[jboss-cvs] JBossAS SVN: r72316 - projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Apr 16 16:46:58 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-16 16:46:57 -0400 (Wed, 16 Apr 2008)
New Revision: 72316
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java
Log:
SECURITY-195: guard security context methods with security perms
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2008-04-16 20:46:16 UTC (rev 72315)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2008-04-16 20:46:57 UTC (rev 72316)
@@ -41,6 +41,30 @@
public class JBossSecurityContext implements SecurityContext, SecurityManagerLocator
{
private static final long serialVersionUID = 1L;
+
+ //Define Security Permissions
+
+ private static final RuntimePermission getDataPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "getData");
+
+ private static final RuntimePermission getSubjectInfoPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "getSubjectInfo");
+
+ private static final RuntimePermission setRolesPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setRolesPermission");
+
+ private static final RuntimePermission setRunAsPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setRunAsPermission");
+
+ private static final RuntimePermission setSubjectInfoPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setSubjectInfo");
+
+ private static final RuntimePermission getSecurityManagementPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "getSecurityManagement");
+
+ private static final RuntimePermission setSecurityManagementPermission
+ = new RuntimePermission(JBossSecurityContext.class.getName() + "setSecurityManagement");
+
protected static final Logger log = Logger.getLogger(JBossSecurityContext.class);
protected boolean trace = log.isTraceEnabled();
@@ -71,6 +95,10 @@
*/
public ISecurityManagement getSecurityManagement()
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getSecurityManagementPermission);
+
return this.iSecurityManagement;
}
@@ -79,6 +107,10 @@
*/
public void setSecurityManagement(ISecurityManagement ism)
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setSecurityManagementPermission);
+
if(ism == null)
throw new IllegalArgumentException("ism is null");
this.iSecurityManagement = ism;
@@ -89,6 +121,10 @@
*/
public Map<String,Object> getData()
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getDataPermission);
+
return contextData;
}
@@ -103,6 +139,10 @@
*/
public SubjectInfo getSubjectInfo()
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(getSubjectInfoPermission);
+
return subjectInfo;
}
@@ -119,6 +159,10 @@
*/
public void setIncomingRunAs(RunAs runAs)
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRunAsPermission);
+
this.incomingRunAs = runAs;
}
@@ -135,6 +179,10 @@
*/
public void setOutgoingRunAs(RunAs runAs)
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRunAsPermission);
+
this.outgoingRunAs = runAs;
}
@@ -191,11 +239,19 @@
public void setSubjectInfo(SubjectInfo si)
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setSubjectInfoPermission);
+
this.subjectInfo = si;
}
public void setRoles(Group roles, boolean replace)
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setRolesPermission);
+
Group mergedRoles = roles;
if(!replace)
{
More information about the jboss-cvs-commits
mailing list