[jboss-cvs] JBossAS SVN: r65983 - trunk/security/src/main/org/jboss/security/integration/ejb.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Oct 9 15:47:34 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-10-09 15:47:34 -0400 (Tue, 09 Oct 2007)
New Revision: 65983
Added:
trunk/security/src/main/org/jboss/security/integration/ejb/SecurityHelper.java
Modified:
trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java
trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java
Log:
refactor and consolidate auditing
Modified: trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java 2007-10-09 19:46:57 UTC (rev 65982)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java 2007-10-09 19:47:34 UTC (rev 65983)
@@ -22,10 +22,13 @@
package org.jboss.security.integration.ejb;
import java.security.Principal;
+import java.util.Map;
import javax.security.auth.Subject;
import org.jboss.security.SecurityContext;
+import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.identitytrust.IdentityTrustException;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
@@ -37,52 +40,51 @@
* @since Aug 16, 2007
* @version $Revision$
*/
-public class EJBAuthenticationHelper
+public class EJBAuthenticationHelper extends SecurityHelper
{
- private SecurityContext securityContext;
-
- /**
- * In rare situations, the caller needs to be stopped right there
- */
- private boolean trustDenied = false;
-
public EJBAuthenticationHelper(SecurityContext sc)
{
- if(sc == null)
- throw new IllegalArgumentException("security context sc is null");
- this.securityContext = sc;
+ super(sc);
}
-
- public boolean isTrusted()
+
+ public boolean isTrusted() throws IdentityTrustException
{
IdentityTrustManager itm = securityContext.getIdentityTrustManager();
TrustDecision td = itm.isTrusted(securityContext);
if(td == TrustDecision.Deny)
- trustDenied = true;
+ throw new IdentityTrustException("Caller denied by identity trust framework");
return td == TrustDecision.Permit;
- }
+ }
/**
- * Check if the previous call to isTrusted actually
- * set the trustDenied flag.
- * @return
- */
- public boolean isTrustDenied()
- {
- return this.trustDenied;
- }
-
- /**
* Authenticate the caller
* @param p
* @param cred
* @return
*/
- public boolean isValid(Subject subject)
+ public boolean isValid(Subject subject, String methodName)
{
Principal p = securityContext.getUtil().getUserPrincipal();
Object cred = securityContext.getUtil().getCredential();
- return securityContext.getAuthenticationManager().isValid(p, cred, subject);
+
+ Map<String,Object> cMap = getContextMap(p, methodName);
+
+ boolean auth = securityContext.getAuthenticationManager().isValid(p, cred, subject);
+ if(auth == false)
+ {
+ // Check for the security association exception
+ Exception ex = SecurityActions.getContextException();
+ audit(AuditLevel.ERROR, cMap ,ex);
+ if(ex == null)
+ {
+ audit(AuditLevel.FAILURE,cMap,null);
+ }
+ }
+ else
+ {
+ audit(AuditLevel.SUCCESS,cMap,null);
+ }
+ return auth;
}
/**
@@ -93,4 +95,4 @@
{
securityContext.getSubjectInfo().setAuthenticatedSubject(subject);
}
-}
+}
\ No newline at end of file
Modified: trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java 2007-10-09 19:46:57 UTC (rev 65982)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java 2007-10-09 19:47:34 UTC (rev 65983)
@@ -30,12 +30,10 @@
import javax.security.auth.Subject;
-import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
-import org.jboss.security.audit.AuditEvent;
import org.jboss.security.audit.AuditLevel;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.ResourceKeys;
@@ -49,20 +47,11 @@
* @since May 18, 2007
* @version $Revision$
*/
-public class EJBAuthorizationHelper
-{
- private SecurityContext securityContext = null;
- private String securityDomain = null;
- private static Logger log = Logger.getLogger(EJBAuthorizationHelper.class);
-
+public class EJBAuthorizationHelper extends SecurityHelper
+{
public EJBAuthorizationHelper(SecurityContext sc)
{
- if(sc == null)
- sc = SecurityActions.getSecurityContext();
- if(sc == null)
- throw new IllegalArgumentException("Security Context is null");
- this.securityContext = sc;
- this.securityDomain = sc.getSecurityDomain();
+ super(sc);
}
/**
@@ -168,18 +157,11 @@
}
- //******************************************************
+ //******************************************************
// Audit Methods
//******************************************************
- public void audit(String level,
- Map<String,Object> contextMap, Exception e)
- {
- contextMap.put("Source", getClass().getName());
- AuditEvent ae = new AuditEvent(level,contextMap,e);
- securityContext.getAuditManager().audit(ae);
- }
-
- public void authorizationAudit(String level, EJBResource resource, Exception e)
+
+ private void authorizationAudit(String level, EJBResource resource, Exception e)
{
//Authorization Exception stacktrace is huge. Scale it down
//as the original stack trace can be seen in server.log (if needed)
@@ -188,13 +170,5 @@
cmap.putAll(resource.getMap());
cmap.put("Exception:", exceptionMessage);
audit(level,cmap,null);
- }
-
- public Map<String,Object> getContextMap(Principal principal, String methodName)
- {
- Map<String,Object> cmap = new HashMap<String,Object>();
- cmap.put("principal", principal);
- cmap.put("method", methodName);
- return cmap;
- }
+ }
}
Modified: trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java 2007-10-09 19:46:57 UTC (rev 65982)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/SecurityActions.java 2007-10-09 19:47:34 UTC (rev 65983)
@@ -71,5 +71,18 @@
}
});
}
+
+ static Exception getContextException()
+ {
+ return (Exception)AccessController.doPrivileged(new PrivilegedAction()
+ {
+ static final String EX_KEY = "org.jboss.security.exception";
+ public Object run()
+ {
+ SecurityContext sc = getSecurityContext();
+ return sc.getData().get(EX_KEY);
+ }
+ });
+ }
}
Added: trunk/security/src/main/org/jboss/security/integration/ejb/SecurityHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/SecurityHelper.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/SecurityHelper.java 2007-10-09 19:47:34 UTC (rev 65983)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.ejb;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.audit.AuditEvent;
+
+//$Id$
+
+/**
+ * Base Class for Authentication and Authorization Helpers
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 4, 2007
+ * @version $Revision$
+ */
+public abstract class SecurityHelper
+{
+ protected SecurityContext securityContext;
+
+ protected static Logger log = null;
+
+ public SecurityHelper(SecurityContext sc)
+ {
+ log = Logger.getLogger(getClass());
+ if(sc == null)
+ sc = SecurityActions.getSecurityContext();
+ if(sc == null)
+ throw new IllegalArgumentException("Security Context is null");
+ this.securityContext = sc;
+ }
+
+ //******************************************************
+ // Audit Methods
+ //******************************************************
+ protected void audit(String level,
+ Map<String,Object> contextMap, Exception e)
+ {
+ contextMap.put("Source", getClass().getName());
+ AuditEvent ae = new AuditEvent(level,contextMap,e);
+ securityContext.getAuditManager().audit(ae);
+ }
+
+
+ protected Map<String,Object> getContextMap(Principal principal, String methodName)
+ {
+ Map<String,Object> cmap = new HashMap<String,Object>();
+ cmap.put("principal", principal);
+ cmap.put("method", methodName);
+ return cmap;
+ }
+}
More information about the jboss-cvs-commits
mailing list