[jboss-cvs] JBossAS SVN: r62461 - projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Apr 21 02:35:50 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-04-21 02:35:50 -0400 (Sat, 21 Apr 2007)
New Revision: 62461
Modified:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/SubjectActions.java
Log:
security context related privileged blocks
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/SubjectActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/SubjectActions.java 2007-04-21 06:35:03 UTC (rev 62460)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/SubjectActions.java 2007-04-21 06:35:50 UTC (rev 62461)
@@ -26,18 +26,19 @@
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
-import java.security.Principal;
-import java.util.HashMap;
+import java.security.Principal;
import java.util.Set;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SubjectInfo;
/** Common PrivilegedAction used by classes in this package.
*
@@ -75,13 +76,12 @@
}
}
- private static class GetSubjectAction implements PrivilegedAction
+ private static class GetSubjectAction implements PrivilegedExceptionAction
{
- static PrivilegedAction ACTION = new GetSubjectAction();
- public Object run()
+ static PrivilegedExceptionAction ACTION = new GetSubjectAction();
+ public Object run() throws PolicyContextException
{
- Subject subject = SecurityAssociation.getSubject();
- return subject;
+ return (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
}
}
@@ -188,6 +188,12 @@
}
public Object run()
{
+ //Set it on the current security context also
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ sc.getData().put(key.toString(), value);
+ }
return SecurityAssociation.setContextInfo(key, value);
}
}
@@ -197,14 +203,21 @@
PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
{
public void push(final Principal principal, final Object credential,
- final Subject subject)
+ final Subject subject, final String securityDomain)
{
AccessController.doPrivileged(
new PrivilegedAction()
{
public Object run()
{
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ //SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal, credential,
+ subject, securityDomain);
+ }
+ SecurityContextAssociation.setSecurityContext(sc);
return null;
}
}
@@ -217,7 +230,8 @@
{
public Object run()
{
- SecurityAssociation.popSubjectContext();
+ //SecurityAssociation.popSubjectContext();
+ SecurityContextAssociation.clearSecurityContext();
return null;
}
}
@@ -227,21 +241,34 @@
PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
{
- public void push(Principal principal, Object credential, Subject subject)
+ public void push(Principal principal, Object credential, Subject subject,
+ String securityDomain)
{
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ //SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal, credential,
+ subject, securityDomain);
+ }
+ else
+ {
+ sc.getUtil().createSubjectInfo(principal, credential, subject);
+ }
+ SecurityContextAssociation.setSecurityContext(sc);
}
public void pop()
{
- SecurityAssociation.popSubjectContext();
+ //SecurityAssociation.popSubjectContext();
+ SecurityContextAssociation.clearSecurityContext();
}
};
- void push(Principal principal, Object credential, Subject subject);
+ void push(Principal principal, Object credential, Subject subject, String securityDomain);
void pop();
}
- static Subject getActiveSubject()
+ static Subject getActiveSubject() throws PrivilegedActionException
{
Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
return subject;
@@ -288,55 +315,8 @@
else
throw new LoginException(ex.getMessage());
}
- }
-
- static class GetSecurityContextAction implements PrivilegedAction
- {
- private String securityDomain;
- GetSecurityContextAction(String sd)
- {
- this.securityDomain = sd;
- }
- public Object run()
- {
- String sc = SecurityConstants.SECURITY_CONTEXT;
- return SecurityContextAssociation.getSecurityContext();
- /*HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
- if(map == null)
- {
- map = new HashMap();
- SecurityAssociation.setContextInfo(sc, map);
- }
- SecurityAssociation.setContextInfo(sc, map);
- return map.get(this.securityDomain);*/
- }
- }
+ }
- static class SetSecurityContextAction implements PrivilegedAction
- {
- private SecurityContext securityContext;
- private String securityDomain;
- SetSecurityContextAction(SecurityContext sc, String sd)
- {
- this.securityContext = sc;
- this.securityDomain = sd;
- }
-
- public Object run()
- {
- String sc = SecurityConstants.SECURITY_CONTEXT;
- HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
- if(map == null)
- {
- map = new HashMap();
- SecurityAssociation.setContextInfo(sc, map);
- }
- map.put(securityDomain, securityContext);
- SecurityAssociation.setContextInfo(sc, map);
- return null;
- }
- }
-
static ClassLoader getContextClassLoader()
{
ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
@@ -351,15 +331,15 @@
}
static void pushSubjectContext(Principal principal, Object credential,
- Subject subject)
+ Subject subject, String securityDomain)
{
if(System.getSecurityManager() == null)
{
- PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject);
+ PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject, securityDomain);
}
else
{
- PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject);
+ PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject, securityDomain);
}
}
static void popSubjectContext()
@@ -382,16 +362,25 @@
return info;
}
- static SecurityContext getSecurityContext(String securityDomain)
- {
- GetSecurityContextAction action = new GetSecurityContextAction(securityDomain);
- return (SecurityContext)AccessController.doPrivileged(action);
+ static SecurityContext getSecurityContext()
+ {
+ return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction(){
+
+ public Object run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }});
}
- static void setSecurityContext(SecurityContext sc, String securityDomain)
- {
- SetSecurityContextAction action = new SetSecurityContextAction(sc,securityDomain);
- AccessController.doPrivileged(action);
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction(){
+
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }});
}
/**
More information about the jboss-cvs-commits
mailing list