/**
- * The SecurityAssociation class maintains the security principal and
- * credentials. This can be done on either a singleton basis or a thread local
- * basis depending on the server property. When the server property has been set
- * to true, the security information is maintained in thread local storage. The
- * type of thread local storage depends on the org.jboss.security.SecurityAssociation.ThreadLocal
- * property. If this property is true, then the thread local storage object is
- * of type java.lang.ThreadLocal which results in the current thread's security
- * information NOT being propagated to child threads.
- *
- * When the property is false or does not exist, the thread local storage object
- * is of type java.lang.InheritableThreadLocal, and any threads spawned by the
- * current thread will inherit the security information of the current thread.
- * Subseqent changes to the current thread's security information are NOT
- * propagated to any previously spawned child threads.
- *
- * When the server property is false, security information is maintained in
- * class variables which makes the information available to all threads within
- * the current VM.
- *
- * Note that this is not a public API class. Its an implementation detail that
- * is subject to change without notice.
- *
- * @author Daniel O'Connor (docodan at nycap.rr.com)
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public final class SecurityAssociation
-{
- private static Logger log = Logger.getLogger(SecurityAssociation.class);
- /**
- * A flag indicating if trace level logging should be performed
- */
- private static boolean trace;
- /**
- * A flag indicating if security information is global or thread local
- */
- private static boolean server;
- /**
- * The SecurityAssociation principal used when the server flag is false
- */
- private static Principal principal;
- /**
- * The SecurityAssociation credential used when the server flag is false
- */
- private static Object credential;
-
- /**
- * The SecurityAssociation principal used when the server flag is true
- */
- private static ThreadLocal threadPrincipal;
- /**
- * The SecurityAssociation credential used when the server flag is true
- */
- private static ThreadLocal threadCredential;
- /**
- * The SecurityAssociation HashMap<String, Object>
- */
- private static ThreadLocal threadContextMap;
-
- /**
- * Thread local stacks of run-as principal roles used to implement J2EE
- * run-as identity propagation
- */
- private static RunAsThreadLocalStack threadRunAsStacks;
- /**
- * Thread local stacks of authenticated subject used to control the current
- * caller security context
- */
- private static SubjectThreadLocalStack threadSubjectStacks;
-
- /**
- * The permission required to access getPrincpal, getCredential
- */
- private static final RuntimePermission getPrincipalInfoPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo");
- /**
- * The permission required to access getSubject
- */
- private static final RuntimePermission getSubjectPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.getSubject");
- /**
- * The permission required to access setPrincpal, setCredential, setSubject
- * pushSubjectContext, popSubjectContext
- */
- private static final RuntimePermission setPrincipalInfoPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo");
- /**
- * The permission required to access setServer
- */
- private static final RuntimePermission setServerPermission =
- new RuntimePermission("org.jboss.security.SecurityAssociation.setServer");
- /**
- * The permission required to access pushRunAsIdentity/popRunAsIdentity
- */
- private static final RuntimePermission setRunAsIdentity =
- new RuntimePermission("org.jboss.security.SecurityAssociation.setRunAsRole");
- /**
- * The permission required to get the current security context info
- */
- private static final RuntimePermission getContextInfo =
- new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "get");
- /**
- * The permission required to set the current security context info
- */
- private static final RuntimePermission setContextInfo =
- new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "set");
-
- static
- {
- String flag = SecurityActions.getProperty("org.jboss.security.SecurityAssociation.ThreadLocal", "false");
- boolean useThreadLocal = Boolean.valueOf(flag).booleanValue();
- log.debug("Using ThreadLocal: "+useThreadLocal);
-
- trace = log.isTraceEnabled();
- if (useThreadLocal)
- {
- threadPrincipal = new ThreadLocal();
- threadCredential = new ThreadLocal();
- threadContextMap = new ThreadLocal()
- {
- protected Object initialValue()
- {
- return new HashMap();
- }
- };
- }
- else
- {
- threadPrincipal = new InheritableThreadLocal();
- threadCredential = new InheritableThreadLocal();
- threadContextMap = new HashMapInheritableLocal();
- }
- threadRunAsStacks = new RunAsThreadLocalStack(useThreadLocal);
- threadSubjectStacks = new SubjectThreadLocalStack(useThreadLocal);
- }
-
- /**
- * Get the current authentication principal information. If a security
- * manager is present, then this method calls the security manager's
- * <code>checkPermission</code> method with a
- * <code>RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @return Principal, the current principal identity.
- */
- public static Principal getPrincipal()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- Principal thePrincipal = principal;
-
-
- if (server)
- thePrincipal = (Principal) threadPrincipal.get();
-
- if( trace )
- log.trace("getPrincipal, principal="+thePrincipal);
-
- return thePrincipal;
- }
-
- /**
- * Get the caller's principal. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- *
- * @return Principal, the current principal identity.
- */
- public static Principal getCallerPrincipal()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- Principal thePrincipal = peekRunAsIdentity(1);
- if( thePrincipal == null )
- {
- if (server)
- thePrincipal = (Principal) threadPrincipal.get();
- else
- thePrincipal = principal;
- }
- if( trace )
- log.trace("getCallerPrincipal, principal="+thePrincipal);
- return thePrincipal;
- }
-
- /**
- * Get the current authentication credential information. This can be of any type
- * including: a String password, a char[] password, an X509 cert, etc. If a
- * security manager is present, then this method calls the security manager's
- * <code>checkPermission</code> method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @return Object, the credential that proves the principal identity.
- */
- public static Object getCredential()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- if (server)
- return threadCredential.get();
- else
- return credential;
- }
-
- /**
- * Get the current Subject information. If a security manager is present,
- * then this method calls the security manager's checkPermission method with
- * a RuntimePermission("org.jboss.security.SecurityAssociation.getSubject")
- * permission to ensure it's ok to access principal information. If not, a
- * SecurityException will be thrown. Note that this method does not consider
- * whether or not a run-as identity exists. For access to this information
- * see the JACC PolicyContextHandler registered under the key
- * "javax.security.auth.Subject.container"
- * @return Subject, the current Subject identity.
- * @see javax.security.jacc.PolicyContext#getContext(String)
- */
- public static Subject getSubject()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getSubjectPermission);
-
- SubjectContext sc = threadSubjectStacks.peek();
- if( trace )
- log.trace("getSubject, sc="+sc);
- Subject subject = null;
- if( sc != null )
- subject = sc.getSubject();
- return subject;
- }
-
- /**
- * Set the current principal information. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @param principal - the current principal identity.
- */
- public static void setPrincipal(Principal principal)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if (trace)
- log.trace("setPrincipal, p=" + principal + ", server=" + server);
- if (server)
- {
- threadPrincipal.set(principal);
- }
- else
- SecurityAssociation.principal = principal;
- // Integrate with the new SubjectContext
- SubjectContext sc = threadSubjectStacks.peek();
- if( sc == null )
- {
- // There is no active security context
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- else if( (sc.getFlags() & SubjectContext.PRINCIPAL_WAS_SET) != 0 )
- {
- // The current security context has its principal set
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- sc.setPrincipal(principal);
- if (trace)
- log.trace("setPrincipal, sc="+sc);
- }
-
- /**
- * Set the current principal credential information. This can be of any type
- * including: a String password, a char[] password, an X509 cert, etc.
- *
- * If a security manager is present, then this method calls the security
- * manager's <code>checkPermission</code> method with a <code>
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @param credential - the credential that proves the principal identity.
- */
- public static void setCredential(Object credential)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if (server)
- threadCredential.set(credential);
- else
- SecurityAssociation.credential = credential;
- // Integrate with the new SubjectContext
- SubjectContext sc = threadSubjectStacks.peek();
- if( sc == null )
- {
- // There is no active security context
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- else if( (sc.getFlags() & SubjectContext.CREDENTIAL_WAS_SET) != 0 )
- {
- // The current security context has its principal set
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- sc.setCredential(credential);
- if (trace)
- log.trace("setCredential, sc="+sc);
- }
-
- /**
- * Set the current Subject information. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- * @param subject - the current identity.
- */
- public static void setSubject(Subject subject)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if (trace)
- log.trace("setSubject, s=" + subject + ", server=" + server);
- // Integrate with the new SubjectContext
- SubjectContext sc = threadSubjectStacks.peek();
- if( sc == null )
- {
- // There is no active security context
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- else if( (sc.getFlags() & SubjectContext.SUBJECT_WAS_SET) != 0 )
- {
- // The current security context has its subject set
- sc = new SubjectContext();
- threadSubjectStacks.push(sc);
- }
- sc.setSubject(subject);
- if (trace)
- log.trace("setSubject, sc="+sc);
- }
-
- /**
- * Get the current thread context info. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo",
- * "get") </code> permission to ensure it's ok to access context information.
- * If not, a <code>SecurityException</code> will be thrown.
- * @param key - the context key
- * @return the mapping for the key in the current thread context
- */
- public static Object getContextInfo(Object key)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getContextInfo);
-
- if(key == null)
- throw new IllegalArgumentException("key is null");
- HashMap contextInfo = (HashMap) threadContextMap.get();
- return contextInfo != null ? contextInfo.get(key) : null;
- }
-
- /**
- * Set the current thread context info. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo",
- * "set") </code> permission to ensure it's ok to access context information.
- * If not, a <code>SecurityException</code> will be thrown.
- * @param key - the context key
- * @param value - the context value to associate under key
- * @return the previous mapping for the key if one exists
- */
- public static Object setContextInfo(Object key, Object value)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setContextInfo);
-
- HashMap contextInfo = (HashMap) threadContextMap.get();
- return contextInfo.put(key, value);
- }
-
- /**
- * Push the current authenticated context. This sets the authenticated subject
- * along with the principal and proof of identity that was used to validate
- * the subject. This context is used for authorization checks. Typically
- * just the subject as seen by getSubject() is input into the authorization.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * permission.
- * @param subject - the authenticated subject
- * @param principal - the principal that was input into the authentication
- * @param credential - the credential that was input into the authentication
- */
- public static void pushSubjectContext(Subject subject,
- Principal principal, Object credential)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- // Set the legacy single-value access points
- if (server)
- {
- threadPrincipal.set(principal);
- threadCredential.set(credential);
- }
- else
- {
- SecurityAssociation.principal = principal;
- SecurityAssociation.credential = credential;
- }
- // Push the subject context
- SubjectContext sc = new SubjectContext(subject, principal, credential);
- threadSubjectStacks.push(sc);
- if (trace)
- log.trace("pushSubjectContext, subject=" + subject + ", sc="+sc);
- }
- /**
- * Push a duplicate of the current SubjectContext if one exists.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * permission.
- */
- public static void dupSubjectContext()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- SubjectContext sc = threadSubjectStacks.dup();
- if (trace)
- log.trace("dupSubjectContext, sc="+sc);
- }
-
- /**
- * Pop the current SubjectContext from the previous pushSubjectContext call
- * and return the pushed SubjectContext ig there was one.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * permission.
- * @return the SubjectContext pushed previously by a pushSubjectContext call
- */
- public static SubjectContext popSubjectContext()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- SubjectContext sc = threadSubjectStacks.pop();
- if (trace)
- {
- log.trace("popSubjectContext, sc="+sc);
- }
-
- Principal principal = null;
- Object credential = null;
-
- SubjectContext top = threadSubjectStacks.peek();
-
- if (top != null)
- {
- principal = top.getPrincipal();
- credential = top.getCredential();
- }
-
- if (server)
- {
- threadPrincipal.set(principal);
- threadCredential.set(credential);
- }
- else
- {
- SecurityAssociation.principal = principal;
- SecurityAssociation.credential = credential;
- }
-
- return sc;
- }
-
- /**
- * Look at the current thread of control's authenticated identity on the top
- * of the stack.
- * When run under a security manager this requires the
- * RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
- * permission.
- * @return the SubjectContext pushed previously by a pushSubjectContext call
- */
- public static SubjectContext peekSubjectContext()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(getPrincipalInfoPermission);
-
- return threadSubjectStacks.peek();
- }
-
- /**
- * Clear all principal information. If a security manager is present, then
- * this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- */
- public static void clear()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setPrincipalInfoPermission);
-
- if (trace)
- log.trace("clear, server=" + server);
- if (server == true)
- {
- threadPrincipal.set(null);
- threadCredential.set(null);
- }
- else
- {
- SecurityAssociation.principal = null;
- SecurityAssociation.credential = null;
- }
- // Remove all subject contexts
- threadSubjectStacks.clear();
- }
-
- /**
- * Push the current thread of control's run-as identity.
- */
- public static void pushRunAsIdentity(RunAsIdentity runAs)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setRunAsIdentity);
- if (trace)
- log.trace("pushRunAsIdentity, runAs=" + runAs);
-
- threadRunAsStacks.push(runAs);
- }
-
- /**
- * Pop the current thread of control's run-as identity.
- */
- public static RunAsIdentity popRunAsIdentity()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setRunAsIdentity);
- RunAsIdentity runAs = threadRunAsStacks.pop();
- if (trace)
- log.trace("popRunAsIdentity, runAs=" + runAs);
- return runAs;
- }
-
- /**
- * Look at the current thread of control's run-as identity on the top of the
- * stack.
- */
- public static RunAsIdentity peekRunAsIdentity()
- {
- return peekRunAsIdentity(0);
- }
-
- /**
- * Look at the current thread of control's run-as identity at the indicated
- * depth. Typically depth is either 0 for the identity the current caller
- * run-as that will be assumed, or 1 for the active run-as the previous
- * caller has assumed.
- * @return RunAsIdentity depth frames up.
- */
- public static RunAsIdentity peekRunAsIdentity(int depth)
- {
- RunAsIdentity runAs = threadRunAsStacks.peek(depth);
- return runAs;
- }
-
- /**
- * Set the server mode of operation. When the server property has been set to
- * true, the security information is maintained in thread local storage. This
- * should be called to enable property security semantics in any
- * multi-threaded environment where more than one thread requires that
- * security information be restricted to the thread's flow of control.
- *
- * If a security manager is present, then this method calls the security
- * manager's <code>checkPermission</code> method with a <code>
- * RuntimePermission("org.jboss.security.SecurityAssociation.setServer")
- * </code> permission to ensure it's ok to access principal information. If
- * not, a <code>SecurityException</code> will be thrown.
- */
- public static void setServer()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(setServerPermission);
-
- server = true;
- }
-
- /**
- * A subclass of ThreadLocal that implements a value stack using an ArrayList
- * and implements push, pop and peek stack operations on the thread local
- * ArrayList.
- */
- private static class RunAsThreadLocalStack
- {
- ThreadLocal local;
-
- RunAsThreadLocalStack(boolean threadLocal)
- {
- if( threadLocal == true )
- local = new ArrayListLocal();
- else
- local = new ArrayListInheritableLocal();
- }
-
- int size()
- {
- ArrayList stack = (ArrayList) local.get();
- return stack.size();
- }
-
- void push(RunAsIdentity runAs)
- {
- ArrayList stack = (ArrayList) local.get();
- stack.add(runAs);
- }
-
- RunAsIdentity pop()
- {
- ArrayList stack = (ArrayList) local.get();
- RunAsIdentity runAs = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- runAs = (RunAsIdentity) stack.remove(lastIndex);
- return runAs;
- }
-
- /**
- * Look for the first non-null run-as identity on the stack starting
- * with the value at depth.
- * @return The run-as identity if one exists, null otherwise.
- */
- RunAsIdentity peek(int depth)
- {
- ArrayList stack = (ArrayList) local.get();
- RunAsIdentity runAs = null;
- final int stackSize = stack.size();
- do
- {
- int index = stackSize - 1 - depth;
- if( index >= 0 )
- runAs = (RunAsIdentity) stack.get(index);
- depth ++;
- }
- while (runAs == null && depth <= stackSize - 1);
- return runAs;
- }
- }
-
- /**
- * The encapsulation of the authenticated subject
- */
- public static class SubjectContext
- {
- public static final int SUBJECT_WAS_SET = 1;
- public static final int PRINCIPAL_WAS_SET = 2;
- public static final int CREDENTIAL_WAS_SET = 4;
-
- private Subject subject;
- private Principal principal;
- private Object credential;
- private int flags;
-
- public SubjectContext()
- {
- this.flags = 0;
- }
- public SubjectContext(Subject s, Principal p, Object cred)
- {
- this.subject = s;
- this.principal = p;
- this.credential = cred;
- this.flags = SUBJECT_WAS_SET | PRINCIPAL_WAS_SET | CREDENTIAL_WAS_SET;
- }
-
- public Subject getSubject()
- {
- return subject;
- }
- public void setSubject(Subject subject)
- {
- this.subject = subject;
- this.flags |= SUBJECT_WAS_SET;
- }
-
- public Principal getPrincipal()
- {
- return principal;
- }
- public void setPrincipal(Principal principal)
- {
- this.principal = principal;
- this.flags |= PRINCIPAL_WAS_SET;
- }
-
- public Object getCredential()
- {
- return credential;
- }
- public void setCredential(Object credential)
- {
- this.credential = credential;
- this.flags |= CREDENTIAL_WAS_SET;
- }
-
- public int getFlags()
- {
- return this.flags;
- }
-
- public String toString()
- {
- StringBuffer tmp = new StringBuffer(super.toString());
- tmp.append("{principal=");
- tmp.append(principal);
- tmp.append(",subject=");
- if( subject != null )
- tmp.append(System.identityHashCode(subject));
- else
- tmp.append("null");
- tmp.append("}");
- return tmp.toString();
- }
- }
-
- private static class SubjectThreadLocalStack
- {
- ThreadLocal local;
-
- SubjectThreadLocalStack(boolean threadLocal)
- {
- if( threadLocal == true )
- local = new ArrayListLocal();
- else
- local = new ArrayListInheritableLocal();
- }
-
- int size()
- {
- ArrayList stack = (ArrayList) local.get();
- return stack.size();
- }
-
- void push(SubjectContext context)
- {
- ArrayList stack = (ArrayList) local.get();
- stack.add(context);
- }
-
- SubjectContext dup()
- {
- ArrayList stack = (ArrayList) local.get();
- SubjectContext context = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- {
- context = (SubjectContext) stack.get(lastIndex);
- stack.add(context);
- }
- return context;
- }
-
- SubjectContext pop()
- {
- ArrayList stack = (ArrayList) local.get();
- SubjectContext context = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- context = (SubjectContext) stack.remove(lastIndex);
- return context;
- }
-
- /**
- * Look for the first non-null run-as identity on the stack starting
- * with the value at depth.
- * @return The run-as identity if one exists, null otherwise.
- */
- SubjectContext peek()
- {
- ArrayList stack = (ArrayList) local.get();
- SubjectContext context = null;
- int lastIndex = stack.size() - 1;
- if (lastIndex >= 0)
- context = (SubjectContext) stack.get(lastIndex);
- return context;
- }
- /**
- * Remove all SubjectContext from the current thread stack
- */
- void clear()
- {
- ArrayList stack = (ArrayList) local.get();
- stack.clear();
- }
- }
-
- private static class ArrayListLocal extends ThreadLocal
- {
- protected Object initialValue()
- {
- return new ArrayList();
- }
-
- }
-
- private static class ArrayListInheritableLocal extends InheritableThreadLocal
- {
- /**
- * Override to make a copy of the parent as not doing so results in multiple
- * threads sharing the unsynchronized list of the parent thread.
- * @param parentValue - the parent ArrayList
- * @return a copy of the parent thread list
- */
- protected Object childValue(Object parentValue)
- {
- ArrayList list = (ArrayList) parentValue;
- /* It seems there are scenarios where the size can change during the copy so there is
- a fallback to an empty list here.
- */
- ArrayList copy = null;
- try
- {
- copy = new ArrayList(list);
- }
- catch(Throwable t)
- {
- log.debug("Failed to copy parent list, using new list");
- copy = new ArrayList();
- }
- return copy;
- }
-
- protected Object initialValue()
- {
- return new ArrayList();
- }
-
- }
- private static class HashMapInheritableLocal extends InheritableThreadLocal
- {
- /**
- * Override to make a copy of the parent as not doing so results in multiple
- * threads sharing the unsynchronized map of the parent thread.
- * @param parentValue - the parent HashMap
- * @return a copy of the parent thread map
- */
- protected Object childValue(Object parentValue)
- {
- HashMap map = (HashMap) parentValue;
- /* It seems there are scenarios where the size can change during the copy so there is
- a fallback to an empty map here.
- */
- HashMap copy = null;
- try
- {
- copy = new HashMap(map);
- }
- catch(Throwable t)
- {
- log.debug("Failed to copy parent map, using new map");
- copy = new HashMap();
- }
- return copy;
- }
-
- protected Object initialValue()
- {
- return new HashMap();
- }
-
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationActions.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationActions.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationActions.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,148 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.PrivilegedAction;
-import java.security.Principal;
-import java.security.AccessController;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityAssociation;
-
-/** A PrivilegedAction implementation for setting the SecurityAssociation
- * principal and credential
- *
- * @author Scott.Stark at jboss.org
- * @version $Revison:$
- */
-class SecurityAssociationActions
-{
- private static class SetPrincipalInfoAction implements PrivilegedAction
- {
- Principal principal;
- Object credential;
- Subject subject;
- SetPrincipalInfoAction(Principal principal, Object credential, Subject subject)
- {
- this.principal = principal;
- this.credential = credential;
- this.subject = subject;
- }
- public Object run()
- {
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
- credential = null;
- principal = null;
- subject = null;
- return null;
- }
- }
- private static class PopPrincipalInfoAction implements PrivilegedAction
- {
- public Object run()
- {
- SecurityAssociation.popSubjectContext();
- return null;
- }
- }
- private static class SetServerAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new SetServerAction();
- public Object run()
- {
- SecurityAssociation.setServer();
- return null;
- }
- }
- private static class ClearAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new ClearAction();
- public Object run()
- {
- SecurityAssociation.clear();
- return null;
- }
- }
- private static class GetSubjectAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetSubjectAction();
- public Object run()
- {
- Subject subject = SecurityAssociation.getSubject();
- return subject;
- }
- }
- private static class GetPrincipalAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetPrincipalAction();
- public Object run()
- {
- Principal principal = SecurityAssociation.getPrincipal();
- return principal;
- }
- }
- private static class GetCredentialAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetCredentialAction();
- public Object run()
- {
- Object credential = SecurityAssociation.getCredential();
- return credential;
- }
- }
-
- static void setPrincipalInfo(Principal principal, Object credential, Subject subject)
- {
- SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential, subject);
- AccessController.doPrivileged(action);
- }
- static void popPrincipalInfo()
- {
- PopPrincipalInfoAction action = new PopPrincipalInfoAction();
- AccessController.doPrivileged(action);
- }
- static void setServer()
- {
- AccessController.doPrivileged(SetServerAction.ACTION);
- }
- static void clear()
- {
- AccessController.doPrivileged(ClearAction.ACTION);
- }
- static Subject getSubject()
- {
- Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
- return subject;
- }
- static Principal getPrincipal()
- {
- Principal principal = (Principal) AccessController.doPrivileged(GetPrincipalAction.ACTION);
- return principal;
- }
- static Object getCredential()
- {
- Object credential = AccessController.doPrivileged(GetCredentialAction.ACTION);
- return credential;
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationAuthenticator.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationAuthenticator.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityAssociationAuthenticator.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,112 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.net.Authenticator;
-import java.net.PasswordAuthentication;
-import java.security.Principal;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-/** An implementation of Authenticator that obtains the username and password
- * from the current SecurityAssociation state.
- *
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class SecurityAssociationAuthenticator extends Authenticator
-{
- protected PasswordAuthentication getPasswordAuthentication()
- {
- SecurityActions sa = SecurityActions.UTIL.getSecurityActions();
- Principal principal = sa.getPrincipal();
- Object credential = sa.getCredential();
- String name = principal != null ? principal.getName() : null;
- char[] password = {};
- if( credential != null )
- {
- if( password.getClass().isInstance(credential) )
- password = (char[]) credential;
- else
- password = credential.toString().toCharArray();
- }
- PasswordAuthentication auth = new PasswordAuthentication(name, password);
- return auth;
- }
-
- interface SecurityActions
- {
- class UTIL
- {
- static SecurityActions getSecurityActions()
- {
- return System.getSecurityManager() == null ? NON_PRIVILEGED : PRIVILEGED;
- }
- }
-
- SecurityActions NON_PRIVILEGED = new SecurityActions()
- {
- public Principal getPrincipal()
- {
- return SecurityAssociation.getPrincipal();
- }
-
- public Object getCredential()
- {
- return SecurityAssociation.getCredential();
- }
- };
-
- SecurityActions PRIVILEGED = new SecurityActions()
- {
- private final PrivilegedAction getPrincipalAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getPrincipal();
- }
- };
-
- private final PrivilegedAction getCredentialAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getCredential();
- }
- };
-
- public Principal getPrincipal()
- {
- return (Principal)AccessController.doPrivileged(getPrincipalAction);
- }
-
- public Object getCredential()
- {
- return AccessController.doPrivileged(getCredentialAction);
- }
- };
-
- Principal getPrincipal();
-
- Object getCredential();
- }
-}
Modified: projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityContext.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityContext.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityContext.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -10,8 +10,8 @@
import java.util.Map;
import javax.security.auth.Subject;
-
-import org.jboss.security.audit.AuditContext;
+
+import org.jboss.security.audit.SecurityAuditManager;
import org.jboss.security.mapping.MappingContext;
@@ -93,7 +93,7 @@
* Return the AuditContext configured for the security domain
* @return
*/
- public abstract AuditContext getAuditContext();
+ public abstract SecurityAuditManager getAuditManager();
public abstract String getSecurityDomain();
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRoleRef.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRoleRef.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRoleRef.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,74 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security;
-
-//$Id$
-
-/**
- * Represents a Security Role Ref element in the deployment descriptor
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 21, 2006
- * @version $Revision$
- */
-public class SecurityRoleRef
-{
- private String name;
- private String link;
- private String description;
-
- public SecurityRoleRef(String name, String link, String description)
- {
- this.name = name;
- this.link = link;
- this.description = description;
- }
-
- /**
- * Get the description.
- *
- * @return the description.
- */
- public String getDescription()
- {
- return description;
- }
-
- /**
- * Get the link.
- *
- * @return the link.
- */
- public String getLink()
- {
- return link;
- }
-
- /**
- * Get the name.
- *
- * @return the name.
- */
- public String getName()
- {
- return name;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRolesAssociation.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRolesAssociation.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SecurityRolesAssociation.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,61 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.util.Map;
-
-import org.jboss.logging.Logger;
-
-/**
- * The SecurityRolesAssociation uses a ThreadLocal to accociatw the SecurityRoleMetaData
- * from the deployment with the current thread.
- *
- * @author Thomas.Diesler at jboss.org
- * @version $Revision$
- */
-public final class SecurityRolesAssociation
-{
- /** Thread local that holds the deployment security roles */
- private static ThreadLocal threadSecurityRoleMapping = new ThreadLocal();
-
- private static Logger log = Logger.getLogger(SecurityRolesAssociation.class);
-
- /**
- * Get the current map of SecurityRoleMetaData.
- * @return A Map that stores SecurityRoleMetaData by roleName
- */
- public static Map getSecurityRoles()
- {
- return (Map) threadSecurityRoleMapping.get();
- }
-
- /**
- * Get the current map of SecurityRoleMetaData.
- */
- public static void setSecurityRoles(Map securityRoles)
- {
- if(log.isTraceEnabled())
- log.trace("Setting threadlocal:"+securityRoles);
- threadSecurityRoleMapping.set(securityRoles);
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SimpleGroup.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SimpleGroup.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SimpleGroup.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,147 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.HashMap;
-
-/** An implementation of Group that manages a collection of Principal
-objects based on their hashCode() and equals() methods. This class
-is not thread safe.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class SimpleGroup extends SimplePrincipal implements Group, Cloneable
-{
- /** The serialVersionUID */
- private static final long serialVersionUID = 6051859639378507247L;
-
- private HashMap members;
-
- public SimpleGroup(String groupName)
- {
- super(groupName);
- members = new HashMap(3);
- }
-
- /** Adds the specified member to the group.
- @param user the principal to add to this group.
- @return true if the member was successfully added,
- false if the principal was already a member.
- */
- public boolean addMember(Principal user)
- {
- boolean isMember = members.containsKey(user);
- if( isMember == false )
- members.put(user, user);
- return isMember == false;
- }
- /** Returns true if the passed principal is a member of the group.
- This method does a recursive search, so if a principal belongs to a
- group which is a member of this group, true is returned.
-
- A special check is made to see if the member is an instance of
- org.jboss.security.AnybodyPrincipal or org.jboss.security.NobodyPrincipal
- since these classes do not hash to meaningful values.
- @param member the principal whose membership is to be checked.
- @return true if the principal is a member of this group,
- false otherwise.
- */
- public boolean isMember(Principal member)
- {
- // First see if there is a key with the member name
- boolean isMember = members.containsKey(member);
- if( isMember == false )
- { // Check the AnybodyPrincipal & NobodyPrincipal special cases
- isMember = (member instanceof org.jboss.security.AnybodyPrincipal);
- if( isMember == false )
- {
- if( member instanceof org.jboss.security.NobodyPrincipal )
- return false;
- }
- }
- if( isMember == false )
- { // Check any Groups for membership
- Collection values = members.values();
- Iterator iter = values.iterator();
- while( isMember == false && iter.hasNext() )
- {
- Object next = iter.next();
- if( next instanceof Group )
- {
- Group group = (Group) next;
- isMember = group.isMember(member);
- }
- }
- }
- return isMember;
- }
-
- /** Returns an enumeration of the members in the group.
- The returned objects can be instances of either Principal
- or Group (which is a subinterface of Principal).
- @return an enumeration of the group members.
- */
- public Enumeration members()
- {
- return Collections.enumeration(members.values());
- }
-
- /** Removes the specified member from the group.
- @param user the principal to remove from this group.
- @return true if the principal was removed, or
- false if the principal was not a member.
- */
- public boolean removeMember(Principal user)
- {
- Object prev = members.remove(user);
- return prev != null;
- }
-
- public String toString()
- {
- StringBuffer tmp = new StringBuffer(getName());
- tmp.append("(members:");
- Iterator iter = members.keySet().iterator();
- while( iter.hasNext() )
- {
- tmp.append(iter.next());
- tmp.append(',');
- }
- tmp.setCharAt(tmp.length()-1, ')');
- return tmp.toString();
- }
-
- public synchronized Object clone() throws CloneNotSupportedException
- {
- SimpleGroup clone = (SimpleGroup) super.clone();
- if(clone != null)
- clone.members = (HashMap)this.members.clone();
- return clone;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SimplePrincipal.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SimplePrincipal.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SimplePrincipal.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,73 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.security.Principal;
-
-/** A simple String based implementation of Principal. Typically
-a SimplePrincipal is created given a userID which is used
-as the Principal name.
-
- at author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
- at author Scott.Stark at jboss.org
-*/
-public class SimplePrincipal implements Principal, java.io.Serializable
-{
- private static final long serialVersionUID = 1L;
- private String name;
-
- public SimplePrincipal(String name)
- {
- this.name = name;
- }
-
- /** Compare this SimplePrincipal's name against another Principal
- @return true if name equals another.getName();
- */
- public boolean equals(Object another)
- {
- if( !(another instanceof Principal) )
- return false;
- String anotherName = ((Principal)another).getName();
- boolean equals = false;
- if( name == null )
- equals = anotherName == null;
- else
- equals = name.equals(anotherName);
- return equals;
- }
-
- public int hashCode()
- {
- return (name == null ? 0 : name.hashCode());
- }
-
- public String toString()
- {
- return name;
- }
-
- public String getName()
- {
- return name;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxy.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxy.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxy.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,155 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.UndeclaredThrowableException;
-import java.lang.reflect.Method;
-import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedActionException;
-import javax.security.auth.Subject;
-
-import org.jboss.security.SubjectSecurityManager;
-
-/** A subclass of AbstractSecurityProxy that executes as the currently
- authenticated subject within the invokeHomeOnDelegate and invokeOnDelegate
- methods. The current subject is accessed via the security manager passed
- to the init() method, which must be an instance of SubjectSecurityManager.
- This results in AccessController.checkPermission() calls made from within the
- security delegate methods to be based on the Subject's permissions.
-
- This is just an experiment with the JAAS Subject based permissions.
-
- @see javax.security.auth.Subject
- @see org.jboss.security.SubjectSecurityManager
-
- @author Scott.Stark at jboss.org
- @version $Revision$
- */
-public class SubjectSecurityProxy extends AbstractSecurityProxy
-{
- private SubjectSecurityManager subjectSecurityManager;
-
- SubjectSecurityProxy(Object delegate)
- {
- super(delegate);
- }
-
- public void init(Class beanHome, Class beanRemote, Object securityMgr)
- throws InstantiationException
- {
- init(beanHome, beanRemote, null, null, securityMgr);
- }
-
- public void init(Class beanHome, Class beanRemote,
- Class beanLocalHome, Class beanLocal, Object securityMgr)
- throws InstantiationException
- {
- if ((securityMgr instanceof SubjectSecurityManager) == false)
- {
- String msg = "SubjectSecurityProxy requires a SubjectSecurityManager"
- + " instance, securityMgr=" + securityMgr;
- throw new InstantiationException(msg);
- }
- subjectSecurityManager = (SubjectSecurityManager) securityMgr;
- super.init(beanHome, beanRemote, beanLocalHome, beanLocal, securityMgr);
- }
-
- protected void invokeHomeOnDelegate(final Method m, final Object[] args, final Object delegate)
- throws SecurityException
- { // Get authenticated subject and invoke invokeAsSubject in Subject.doAsPrivaledged() block...
- final Subject subject = subjectSecurityManager.getActiveSubject();
- if (subject == null)
- throw new SecurityException("No subject associated with secure proxy");
-
- try
- {
- Subject.doAsPrivileged(subject, new PrivilegedExceptionAction()
- {
- public Object run() throws Exception
- {
- m.invoke(delegate, args);
- return null;
- }
- },
- null
- );
- }
- catch (PrivilegedActionException e)
- {
- Throwable t = e.getException();
- if (t instanceof InvocationTargetException)
- {
- t = ((InvocationTargetException) t).getTargetException();
- }
- else if (t instanceof UndeclaredThrowableException)
- {
- t = ((UndeclaredThrowableException) t).getUndeclaredThrowable();
- }
- if (t instanceof SecurityException)
- throw (SecurityException) t;
- t.printStackTrace();
- throw new SecurityException("Unexpected error during security proxy execution:" + t.getMessage());
- }
- }
-
- protected void invokeOnDelegate(final Method m, final Object[] args, final Object delegate)
- throws Exception
- { // Get authenticated subject and invoke invokeAsSubject in Subject.doAsPrivaledged() block...
- final Subject subject = subjectSecurityManager.getActiveSubject();
- if (subject == null)
- throw new SecurityException("No subject associated with secure proxy");
-
- try
- {
- Subject.doAsPrivileged(subject, new PrivilegedExceptionAction()
- {
- public Object run() throws Exception
- {
- m.invoke(delegate, args);
- return null;
- }
- },
- null
- );
- }
- catch (PrivilegedActionException e)
- {
- Throwable t = e.getException();
- if (t instanceof InvocationTargetException)
- {
- // This is a declared exception, just throw it
- InvocationTargetException ex = (InvocationTargetException) t;
- t = ex.getTargetException();
- throw (Exception) t;
- }
- else if (t instanceof UndeclaredThrowableException)
- {
- t = ((UndeclaredThrowableException) t).getUndeclaredThrowable();
- }
- if (t instanceof SecurityException)
- throw (SecurityException) t;
- throw new SecurityException("Unexpected error during security proxy execution:" + t.getMessage());
- }
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxyFactory.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxyFactory.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/SubjectSecurityProxyFactory.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,42 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.io.Serializable;
-
-/** An implementation of SecurityProxyFactory that creates SubjectSecurityProxy
-objects to wrap the raw security proxy objects.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class SubjectSecurityProxyFactory implements SecurityProxyFactory, Serializable
-{
- private static final long serialVersionUID = 1L;
-
- public SecurityProxy create(Object proxyDelegate)
- {
- SecurityProxy proxy = new SubjectSecurityProxy(proxyDelegate);
- return proxy;
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/Util.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/Util.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/Util.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,706 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.io.Serializable;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.Security;
-import java.security.SecureRandom;
-import java.security.acl.Group;
-import java.util.Iterator;
-import java.util.Random;
-import java.util.Set;
-import javax.naming.InitialContext;
-import javax.security.auth.Subject;
-
-import org.jboss.crypto.JBossSXProvider;
-import org.jboss.crypto.digest.DigestCallback;
-import org.jboss.logging.Logger;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.SecurityConfiguration;
-
-/** Various security related utilities like MessageDigest
- factories, SecureRandom access, password hashing.
-
- This product includes software developed by Tom Wu and Eugene
- Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).
-
- @author Scott.Stark at jboss.org
- @version $Revision$
- */
-public class Util
-{
- private static Logger log = Logger.getLogger(Util.class);
- private static final int HASH_LEN = 20;
- public static final String BASE64_ENCODING = "BASE64";
- public static final String BASE16_ENCODING = "HEX";
- public static final String RFC2617_ENCODING = "RFC2617";
- /**
- The ASCII printable characters the MD5 digest maps to for RFC2617
- */
- private static char[] MD5_HEX = "0123456789abcdef".toCharArray();
-
- private static SecureRandom psuedoRng;
- private static MessageDigest sha1Digest;
- private static boolean initialized;
-
- public static void init() throws NoSuchAlgorithmException
- {
- if( initialized )
- return;
- init(null);
- }
- public static void init(byte[] prngSeed) throws NoSuchAlgorithmException
- {
- // Get an instance of the SHA-1 digest
- sha1Digest = MessageDigest.getInstance("SHA");
- // Get a cryptographically strong pseudo-random generator
- psuedoRng = SecureRandom.getInstance("SHA1PRNG");
- if( prngSeed != null )
- psuedoRng.setSeed(prngSeed);
- // Install the JBossSX security provider
- Provider provider = new JBossSXProvider();
- Security.addProvider(provider);
- initialized = true;
- }
-
- public static MessageDigest newDigest()
- {
- MessageDigest md = null;
- try
- {
- md = (MessageDigest) sha1Digest.clone();
- }
- catch(CloneNotSupportedException e)
- {
- }
- return md;
- }
- public static MessageDigest copy(MessageDigest md)
- {
- MessageDigest copy = null;
- try
- {
- copy = (MessageDigest) md.clone();
- }
- catch(CloneNotSupportedException e)
- {
- }
- return copy;
- }
-
- public static Random getPRNG()
- {
- return psuedoRng;
- }
- /** Returns the next pseudorandom, uniformly distributed double value
- between 0.0 and 1.0 from this random number generator's sequence.
- */
- public static double nextDouble()
- {
- return psuedoRng.nextDouble();
- }
- /** Returns the next pseudorandom, uniformly distributed long value from
- this random number generator's sequence. The general contract of
- nextLong is that one long value is pseudorandomly generated and
- returned. All 264 possible long values are produced with
- (approximately) equal probability.
- */
- public static long nextLong()
- {
- return psuedoRng.nextLong();
- }
- /** Generates random bytes and places them into a user-supplied byte
- array. The number of random bytes produced is equal to the length
- of the byte array.
- */
- public static void nextBytes(byte[] bytes)
- {
- psuedoRng.nextBytes(bytes);
- }
- /** Returns the given number of seed bytes, computed using the seed
- generation algorithm that this class uses to seed itself. This call
- may be used to seed other random number generators.
- */
- public static byte[] generateSeed(int numBytes)
- {
- return psuedoRng.generateSeed(numBytes);
- }
-
- /** Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | password))
- where H = SHA secure hash. The username is converted to a byte[] using the
- UTF-8 encoding.
- */
- public static byte[] calculatePasswordHash(String username, char[] password,
- byte[] salt)
- {
- // Calculate x = H(s | H(U | ':' | password))
- MessageDigest xd = newDigest();
- // Try to convert the username to a byte[] using UTF-8
- byte[] user = null;
- byte[] colon = {};
- try
- {
- user = username.getBytes("UTF-8");
- colon = ":".getBytes("UTF-8");
- }
- catch(UnsupportedEncodingException e)
- {
- log.error("Failed to convert username to byte[] using UTF-8", e);
- // Use the default platform encoding
- user = username.getBytes();
- colon = ":".getBytes();
- }
- byte[] passBytes = new byte[2*password.length];
- int passBytesLength = 0;
- for(int p = 0; p < password.length; p ++)
- {
- int c = (password[p] & 0x00FFFF);
- // The low byte of the char
- byte b0 = (byte) (c & 0x0000FF);
- // The high byte of the char
- byte b1 = (byte) ((c & 0x00FF00) >> 8);
- passBytes[passBytesLength ++] = b0;
- // Only encode the high byte if c is a multi-byte char
- if( c > 255 )
- passBytes[passBytesLength ++] = b1;
- }
-
- // Build the hash
- xd.update(user);
- xd.update(colon);
- xd.update(passBytes, 0, passBytesLength);
- byte[] h = xd.digest();
- xd.reset();
- xd.update(salt);
- xd.update(h);
- byte[] xb = xd.digest();
- return xb;
- }
-
- /** Calculate x = H(s | H(U | ':' | password)) verifier
- v = g^x % N
- described in RFC2945.
- */
- public static byte[] calculateVerifier(String username, char[] password,
- byte[] salt, byte[] Nb, byte[] gb)
- {
- BigInteger g = new BigInteger(1, gb);
- BigInteger N = new BigInteger(1, Nb);
- return calculateVerifier(username, password, salt, N, g);
- }
- /** Calculate x = H(s | H(U | ':' | password)) verifier
- v = g^x % N
- described in RFC2945.
- */
- public static byte[] calculateVerifier(String username, char[] password,
- byte[] salt, BigInteger N, BigInteger g)
- {
- byte[] xb = calculatePasswordHash(username, password, salt);
- BigInteger x = new BigInteger(1, xb);
- BigInteger v = g.modPow(x, N);
- return v.toByteArray();
- }
-
- /** Perform an interleaved even-odd hash on the byte string
- */
- public static byte[] sessionKeyHash(byte[] number)
- {
- int i, offset;
-
- for(offset = 0; offset < number.length && number[offset] == 0; ++offset)
- ;
-
- byte[] key = new byte[2 * HASH_LEN];
- byte[] hout;
-
- int klen = (number.length - offset) / 2;
- byte[] hbuf = new byte[klen];
-
- for(i = 0; i < klen; ++i)
- {
- hbuf[i] = number[number.length - 2 * i - 1];
- }
- hout = newDigest().digest(hbuf);
- for(i = 0; i < HASH_LEN; ++i)
- key[2 * i] = hout[i];
-
- for(i = 0; i < klen; ++i)
- {
- hbuf[i] = number[number.length - 2 * i - 2];
- }
- hout = newDigest().digest(hbuf);
- for(i = 0; i < HASH_LEN; ++i)
- key[2 * i + 1] = hout[i];
-
- return key;
- }
-
- /** Treat the input as the MSB representation of a number,
- and lop off leading zero elements. For efficiency, the
- input is simply returned if no leading zeroes are found.
- */
- public static byte[] trim(byte[] in)
- {
- if(in.length == 0 || in[0] != 0)
- return in;
-
- int len = in.length;
- int i = 1;
- while(in[i] == 0 && i < len)
- ++i;
- byte[] ret = new byte[len - i];
- System.arraycopy(in, i, ret, 0, len - i);
- return ret;
- }
-
- public static byte[] xor(byte[] b1, byte[] b2, int length)
- {
- byte[] result = new byte[length];
- for(int i = 0; i < length; ++i)
- result[i] = (byte) (b1[i] ^ b2[i]);
- return result;
- }
-
- /**
- 3.1.3 Representation of digest values
-
- An optional header allows the server to specify the algorithm used to create
- the checksum or digest. By default the MD5 algorithm is used and that is the
- only algorithm described in this document.
-
- For the purposes of this document, an MD5 digest of 128 bits is represented
- as 32 ASCII printable characters. The bits in the 128 bit digest are
- converted from most significant to least significant bit, four bits at a time
- to their ASCII presentation as follows. Each four bits is represented by its
- familiar hexadecimal notation from the characters 0123456789abcdef. That is,
- binary 0000 getInfos represented by the character '0', 0001, by '1', and so
- on up to the representation of 1111 as 'f'.
-
- @param data - the raw MD5 hash data
- @return the encoded MD5 representation
- */
- public static String encodeRFC2617(byte[] data)
- {
- char[] hash = new char[32];
- for (int i = 0; i < 16; i++)
- {
- int j = (data[i] >> 4) & 0xf;
- hash[i * 2] = MD5_HEX[j];
- j = data[i] & 0xf;
- hash[i * 2 + 1] = MD5_HEX[j];
- }
- return new String(hash);
- }
-
- /**
- * Hex encoding of hashes, as used by Catalina. Each byte is converted to
- * the corresponding two hex characters.
- */
- public static String encodeBase16(byte[] bytes)
- {
- StringBuffer sb = new StringBuffer(bytes.length * 2);
- for (int i = 0; i < bytes.length; i++)
- {
- byte b = bytes[i];
- // top 4 bits
- char c = (char)((b >> 4) & 0xf);
- if(c > 9)
- c = (char)((c - 10) + 'a');
- else
- c = (char)(c + '0');
- sb.append(c);
- // bottom 4 bits
- c = (char)(b & 0xf);
- if (c > 9)
- c = (char)((c - 10) + 'a');
- else
- c = (char)(c + '0');
- sb.append(c);
- }
- return sb.toString();
- }
-
- /**
- * BASE64 encoder implementation.
- * Provides encoding methods, using the BASE64 encoding rules, as defined
- * in the MIME specification, <a href="http://ietf.org/rfc/rfc1521.txt">rfc1521</a>.
- */
- public static String encodeBase64(byte[] bytes)
- {
- String base64 = null;
- try
- {
- base64 = Base64Encoder.encode(bytes);
- }
- catch(Exception e)
- {
- }
- return base64;
- }
-
- /**
- * Calculate a password hash using a MessageDigest.
- *
- * @param hashAlgorithm - the MessageDigest algorithm name
- * @param hashEncoding - either base64 or hex to specify the type of
- encoding the MessageDigest as a string.
- * @param hashCharset - the charset used to create the byte[] passed to the
- * MessageDigestfrom the password String. If null the platform default is
- * used.
- * @param username - ignored in default version
- * @param password - the password string to be hashed
- * @return the hashed string if successful, null if there is a digest exception
- */
- public static String createPasswordHash(String hashAlgorithm, String hashEncoding,
- String hashCharset, String username, String password)
- {
- return createPasswordHash(hashAlgorithm, hashEncoding,
- hashCharset, username, password, null);
- }
- /**
- * Calculate a password hash using a MessageDigest.
- *
- * @param hashAlgorithm - the MessageDigest algorithm name
- * @param hashEncoding - either base64 or hex to specify the type of
- encoding the MessageDigest as a string.
- * @param hashCharset - the charset used to create the byte[] passed to the
- * MessageDigestfrom the password String. If null the platform default is
- * used.
- * @param username - ignored in default version
- * @param password - the password string to be hashed
- * @param callback - the callback used to allow customization of the hash
- * to occur. The preDigest method is called before the password is added
- * and the postDigest method is called after the password has been added.
- * @return the hashed string if successful, null if there is a digest exception
- */
- public static String createPasswordHash(String hashAlgorithm, String hashEncoding,
- String hashCharset, String username, String password, DigestCallback callback)
- {
- byte[] passBytes;
- String passwordHash = null;
-
- // convert password to byte data
- try
- {
- if(hashCharset == null)
- passBytes = password.getBytes();
- else
- passBytes = password.getBytes(hashCharset);
- }
- catch(UnsupportedEncodingException uee)
- {
- log.error("charset " + hashCharset + " not found. Using platform default.", uee);
- passBytes = password.getBytes();
- }
-
- // calculate the hash and apply the encoding.
- try
- {
- MessageDigest md = MessageDigest.getInstance(hashAlgorithm);
- if( callback != null )
- callback.preDigest(md);
- md.update(passBytes);
- if( callback != null )
- callback.postDigest(md);
- byte[] hash = md.digest();
- if(hashEncoding.equalsIgnoreCase(BASE64_ENCODING))
- {
- passwordHash = Util.encodeBase64(hash);
- }
- else if(hashEncoding.equalsIgnoreCase(BASE16_ENCODING))
- {
- passwordHash = Util.encodeBase16(hash);
- }
- else if(hashEncoding.equalsIgnoreCase(RFC2617_ENCODING))
- {
- passwordHash = Util.encodeRFC2617(hash);
- }
- else
- {
- log.error("Unsupported hash encoding format " + hashEncoding);
- }
- }
- catch(Exception e)
- {
- log.error("Password hash calculation failed ", e);
- }
- return passwordHash;
- }
-
- // These functions assume that the byte array has MSB at 0, LSB at end.
- // Reverse the byte array (not the String) if this is not the case.
- // All base64 strings are in natural order, least significant digit last.
- public static String tob64(byte[] buffer)
- {
- return Base64Utils.tob64(buffer);
- }
-
- public static byte[] fromb64(String str) throws NumberFormatException
- {
- return Base64Utils.fromb64(str);
- }
-
- /** From Appendix E of the JCE ref guide, the xaximum key size
- * allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish
- * cipher size of 128 bits.
- * @return true if a Blowfish key can be initialized with 256 bit
- * size, false otherwise.
- */
- public static boolean hasUnlimitedCrypto()
- {
- boolean hasUnlimitedCrypto = false;
- try
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class keyGenClass = loader.loadClass("javax.crypto.KeyGenerator");
- Class[] sig = {String.class};
- Object[] args = {"Blowfish"};
- Method kgenInstance = keyGenClass.getDeclaredMethod("getInstance", sig);
- Object kgen = kgenInstance.invoke(null, args);
-
- Class[] sig2 = {int.class};
- Object[] args2 = {new Integer(256)};
- Method init = keyGenClass.getDeclaredMethod("init", sig2);
- init.invoke(kgen, args2);
- hasUnlimitedCrypto = true;
- }
- catch(Throwable e)
- {
- log.debug("hasUnlimitedCrypto error", e);
- }
- return hasUnlimitedCrypto;
- }
-
- /** Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid
- an explicit reference to SecretKeySpec so that the JCE is not needed
- unless the SRP parameters indicate that encryption is needed.
- @return a javax.cyrpto.SecretKey
- */
- public static Object createSecretKey(String cipherAlgorithm, Object key) throws KeyException
- {
- Class[] signature = {key.getClass(), String.class};
- Object[] args = {key, cipherAlgorithm};
- Object secretKey = null;
- try
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class secretKeySpecClass = loader.loadClass("javax.crypto.spec.SecretKeySpec");
- Constructor ctor = secretKeySpecClass.getDeclaredConstructor(signature);
- secretKey = ctor.newInstance(args);
- }
- catch(Exception e)
- {
- throw new KeyException("Failed to create SecretKeySpec from session key, msg="+e.getMessage());
- }
- catch(Throwable e)
- {
- throw new KeyException("Unexpected exception during SecretKeySpec creation, msg="+e.getMessage());
- }
- return secretKey;
- }
-
- /**
- * @param cipherAlgorithm
- * @return A javax.crypto.Cipher
- * @throws GeneralSecurityException
- */
- public static Object createCipher(String cipherAlgorithm)
- throws GeneralSecurityException
- {
- javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(cipherAlgorithm);
- return cipher;
- }
- public static Object createSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV,
- Serializable data)
- throws GeneralSecurityException
- {
- Object sealedObject = null;
- try
- {
- javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(cipherAlgorithm);
- javax.crypto.SecretKey skey = (javax.crypto.SecretKey) key;
- if( cipherIV != null )
- {
- javax.crypto.spec.IvParameterSpec iv = new javax.crypto.spec.IvParameterSpec(cipherIV);
- cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, skey, iv);
- }
- else
- {
- cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, skey);
- }
- sealedObject = new javax.crypto.SealedObject(data, cipher);
- }
- catch(GeneralSecurityException e)
- {
- throw e;
- }
- catch(Throwable e)
- {
- throw new GeneralSecurityException("Failed to create SealedObject, msg="+e.getMessage());
- }
- return sealedObject;
- }
-
- public static Object accessSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV,
- Object obj)
- throws GeneralSecurityException
- {
- Object data = null;
- try
- {
- javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(cipherAlgorithm);
- javax.crypto.SecretKey skey = (javax.crypto.SecretKey) key;
- if( cipherIV != null )
- {
- javax.crypto.spec.IvParameterSpec iv = new javax.crypto.spec.IvParameterSpec(cipherIV);
- cipher.init(javax.crypto.Cipher.DECRYPT_MODE, skey, iv);
- }
- else
- {
- cipher.init(javax.crypto.Cipher.DECRYPT_MODE, skey);
- }
- javax.crypto.SealedObject sealedObj = (javax.crypto.SealedObject) obj;
- data = sealedObj.getObject(cipher);
- }
- catch(GeneralSecurityException e)
- {
- throw e;
- }
- catch(Throwable e)
- {
- throw new GeneralSecurityException("Failed to access SealedObject, msg="+e.getMessage());
- }
- return data;
- }
-
- /**
- * Strip the security domain of prefix (java:jaas or java:jbsx)
- * @param securityDomain
- * @return
- */
- public static String unprefixSecurityDomain(String securityDomain)
- {
- String result = null;
- if(securityDomain != null)
- {
- if(securityDomain.startsWith("java:/jaas"))
- result = securityDomain.substring("java:/jaas/".length());
- else
- if(securityDomain.startsWith("java:/jbsx"))
- result = securityDomain.substring("java:/jbsx/".length());
- }
- return result;
-
- }
-
- /**
- * Get the Subject roles by looking for a Group called 'Roles'
- * @param theSubject - the Subject to search for roles
- * @return the Group contain the subject roles if found, null otherwise
- */
- public static Group getSubjectRoles(Subject theSubject)
- {
- if(theSubject == null)
- throw new IllegalArgumentException("Subject is null");
- Set subjectGroups = theSubject.getPrincipals(Group.class);
- Iterator iter = subjectGroups.iterator();
- Group roles = null;
- while( iter.hasNext() )
- {
- Group grp = (Group) iter.next();
- String name = grp.getName();
- if( name.equals("Roles") )
- roles = grp;
- }
- return roles;
- }
-
- /**
- * Obtain the Application Policy
- *
- * @param domainName Security Domain
- * @return
- */
- public static ApplicationPolicy getApplicationPolicy(String domainName)
- {
- return SecurityConfiguration.getApplicationPolicy(domainName);
- }
-
- public static AuthenticationManager getAuthenticationManager(String securityDomain)
- {
- String securityMgrURL = "/securityMgr";
- String lookupURL = null;
- if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
- lookupURL = securityDomain + securityMgrURL;
- else
- lookupURL = SecurityConstants.JAAS_CONTEXT_ROOT + "/"
- + securityDomain + securityMgrURL;
- AuthenticationManager am = null;
- try
- {
- InitialContext ic = new InitialContext();
- am = (AuthenticationManager)ic.lookup(lookupURL);
- }
- catch(Exception e)
- {
- if(log.isTraceEnabled())
- log.trace("Error in obtaining AuthenticationManager",e);
- }
- return am;
- }
-
- /**
- * Do a JNDI lookup to obtain the authorization manager
- * @param securityDomain
- * @return
- */
- public static AuthorizationManager getAuthorizationManager(String securityDomain)
- {
- String authorizationMgrURL = "/authorizationMgr";
- String lookupURL = null;
- if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
- lookupURL = securityDomain + authorizationMgrURL;
- else
- lookupURL = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + authorizationMgrURL;
- AuthorizationManager am = null;
- try
- {
- InitialContext ic = new InitialContext();
- am = (AuthorizationManager)ic.lookup(lookupURL);
- }
- catch(Exception e)
- {
- if(log.isTraceEnabled())
- log.trace("Error in obtaining AuthorizationMgr",e);
- }
- return am;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditContext.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditContext.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditContext.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,60 +0,0 @@
-/*
- * JBoss, the OpenSource J2EE webOS
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.security.audit;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.jboss.security.audit.providers.LogAuditProvider;
-
-
-/**
- * Context for Audit Purposes that manages a set of providers
- * @see AuditProvider
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @version $Revision$
- * @since Aug 21, 2006
- */
-public class AuditContext
-{
- private String securityDomain = null;
-
- private List providerList = new ArrayList();
-
- public AuditContext(String securityDomainName)
- {
- this.securityDomain = securityDomainName;
- providerList.add(new LogAuditProvider());
- }
-
- public void audit(AuditEvent ae)
- {
- int len = this.providerList.size();
-
- for(int i = 0; i < len; i++)
- {
- AuditProvider ap = (AuditProvider)this.providerList.get(i);
- ap.audit(ae);
- }
- }
-
- public void addProvider(AuditProvider ap)
- {
- providerList.add(ap);
- }
-
- public void addProviders(List list)
- {
- providerList.addAll(list);
- }
-
- public void replaceProviders(List list)
- {
- providerList.clear();
- providerList = list;
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditManager.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditManager.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/audit/AuditManager.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,43 +0,0 @@
-/*
- * JBoss, the OpenSource J2EE webOS
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.security.audit;
-
-import org.jboss.security.audit.providers.LogAuditProvider;
-
-import EDU.oswego.cs.dl.util.concurrent.ConcurrentHashMap;
-
-/**
- * Manages a set of AuditContext
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @version $Revision$
- * @since Aug 22, 2006
- */
-public class AuditManager
-{
- private static ConcurrentHashMap contexts = new ConcurrentHashMap();
-
- private static AuditContext defaultContext = null;
-
- static
- {
- defaultContext = new AuditContext("Default_Context");
- defaultContext.addProvider(new LogAuditProvider());
- }
-
- public static AuditContext getAuditContext(String securityDomain)
- {
- AuditContext ac = (AuditContext)contexts.get(securityDomain);
- if(ac == null)
- ac = defaultContext;
- return ac;
- }
-
- public static void addAuditContext(String securityDomain, AuditContext ac)
- {
- contexts.put(securityDomain, ac);
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,317 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Map;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.Util;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry.ControlFlag;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.AuthorizationInfo;
-
-//$Id$
-
-/**
- * JBAS-3374: Authorization Framework for Policy Decision Modules
- * For information on the behavior of the Authorization Modules,
- * For Authorization Modules behavior(Required, Requisite, Sufficient and Optional)
- * please refer to the javadoc for @see javax.security.auth.login.Configuration
- *
- * The AuthorizationContext derives the AuthorizationInfo(configuration for the modules)
- * in the following way:
- * a) If there has been an injection of ApplicationPolicy, then it will be used.
- * b) Util.getApplicationPolicy will be used(which relies on SecurityConfiguration static class).
- * c) Flag an error that there is no available Application Policy
- *
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 11, 2006
- * @version $Revision$
- */
-public class AuthorizationContext
-{
- private static Logger log = Logger.getLogger(AuthorizationContext.class);
- private boolean trace = log.isTraceEnabled();
-
- private String securityDomainName = null;
- private CallbackHandler callbackHandler = null;
- private Subject authenticatedSubject = null;
- private Map sharedState = new HashMap();
-
- //Application Policy can be injected
- private ApplicationPolicy applicationPolicy = null;
-
- private ArrayList modules = new ArrayList();
- /**
- * Control Flags for the individual modules
- */
- private ArrayList controlFlags = new ArrayList();
-
- public static final int PERMIT = 1;
- public static final int DENY = -1;
-
- //Control Flag behavior
- private boolean encounteredRequiredError = false;
- private boolean encounteredOptionalError = false;
- private AuthorizationException moduleException = null;
- private int overallDecision = DENY;
-
- public AuthorizationContext(String name, Subject subject,
- CallbackHandler handler)
- {
- this.securityDomainName = name;
- this.authenticatedSubject = subject;
- this.callbackHandler = handler;
- }
-
- /**
- * Inject an ApplicationPolicy that contains AuthorizationInfo
- * @param aPolicy
- * @throws IllegalArgumentException if ApplicationPolicy is null or
- * does not contain AuthorizationInfo or domain name does not match
- */
- public void setApplicationPolicy(ApplicationPolicy aPolicy)
- {
- if(aPolicy == null)
- throw new IllegalArgumentException("Application Policy is null:domain="+this.securityDomainName);
- AuthorizationInfo authzInfo = aPolicy.getAuthorizationInfo();
- if( authzInfo == null)
- throw new IllegalArgumentException("Application Policy has no AuthorizationInfo");
- if(!authzInfo.getName().equals(securityDomainName))
- throw new IllegalArgumentException("Application Policy ->AuthorizationInfo:" + authzInfo.getName()
- + " does not match required domain name=" + this.securityDomainName);
- this.applicationPolicy = aPolicy;
- }
-
-
- /**
- * Authorize the Resource
- * @param resource
- * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
- * @throws AuthorizationException
- */
- public int authorize(final Resource resource) throws AuthorizationException
- {
- initializeModules(resource);
- //Do a PrivilegedAction
- try
- {
- AccessController.doPrivileged(new PrivilegedExceptionAction()
- {
- public Object run() throws AuthorizationException
- {
- int result = invokeAuthorize(resource);
- if(result == PERMIT)
- invokeCommit();
- if(result == DENY)
- {
- invokeAbort();
- throw new AuthorizationException("Denied");
- }
- return null;
- }
- });
- }
- catch (PrivilegedActionException e)
- {
- Exception exc = e.getException();
- if(trace)
- log.trace("Error in authorize:", exc);
- invokeAbort();
- throw ((AuthorizationException)exc);
- }
- return PERMIT;
- }
-
-
- //Private Methods
- private void initializeModules(Resource resource)
- {
- AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
- if(authzInfo == null)
- authzInfo = getAuthorizationInfo(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY, resource);
- if(authzInfo == null)
- throw new IllegalStateException("Authorization Info is null");
- AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry();
- int len = entries != null ? entries.length : 0;
- for(int i = 0 ; i < len; i++)
- {
- AuthorizationModuleEntry entry = entries[i];
- AuthorizationModuleEntry.ControlFlag flag = entry.getControlFlag();
- if(flag == null)
- {
- if(trace)
- log.trace("Null Control flag for entry:"+entry+". Defaults to REQUIRED!");
- flag = AuthorizationModuleEntry.ControlFlag.REQUIRED;
- }
- else
- if(trace)
- log.trace("Control flag for entry:"+entry+"is:["+flag+"]");
-
- this.controlFlags.add(flag);
- modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions()));
- }
- }
-
- private int invokeAuthorize(Resource resource)
- throws AuthorizationException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- AuthorizationModule module = (AuthorizationModule)modules.get(i);
- ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
- int decision = DENY;
- try
- {
- decision = module.authorize(resource);
- }
- catch(Exception ae)
- {
- decision = DENY;
- if(this.moduleException == null)
- this.moduleException = new AuthorizationException(ae.getMessage());
- }
-
- if(decision == PERMIT)
- {
- this.overallDecision = PERMIT;
- //SUFFICIENT case
- if(flag == ControlFlag.SUFFICIENT && this.encounteredRequiredError == false)
- return PERMIT;
- continue; //Continue with the other modules
- }
- //Go through the failure cases
- //REQUISITE case
- if(flag == ControlFlag.REQUISITE)
- {
- if(trace)
- log.trace("REQUISITE failed for " + module);
- if(this.moduleException == null)
- this.moduleException = new AuthorizationException("Authorization failed");
- else
- throw this.moduleException;
- }
- //REQUIRED Case
- if(flag == ControlFlag.REQUIRED)
- {
- if(trace)
- log.trace("REQUIRED failed for " + module);
- if(this.encounteredRequiredError == false)
- this.encounteredRequiredError = true;
- }
- if(flag == ControlFlag.OPTIONAL)
- this.encounteredOptionalError = true;
- }
-
- //All the authorization modules have been visited.
- if(this.encounteredRequiredError)
- throw new AuthorizationException("Authorization Failed");
- if(this.overallDecision == DENY && this.encounteredOptionalError)
- throw new AuthorizationException("Authorization Failed");
- if(this.overallDecision == DENY)
- throw new AuthorizationException("Authorization Failed:No modules active.");
- return PERMIT;
- }
-
- private void invokeCommit()
- throws AuthorizationException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- AuthorizationModule module = (AuthorizationModule)modules.get(i);
- boolean bool = module.commit();
- if(!bool)
- throw new AuthorizationException("commit on modules failed");
- }
- }
-
- private void invokeAbort()
- throws AuthorizationException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- AuthorizationModule module = (AuthorizationModule)modules.get(i);
- boolean bool = module.abort();
- if(!bool)
- throw new AuthorizationException("abort on modules failed");
- }
- }
-
- private AuthorizationModule instantiateModule(String name, Map map)
- {
- AuthorizationModule am = null;
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- try
- {
- Class clazz = tcl.loadClass(name);
- am = (AuthorizationModule)clazz.newInstance();
- }
- catch ( Exception e)
- {
- log.debug("Error instantiating AuthorizationModule:",e);
- }
- if(am == null)
- throw new IllegalStateException("AuthorizationModule has not " +
- "been instantiated");
- am.initialize(this.authenticatedSubject, this.callbackHandler,
- this.sharedState,map);
- return am;
- }
-
- private AuthorizationInfo getAuthorizationInfo(String domainName, Resource resource)
- {
- String layer = resource.getLayer();
-
- //Check if an instance of ApplicationPolicy is available
- if(this.applicationPolicy != null)
- return applicationPolicy.getAuthorizationInfo();
-
- ApplicationPolicy aPolicy = Util.getApplicationPolicy(domainName);
-
- if(aPolicy == null)
- {
- if(trace)
- log.trace("Application Policy not obtained for domain="+ domainName +
- ". Trying to obtain the App policy for the default domain of the layer:");
- if(Resource.EJB.equals(layer))
- aPolicy = Util.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY);
- else
- if(Resource.WEB.equals(layer))
- aPolicy = Util.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY);
- }
- if(aPolicy == null)
- throw new IllegalStateException("Application Policy is null for domain:"+ domainName);
- return aPolicy.getAuthorizationInfo();
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,79 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.authorization;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.authorization.config.AuthorizationConfigEntryHolder;
-import org.jboss.security.config.AuthorizationInfo;
-import org.jboss.xb.binding.GenericValueContainer;
-
-//$Id$
-
-/**
- * A container for creating AuthorizationInfo during jbxb parse.
- *
- * @author anil.saldhana at jboss.org
- * @version $Revision$
- */
-public class AuthorizationInfoContainer
- implements GenericValueContainer
-{
- private static Logger log = Logger.getLogger(AuthorizationInfoContainer.class);
-
- AuthorizationInfo info = null;
-
- String authName = null;
-
- List moduleEntries = new ArrayList();
-
- public void addChild(QName name, Object value)
- {
- log.debug("addChild::" + name + ":" + value);
- if("name".equals(name.getLocalPart()))
- {
- authName = (String)value;
- }
- else if( value instanceof AuthorizationConfigEntryHolder )
- {
- AuthorizationConfigEntryHolder ace = (AuthorizationConfigEntryHolder) value;
- moduleEntries.add(ace.getEntry());
- }
- }
-
- public Object instantiate()
- {
- info = new AuthorizationInfo(authName);
- info.add(moduleEntries);
- return info;
- }
-
- public Class getTargetClass()
- {
- return AuthorizationInfo.class;
- }
-
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/AuthorizationModule.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,78 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization;
-
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-
-//$Id$
-
-/**
- * Represents a Policy Decision Module that is used by the
- * Authorization Context
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 11, 2006
- * @version $Revision$
- */
-public interface AuthorizationModule
-{
- /**
- * Abort the Authorization Process
- * @return true - abort passed, false-otherwise
- */
- boolean abort() throws AuthorizationException;
-
- /**
- * Overall authorization process has succeeded.
- * The module can commit any decisions it has made, with
- * third party systems like a database.
- * @return
- */
- boolean commit() throws AuthorizationException;
-
- /**
- * Initialize the module
- *
- * @param subject the authenticated subject
- * @param handler CallbackHandler
- * @param sharedState state shared with other configured modules
- * @param options options specified in the Configuration
- * for this particular module
- */
- void initialize(Subject subject, CallbackHandler handler,
- Map sharedState, Map options);
-
- /**
- * Authorize the resource
- * @param resource
- * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
- */
- int authorize(Resource resource);
-
- /**
- * A final cleanup opportunity offered
- * @return cleanup by the module passed or not
- */
- boolean destroy();
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/EJBResource.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/EJBResource.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/EJBResource.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,80 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization;
-
-import java.util.HashMap;
-import java.util.Map;
-
-//$Id$
-
-/**
- * Represents an EJB Resource
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class EJBResource implements Resource
-{
- private Map map = new HashMap();
-
- /**
- * Create a new EJBResource.
- *
- * @param map
- */
- public EJBResource(Map map)
- {
- this.map = map;
- }
-
- /**
- * @see Resource#getLayer()
- */
- public String getLayer()
- {
- return Resource.EJB;
- }
-
- /**
- * @see Resource#getMap()
- */
- public Map getMap()
- {
- return this.map;
- }
-
- /**
- * Set the contextual map
- * @param m Contextual Map
- */
- public void setMap(Map m)
- {
- this.map = m;
- }
-
- public String toString()
- {
- StringBuffer buf = new StringBuffer();
- buf.append("[").append(getClass().getName()).append(":contextMap=").append(map).append("]");
- return buf.toString();
- }
-}
Deleted: projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/SecurityActions.java
===================================================================
--- projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/SecurityActions.java 2006-11-29 18:35:31 UTC (rev 58749)
+++ projects/security/security-spi/trunk/src/main/org/jboss/security/authorization/SecurityActions.java 2006-11-29 18:39:38 UTC (rev 58750)
@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.authorization;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-//$Id$
-
-/**
- * Privileged Actions for this package
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jun 11, 2006
- * @version $Revision$
- */
-class SecurityActions
-{
- private static class GetTCLAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetTCLAction();
- public Object run()
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- return loader;
- }
- }
-
- static ClassLoader getContextClassLoader()
- {
- ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
- return loader;
- }
-}
More information about the jboss-cvs-commits
mailing list