[Jboss-cvs] JBossAS SVN: r56657 - in trunk/tomcat: . src/main/org/jboss/web/tomcat/security
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Sep 8 15:13:04 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-09-08 15:13:03 -0400 (Fri, 08 Sep 2006)
New Revision: 56657
Modified:
trunk/tomcat/build.xml
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossExtendedSecurityMgrRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
Log:
JBAS-3576:Use the SecurityContext updates
Modified: trunk/tomcat/build.xml
===================================================================
--- trunk/tomcat/build.xml 2006-09-08 19:11:08 UTC (rev 56656)
+++ trunk/tomcat/build.xml 2006-09-08 19:13:03 UTC (rev 56657)
@@ -72,6 +72,7 @@
<path refid="jboss.j2ee.classpath"/>
<path refid="jboss.j2ee.ext.classpath"/>
<path refid="jboss.system.classpath"/>
+ <path refid="jboss.security.spi.classpath"/>
<path refid="jboss.security.classpath"/>
<path refid="jboss.server.classpath"/>
<path refid="jboss.common.classpath"/>
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossExtendedSecurityMgrRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossExtendedSecurityMgrRealm.java 2006-09-08 19:11:08 UTC (rev 56656)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossExtendedSecurityMgrRealm.java 2006-09-08 19:13:03 UTC (rev 56657)
@@ -145,9 +145,12 @@
throw new SecurityException("Authentication failed");
}
Principal authenticatedPrincipal = this.getAuthenticatedPrincipal(clientSubject);
+ return null;
+ /*
AuthorizationManager authzManager = getAuthorizationManager();
- Principal callerPrincipal = authzManager.getPrincipal(authenticatedPrincipal);
+ Principal callerPrincipal = getAuthenticationManager().getPrincipal(authenticatedPrincipal);
return getCachingPrincipal(authzManager, authenticatedPrincipal, callerPrincipal, null, clientSubject);
+ */
}
/**
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-09-08 19:11:08 UTC (rev 56656)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2006-09-08 19:13:03 UTC (rev 56657)
@@ -49,7 +49,7 @@
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.realm.GenericPrincipal;
-import org.apache.catalina.realm.RealmBase;
+import org.apache.catalina.realm.RealmBase;
import org.jboss.logging.Logger;
import org.jboss.metadata.SecurityRoleRefMetaData;
import org.jboss.metadata.WebMetaData;
@@ -57,17 +57,20 @@
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.SecurityContext.SubjectInfo;
import org.jboss.security.audit.AuditContext;
import org.jboss.security.audit.AuditEvent;
-import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.audit.AuditLevel;
import org.jboss.security.audit.AuditManager;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.plugins.JBossSecurityContext;
import org.jboss.web.tomcat.security.authorization.WebResource;
//$Id$
@@ -197,6 +200,12 @@
log.trace("User: " + principal + " is authenticated");
}
SecurityAssociationActions.setPrincipalInfo(principal, certs, subject);
+
+ securityDomain = securityMgr.getSecurityDomain();
+ //Establish the Security Context
+ this.establishSecurityContext(securityDomain,
+ principal, certs, subject);
+
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
@@ -282,6 +291,11 @@
{
log.trace("User: " + username + " is authenticated");
SecurityAssociationActions.setPrincipalInfo(principal, digest, subject);
+ securityDomain = securityMgr.getSecurityDomain();
+ //Establish the Security Context
+ this.establishSecurityContext(securityDomain,
+ principal, digest, subject);
+
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
@@ -367,6 +381,10 @@
{
log.trace("User: " + username + " is authenticated");
SecurityAssociationActions.setPrincipalInfo(principal, credentials, subject);
+ securityDomain = securityMgr.getSecurityDomain();
+ //Establish the Security Context
+ this.establishSecurityContext(securityDomain,
+ principal, credentials, subject);
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
@@ -871,7 +889,9 @@
log.trace("Error obtaining the servlet request:", pe);
}
contextMap.put("Source", getClass().getName());
- AuditContext ac = AuditManager.getAuditContext(securityDomain);
+ SecurityContext sc = SecurityAssociationActions.getSecurityContext(securityDomain);
+ AuditContext ac = sc != null ? sc.getAuditContext():
+ AuditManager.getAuditContext(securityDomain);
AuditEvent ae = new AuditEvent(level);
ae.setContextMap(contextMap);
ae.setUnderlyingException(e);
@@ -903,9 +923,24 @@
private void authorizationAudit(String level, WebResource resource)
{
if(!enableAudit)
- return;
+ return;
Map cmap = new HashMap();
cmap.putAll(resource.getMap());
audit(level,cmap,null);
}
+
+ //Security Context
+ private void establishSecurityContext(String domain, Principal p, Object cred,
+ Subject subject)
+ {
+ JBossSecurityContext jsc = new JBossSecurityContext(domain);
+ SubjectInfo si = jsc.new SubjectInfo();
+ si.setAuthenticatedSubject(subject);
+ si.setAuthenticationCredential(cred);
+ si.setAuthenticationPrincipal(p);
+ jsc.setSubjectInfo(si);
+ SecurityAssociationActions.setSecurityContext(jsc, domain);
+ if(trace)
+ log.trace("Established Security Context for " + domain);
+ }
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java 2006-09-08 19:11:08 UTC (rev 56656)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java 2006-09-08 19:13:03 UTC (rev 56657)
@@ -24,11 +24,13 @@
import java.security.PrivilegedAction;
import java.security.Principal;
import java.security.AccessController;
+import java.util.HashMap;
import javax.security.auth.Subject;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
/** A PrivilegedAction implementation for setting the SecurityAssociation
@@ -108,26 +110,48 @@
}
}
private static class GetSecurityContextAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetSecurityContextAction();
+ {
+ private String securityDomain;
+ GetSecurityContextAction(String sd)
+ {
+ this.securityDomain = sd;
+ }
+
public Object run()
{
- Object sc = SecurityAssociation.getSecurityContext();
- return sc;
+ String sc = SecurityConstants.SECURITY_CONTEXT;
+ HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
+ if(map == null)
+ {
+ map = new HashMap();
+ SecurityAssociation.setContextInfo(sc, map);
+ }
+ SecurityAssociation.setContextInfo(sc, map);
+ return map.get(this.securityDomain);
}
}
private static class SetSecurityContextAction implements PrivilegedAction
{
private SecurityContext securityContext;
- SetSecurityContextAction(SecurityContext sc)
+ private String securityDomain;
+ SetSecurityContextAction(SecurityContext sc, String sd)
{
this.securityContext = sc;
+ this.securityDomain = sd;
}
public Object run()
{
- SecurityAssociation.setSecurityContext(securityContext);
+ String sc = SecurityConstants.SECURITY_CONTEXT;
+ HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
+ if(map == null)
+ {
+ map = new HashMap();
+ SecurityAssociation.setContextInfo(sc, map);
+ }
+ map.put(securityDomain, securityContext);
+ SecurityAssociation.setContextInfo(sc, map);
return null;
}
}
@@ -174,30 +198,46 @@
}
}
private static class ClearSecurityContextAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new ClearSecurityContextAction();
+ {
+ private String securityDomain;
+
+ public ClearSecurityContextAction(String securityDomain)
+ {
+ this.securityDomain = securityDomain;
+ }
+
public Object run()
{
- SecurityAssociation.setSecurityContext(null);
+ String sc = SecurityConstants.SECURITY_CONTEXT;
+ HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
+ if(map == null)
+ {
+ map = new HashMap();
+ SecurityAssociation.setContextInfo(sc, map);
+ }
+ if(map.containsKey(securityDomain))
+ map.remove(securityDomain);
+
+ SecurityAssociation.setContextInfo(sc, map);
return null;
}
}
- static void clearSecurityContext()
+ static void clearSecurityContext(String securityDomain)
{
- ClearSecurityContextAction action = new ClearSecurityContextAction();
+ ClearSecurityContextAction action = new ClearSecurityContextAction(securityDomain);
AccessController.doPrivileged(action);
}
- static SecurityContext getSecurityContext()
+ static SecurityContext getSecurityContext(String securityDomain)
{
- GetSecurityContextAction action = new GetSecurityContextAction();
+ GetSecurityContextAction action = new GetSecurityContextAction(securityDomain);
return (SecurityContext)AccessController.doPrivileged(action);
}
- static void setSecurityContext(SecurityContext sc)
+ static void setSecurityContext(SecurityContext sc, String securityDomain)
{
- SetSecurityContextAction action = new SetSecurityContextAction(sc);
+ SetSecurityContextAction action = new SetSecurityContextAction(sc,securityDomain);
AccessController.doPrivileged(action);
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2006-09-08 19:11:08 UTC (rev 56656)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2006-09-08 19:13:03 UTC (rev 56657)
@@ -34,12 +34,11 @@
import org.apache.catalina.Manager;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
-import org.apache.catalina.valves.ValveBase;
+import org.apache.catalina.valves.ValveBase;
import org.jboss.logging.Logger;
import org.jboss.metadata.WebMetaData;
import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityContext;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
/**
@@ -63,11 +62,7 @@
private String subjectAttributeName = null;
/** The service used to flush authentication cache on session invalidation. */
private JaasSecurityManagerServiceMBean secMgrService;
- private boolean trace;
- /**
- * Flag to indicate whether this valve set the SecurityContext
- */
- private boolean addedSecurityContext = false;
+ private boolean trace;
public SecurityAssociationValve(WebMetaData metaData,
JaasSecurityManagerServiceMBean secMgrService)
@@ -204,25 +199,14 @@
log.debug("Failed to flush auth cache", e);
}
}
- }
- /**
- * Create a new SecurityContext if not already available
- */
- SecurityContext sc = SecurityAssociationActions.getSecurityContext();
- if(sc == null)
- {
- SecurityAssociationActions.setSecurityContext(new SecurityContext());
- this.addedSecurityContext = true;
- }
+ }
}
finally
{
if( trace )
log.trace("End invoke, caller"+caller);
activeWebMetaData.set(null);
- userPrincipal.set(null);
- if(addedSecurityContext)
- SecurityAssociationActions.clearSecurityContext();
+ userPrincipal.set(null);
}
}
@@ -240,5 +224,5 @@
// Apparently there is no security context?
}
return securityCtx;
- }
+ }
}
More information about the jboss-cvs-commits
mailing list