[jboss-cvs] JBossAS SVN: r62458 - projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Apr 21 02:34:44 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-04-21 02:34:43 -0400 (Sat, 21 Apr 2007)
New Revision: 62458
Removed:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManagerService.java
Log:
remove jaspi prototype as these will be present in the authentication managers
Deleted: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManagerService.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManagerService.java 2007-04-21 06:33:53 UTC (rev 62457)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManagerService.java 2007-04-21 06:34:43 UTC (rev 62458)
@@ -1,431 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins;
-
-import java.beans.PropertyEditorManager;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.security.Principal;
-import java.util.Hashtable;
-import java.util.Map;
-import java.util.Set;
-
-import javax.naming.NameParser;
-import javax.naming.NamingException;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthParam;
-import javax.security.auth.message.AuthStatus;
-import javax.security.jacc.PolicyContext;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityDomain;
-import org.jboss.security.SubjectSecurityProxyFactory;
-import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.jacc.SubjectPolicyContextHandler;
-import org.jboss.security.propertyeditor.PrincipalEditor;
-import org.jboss.security.propertyeditor.SecurityDomainEditor;
-import org.jboss.system.ServiceMBeanSupport;
-import org.jboss.util.CachePolicy;
-import org.jboss.util.TimedCachePolicy;
-
-//$Id$
-
-/**
- * This is a JMX service which manages JASPI based SecurityManagers.
- * SecurityManagers are responsible for validating credentials
- * associated with principals. The service defaults to the
- * org.jboss.security.plugins.JASPISecurityManager implementation but
- * this can be changed via the securityManagerClass property.
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jan 3, 2006
- * @version $Revision$
- */
-public class JASPISecurityManagerService extends ServiceMBeanSupport
-implements JASPISecurityManagerServiceMBean
-{
- private static final String SECURITY_MGR_PATH = SecurityConstants.JASPI_CONTEXT_ROOT;
-
- /** The log4j interface */
- private static Logger log = Logger.getLogger(JaasSecurityManagerService.class);
-
- /** The class that provides the security manager implementation */
- private static String securityMgrClassName = SecurityConstants.JASPI_AUTHENTICATION_MANAGER;
- /** The loaded securityMgrClassName */
- private static Class securityMgrClass;
- private static Class callbackHandlerClass = SecurityAssociationHandler.class;
- private static Class securityProxyFactoryClass = SubjectSecurityProxyFactory.class;
- /** A mapping from security domain name to a SecurityDomainContext object */
- private static Hashtable securityDomainCtxMap = new Hashtable();
- private static NameParser parser;
- /** A flag indicating if the SecurityAssociation.setServer should be called */
- private boolean serverMode = true;
-
- /** The default unauthenticated principal */
- private static String defaultUnauthenticatedPrincipal = "Unauthenticated Principal";
-
- private static Hashtable contextIdMap = new Hashtable();
- private static int defaultCacheTimeout = 30*60;
- private static int defaultCacheResolution = 60;
-
- public boolean getServerMode()
- {
- return serverMode;
- }
- public void setServerMode(boolean mode)
- {
- this.serverMode = mode;
- }
-
- public String getSecurityManagerClassName()
- {
- return securityMgrClassName;
- }
-
- public void setSecurityManagerClassName(String className)
- throws ClassNotFoundException, ClassCastException
- {
- securityMgrClassName = className;
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- securityMgrClass = loader.loadClass(securityMgrClassName);
- if( AuthenticationManager.class.isAssignableFrom(securityMgrClass) == false )
- throw new ClassCastException(securityMgrClass+
- " does not implement "+AuthenticationManager.class);
- }
-
- public String getSecurityProxyFactoryClassName()
- {
- return securityProxyFactoryClass.getName();
- }
-
- public void setSecurityProxyFactoryClassName(String className)
- throws ClassNotFoundException
- {
- ClassLoader loader = SubjectActions.getContextClassLoader();
- securityProxyFactoryClass = loader.loadClass(className);
- }
-
- /** Get the default CallbackHandler implementation class name
- *
- * @return The fully qualified classname of the
- */
- public String getCallbackHandlerClassName()
- {
- return callbackHandlerClass.getName();
- }
-
-
- /** Set the default CallbackHandler implementation class name
- * @see javax.security.auth.callback.CallbackHandler
- */
- public void setCallbackHandlerClassName(String className)
- throws ClassNotFoundException
- {
- ClassLoader loader = SubjectActions.getContextClassLoader();
- callbackHandlerClass = loader.loadClass(className);
- }
-
-// Begin SecurityManagerMBean interface methods
- public boolean isValid(String securityDomain, Principal principal, Object credential)
- {
- boolean isValid = false;
- try
- {
- AuthenticationManager sdc = lookupAuthenticationManager(securityDomain);
- isValid = sdc.isValid(principal, credential, null);
- }
- catch(NamingException e)
- {
- log.debug("isValid("+securityDomain+") failed", e);
- }
- return isValid;
- }
-
- public Principal getPrincipal(String securityDomain, Principal principal)
- {
- throw new IllegalStateException("Unimplemented Method");
- }
-
- public void registerSecurityDomain(String securityDomain, SecurityDomain instance)
- {
- int jaasContextRoot = SecurityConstants.JAAS_CONTEXT_ROOT.length() + 1;
- int jaspiCtxRoot = SecurityConstants.JASPI_CONTEXT_ROOT.length() + 1;
- if(securityDomain != null && securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
- securityDomain = securityDomain.substring(jaasContextRoot);
- else
- if(securityDomain != null && securityDomain.startsWith(SecurityConstants.JASPI_CONTEXT_ROOT))
- securityDomain = securityDomain.substring(jaspiCtxRoot);
- log.debug("Added "+securityDomain+", "+instance+" to map");
- securityDomainCtxMap.put(securityDomain, instance);
- }
-
- public String getDefaultUnauthenticatedPrincipal()
- {
- return defaultUnauthenticatedPrincipal;
- }
-
- public void setDefaultUnauthenticatedPrincipal(String principal)
- {
- defaultUnauthenticatedPrincipal = principal;
- }
-
- public boolean isValid(Principal principal, Object credential)
- {
- throw new IllegalStateException("Please call getSecurityManager to obtain"+
- " a security manager and call isValid");
- }
-
- public boolean isValid(Principal principal, Object credential,
- Subject activeSubject)
- {
- throw new IllegalStateException("Please call getSecurityManager to obtain"+
- " a security manager and call isValid");
- }
-
- public Subject getActiveSubject()
- {
- throw new IllegalStateException("Please call getSecurityManager to obtain"+
- " a security manager and call getActiveSubject");
- }
-
- /**
- * @see AuthenticationManager#getTargetPrincipal(Principal,Map)
- */
- public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map contextMap)
- {
- throw new RuntimeException("Not implemented yet");
- }
-
- public void cleanSubject(Subject subject, Map sharedState) throws AuthException
- {
- }
-
-
- public AuthStatus secureResponse(AuthParam authParam, Subject source,
- Map sharedState) throws AuthException
- {
- return AuthStatus.PROCEED;
- }
-
- public AuthStatus validateRequest(AuthParam authParam, Subject source,
- Subject recipient, Map sharedState) throws AuthException
- {
- return AuthStatus.PROCEED;
- }
-
- public String getSecurityDomain()
- {
- throw new IllegalStateException("Unimplemented method: getSecurityDomain");
- }
-
- public String getSecurityDomain(String contextId)
- {
- return (String)contextIdMap.get(contextId);
- }
-
- public AuthenticationManager getSecurityManager(String securityDomain)
- {
- AuthenticationManager aManager = null;
- try
- {
- aManager = (AuthenticationManager)lookupAuthenticationManager(securityDomain);
- }
- catch (NamingException e)
- {
- log.error("Look up of security manager failed::" + e.getLocalizedMessage());
- }
- return aManager;
- }
-
- /**
- * Provides a mapping between the context id and the security domain
- */
- public void registerSecurityDomain(String theSecurityDomain, String contextId)
- {
- int jaasContextRoot = SecurityConstants.JAAS_CONTEXT_ROOT.length() + 1;
- int jaspiCtxRoot = SecurityConstants.JASPI_CONTEXT_ROOT.length() + 1;
- if(theSecurityDomain != null &&
- theSecurityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
- theSecurityDomain = theSecurityDomain.substring(jaasContextRoot);
- else
- if(theSecurityDomain != null
- && theSecurityDomain.startsWith(SecurityConstants.JASPI_CONTEXT_ROOT))
- theSecurityDomain = theSecurityDomain.substring(jaspiCtxRoot);
-
- if(theSecurityDomain == null)
- theSecurityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- contextIdMap.put(contextId, theSecurityDomain);
- }
-
- /** flush the cache policy for the indicated security domain if one exists.
- * @param securityDomain the name of the security domain cache
- */
- public void flushAuthenticationCache(String securityDomain)
- {
- try
- {
- AuthenticationManager am = lookupAuthenticationManager(securityDomain);
- Class[] securityDomainType = {};
- Method m = securityMgrClass.getMethod("flushAuthenticationCache", securityDomainType);
- Object[] arg = {};
- m.invoke(am, arg);
- }
- catch(Exception e2)
- { // No cache policy support, this is ok
- log.debug("flushAuthenticationCache failed", e2);
- }
- }
-
- /** Flush a principal's authentication cache entry associated with the
- * given securityDomain.
- *
- * @param securityDomain the name of the security domain cache
- * @param user the principal of the user to flush
- */
- public void flushAuthenticationCache(String securityDomain, Principal user)
- {
- try
- {
- AuthenticationManager am = lookupAuthenticationManager(securityDomain);
- Class[] securityDomainType = {Principal.class};
- Method m = securityMgrClass.getMethod("flushAuthenticationCache", securityDomainType);
- Object[] arg = {user};
- m.invoke(am, arg);
- }
- catch(Exception e2)
- { // No cache policy support, this is ok
- log.debug("flushAuthenticationCache failed", e2);
- }
- }
-
- protected void startService() throws Exception
- {
- // use thread-local principal and credential propagation
- if (serverMode)
- SecurityAssociation.setServer();
-
- // Register the default active Subject PolicyContextHandler
- SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler();
- Set keys = PolicyContext.getHandlerKeys();
- if(keys == null || !keys.contains(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY ))
- PolicyContext.registerHandler(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY,
- handler, true);
- // Register the JAAS CallbackHandler JACC PolicyContextHandlers
- CallbackHandlerPolicyContextHandler chandler = new CallbackHandlerPolicyContextHandler();
- if(keys == null || !keys.contains(CallbackHandlerPolicyContextHandler.CALLBACK_HANDLER_KEY ))
- PolicyContext.registerHandler(CallbackHandlerPolicyContextHandler.CALLBACK_HANDLER_KEY,
- chandler, false);
-
- // Register the Principal property editor
- PropertyEditorManager.registerEditor(Principal.class, PrincipalEditor.class);
- PropertyEditorManager.registerEditor(SecurityDomain.class, SecurityDomainEditor.class);
- log.debug("Registered PrincipalEditor, SecurityDomainEditor");
-
- log.debug("ServerMode="+this.serverMode);
- log.debug("SecurityMgrClass="+JASPISecurityManagerService.securityMgrClass);
- log.debug("CallbackHandlerClass="+JASPISecurityManagerService.callbackHandlerClass);
- }
-
-
- /** Lookup or create the SecurityDomainContext for securityDomain.
- * @param securityDomain
- * @return
- * @throws NamingException
- */
- private static AuthenticationManager lookupAuthenticationManager(String securityDomain)
- throws NamingException
- {
- AuthenticationManager securityDomainCtx = (AuthenticationManager )securityDomainCtxMap.get(securityDomain);
- if( securityDomainCtx == null )
- {
- securityDomainCtx = newAuthenticationManager(securityDomain);
- securityDomainCtxMap.put(securityDomain, securityDomainCtx);
- log.debug("Added "+securityDomain+", "+securityDomainCtx+" to map");
- }
- return securityDomainCtx;
- }
-
- /** Create a new AuthenticationManager for securityDomain.
- * @param securityDomain
- * @return
- * @throws NamingException
- */
- private static AuthenticationManager newAuthenticationManager (String securityDomain)
- throws NamingException
- {
- AuthenticationManager securityMgr = null;
- try
- {
- // Create instance of securityMgrClass
- Class[] parameterTypes = {String.class, CallbackHandler.class};
- Constructor ctor = securityMgrClass.getConstructor(parameterTypes);
- CallbackHandler handler = (CallbackHandler) callbackHandlerClass.newInstance();
- Object[] args = {securityDomain, handler};
- securityMgr = (AuthenticationManager) ctor.newInstance(args);
- log.debug("Created securityMgr="+securityMgr);
- TimedCachePolicy cachePolicy = new TimedCachePolicy(defaultCacheTimeout,
- true, defaultCacheResolution);
- cachePolicy.create();
- cachePolicy.start();
- // See if the security mgr supports an externalized cache policy
- setSecurityDomainCache(securityMgr, cachePolicy);
- }
- catch(Exception e2)
- {
- String msg = "Failed to create sec mgr('"+securityDomain+"'), securityMgrClass="
- +securityMgrClass +", callbackHandlerClass="
- +callbackHandlerClass;
- log.error(msg, e2);
- NamingException ne = new NamingException(msg);
- ne.setRootCause(e2);
- throw ne;
- }
- return securityMgr;
- }
-
- /** Use reflection to attempt to set the authentication cache on the
- * securityMgr argument.
- * @param securityMgr the security manager
- * @param cachePolicy the cache policy implementation
- */
- private static void setSecurityDomainCache(AuthenticationManager securityMgr,
- CachePolicy cachePolicy)
- {
- try
- {
- Class[] setCachePolicyTypes = {CachePolicy.class};
- Method m = securityMgrClass.getMethod("setCachePolicy", setCachePolicyTypes);
- Object[] setCachePolicyArgs = {cachePolicy};
- m.invoke(securityMgr, setCachePolicyArgs);
- log.debug("setCachePolicy, c="+setCachePolicyArgs[0]);
- }
- catch(Exception e2)
- { // No cache policy support, this is ok
- log.warn("setCachePolicy failed.This is fine:", e2);
- }
- }
-}
More information about the jboss-cvs-commits
mailing list