[jboss-cvs] JBossAS SVN: r68749 - in projects/security/security-jboss-sx/trunk: acl and 55 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Jan 9 15:25:40 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-01-09 15:25:39 -0500 (Wed, 09 Jan 2008)
New Revision: 68749
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/StandaloneJBossAMgrUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/TestAuthorizationModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBPolicyModuleDelegateUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identity/
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identity/SimpleRoleGroupUnitTestCase.java
Modified:
projects/security/security-jboss-sx/trunk/acl/pom.xml
projects/security/security-jboss-sx/trunk/assembly/pom.xml
projects/security/security-jboss-sx/trunk/identity/pom.xml
projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleIdentity.java
projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRole.java
projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRoleGroup.java
projects/security/security-jboss-sx/trunk/identity/src/tests/org/jboss/test/identity/impl/RoleUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/.classpath
projects/security/security-jboss-sx/trunk/jbosssx/pom.xml
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/CryptoUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/DigestCallback.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/SHAReverseInterleave.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AltClientLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AppPolicy.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthenticationInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthorizationInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/RunAsIdentity.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociation.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationAuthenticator.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SimpleGroup.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditProviderEntry.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/providers/LogAuditProvider.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/AppCallbackHandler.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/CallbackHandlerPolicyContextHandler.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/ConsoleInputHandler.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/MapCallback.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityAssociationCallback.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/AnyCertVerifier.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SerialNumberIssuerDNMapping.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectCNMapping.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectDNMapping.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectX500Principal.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/X509CertificateVerifier.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntry.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntryHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/HttpServletServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AppConfigurationEntryHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/GenericMessageInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Users.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersObjectModelFactory.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Util.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllDenyAuthorizationModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllPermitAuthorizationModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AuthorizationModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/JACCAuthorizationModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebJACCPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/WebResource.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossStaticPolicyFinderModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossXACMLUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/BaseSecurityInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/PolicyConfig.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustConfigEntryHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/ContextPolicy.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/DelegatingPolicy.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfiguration.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfigurationFactory.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityService.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingConfigEntryHolder.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingModuleEntry.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PolicyContextIdRoleMappingProvider.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PrincipalToRoleMappingProvider.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/ConsolePassword.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/DefaultLoginConfig.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/FilePassword.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NoAccessSecurityManager.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NullSecurityManager.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/SubjectActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/TmpFilePassword.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/JBossAuditManager.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/SecurityActions.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/DelegatingPolicyTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermission.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermissionCollection.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestableGroupTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestablePrincipalTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/PermissionName.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/SecurityProviderlTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestJCE.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLogin.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/UtilTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditTestAssociation.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/JBossAuthenticationManagerUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/LoginModuleServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/ldap/OpenDSUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/PrincipalMappingUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/TestX509Certificate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/MappingContextTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextBaseTest.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/TestSecurityContext.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/TestHttpServletRequest.java
projects/security/security-jboss-sx/trunk/pom.xml
Log:
SECURITY-92: typesafe collections SECURITY-107: weave in identity info
Modified: projects/security/security-jboss-sx/trunk/acl/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/acl/pom.xml 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/acl/pom.xml 2008-01-09 20:25:39 UTC (rev 68749)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
+ <artifactId>jbosssx-parent</artifactId>
<version>2.0.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: projects/security/security-jboss-sx/trunk/assembly/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/assembly/pom.xml 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/assembly/pom.xml 2008-01-09 20:25:39 UTC (rev 68749)
@@ -3,12 +3,12 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
+ <artifactId>jbosssx-parent</artifactId>
<version>2.0.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-assembly</artifactId>
+ <artifactId>jbosssx</artifactId>
<packaging>pom</packaging>
<name>JBoss Security Implementation for the JBAS - Assembly</name>
<url>http://labs.jboss.org/portal/jbosssecurity/</url>
Modified: projects/security/security-jboss-sx/trunk/identity/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/pom.xml 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/identity/pom.xml 2008-01-09 20:25:39 UTC (rev 68749)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
+ <artifactId>jbosssx-parent</artifactId>
<version>2.0.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleIdentity.java
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleIdentity.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleIdentity.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,7 +24,7 @@
import java.io.Serializable;
import java.security.Principal;
import java.security.acl.Group;
-
+
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.Role;
Modified: projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRole.java
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRole.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRole.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -69,11 +69,11 @@
{
// TODO Auto-generated method stub
return super.clone();
- }
-
+ }
+
@Override
public String toString()
{
return roleName;
- }
+ }
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRoleGroup.java
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRoleGroup.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/identity/src/main/org/jboss/security/identity/plugins/SimpleRoleGroup.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -44,7 +44,8 @@
{
private static final long serialVersionUID = 1L;
private ArrayList<Role> roles = new ArrayList<Role>();
-
+ private static final String ROLES_IDENTIFIER = "Roles";
+
public SimpleRoleGroup(String roleName)
{
super(roleName);
@@ -70,11 +71,11 @@
public SimpleRoleGroup(Set<Principal> rolesAsPrincipals)
{
- super("Roles");
+ super(ROLES_IDENTIFIER);
for(Principal p: rolesAsPrincipals)
{
- roles.add(new SimpleRole(p.getName()));
- }
+ roles.add(new SimpleRole(p.getName()));
+ }
}
@Override
@@ -130,11 +131,11 @@
/**
* @see RoleGroup#containsAtleastOneRole(RoleGroup)
*/
- public boolean containsAtleastOneRole(RoleGroup anotherRoleGroup)
+ public boolean containsAtleastOneRole(RoleGroup anotherRole)
{
- if(anotherRoleGroup == null)
- throw new IllegalArgumentException("anotherRoleGroup is null");
- List<Role> roleList = anotherRoleGroup.getRoles();
+ if(anotherRole == null)
+ throw new IllegalArgumentException("anotherRole is null");
+ List<Role> roleList = anotherRole.getRoles();
for(Role r: roleList)
{
if(this.containsAll(r))
@@ -154,7 +155,7 @@
return true;
}
return false;
- }
+ }
@Override
public String toString()
Modified: projects/security/security-jboss-sx/trunk/identity/src/tests/org/jboss/test/identity/impl/RoleUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/identity/src/tests/org/jboss/test/identity/impl/RoleUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/identity/src/tests/org/jboss/test/identity/impl/RoleUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,13 +21,13 @@
*/
package org.jboss.test.identity.impl;
+import junit.framework.TestCase;
+
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleFactory;
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
-import junit.framework.TestCase;
-
//$Id$
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/.classpath
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/.classpath 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/.classpath 2008-01-09 20:25:39 UTC (rev 68749)
@@ -9,7 +9,10 @@
<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
<classpathentry kind="var" path="M2_REPO/sun-xacml/sun-xacml/2.0/sun-xacml-2.0.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR4/jbossxb-2.0.0.CR4.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.beta/jboss-security-spi-2.0.2.beta.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.alpha1/jboss-security-spi-2.0.2.alpha1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi-bare-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2-SNAPSHOT/jboss-security-spi--bare-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/authorization-spi/2.0.2-SNAPSHOT/authorization-spi-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/acl-spi/2.0.2-SNAPSHOT/acl-spi-2.0.2-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/security/identity-spi/2.0.2-SNAPSHOT/identity-spi-2.0.2-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3/jboss-javaee-5.0.0.Beta3.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0-BETA1/jboss-jaspi-api-1.0-BETA1.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jboss-test/1.0.3.GA/jboss-test-1.0.3.GA.jar"/>
@@ -24,5 +27,6 @@
<classpathentry kind="var" path="M2_REPO/sun-opends/opends-core/1.0.0-BUILD04/opends-core-1.0.0-BUILD04.jar"/>
<classpathentry kind="var" path="M2_REPO/sleepycat/je/3.2.43/je-3.2.43.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jnpserver/5.0.0-SNAPSHOT/jnpserver-5.0.0-SNAPSHOT.jar"/>
+ <classpathentry combineaccessrules="false" kind="src" path="/identity"/>
<classpathentry kind="output" path="target/eclipse-classes"/>
</classpath>
Modified: projects/security/security-jboss-sx/trunk/jbosssx/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/pom.xml 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/pom.xml 2008-01-09 20:25:39 UTC (rev 68749)
@@ -1,7 +1,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
+ <artifactId>jbosssx-parent</artifactId>
<version>2.0.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -133,6 +133,12 @@
<scope>compile</scope>
</dependency>
<dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>identity-impl</artifactId>
+ <version>2.0.2-SNAPSHOT</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.4.GA</version>
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/CryptoUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/CryptoUtil.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/CryptoUtil.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -29,27 +29,16 @@
import java.security.GeneralSecurityException;
import java.security.KeyException;
import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
-import java.security.Security;
import java.security.SecureRandom;
-import java.security.acl.Group;
-import java.util.Iterator;
+import java.security.Security;
import java.util.Random;
-import java.util.Set;
-import javax.naming.InitialContext;
-import javax.security.auth.Subject;
-import org.jboss.crypto.JBossSXProvider;
import org.jboss.crypto.digest.DigestCallback;
import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.Base64Encoder;
import org.jboss.security.Base64Utils;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.SecurityConfiguration;
/** Various security related utilities like MessageDigest
factories, SecureRandom access, password hashing.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/DigestCallback.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/DigestCallback.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/DigestCallback.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,8 @@
*/
package org.jboss.crypto.digest;
+import java.security.MessageDigest;
import java.util.Map;
-import java.security.MessageDigest;
/**
* An interface that can be used to augment the behavior of a digest hash.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/SHAReverseInterleave.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/SHAReverseInterleave.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/crypto/digest/SHAReverseInterleave.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,7 +25,7 @@
import java.security.MessageDigest;
import java.security.MessageDigestSpi;
import java.security.NoSuchAlgorithmException;
-import java.security.ProviderException;
+import java.security.ProviderException;
/** An alternate SHA Interleave algorithm as implemented in the SRP
distribution. This version reverses the even and odd byte streams before
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AltClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AltClientLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AltClientLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,9 +22,10 @@
package org.jboss.security;
+import java.security.Principal;
import java.util.Map;
import java.util.Set;
-import java.security.Principal;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -35,7 +36,6 @@
import javax.security.auth.spi.LoginModule;
import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
/** A simple implementation of LoginModule for use by JBoss clients for
the establishment of the caller identity and credentials. This simply sets
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AppPolicy.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AppPolicy.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AppPolicy.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -27,6 +27,7 @@
import java.security.KeyStore;
import java.security.PermissionCollection;
import java.security.Permissions;
+
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthenticationInfo.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthenticationInfo.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,6 +22,7 @@
package org.jboss.security;
import java.security.AccessController;
+
import javax.security.auth.AuthPermission;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthorizationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthorizationInfo.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/AuthorizationInfo.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,9 +26,10 @@
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
-import java.util.ArrayList;
+import java.util.ArrayList;
import java.util.HashSet;
-import java.util.Set;
+import java.util.Set;
+
import javax.security.auth.Subject;
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,6 +25,7 @@
import java.security.Principal;
import java.util.Map;
import java.util.Set;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -35,7 +36,6 @@
import javax.security.auth.spi.LoginModule;
import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
/** A simple implementation of LoginModule for use by JBoss clients for
the establishment of the caller identity and credentials. This simply sets
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/RunAsIdentity.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/RunAsIdentity.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/RunAsIdentity.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -72,7 +72,7 @@
// these come from the assembly-descriptor
if (extraRoleNames != null)
{
- Iterator it = extraRoleNames.iterator();
+ Iterator<String> it = extraRoleNames.iterator();
while (it.hasNext())
{
String extraRoleName = (String) it.next();
@@ -87,9 +87,9 @@
*/
public Set<Principal> getRunAsRoles()
{
- return new HashSet(runAsRoles);
+ return new HashSet<Principal>(runAsRoles);
}
-
+
/**
Return a set with the configured run-as principal and a Group("Roles")
with teh run-as roles
@@ -100,11 +100,11 @@
{
if( principalsSet == null )
{
- principalsSet = new HashSet();
+ principalsSet = new HashSet<Principal>();
principalsSet.add(this);
SimpleGroup roles = new SimpleGroup("Roles");
principalsSet.add(roles);
- Iterator iter = runAsRoles.iterator();
+ Iterator<Principal> iter = runAsRoles.iterator();
while( iter.hasNext() )
{
Principal role = (Principal) iter.next();
@@ -124,7 +124,7 @@
*/
public boolean doesUserHaveRole(Set<Principal> methodRoles)
{
- Iterator it = methodRoles.iterator();
+ Iterator<Principal> it = methodRoles.iterator();
while (it.hasNext())
{
Principal role = (Principal) it.next();
@@ -149,8 +149,8 @@
if(clone != null)
{
clone.principalsSet = principalsSet != null ?
- (HashSet)this.principalsSet.clone() : null;
- clone.runAsRoles = (HashSet)this.runAsRoles.clone();
+ (HashSet<Principal>)this.principalsSet.clone() : null;
+ clone.runAsRoles = (HashSet<Principal>)this.runAsRoles.clone();
}
return clone;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociation.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociation.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociation.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,13 +23,12 @@
import java.security.Principal;
import java.util.ArrayList;
-import java.util.HashMap;
+import java.util.HashMap;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
/**
* The SecurityAssociation class maintains the security principal and
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,15 +21,13 @@
*/
package org.jboss.security;
-import java.security.PrivilegedAction;
-import java.security.Principal;
import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
import javax.security.auth.Subject;
-import org.jboss.security.SecurityAssociation;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
/** A PrivilegedAction implementation for setting the SecurityAssociation
* principal and credential
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationAuthenticator.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationAuthenticator.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationAuthenticator.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,8 +23,8 @@
import java.net.Authenticator;
import java.net.PasswordAuthentication;
+import java.security.AccessController;
import java.security.Principal;
-import java.security.AccessController;
import java.security.PrivilegedAction;
/** An implementation of Authenticator that obtains the username and password
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityRoleRef.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -39,6 +39,12 @@
{
}
+ public SecurityRoleRef(String name, String link)
+ {
+ this.name = name;
+ this.link = link;
+ }
+
public SecurityRoleRef(String name, String link, String description)
{
this.name = name;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SimpleGroup.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SimpleGroup.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SimpleGroup.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,8 +26,8 @@
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
+import java.util.HashMap;
import java.util.Iterator;
-import java.util.HashMap;
/** An implementation of Group that manages a collection of Principal
objects based on their hashCode() and equals() methods. This class
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditConfigEntryHolder.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,7 +26,7 @@
import javax.xml.namespace.QName;
-import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.auth.login.ModuleOption;
import org.jboss.xb.binding.GenericValueContainer;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditProviderEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditProviderEntry.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/config/AuditProviderEntry.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -38,14 +38,14 @@
{
private String name;
- private Map options = new HashMap();
+ private Map<String,Object> options = new HashMap<String,Object>();
public AuditProviderEntry(String name)
{
this.name = name;
}
- public AuditProviderEntry(String name, Map options)
+ public AuditProviderEntry(String name, Map<String,Object> options)
{
this.name = name;
this.options = options;
@@ -61,8 +61,8 @@
options.put(option.getName(), option.getValue());
}
- public Map getOptions()
+ public Map<String,?> getOptions()
{
return this.options;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/providers/LogAuditProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/providers/LogAuditProvider.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/audit/providers/LogAuditProvider.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -8,7 +8,7 @@
import org.jboss.logging.Logger;
import org.jboss.security.audit.AbstractAuditProvider;
-import org.jboss.security.audit.AuditEvent;
+import org.jboss.security.audit.AuditEvent;
/**
* Audit Provider that just logs the audit event using a Logger.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/AppCallbackHandler.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/AppCallbackHandler.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/AppCallbackHandler.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,7 +22,7 @@
package org.jboss.security.auth.callback;
import java.io.BufferedReader;
-import java.io.IOException;
+import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.reflect.Method;
import java.security.Principal;
@@ -35,7 +35,6 @@
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
-import org.jboss.security.auth.callback.ByteArrayCallback;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/CallbackHandlerPolicyContextHandler.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/CallbackHandlerPolicyContextHandler.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/CallbackHandlerPolicyContextHandler.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,9 @@
*/
package org.jboss.security.auth.callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.jacc.PolicyContextException;
import javax.security.jacc.PolicyContextHandler;
-import javax.security.jacc.PolicyContextException;
-import javax.security.auth.callback.CallbackHandler;
/**
A PolicyContextHandler implementation that allows a dynamic CallbackHandler to
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/ConsoleInputHandler.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/ConsoleInputHandler.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/ConsoleInputHandler.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,8 +22,9 @@
package org.jboss.security.auth.callback;
import java.io.BufferedReader;
+import java.io.IOException;
import java.io.InputStreamReader;
-import java.io.IOException;
+
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/MapCallback.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/MapCallback.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/MapCallback.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,9 @@
*/
package org.jboss.security.auth.callback;
+import java.util.HashMap;
import java.util.Map;
-import java.util.HashMap;
+
import javax.security.auth.callback.Callback;
/** An implementation of Callback that simply allows for a map of information
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,10 +21,11 @@
*/
package org.jboss.security.auth.callback;
-import java.security.PrivilegedExceptionAction;
+import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
-import java.lang.reflect.UndeclaredThrowableException;
+import java.security.PrivilegedExceptionAction;
+
import javax.security.auth.callback.CallbackHandler;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityAssociationCallback.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityAssociationCallback.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/callback/SecurityAssociationCallback.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,6 +22,7 @@
package org.jboss.security.auth.callback;
import java.security.Principal;
+
import javax.security.auth.callback.Callback;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/AnyCertVerifier.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/AnyCertVerifier.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/AnyCertVerifier.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,8 @@
*/
package org.jboss.security.auth.certs;
+import java.security.KeyStore;
import java.security.cert.X509Certificate;
-import java.security.KeyStore;
/**
* A X509CertificateVerifier that accepts any cert.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SerialNumberIssuerDNMapping.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SerialNumberIssuerDNMapping.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SerialNumberIssuerDNMapping.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,10 @@
*/
package org.jboss.security.auth.certs;
+import java.math.BigInteger;
import java.security.Principal;
import java.security.cert.X509Certificate;
-import java.math.BigInteger;
+
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.SimplePrincipal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectCNMapping.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectCNMapping.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectCNMapping.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,6 +23,7 @@
import java.security.Principal;
import java.security.cert.X509Certificate;
+
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.SimplePrincipal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectDNMapping.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectDNMapping.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectDNMapping.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,10 @@
*/
package org.jboss.security.auth.certs;
+import java.io.Serializable;
import java.security.Principal;
import java.security.cert.X509Certificate;
-import java.io.Serializable;
+
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.SimplePrincipal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectX500Principal.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectX500Principal.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/SubjectX500Principal.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,6 +23,7 @@
import java.security.Principal;
import java.security.cert.X509Certificate;
+
import org.jboss.security.CertificatePrincipal;
/** A CertificatePrincipal implementation that uses the client cert
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/X509CertificateVerifier.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/X509CertificateVerifier.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/certs/X509CertificateVerifier.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,8 @@
*/
package org.jboss.security.auth.certs;
+import java.security.KeyStore;
import java.security.cert.X509Certificate;
-import java.security.KeyStore;
/**
* A verifier for X509Certificate used by authentication layers.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntry.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntry.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -42,7 +42,7 @@
{
private AppConfigurationEntry.LoginModuleControlFlag controlFlag =
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
- private Map options = new HashMap();
+ private Map<String,Object> options = new HashMap<String,Object>();
private String name = null;
private LoginModuleStackHolder loginModuleStackHolder = null;
private String loginModuleStackHolderName = null;
@@ -54,7 +54,7 @@
* @param options the options configured for this AuthModule.
* @param loginModuleStackHolderName Name of the LoginModuleStack (Can be Null
*/
- public AuthModuleEntry(String authModuleName, Map options, String loginModuleStackHolderName)
+ public AuthModuleEntry(String authModuleName, Map<String,Object> options, String loginModuleStackHolderName)
{
this.name = authModuleName;
if(options != null)
@@ -84,12 +84,12 @@
* Get the options configured for this AuthModule.
* @return the options configured for this AuthModule as an unmodifiable Map
*/
- public Map getOptions()
+ public Map<String,Object> getOptions()
{
return Collections.unmodifiableMap(options);
}
- public void setOptions(Map options)
+ public void setOptions(Map<String,Object> options)
{
this.options = options;
}
@@ -140,4 +140,4 @@
{
this.controlFlag = flag;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntryHolder.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/config/AuthModuleEntryHolder.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,7 +23,7 @@
import java.util.HashMap;
import java.util.Map;
-
+
import javax.xml.namespace.QName;
import org.jboss.security.auth.login.ModuleOption;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -56,12 +56,8 @@
protected MessagePolicy requestPolicy = null;
- protected MessagePolicy responsePolicy = null;
+ protected MessagePolicy responsePolicy = null;
- protected Object requestInfo = null;
-
- protected Object responseInfo = null;
-
protected Map options = null;
protected ArrayList<Class> supportedTypes = new ArrayList<Class>();
@@ -95,13 +91,10 @@
Subject serviceSubject)
throws AuthException
{
- this.requestInfo = messageInfo.getRequestMessage();
- this.responseInfo = messageInfo.getResponseMessage();
-
String loginModuleName = (String) options.get("login-module-delegate");
if(loginModuleName != null)
{
- ClassLoader tcl = SecurityActions.getContextClassloader();
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
try
{
Class clazz = tcl.loadClass(loginModuleName);
@@ -117,7 +110,7 @@
}
else
{
- return validate(clientSubject) ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
+ return validate(clientSubject, messageInfo) ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
}
return AuthStatus.SUCCESS;
@@ -150,5 +143,5 @@
* @return
* @throws AuthException
*/
- protected abstract boolean validate(Subject clientSubject) throws AuthException;
+ protected abstract boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,6 @@
*/
package org.jboss.security.auth.container.modules;
-import java.security.PrivilegedActionException;
-
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -78,7 +76,7 @@
}
@Override
- protected boolean validate(Subject clientSubject) throws AuthException
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
{
try
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/HttpServletServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/HttpServletServerAuthModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/HttpServletServerAuthModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -56,10 +56,11 @@
}
@Override
- protected boolean validate(Subject clientSubject) throws AuthException
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
{
- callbackHandler = new SecurityAssociationHandler(getUserName(),getCredential());
- return super.validate(clientSubject);
+ callbackHandler = new SecurityAssociationHandler(getUserName(messageInfo),
+ getCredential(messageInfo));
+ return super.validate(clientSubject, messageInfo);
}
public AuthStatus secureResponse(MessageInfo arg0, Subject arg1) throws AuthException
@@ -67,22 +68,23 @@
return null;
}
- private Principal getUserName()
+ private Principal getUserName(MessageInfo messageInfo)
{
+ Object requestInfo = messageInfo.getRequestMessage();
String userNameParam = (String) options.get("userNameParam");
- if(this.requestInfo instanceof HttpServletRequest == false)
- throw new IllegalStateException("Wrong Form of request:"+this.requestInfo);
+ if(requestInfo instanceof HttpServletRequest == false)
+ throw new IllegalStateException("Wrong Form of request:" + requestInfo);
HttpServletRequest hsr = (HttpServletRequest)requestInfo;
return new SimplePrincipal(hsr.getParameter(userNameParam));
}
- private Object getCredential()
+ private Object getCredential(MessageInfo messageInfo)
{
+ Object requestInfo = messageInfo.getRequestMessage();
String passwordParam = (String) options.get("passwordParam");
- if(this.requestInfo instanceof HttpServletRequest == false)
- throw new IllegalStateException("Wrong Form of request:"+this.requestInfo);
+ if(requestInfo instanceof HttpServletRequest == false)
+ throw new IllegalStateException("Wrong Form of request:" + requestInfo);
HttpServletRequest hsr = (HttpServletRequest)requestInfo;
return hsr.getParameter(passwordParam);
}
-
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -41,7 +41,7 @@
*/
class SecurityActions
{
- static ClassLoader getContextClassloader()
+ static ClassLoader getContextClassLoader()
{
return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,9 +25,10 @@
import java.util.Set;
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.ClientAuth;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ClientAuthModule;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -66,7 +66,7 @@
@Override
- protected boolean validate(Subject clientSubject) throws AuthException
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
{
//Construct Callbacks
NameCallback nc = new NameCallback("Dummy");
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AppConfigurationEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AppConfigurationEntryHolder.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AppConfigurationEntryHolder.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,11 +22,11 @@
package org.jboss.security.auth.login;
import java.util.HashMap;
+
import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import javax.xml.namespace.QName;
-import static javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
-
import org.jboss.xb.binding.GenericValueContainer;
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,13 +21,14 @@
*/
package org.jboss.security.auth.login;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
-import java.util.Map;
+import java.util.Map;
import java.util.Map.Entry;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+
import javax.security.auth.AuthPermission;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfoContainer.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,8 +26,8 @@
import java.util.List;
import java.util.Map;
+import javax.security.auth.login.AppConfigurationEntry;
import javax.xml.namespace.QName;
-import javax.security.auth.login.AppConfigurationEntry;
import org.jboss.logging.Logger;
import org.jboss.security.auth.container.config.AuthModuleEntry;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/ConfigUtil.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,9 +26,9 @@
import javax.security.auth.login.AppConfigurationEntry;
+import org.jboss.util.xml.DOMUtils;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-import org.jboss.util.xml.DOMUtils;
/** Utility methods for parsing the XMlLoginConfig elements into
* AuthenticationInfo instances.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,13 +23,13 @@
import javax.security.auth.login.AppConfigurationEntry;
-import org.jboss.xb.binding.ObjectModelFactory;
-import org.jboss.xb.binding.UnmarshallingContext;
-import org.jboss.security.auth.container.config.AuthModuleEntry;
+import org.jboss.logging.Logger;
+import org.jboss.security.auth.container.config.AuthModuleEntry;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.PolicyConfig;
import org.jboss.util.StringPropertyReplacer;
-import org.jboss.logging.Logger;
+import org.jboss.xb.binding.ObjectModelFactory;
+import org.jboss.xb.binding.UnmarshallingContext;
import org.xml.sax.Attributes;
/** A JBossXB object factory for parsing the login-config.xml object model.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/LoginModuleStackHolder.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,7 +21,7 @@
*/
package org.jboss.security.auth.login;
-import java.util.ArrayList;
+import java.util.ArrayList;
import java.util.List;
import javax.security.auth.AuthPermission;
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.login;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+//$Id$
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 26, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -38,7 +38,7 @@
import javax.security.auth.login.Configuration;
import org.jboss.logging.Logger;
-import org.jboss.security.auth.spi.UsersObjectModelFactory;
+import org.jboss.security.auth.spi.UsersObjectModelFactory;
import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.ApplicationPolicyRegistration;
@@ -178,7 +178,7 @@
public void setConfigResource(String resourceName)
throws IOException
{
- ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
loginConfigURL = tcl.getResource(resourceName);
if (loginConfigURL == null)
throw new IOException("Failed to find resource: " + resourceName);
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/GenericMessageInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/GenericMessageInfo.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/GenericMessageInfo.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,7 +23,7 @@
import java.util.HashMap;
import java.util.Map;
-
+
import javax.security.auth.message.MessageInfo;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -34,8 +34,9 @@
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.RegistrationListener;
import javax.security.auth.message.config.AuthConfigFactory.RegistrationContext;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
+
//$Id$
/**
@@ -222,7 +223,7 @@
AuthConfigProvider acp = null;
try
{
- Class provClass = Thread.currentThread().getContextClassLoader().loadClass(className);
+ Class provClass = SecurityActions.getContextClassLoader().loadClass(className);
Constructor ctr = provClass.getConstructor(new Class[] {Map.class});
acp = (AuthConfigProvider)ctr.newInstance(new Object[] {properties});
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,11 +23,10 @@
import java.util.HashMap;
import java.util.Map;
-import java.util.Properties;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.RegistrationListener;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossAuthConfigProvider.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -114,7 +114,7 @@
if(cbhClass == null)
throw new IllegalStateException("CallbackHandler not defined by system property "+
cbhProperty);
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ ClassLoader cl = SecurityActions.getContextClassLoader();
Class cls = cl.loadClass(cbhClass);
return (CallbackHandler)cls.newInstance();
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthConfig.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -27,8 +27,9 @@
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthException;
import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.AuthConfig;
import javax.security.auth.message.config.ClientAuthConfig;
import javax.security.auth.message.config.ClientAuthContext;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossClientAuthContext.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,11 +25,12 @@
import java.util.Map;
import javax.security.auth.Subject;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.ClientAuth;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.ClientAuthContext;
-import javax.security.auth.message.module.ClientAuthModule;
+import javax.security.auth.message.module.ClientAuthModule;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -197,7 +197,7 @@
private ServerAuthModule createSAM(String name )
throws Exception
{
- Class clazz = SecurityActions.getContextClassloader().loadClass(name);
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(name);
Constructor ctr = clazz.getConstructor(new Class[0]);
return (ServerAuthModule) ctr.newInstance(new Object[0]);
}
@@ -205,7 +205,7 @@
private ServerAuthModule createSAM(String name, String lmshName )
throws Exception
{
- Class clazz = SecurityActions.getContextClassloader().loadClass(name);
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(name);
Constructor ctr = clazz.getConstructor(new Class[]{String.class});
return (ServerAuthModule) ctr.newInstance(new Object[]{lmshName});
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/message/config/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -37,7 +37,7 @@
*/
class SecurityActions
{
- static ClassLoader getContextClassloader()
+ static ClassLoader getContextClassLoader()
{
return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,13 +22,13 @@
package org.jboss.security.auth.spi;
+import java.lang.reflect.Constructor;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
-import java.lang.reflect.Constructor;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
@@ -327,7 +327,7 @@
}
else
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
Class clazz = loader.loadClass(principalClassName);
Class[] ctorSig = {String.class};
Constructor ctor = clazz.getConstructor(ctorSig);
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,10 +22,10 @@
package org.jboss.security.auth.spi;
import java.security.acl.Group;
+
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
-import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
/**
* A simple login module that simply allows for the specification of the
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/BaseCertLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,15 +21,15 @@
*/
package org.jboss.security.auth.spi;
+import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.acl.Group;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
import java.util.Map;
-import java.util.Enumeration;
-import java.util.ArrayList;
-import java.io.IOException;
import javax.naming.InitialContext;
import javax.naming.NamingException;
@@ -133,7 +133,7 @@
{
try
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
Class verifierClass = loader.loadClass(option);
verifier = (X509CertificateVerifier) verifierClass.newInstance();
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,18 +22,19 @@
package org.jboss.security.auth.spi;
import java.security.acl.Group;
-import java.util.Map;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
+import java.util.Map;
+
import javax.naming.InitialContext;
import javax.naming.NamingException;
-import javax.sql.DataSource;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
-import javax.security.auth.login.FailedLoginException;
+import javax.sql.DataSource;
import javax.transaction.SystemException;
import javax.transaction.Transaction;
import javax.transaction.TransactionManager;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/DecodeAction.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,12 +21,13 @@
*/
package org.jboss.security.auth.spi;
-import java.security.PrivilegedExceptionAction;
import java.security.AccessController;
import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.crypto.Cipher;
-import javax.management.ObjectName;
+import javax.management.ObjectName;
+
import org.jboss.security.config.SecurityConfiguration;
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,13 +25,13 @@
import java.security.acl.Group;
import java.util.Map;
import java.util.StringTokenizer;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.auth.spi.AbstractServerLoginModule;
/**
* A simple login module that simply associates the principal specified
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,18 +24,19 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
+import java.util.Properties;
import java.util.Map.Entry;
-import java.util.Properties;
+
+import javax.management.ObjectName;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
-import javax.naming.directory.Attribute;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.login.LoginException;
-import javax.management.ObjectName;
import org.jboss.security.SimpleGroup;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,21 +21,22 @@
*/
package org.jboss.security.auth.spi;
+import java.security.Principal;
import java.security.acl.Group;
-import java.security.Principal;
import java.util.Iterator;
+import java.util.Properties;
import java.util.Map.Entry;
-import java.util.Properties;
+
+import javax.management.ObjectName;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
+import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
-import javax.naming.directory.SearchControls;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.login.LoginException;
-import javax.management.ObjectName;
import org.jboss.security.SimpleGroup;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,8 +22,9 @@
package org.jboss.security.auth.spi;
import java.io.IOException;
+import java.util.Map;
import java.util.Properties;
-import java.util.Map;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -69,7 +69,7 @@
}
// Load the delegate module using the thread class loader
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
try
{
Class clazz = loader.loadClass(moduleName);
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -31,6 +31,7 @@
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
import org.jboss.logging.Logger;
import org.jboss.util.StringPropertyReplacer;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/RunAsLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,13 +21,14 @@
*/
package org.jboss.security.auth.spi;
-import java.util.Map;
+import java.util.Map;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.spi.LoginModule;
-import org.jboss.security.SecurityAssociation;
import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityAssociation;
/** A login module that establishes a run-as role for the duration of the login
* phase of authentication. It can be used to allow another login module
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -40,7 +40,7 @@
*/
class SecurityActions
{
- static ClassLoader getContextClassloader()
+ static ClassLoader getContextClassLoader()
{
return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,11 +23,11 @@
import java.security.Principal;
import java.security.acl.Group;
+
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
/**
* A simple server login module useful to quick setup of security for testing
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,12 +21,12 @@
*/
package org.jboss.security.auth.spi;
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.security.Principal;
+import java.util.HashMap;
import java.util.Map;
-import java.util.HashMap;
-import java.io.IOException;
-import java.lang.reflect.Method;
-import java.lang.reflect.InvocationTargetException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -36,7 +36,7 @@
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
-
+
import org.jboss.crypto.digest.DigestCallback;
@@ -369,7 +369,7 @@
{
try
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
Class callbackClass = loader.loadClass(callbackClassName);
callback = (DigestCallback) callbackClass.newInstance();
if( log.isTraceEnabled() )
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Users.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Users.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Users.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,12 +21,12 @@
*/
package org.jboss.security.auth.spi;
-import java.util.Iterator;
-import java.util.HashMap;
+import java.security.Principal;
+import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
-import java.security.acl.Group;
-import java.security.Principal;
+import java.util.HashMap;
+import java.util.Iterator;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,9 +23,6 @@
// $Id$
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
@@ -33,6 +30,10 @@
import java.util.Map;
import java.util.Properties;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
/**
* A simple properties file based login module that consults a Java Properties
* formatted text files for username to password("users.properties") mapping.
@@ -133,7 +134,7 @@
private Properties loadProperties(String propertiesName) throws IOException
{
Properties bundle = null;
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
URL url = loader.getResource(propertiesName);
if (url == null)
throw new IOException("Properties file " + propertiesName + " not found");
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersObjectModelFactory.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersObjectModelFactory.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,9 @@
*/
package org.jboss.security.auth.spi;
+import org.jboss.logging.Logger;
import org.jboss.xb.binding.ObjectModelFactory;
import org.jboss.xb.binding.UnmarshallingContext;
-import org.jboss.logging.Logger;
import org.xml.sax.Attributes;
/** A JBossXB object factory for parsing the
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,10 +22,10 @@
package org.jboss.security.auth.spi;
import java.io.IOException;
+import java.security.acl.Group;
import java.util.Map;
import java.util.Properties;
-import java.security.acl.Group;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Util.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Util.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/Util.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -343,7 +343,7 @@
throws IOException
{
Properties bundle = null;
- ClassLoader loader = SecurityActions.getContextClassloader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
URL defaultUrl = null;
URL url = null;
// First check for local visibility via a URLClassLoader.findResource
@@ -427,7 +427,7 @@
static Properties loadProperties(String propertiesName, Logger log)
throws IOException
{
- ClassLoader loader = SecurityActions.getContextClassloader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
URL url = null;
// First check for local visibility via a URLClassLoader.findResource
if( loader instanceof URLClassLoader )
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/spi/XMLLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,6 +23,7 @@
import java.security.acl.Group;
import java.util.Map;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/AuthorizationInfoContainer.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,12 +21,12 @@
*/
package org.jboss.security.authorization;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.ArrayList;
+import java.util.List;
-import javax.xml.namespace.QName;
+import javax.xml.namespace.QName;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
import org.jboss.security.authorization.config.AuthorizationConfigEntryHolder;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.xb.binding.GenericValueContainer;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,7 +22,7 @@
package org.jboss.security.authorization;
import java.security.AccessController;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedAction;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/AuthorizationConfigEntryHolder.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,8 +25,8 @@
import java.util.Map;
import javax.xml.namespace.QName;
-
-import org.jboss.security.auth.login.ModuleOption;
+
+import org.jboss.security.auth.login.ModuleOption;
import org.jboss.security.config.ControlFlag;
import org.jboss.xb.binding.GenericValueContainer;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,13 +24,13 @@
import org.jboss.logging.Logger;
import org.jboss.security.audit.config.AuditProviderEntry;
import org.jboss.security.auth.login.LoginConfigObjectModelFactory;
-import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.auth.login.ModuleOption;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuditInfo;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.IdentityTrustInfo;
-import org.jboss.security.config.MappingInfo;
+import org.jboss.security.config.MappingInfo;
import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
import org.jboss.security.mapping.config.MappingModuleEntry;
import org.jboss.util.StringPropertyReplacer;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractAuthorizationModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -34,6 +34,8 @@
import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
//$Id$
@@ -47,9 +49,11 @@
{
protected Subject subject = null;
protected CallbackHandler handler = null;
- protected Map sharedState = null;
- protected Map options = null;
+ protected Map<String,Object> sharedState = null;
+ protected Map<String,Object> options = null;
+ protected RoleGroup role = null;
+
protected Logger log = null;
/** Map of delegates for the various layers */
@@ -89,10 +93,10 @@
}
/**
- * @see AuthorizationModule#initialize(Subject, CallbackHandler, Map, Map)
+ * @see AuthorizationModule#initialize(Subject, CallbackHandler, Map, Map, Role)
*/
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState,
- Map options)
+ public void initialize(Subject subject, CallbackHandler handler, Map<String,Object> sharedState,
+ Map<String,Object> options, RoleGroup subjectRole)
{
this.subject = subject;
this.handler = handler;
@@ -105,6 +109,7 @@
if(commaSeparatedDelegates != null && commaSeparatedDelegates.length() > 0)
populateDelegateMap(commaSeparatedDelegates);
}
+ this.role = subjectRole;
}
/**
@@ -134,7 +139,7 @@
try
{
delegate = getDelegate(delegateStr);
- authorizationDecision = delegate.authorize(resource);
+ authorizationDecision = delegate.authorize(resource,this.subject, this.role);
}
catch(Exception e)
{
@@ -155,7 +160,7 @@
protected AuthorizationModuleDelegate getDelegate(String delegateStr)
throws Exception
{
- ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
Class<?> clazz = tcl.loadClass(delegateStr);
return (AuthorizationModuleDelegate)clazz.newInstance();
}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AbstractJACCModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+
+//$Id$
+
+/**
+ * Common methods for the JACC layer
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 4, 2008
+ * @version $Revision$
+ */
+public abstract class AbstractJACCModuleDelegate extends AuthorizationModuleDelegate
+{
+ public abstract int authorize(Resource resource, Subject subject, RoleGroup role);
+
+ protected Principal[] getPrincipals(Subject subject, Role role)
+ {
+ Set<Principal> principalsSet = null;
+ if(subject != null)
+ {
+ principalsSet = subject.getPrincipals();
+ }
+ if(role != null)
+ {
+ if(principalsSet == null)
+ principalsSet = new HashSet<Principal>();
+ if(role instanceof RoleGroup)
+ {
+ RoleGroup rg = (RoleGroup) role;
+ List<Role> rolesList = rg.getRoles();
+ for(Role r: rolesList)
+ {
+ principalsSet.add(new SimplePrincipal(r.getRoleName()));
+ }
+ }
+ else
+ principalsSet.add(new SimplePrincipal(role.getRoleName()));
+ }
+ Principal[] arr = null;
+ if(principalsSet != null)
+ {
+ arr = new Principal[principalsSet.size()];
+ principalsSet.toArray(arr);
+ }
+ return arr;
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllDenyAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllDenyAuthorizationModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllDenyAuthorizationModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,7 +22,8 @@
package org.jboss.security.authorization.modules;
import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.Resource;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllPermitAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllPermitAuthorizationModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AllPermitAuthorizationModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,6 +23,7 @@
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.Resource;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AuthorizationModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AuthorizationModuleDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/AuthorizationModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,13 @@
*/
package org.jboss.security.authorization.modules;
+import javax.security.auth.Subject;
+
import org.jboss.logging.Logger;
+import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
+import org.jboss.security.identity.RoleGroup;
//$Id$
@@ -46,9 +50,11 @@
/**
* @see AuthorizationModule#authorize(Resource)
* @param resource
+ * @param subject Authenticated Subject
+ * @param role RoleGroup
* @return
*/
- public abstract int authorize(Resource resource);
+ public abstract int authorize(Resource resource, Subject subject, RoleGroup role);
/**
* Set the PolicyRegistration manager
@@ -58,5 +64,5 @@
public void setPolicyRegistrationManager(PolicyRegistration pm)
{
this.policyRegistration = pm;
- }
+ }
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/JACCAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/JACCAuthorizationModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/JACCAuthorizationModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,11 @@
*/
package org.jboss.security.authorization.modules;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.modules.ejb.EJBJACCPolicyModuleDelegate;
+import org.jboss.security.authorization.modules.web.WebJACCPolicyModuleDelegate;
//$Id$
@@ -38,10 +40,8 @@
public JACCAuthorizationModule()
{
log = Logger.getLogger(getClass());
- delegateMap.put(ResourceType.WEB,
- "org.jboss.web.tomcat.security.authorization.delegates.WebJACCPolicyModuleDelegate");
- delegateMap.put(ResourceType.EJB,
- "org.jboss.security.authorization.modules.ejb.EJBJACCPolicyModuleDelegate");
+ delegateMap.put(ResourceType.WEB, WebJACCPolicyModuleDelegate.class.getName());
+ delegateMap.put(ResourceType.EJB, EJBJACCPolicyModuleDelegate.class.getName());
}
/**
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization.modules;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+//$Id: SecurityActions.java 45685 2006-06-20 04:46:23Z asaldhana $
+
+/**
+ * Privileged Actions for this package
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 11, 2006
+ * @version $Revision: 45685 $
+ */
+class SecurityActions
+{
+ private static class GetTCLAction implements PrivilegedAction<ClassLoader>
+ {
+ static PrivilegedAction<ClassLoader> ACTION = new GetTCLAction();
+ public ClassLoader run()
+ {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ return loader;
+ }
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
+ return loader;
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/XACMLAuthorizationModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,9 @@
*/
package org.jboss.security.authorization.modules;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
import org.jboss.security.authorization.AuthorizationModule;
-import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -27,26 +27,22 @@
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
-import java.security.acl.Group;
-import java.util.Enumeration;
-import java.util.HashSet;
import java.util.Map;
-import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SimpleGroup;
+import org.jboss.logging.Logger;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.modules.AbstractJACCModuleDelegate;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
//$Id$
@@ -58,16 +54,15 @@
* @since Jul 6, 2006
* @version $Revision$
*/
-public class EJBJACCPolicyModuleDelegate extends AuthorizationModuleDelegate
+public class EJBJACCPolicyModuleDelegate extends AbstractJACCModuleDelegate
{
private String ejbName = null;
private Method ejbMethod = null;
- private Subject callerSubject = null;
private String methodInterface = null;
private CodeSource ejbCS = null;
private String roleName = null;
private Boolean roleRefCheck = Boolean.FALSE;
- private Group securityContextRoles = null;
+ //private Group securityContextRoles = null;
public EJBJACCPolicyModuleDelegate()
{
@@ -78,7 +73,7 @@
/**
* @see AuthorizationModuleDelegate#authorize(Resource)
*/
- public int authorize(Resource resource)
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
{
if(resource instanceof EJBResource == false)
throw new IllegalArgumentException("resource is not an EJBResource");
@@ -90,21 +85,14 @@
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
- AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
+ /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
if(am == null)
throw new IllegalStateException("Authorization Manager is null");
if(am instanceof PolicyRegistration)
this.policyRegistration = (PolicyRegistration) am;
+ */
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
- //Populate local variables from the resource
- /*this.callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
- this.ejbCS = (CodeSource)map.get(ResourceKeys.EJB_CODESOURCE);
- this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
- this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
- this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);*/
-
-
- this.callerSubject = ejbResource.getCallerSubject();
this.ejbCS = ejbResource.getCodeSource();
this.ejbMethod = ejbResource.getEjbMethod();
this.ejbName = ejbResource.getEjbName();
@@ -112,17 +100,17 @@
this.roleName = (String)map.get(ResourceKeys.ROLENAME);
//Get the Security Context Roles
- if(am != null)
+ /*if(am != null)
{
Principal ejbPrincipal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
Set<Principal> roleset = am.getUserRoles(ejbPrincipal);
this.securityContextRoles = getGroupFromRoleSet(roleset);
- }
+ } */
this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
if(this.roleRefCheck == Boolean.TRUE)
- return checkRoleRef();
+ return checkRoleRef(callerSubject, role);
else
- return process();
+ return process(callerSubject, role);
}
//Private Methods
@@ -132,11 +120,11 @@
* @param sc
* @return
*/
- private int process()
+ private int process(Subject callerSubject, Role role)
{
EJBMethodPermission methodPerm =
new EJBMethodPermission(ejbName, methodInterface, ejbMethod);
- boolean policyDecision = checkWithPolicy(methodPerm);
+ boolean policyDecision = checkWithPolicy(methodPerm, callerSubject, role);
if( policyDecision == false )
{
String msg = "Denied: "+methodPerm+", caller=" + callerSubject;
@@ -146,11 +134,11 @@
return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
- private int checkRoleRef()
+ private int checkRoleRef(Subject callerSubject, RoleGroup callerRoles)
{
//This has to be the EJBRoleRefPermission
EJBRoleRefPermission ejbRoleRefPerm = new EJBRoleRefPermission(ejbName,roleName);
- boolean policyDecision = checkWithPolicy(ejbRoleRefPerm);
+ boolean policyDecision = checkWithPolicy(ejbRoleRefPerm, callerSubject, callerRoles);
if( policyDecision == false )
{
String msg = "Denied: "+ejbRoleRefPerm+", caller=" + callerSubject;
@@ -160,13 +148,13 @@
return policyDecision ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
- private Principal[] getPrincipalSet()
+ /*private Principal[] getPrincipalSet(Subject callerSubject, Role role)
{
Principal[] principals = null;
- /**
+ *//**
* Previously, we relied on the principals in the Subject that contained
* the roles. Now we just rely on the roles from the Security Context
- */
+ *//*
if(trace)
log.trace("Roles used for checking from the context:" + securityContextRoles);
if(securityContextRoles != null )
@@ -179,16 +167,16 @@
principalsSet.toArray(principals);
}
return principals;
- }
+ }*/
- private boolean checkWithPolicy(Permission ejbPerm)
+ private boolean checkWithPolicy(Permission ejbPerm, Subject subject, Role role)
{
- Principal[] principals = getPrincipalSet();
+ Principal[] principals = this.getPrincipals(subject, role);
ProtectionDomain pd = new ProtectionDomain (ejbCS, null, null, principals);
return Policy.getPolicy().implies(pd, ejbPerm);
}
- private Group getGroupFromRoleSet(Set<Principal> roleset)
+ /*private Group getGroupFromRoleSet(Set<Principal> roleset)
{
Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
for(Principal p: roleset)
@@ -196,5 +184,5 @@
gp.addMember(p);
}
return gp;
- }
+ }*/
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,24 +23,27 @@
import java.lang.reflect.Method;
import java.security.Principal;
-import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
+import javax.security.auth.Subject;
+
import org.jboss.logging.Logger;
import org.jboss.security.AnybodyPrincipal;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.RunAs;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
//$Id$
@@ -57,13 +60,16 @@
private String ejbName = null;
private Method ejbMethod = null;
private Principal ejbPrincipal = null;
- private Set<Principal> methodRoles = null;
+ //private Set<Principal> methodRoles = null;
+ private RoleGroup methodRoles = null;
private String methodInterface = null;
private RunAs callerRunAs = null;
private String roleName = null;
private Boolean roleRefCheck = Boolean.FALSE;
private Set<SecurityRoleRef> securityRoleReferences = null;
+ private final Role ANYBODY_ROLE = new SimpleRole(AnybodyPrincipal.ANYBODY);
+
public EJBPolicyModuleDelegate()
{
log = Logger.getLogger(getClass());
@@ -73,7 +79,7 @@
/**
* @see AuthorizationModuleDelegate#authorize(Resource)
*/
- public int authorize(Resource resource)
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
{
if(resource instanceof EJBResource == false)
throw new IllegalArgumentException("resource is not an EJBResource");
@@ -85,20 +91,14 @@
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
- AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
+ /*AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
if(am == null)
throw new IllegalStateException("Authorization Manager is null");
if(am instanceof PolicyRegistration)
- this.policyRegistration = (PolicyRegistration) am;
- //Populate local variables from the resource
- /*this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
- this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
- this.ejbPrincipal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
- this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);
- this.methodRoles = (Set)map.get(ResourceKeys.EJB_METHODROLES);
- this.callerRunAsIdentity = (RunAsIdentity)map.get(ResourceKeys.RUNASIDENTITY);
- this.securityRoleReferences = (Set)map.get(ResourceKeys.SECURITY_ROLE_REFERENCES);
- */
+ this.policyRegistration = (PolicyRegistration) am; */
+
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+
this.roleName = (String)map.get(ResourceKeys.ROLENAME);
this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
@@ -107,14 +107,14 @@
this.ejbName = ejbResource.getEjbName();
this.ejbPrincipal = ejbResource.getPrincipal();
this.methodInterface = ejbResource.getEjbMethodInterface();
- this.methodRoles = ejbResource.getMethodRoles();
+ this.methodRoles = ejbResource.getEjbMethodRoles();
this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
if(this.roleRefCheck == Boolean.TRUE)
- return checkRoleRef();
+ return checkRoleRef(role);
else
- return process();
- }
+ return process(role);
+ }
//Private Methods
/**
@@ -123,7 +123,7 @@
* @param sc
* @return
*/
- private int process()
+ private int process(RoleGroup principalRole)
{
boolean allowed = true;
@@ -137,7 +137,8 @@
+ ", interface=" + methodInterface;
if(trace)
log.trace("Exception:"+msg);
- allowed = false;
+
+ return AuthorizationContext.DENY;
}
else if (trace)
{
@@ -146,14 +147,34 @@
}
// Check if the caller is allowed to access the method
- if (methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
+ if(methodRoles.containsAll(ANYBODY_ROLE) == false)
+ //if (methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
{
// The caller is using a the caller identity
if (callerRunAs == null)
{
- AuthorizationManager am = (AuthorizationManager)policyRegistration;
+ //AuthorizationManager am = (AuthorizationManager)policyRegistration;
// Now actually check if the current caller has one of the required method roles
+ if(principalRole == null)
+ throw new IllegalStateException("Principal Role is null");
+ if(methodRoles.containsAtleastOneRole(principalRole) == false)
+ {
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
+
+ //Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", principalRoles=" + principalRole;
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }
+
+ /*// Now actually check if the current caller has one of the required method roles
if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
{
if(this.ejbMethod == null)
@@ -168,7 +189,7 @@
if(trace)
log.trace("Exception:"+msg);
allowed = false;
- }
+ }*/
}
// The caller is using a run-as identity
@@ -177,7 +198,23 @@
if(callerRunAs instanceof RunAsIdentity)
{
RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
+ RoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
+
// Check that the run-as role is in the set of method roles
+ if(srg.containsAtleastOneRole(methodRoles) == false)
+ {
+ String method = this.ejbMethod.getName();
+ String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ + ", ejbName=" + this.ejbName
+ + ", method=" + method + ", interface=" + this.methodInterface
+ + ", requiredRoles=" + methodRoles + ", runAsRoles="
+ + callerRunAsIdentity.getRunAsRoles();
+ if(trace)
+ log.trace("Exception:"+msg);
+ allowed = false;
+ }
+
+ /*// Check that the run-as role is in the set of method roles
if (callerRunAsIdentity.doesUserHaveRole(methodRoles) == false)
{
String method = this.ejbMethod.getName();
@@ -189,7 +226,7 @@
if(trace)
log.trace("Exception:"+msg);
allowed = false;
- }
+ }*/
}
}
@@ -197,9 +234,9 @@
return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
- private int checkRoleRef()
+ private int checkRoleRef(RoleGroup principalRole)
{
- AuthorizationManager am = (AuthorizationManager)policyRegistration;
+ //AuthorizationManager am = (AuthorizationManager)policyRegistration;
//Check the caller of this beans run-as identity
if (ejbPrincipal == null && callerRunAs == null)
{
@@ -233,18 +270,23 @@
log.trace("no match found for security role " + roleName +
" in the deployment descriptor for ejb " + this.ejbName);
- HashSet<Principal> set = new HashSet<Principal>();
- set.add(new SimplePrincipal(roleName));
+ /*HashSet<Principal> set = new HashSet<Principal>();
+ set.add(new SimplePrincipal(roleName));*/
+
+ Role deploymentrole = new SimpleRole(roleName);
boolean allowed = false;
if (callerRunAs == null)
- allowed = am.doesUserHaveRole(ejbPrincipal, set);
+ allowed = principalRole.containsRole(deploymentrole);
+ //allowed = am.doesUserHaveRole(ejbPrincipal, set);
else
{
if(callerRunAs instanceof RunAsIdentity)
{
RunAsIdentity callerRunAsIdentity = (RunAsIdentity) callerRunAs;
- allowed = callerRunAsIdentity.doesUserHaveRole(set);
+ SimpleRoleGroup srg = new SimpleRoleGroup(callerRunAsIdentity.getRunAsRoles());
+ allowed = srg.containsRole(deploymentrole);
+ //allowed = callerRunAsIdentity.doesUserHaveRole(set);
}
}
return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,16 +25,17 @@
import java.security.Principal;
import java.util.Map;
-import javax.security.jacc.PolicyContext;
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthorizationManager;
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
+import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
+import org.jboss.security.identity.RoleGroup;
import com.sun.xacml.Policy;
import com.sun.xacml.ctx.RequestCtx;
@@ -53,6 +54,7 @@
private String ejbName = null;
private Method ejbMethod = null;
private Principal principal = null;
+ private String policyContextID = null;
public EJBXACMLPolicyModuleDelegate()
{
@@ -63,7 +65,7 @@
/**
* @see AuthorizationModuleDelegate#authorize(Resource)
*/
- public int authorize(Resource resource)
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
{
if(resource instanceof EJBResource == false)
throw new IllegalArgumentException("resource is not an EJBResource");
@@ -74,26 +76,23 @@
Map<String,Object> map = resource.getMap();
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
-
- AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
- if(am == null)
- throw new IllegalStateException("Authorization Manager is null");
- if(am instanceof PolicyRegistration)
- this.policyRegistration = (PolicyRegistration) am;
- //Populate local variables from the resource
- /*this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
- this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
- this.principal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);*/
+
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+ if(this.policyRegistration == null)
+ throw new IllegalStateException("Policy Registration passed is null");
this.ejbName = ejbResource.getEjbName();
this.ejbMethod = ejbResource.getEjbMethod();
this.principal = ejbResource.getPrincipal();
+ this.policyContextID = ejbResource.getPolicyContextID();
+ if(policyContextID == null)
+ throw new IllegalStateException("Context ID is null");
Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
if(roleRefCheck)
- throw new IllegalStateException("SECURIY-50:Role Ref checks not implemented");
+ throw new IllegalStateException("SECURITY-50:Role Ref checks not implemented");
- return process(am);
+ return process(role);
}
//Private Methods
@@ -103,24 +102,21 @@
* @param sc
* @return
*/
- private int process(AuthorizationManager am)
+ private int process(RoleGroup callerRoles)
{
int result = AuthorizationContext.DENY;
EJBXACMLUtil util = new EJBXACMLUtil();
try
{
RequestCtx requestCtx = util.createXACMLRequest(this.ejbName,
- this.ejbMethod.getName(),this.principal,
- am.getUserRoles(principal));
- String contextID = PolicyContext.getContextID();
- if(contextID == null)
- throw new IllegalStateException("Context ID is null");
- Policy policy = (Policy)policyRegistration.getPolicy(contextID,null);
+ this.ejbMethod.getName(),this.principal, callerRoles);
+
+ Policy policy = (Policy)policyRegistration.getPolicy(policyContextID,null);
if(policy == null)
{
if(trace)
- log.trace("Policy obtained is null for contextID:"+contextID);
- throw new IllegalStateException("Missing xacml policy for contextid:"+contextID);
+ log.trace("Policy obtained is null for contextID:"+policyContextID);
+ throw new IllegalStateException("Missing xacml policy for contextid:"+policyContextID);
}
result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,13 +23,18 @@
import java.io.ByteArrayOutputStream;
import java.net.URI;
+import java.net.URISyntaxException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
import org.jboss.security.authorization.XACMLConstants;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.RoleType;
import com.sun.xacml.Indenter;
import com.sun.xacml.attr.StringAttribute;
@@ -70,22 +75,22 @@
URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
new StringAttribute(username));
- Set subjectAttrSet = new HashSet();
+ Set<Attribute> subjectAttrSet = new HashSet<Attribute>();
subjectAttrSet.add(subjectAttr);
subjectAttrSet.addAll(getXACMLRoleSet(roles));
- Set subjectSet = new HashSet();
+ Set<Subject> subjectSet = new HashSet<Subject>();
subjectSet.add(new Subject(subjectAttrSet));
//Create the resource set
URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
Attribute resourceAttr = new Attribute(resourceUri,null,null,
new StringAttribute(ejbName));
- Set resourceSet = new HashSet();
+ Set<Attribute> resourceSet = new HashSet<Attribute>();
resourceSet.add(resourceAttr);
//Create the action set
- Set actionSet = new HashSet();
+ Set<Attribute> actionSet = new HashSet<Attribute>();
actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
null,null, new StringAttribute(action)));
@@ -93,7 +98,7 @@
//TODO: Get hold of the invocation arguments and populate in the xacml request
//Create the Environment set
- Set environSet = new HashSet();
+ Set<Attribute> environSet = new HashSet<Attribute>();
//Current time
URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
@@ -113,6 +118,90 @@
return requestCtx;
}
+ public RequestCtx createXACMLRequest(String ejbName, String methodName,
+ Principal principal, RoleGroup roles) throws Exception
+ {
+ if(principal == null)
+ throw new IllegalArgumentException("principal is null");
+ if(roles == null)
+ throw new IllegalArgumentException("roles is null");
+
+ String action = methodName;
+
+ RequestCtx requestCtx = null;
+ String username = principal.getName();
+
+ //Create the subject set
+ URI subjectAttrUri = new URI(XACMLConstants.SUBJECT_IDENTIFIER);
+ Attribute subjectAttr = new Attribute(subjectAttrUri,null,null,
+ new StringAttribute(username));
+ Set<Attribute> subjectAttrSet = new HashSet<Attribute>();
+ subjectAttrSet.add(subjectAttr);
+ subjectAttrSet.addAll(getXACMLRoleSet(roles));
+
+ Set<Subject> subjectSet = new HashSet<Subject>();
+ subjectSet.add(new Subject(subjectAttrSet));
+
+ //Create the resource set
+ URI resourceUri = new URI(XACMLConstants.RESOURCE_IDENTIFIER);
+ Attribute resourceAttr = new Attribute(resourceUri,null,null,
+ new StringAttribute(ejbName));
+ Set<Attribute> resourceSet = new HashSet<Attribute>();
+ resourceSet.add(resourceAttr);
+
+ //Create the action set
+ Set<Attribute> actionSet = new HashSet<Attribute>();
+ actionSet.add(new Attribute(new URI(XACMLConstants.ACTION_IDENTIFIER),
+ null,null, new StringAttribute(action)));
+
+ //TODO: Get hold of the invocation arguments and populate in the xacml request
+
+ //Create the Environment set
+ Set<Attribute> environSet = new HashSet<Attribute>();
+ //Current time
+ URI currentTimeUri = new URI(XACMLConstants.CURRENT_TIME_IDENTIFIER);
+ Attribute currentTimeAttr = new Attribute(currentTimeUri,null,null,
+ new TimeAttribute());
+ environSet.add(currentTimeAttr);
+
+ //Create the request context
+ requestCtx = new RequestCtx(subjectSet,resourceSet,actionSet,environSet);
+
+ if(trace)
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ requestCtx.encode(baos, new Indenter());
+ log.trace("XACML Request:"+baos.toString());
+ baos.close();
+ }
+ return requestCtx;
+ }
+
+ private Set<Attribute> getXACMLRoleSet(Role role) throws Exception
+ {
+
+ Set<Attribute> roleset = new HashSet<Attribute>();
+
+ if(role.getType() == RoleType.group)
+ {
+ RoleGroup rg = (RoleGroup) role;
+ List<Role> roleList = rg.getRoles();
+ for(Role r: roleList)
+ {
+ roleset.add(getRoleAttribute(r.getRoleName()));
+ }
+ }
+ else
+ roleset.add(getRoleAttribute(role.getRoleName()));
+ return roleset;
+ }
+
+ private Attribute getRoleAttribute(String roleName) throws URISyntaxException
+ {
+ URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
+ return new Attribute(roleURI,null,null, new StringAttribute(roleName));
+ }
+
private Set<Attribute> getXACMLRoleSet(Set<Principal> roles) throws Exception
{
URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
@@ -128,4 +217,4 @@
}
return roleset;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebJACCPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebJACCPolicyModuleDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebJACCPolicyModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -35,15 +35,17 @@
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;
-
+
import org.jboss.logging.Logger;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.modules.AbstractJACCModuleDelegate;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
//$Id: WebJACCPolicyModuleDelegate.java 62923 2007-05-09 03:08:14Z anil.saldhana at jboss.com $
@@ -55,10 +57,9 @@
* @since July 7, 2006
* @version $Revision: 62923 $
*/
-public class WebJACCPolicyModuleDelegate extends AuthorizationModuleDelegate
+public class WebJACCPolicyModuleDelegate extends AbstractJACCModuleDelegate
{
- private Policy policy = Policy.getPolicy();
- private AuthorizationManager authorizationManager;
+ private Policy policy = Policy.getPolicy();
private HttpServletRequest request = null;
private CodeSource webCS = null;
@@ -73,7 +74,7 @@
/**
* @see AuthorizationModuleDelegate#authorize(Resource)
*/
- public int authorize(Resource resource)
+ public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
{
if(resource instanceof WebResource == false)
throw new IllegalArgumentException("resource is not a WebResource");
@@ -85,24 +86,16 @@
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
- //Get the Authorization Manager
- authorizationManager = (AuthorizationManager)map.get(ResourceKeys.AUTHORIZATION_MANAGER);
- if(authorizationManager == null)
- throw new IllegalStateException("Authorization Manager is null");
-
//Get the Request Object
request = (HttpServletRequest) webResource.getServletRequest();
webCS = webResource.getCodeSource();
this.canonicalRequestURI = webResource.getCanonicalRequestURI();
- //Obtained by establishing subject context
- Subject callerSubject = webResource.getCallerSubject();
-
String roleName = (String)map.get(ResourceKeys.ROLENAME);
Principal principal = (Principal)map.get(ResourceKeys.HASROLE_PRINCIPAL);
Set<Principal> roles = (Set<Principal>)map.get(ResourceKeys.PRINCIPAL_ROLES);
- String servletName = (String)map.get(ResourceKeys.SERVLET_NAME);
+ String servletName = webResource.getServletName();
Boolean resourceCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.RESOURCE_PERM_CHECK));
Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
@@ -114,7 +107,7 @@
try
{
if(resourceCheck)
- decision = this.hasResourcePermission(callerSubject);
+ decision = this.hasResourcePermission(callerSubject, role);
else
if(userDataCheck)
decision = this.hasUserDataPermission();
@@ -155,19 +148,19 @@
* @return true if the permission is allowed, false otherwise
*/
private boolean checkSecurityAssociation(Permission perm, Principal requestPrincpal,
- Subject caller)
+ Subject caller, Role role)
{
// Get the caller principals, its null if there is no caller
- Principal[] principals = null;
+ Principal[] principals = getPrincipals(caller,role);
- //Previously we relied on principals in the subject. Now we use
+ /*//Previously we relied on principals in the subject. Now we use
//the security context roles
if(authorizationManager != null)
{
Set<Principal> roleset = authorizationManager.getUserRoles(requestPrincpal);
principals = new Principal[roleset.size()];
roleset.toArray(principals);
- }
+ }*/
return checkSecurityAssociation(perm, principals);
}
@@ -217,13 +210,13 @@
* @return
* @throws IOException
*/
- private boolean hasResourcePermission(Subject caller)
+ private boolean hasResourcePermission(Subject caller, Role role)
throws IOException
{
Principal requestPrincipal = request.getUserPrincipal();
WebResourcePermission perm = new WebResourcePermission(this.canonicalRequestURI,
request.getMethod());
- boolean allowed = checkSecurityAssociation(perm, requestPrincipal, caller );
+ boolean allowed = checkSecurityAssociation(perm, requestPrincipal, caller, role );
if( trace )
log.trace("hasResourcePermission, perm="+perm+", allowed="+allowed);
return allowed;
@@ -238,7 +231,10 @@
*/
private boolean hasRole(Principal principal, String roleName,
Set<Principal> roles, String servletName)
- {
+ {
+ if(servletName == null)
+ throw new IllegalArgumentException("servletName is null");
+
WebRoleRefPermission perm = new WebRoleRefPermission(servletName, roleName);
Principal[] principals = {principal};
if( roles != null )
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebPolicyModuleDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebPolicyModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,10 +21,13 @@
*/
package org.jboss.security.authorization.modules.web;
+import javax.security.auth.Subject;
+
import org.jboss.logging.Logger;
-import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.identity.RoleGroup;
//$Id: WebPolicyModuleDelegate.java 62923 2007-05-09 03:08:14Z anil.saldhana at jboss.com $
@@ -44,7 +47,7 @@
trace = log.isTraceEnabled();
}
- public int authorize(Resource resource)
+ public int authorize(Resource resource, Subject subject, RoleGroup role)
{
return AuthorizationContext.PERMIT;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,11 +24,11 @@
import java.security.Principal;
import java.util.Map;
+import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
import org.jboss.logging.Logger;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
@@ -36,6 +36,7 @@
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
+import org.jboss.security.identity.RoleGroup;
import com.sun.xacml.Policy;
import com.sun.xacml.ctx.RequestCtx;
@@ -60,7 +61,7 @@
/**
* @see AuthorizationModuleDelegate#authorize(Resource)
*/
- public int authorize(Resource resource)
+ public int authorize(Resource resource, Subject subject, RoleGroup role)
{
if(resource instanceof WebResource == false)
throw new IllegalArgumentException("resource is not a WebResource");
@@ -79,11 +80,10 @@
HttpServletRequest request = (HttpServletRequest)webResource.getServletRequest();
- AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
- if(am == null)
- throw new IllegalStateException("Authorization Manager is null");
- if(am instanceof PolicyRegistration)
- this.policyRegistration = (PolicyRegistration) am;
+ this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
+ if(this.policyRegistration == null)
+ throw new IllegalStateException("PolicyRegistration passed is null");
+
Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
@@ -94,7 +94,7 @@
if(request == null)
throw new IllegalStateException("Request is null");
- return process(request, am);
+ return process(request, role);
}
/**
@@ -115,7 +115,7 @@
* @param sc
* @return
*/
- private int process(HttpServletRequest request, AuthorizationManager am )
+ private int process(HttpServletRequest request, RoleGroup callerRoles )
{
Principal userP = request.getUserPrincipal();
if(userP == null)
@@ -125,7 +125,7 @@
WebXACMLUtil util = new WebXACMLUtil();
try
{
- RequestCtx requestCtx = util.createXACMLRequest(request,am, am.getUserRoles(userP));
+ RequestCtx requestCtx = util.createXACMLRequest(request,callerRoles);
String contextID = PolicyContext.getContextID();
Policy policy = (Policy)policyRegistration.getPolicy(contextID,null);
if(policy == null)
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/web/WebXACMLUtil.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,15 +26,15 @@
import java.security.Principal;
import java.util.Enumeration;
import java.util.HashSet;
-import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.jboss.logging.Logger;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.XACMLConstants;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
import com.sun.xacml.Indenter;
import com.sun.xacml.attr.AnyURIAttribute;
@@ -62,13 +62,12 @@
}
public RequestCtx createXACMLRequest(HttpServletRequest request,
- AuthorizationManager authzManager,
- Set<Principal> roles) throws Exception
+ RoleGroup callerRoles) throws Exception
{
if(request == null)
throw new IllegalArgumentException("Http Request is null");
- if(authzManager == null)
- throw new IllegalArgumentException("Authorization Manager is null");
+ if(callerRoles == null)
+ throw new IllegalArgumentException("roles is null");
String httpMethod = request.getMethod();
String action = "GET".equals(httpMethod)?"read":"write";
@@ -84,7 +83,7 @@
new StringAttribute(username));
Set subjectAttrSet = new HashSet();
subjectAttrSet.add(subjectAttr);
- subjectAttrSet.addAll(getXACMLRoleSet(roles));
+ subjectAttrSet.addAll(getXACMLRoleSet(callerRoles));
Set subjectSet = new HashSet();
subjectSet.add(new Subject(subjectAttrSet));
@@ -132,23 +131,19 @@
return requestCtx;
}
- private Set<Attribute> getXACMLRoleSet(Set<Principal> roles) throws Exception
+ private Set<Attribute> getXACMLRoleSet(RoleGroup roles) throws Exception
{
URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
Set<Attribute> roleset = new HashSet<Attribute>();
- Iterator<Principal> iter = roles != null ? roles.iterator(): null;
- while(iter != null && iter.hasNext())
+ List<Role> croles = roles.getRoles();
+
+ for(Role r: croles)
{
- Principal role = iter.next();
- if(role instanceof SimplePrincipal)
- {
- SimplePrincipal sp = (SimplePrincipal)role;
- Attribute roleAttr = new Attribute(roleURI,null,null,
- new StringAttribute(sp.getName()));
- roleset.add(roleAttr);
- }
- }
+ Attribute roleAttr = new Attribute(roleURI,null,null,
+ new StringAttribute(r.getRoleName()));
+ roleset.add(roleAttr);
+ }
return roleset;
}
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,12 +22,11 @@
package org.jboss.security.authorization.resources;
import java.lang.reflect.Method;
-import java.security.Principal;
import java.util.Map;
-import java.util.Set;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.identity.RoleGroup;
//$Id: EJBResource.java 61962 2007-04-01 04:45:57Z anil.saldhana at jboss.com $
@@ -41,8 +40,9 @@
{
private Method ejbMethod = null;
private String ejbName = null;
- private String ejbMethodInterface = null;
- private Set<Principal> methodRoles = null;
+ private String ejbMethodInterface = null;
+ private RoleGroup ejbMethodRoles = null;
+
/**
* Create a new EJBResource.
*
@@ -116,23 +116,21 @@
}
/**
- * Get the Roles allowed for the EJB Method as
- * a set of Principal objects
+ * Get the Roles assigned to the EJB method
* @return
*/
- public Set<Principal> getMethodRoles()
+ public RoleGroup getEjbMethodRoles()
{
- return methodRoles;
+ return ejbMethodRoles;
}
/**
- * Set the Roles allowed for the EJB Method as
- * a Set of Principal objects
- * @param methodRoles
+ * Set the roles assigned to the EJB Method
+ * @param ejbMethodRoles
*/
- public void setMethodRoles(Set<Principal> methodRoles)
+ public void setEjbMethodRoles(RoleGroup ejbMethodRoles)
{
- this.methodRoles = methodRoles;
+ this.ejbMethodRoles = ejbMethodRoles;
}
public String toString()
@@ -142,9 +140,11 @@
.append(":method=").append(this.ejbMethod)
.append(":ejbMethodInterface=").append(this.ejbMethodInterface)
.append(":ejbName=").append(this.ejbName)
- .append(":ejbPrincipal=").append(this.principal)
- .append(":methodRoles=").append(this.methodRoles)
+ .append(":ejbPrincipal=").append(this.principal)
+ .append(":MethodRoles=").append(this.ejbMethodRoles)
.append(":securityRoleReferences=").append(this.securityRoleReferences)
+ .append(":callerSubject=").append(this.callerSubject)
+ .append(":callerRunAs=").append(this.callerRunAsIdentity)
.append("]");
return buf.toString();
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/JavaEEResource.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -29,7 +29,7 @@
import javax.security.auth.Subject;
-import org.jboss.security.RunAs;
+import org.jboss.security.RunAs;
import org.jboss.security.SecurityRoleRef;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
@@ -46,6 +46,8 @@
{
protected Map<String,Object> map = new HashMap<String,Object>();
+ protected String policyContextID = null;
+
protected Subject callerSubject = null;
protected RunAs callerRunAsIdentity = null;
@@ -119,6 +121,26 @@
this.codeSource = codeSource;
}
+ /**
+ * Get the Policy Context ID
+ * (Mainly to retrieve policy from policy configuration (JACC)
+ * or PolicyRegistration (XACML))
+ * @return
+ */
+ public String getPolicyContextID()
+ {
+ return policyContextID;
+ }
+
+ /**
+ * Set the Policy Context ID
+ * @param policyContextID
+ */
+ public void setPolicyContextID(String policyContextID)
+ {
+ this.policyContextID = policyContextID;
+ }
+
public Principal getPrincipal()
{
return principal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/WebResource.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/WebResource.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/WebResource.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -44,6 +44,8 @@
private ServletRequest servletRequest = null;
private ServletResponse servletResponse = null;
+ private String servletName = null;
+
private String canonicalRequestURI = null;
/**
* Create a new WebResource.
@@ -101,6 +103,20 @@
this.servletResponse = servletResponse;
}
+ /**
+ * The Servlet for which the authorization request is for
+ * @return
+ */
+ public String getServletName()
+ {
+ return servletName;
+ }
+
+ public void setServletName(String servletName)
+ {
+ this.servletName = servletName;
+ }
+
public String toString()
{
StringBuffer buf = new StringBuffer();
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossStaticPolicyFinderModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossStaticPolicyFinderModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossStaticPolicyFinderModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -43,7 +43,7 @@
import com.sun.xacml.finder.PolicyFinderModule;
import com.sun.xacml.finder.PolicyFinderResult;
import com.sun.xacml.support.finder.PolicyCollection;
-import com.sun.xacml.support.finder.PolicyReader;
+import com.sun.xacml.support.finder.PolicyReader;
import com.sun.xacml.support.finder.TopLevelPolicyException;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossXACMLUtil.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/sunxacml/JBossXACMLUtil.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,27 +23,27 @@
import java.io.ByteArrayOutputStream;
import java.net.URI;
-import java.util.ArrayList;
+import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.XACMLConstants;
import com.sun.xacml.Indenter;
import com.sun.xacml.PDP;
import com.sun.xacml.PDPConfig;
-import com.sun.xacml.Policy;
+import com.sun.xacml.Policy;
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.ResponseCtx;
import com.sun.xacml.ctx.Result;
import com.sun.xacml.finder.AttributeFinder;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.impl.CurrentEnvModule;
-import com.sun.xacml.finder.impl.SelectorModule;
+import com.sun.xacml.finder.impl.SelectorModule;
import com.sun.xacml.support.finder.URLPolicyFinderModule;
//$Id$
@@ -78,10 +78,10 @@
baos.close();
}
int result = AuthorizationContext.DENY;
- Set results = response.getResults();
+ Set<Result> results = response.getResults();
if(results.size() > 1)
throw new IllegalArgumentException("Number of results > 1");
- Iterator iter = results.iterator();
+ Iterator<Result> iter = results.iterator();
if(iter.hasNext())
{
Result res = (Result)iter.next();
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/client/JBossSecurityClient.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,14 +22,14 @@
package org.jboss.security.client;
import java.security.Principal;
-
+
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,11 @@
*/
package org.jboss.security.config;
-import org.jboss.security.auth.login.BaseAuthenticationInfo;
+import java.security.Principal;
+import java.security.acl.Group;
+import org.jboss.security.auth.login.BaseAuthenticationInfo;
+
//$Id$
/**
@@ -156,6 +159,15 @@
{
this.principalMappingInfo = principalMappingInfo;
}
+
+ public <T> MappingInfo getMappingInfo(Class<T> t)
+ {
+ if(t == Group.class)
+ return this.getRoleMappingInfo();
+ if(t == Principal.class)
+ return this.getPrincipalMappingInfo();
+ throw new IllegalStateException("No mapping information available for type:"+t);
+ }
public AuditInfo getAuditInfo()
{
@@ -234,4 +246,4 @@
}
return ap;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,6 @@
*/
package org.jboss.security.config;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -64,11 +62,11 @@
String baseAppPolicyName = null;
List authenticationModuleEntries = new ArrayList();
- List authorizationModuleEntries = new ArrayList();
- List auditProviderEntries = new ArrayList();
- List identityTrustModuleEntries = new ArrayList();
+ List<AuthorizationModuleEntry> authorizationModuleEntries = new ArrayList<AuthorizationModuleEntry>();
+ List<AuditProviderEntry> auditProviderEntries = new ArrayList<AuditProviderEntry>();
+ List<IdentityTrustModuleEntry> identityTrustModuleEntries = new ArrayList<IdentityTrustModuleEntry>();
- Map loginModuleStackMap = new HashMap();
+ Map<String,LoginModuleStackHolder> loginModuleStackMap = new HashMap<String,LoginModuleStackHolder>();
boolean isJASPIAuthentication = false;
boolean isJAASAuthentication = false;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/BaseSecurityInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/BaseSecurityInfo.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/BaseSecurityInfo.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -56,7 +56,7 @@
moduleEntries.add(ame);
}
- public void add(List moduleEntries)
+ public void add(List<? extends T> moduleEntries)
{
SecurityManager sm = System.getSecurityManager();
if( sm != null )
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/PolicyConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/PolicyConfig.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/PolicyConfig.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,12 +22,10 @@
package org.jboss.security.config;
import java.util.Collections;
+import java.util.HashMap;
import java.util.Map;
-import java.util.HashMap;
import java.util.Set;
-import org.jboss.security.config.ApplicationPolicy;
-
//$Id$
/** The root object for the login-config.xml descriptor as defined by the
@@ -39,7 +37,7 @@
*/
public class PolicyConfig
{
- Map config = Collections.synchronizedMap(new HashMap());
+ Map<String,ApplicationPolicy> config = Collections.synchronizedMap(new HashMap<String,ApplicationPolicy>());
public void add(ApplicationPolicy ai)
{
@@ -61,7 +59,7 @@
{
config.clear();
}
- public Set getConfigNames()
+ public Set<String> getConfigNames()
{
return config.keySet();
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -37,10 +37,10 @@
{
static <T> void addModules(final BaseSecurityInfo<T> binfo, final List<T> moduleEntries)
{
- AccessController.doPrivileged(new PrivilegedAction()
+ AccessController.doPrivileged(new PrivilegedAction<T>()
{
- public Object run()
+ public T run()
{
binfo.add(moduleEntries);
return null;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/SecurityConfiguration.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -8,7 +8,7 @@
import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.HashMap;
+import java.util.HashMap;
/**
* Class that provides the Configuration for authentication,
@@ -24,7 +24,7 @@
/**
* Map of Application Policies keyed in by name
*/
- private static HashMap appPolicies = new HashMap();
+ private static HashMap<String,ApplicationPolicy> appPolicies = new HashMap<String,ApplicationPolicy>();
private static String cipherAlgorithm;
private static int iterationCount;
private static String salt;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -27,13 +27,13 @@
import java.util.Map;
import org.jboss.logging.Logger;
-import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContext;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.IdentityTrustInfo;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
-import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
+import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,7 +21,7 @@
*/
package org.jboss.security.identitytrust;
-import java.security.AccessController;
+import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustConfigEntryHolder.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustConfigEntryHolder.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,7 +26,7 @@
import javax.xml.namespace.QName;
-import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.auth.login.ModuleOption;
import org.jboss.xb.binding.GenericValueContainer;
//$Id$
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/identitytrust/config/IdentityTrustModuleEntry.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,7 +24,7 @@
import java.util.HashMap;
import java.util.Map;
-import org.jboss.security.auth.login.ModuleOption;
+import org.jboss.security.auth.login.ModuleOption;
import org.jboss.security.config.ControlFlag;
//$Id$
@@ -40,14 +40,14 @@
private String name;
private ControlFlag controlFlag;
- private Map options = new HashMap();
+ private Map<String,Object> options = new HashMap<String,Object>();
public IdentityTrustModuleEntry(String name)
{
this.name = name;
}
- public IdentityTrustModuleEntry(String name, Map options)
+ public IdentityTrustModuleEntry(String name, Map<String,Object> options)
{
this.name = name;
this.options = options;
@@ -63,7 +63,7 @@
options.put(option.getName(), option.getValue());
}
- public Map getOptions()
+ public Map<String,Object> getOptions()
{
return this.options;
}
@@ -77,4 +77,4 @@
{
this.controlFlag = controlFlag;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/ContextPolicy.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/ContextPolicy.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/ContextPolicy.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -31,6 +31,7 @@
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
+
import javax.security.jacc.PolicyContextException;
import org.jboss.logging.Logger;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/DelegatingPolicy.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/DelegatingPolicy.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/DelegatingPolicy.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,10 +26,11 @@
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
+import java.util.Enumeration;
import java.util.Iterator;
-import java.util.Enumeration;
import java.util.concurrent.ConcurrentHashMap;
+import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
@@ -38,7 +39,6 @@
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
-import javax.security.auth.Subject;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfiguration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfiguration.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfiguration.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,13 +23,14 @@
import java.security.Permission;
import java.security.PermissionCollection;
+
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
-import org.jboss.util.state.StateMachine;
+import org.jboss.logging.Logger;
import org.jboss.util.state.IllegalTransitionException;
import org.jboss.util.state.State;
-import org.jboss.logging.Logger;
+import org.jboss.util.state.StateMachine;
/** The JACC PolicyConfiguration implementation. This class associates a
* context id with the permission ops it passes along to the global
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfigurationFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfigurationFactory.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfigurationFactory.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,10 +25,10 @@
import java.security.Policy;
import java.util.concurrent.ConcurrentHashMap;
+import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
-import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
-
+
import org.jboss.util.state.StateMachine;
import org.jboss.util.state.xml.StateMachineParser;
@@ -53,7 +53,7 @@
try
{
// Setup the state machine config
- ClassLoader loader = SecurityActions.getContextClassloader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
URL states = SecurityActions.getResource(loader,"org/jboss/security/jacc/jacc-policy-config-states.xml");
StateMachineParser smp = new StateMachineParser();
configStateMachine = smp.parse(states);
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -41,7 +41,7 @@
*/
class SecurityActions
{
- static ClassLoader getContextClassloader()
+ static ClassLoader getContextClassLoader()
{
return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityService.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityService.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/jacc/SecurityService.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,10 +21,10 @@
*/
package org.jboss.security.jacc;
+import java.lang.reflect.Constructor;
+import java.security.AccessController;
import java.security.Policy;
import java.security.PrivilegedAction;
-import java.security.AccessController;
-import java.lang.reflect.Constructor;
import javax.management.MBeanServer;
import javax.management.ObjectName;
@@ -127,7 +127,7 @@
{
String provider = getProperty(JACC_POLICY_PROVIDER,
"org.jboss.security.jacc.DelegatingPolicy");
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
Class providerClass = loader.loadClass(provider);
try
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingConfigEntryHolder.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingConfigEntryHolder.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingConfigEntryHolder.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,8 +25,8 @@
import java.util.Map;
import javax.xml.namespace.QName;
-
-import org.jboss.security.auth.login.ModuleOption;
+
+import org.jboss.security.auth.login.ModuleOption;
import org.jboss.xb.binding.GenericValueContainer;
//$Id: MappingConfigEntryHolder.java 46201 2006-07-11 17:51:23Z asaldhana $
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingModuleEntry.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/config/MappingModuleEntry.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -37,7 +37,7 @@
public class MappingModuleEntry
{
private String mappingModuleName;
- private Map options = new HashMap();
+ private Map<String,Object> options = new HashMap<String,Object>();
/**
* Create a new MappingModuleEntry.
@@ -55,7 +55,7 @@
* @param name Policy Module Name
* @param options Options
*/
- public MappingModuleEntry(String name, Map options)
+ public MappingModuleEntry(String name, Map<String,Object> options)
{
this.mappingModuleName = name;
this.options = options;
@@ -79,7 +79,7 @@
* Get the options
* @return
*/
- public Map getOptions()
+ public Map<String,Object> getOptions()
{
return options;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,13 +24,13 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.Iterator;
-import java.util.Map;
+import java.util.Map;
import java.util.Set;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimpleGroup;
-import org.jboss.security.SimplePrincipal;
+import org.jboss.security.SimplePrincipal;
import org.jboss.security.mapping.MappingProvider;
import org.jboss.security.mapping.MappingResult;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/MappingProviderUtil.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,7 +23,7 @@
import java.lang.reflect.Constructor;
import java.security.Principal;
-import java.security.acl.Group;
+import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.StringTokenizer;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PolicyContextIdRoleMappingProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PolicyContextIdRoleMappingProvider.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PolicyContextIdRoleMappingProvider.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -25,9 +25,9 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
-import java.util.Enumeration;
+import java.util.Enumeration;
import java.util.Map;
-import java.util.Properties;
+import java.util.Properties;
import java.util.Set;
import javax.security.jacc.PolicyContext;
@@ -155,7 +155,7 @@
private Properties loadProperties(String filename) throws IOException
{
Properties props = new Properties();
- ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
props.load(tcl.getResourceAsStream(filename));
return props;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PrincipalToRoleMappingProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PrincipalToRoleMappingProvider.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/PrincipalToRoleMappingProvider.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,10 +22,10 @@
package org.jboss.security.mapping.providers;
import java.security.Principal;
-import java.security.acl.Group;
+import java.security.acl.Group;
import java.util.Map;
import java.util.Properties;
-import java.util.Set;
+import java.util.Set;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,98 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.mapping.providers;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.Policy;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+//$Id$
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 26, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static URL findResource(final URLClassLoader cl, final String name)
+ {
+ return (URL) AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return cl.findResource(name);
+ }
+ });
+ }
+
+ static Policy getPolicy()
+ {
+ return (Policy) AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Policy.getPolicy();
+ }
+ });
+ }
+
+ static URL getResource(final ClassLoader cl, final String name)
+ {
+ return (URL) AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return cl.getResource(name);
+ }
+ });
+ }
+
+ static InputStream openStream(final URL url) throws PrivilegedActionException
+ {
+ return (InputStream) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+ public Object run() throws IOException
+ {
+ return url.openStream();
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectCNMapper.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,7 +22,6 @@
package org.jboss.security.mapping.providers.principal;
import java.security.Principal;
-import java.security.acl.Group;
import java.security.cert.X509Certificate;
import java.util.Map;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/principal/SubjectDNMapper.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,11 +22,9 @@
package org.jboss.security.mapping.providers.principal;
import java.security.Principal;
+import java.security.cert.X509Certificate;
import java.util.Map;
-import javax.security.auth.x500.X500Principal;
-import java.security.cert.X509Certificate;
-
import org.jboss.logging.Logger;
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.security.mapping.MappingProvider;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/ConsolePassword.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/ConsolePassword.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/ConsolePassword.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,8 +21,8 @@
*/
package org.jboss.security.plugins;
+import java.io.CharArrayWriter;
import java.io.IOException;
-import java.io.CharArrayWriter;
/** Read a password from the System.in stream. This may be used as a
password accessor in conjunction with the JaasSecurityDomain
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/DefaultLoginConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/DefaultLoginConfig.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/DefaultLoginConfig.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -72,7 +72,7 @@
{
this.authConfig = authConfURL;
// Set the JAAS login config file if not already set
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SubjectActions.getContextClassLoader();
URL loginConfig = loader.getResource(authConfig);
if( loginConfig != null )
{
@@ -131,15 +131,15 @@
public MBeanInfo getMBeanInfo()
{
- Class c = getClass();
+ Class<?> c = getClass();
MBeanAttributeInfo[] attrInfo = {
new MBeanAttributeInfo("AuthConfig", "java.lang.String",
"", true, true, false)
};
- Constructor ctor = null;
+ Constructor<?> ctor = null;
try
{
- Class[] sig = {};
+ Class<?>[] sig = {};
ctor = c.getDeclaredConstructor(sig);
}
catch(Exception e)
@@ -151,7 +151,7 @@
Method getConfiguration = null;
try
{
- Class[] sig = {Configuration.class};
+ Class<?>[] sig = {Configuration.class};
getConfiguration = c.getDeclaredMethod("getConfiguration", sig);
}
catch(Exception e)
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/FilePassword.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/FilePassword.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/FilePassword.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,16 +21,18 @@
*/
package org.jboss.security.plugins;
+import static org.jboss.security.plugins.FilePassword.main;
+
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.RandomAccessFile;
-import java.io.ByteArrayOutputStream;
-import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.PBEKeySpec;
import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
-import javax.crypto.SecretKey;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
import org.jboss.logging.Logger;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,6 +21,8 @@
*/
package org.jboss.security.plugins;
+import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
+
import java.io.InputStream;
import java.net.URL;
import java.security.Principal;
@@ -34,8 +36,9 @@
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
-
+
import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
@@ -43,27 +46,30 @@
import org.jboss.logging.Logger;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.AuthorizationManager;
-import org.jboss.security.NobodyPrincipal;
+import org.jboss.security.NobodyPrincipal;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
-import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimpleGroup;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.EntitlementHolder;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
+import org.jboss.security.callbacks.SecurityContextCallback;
import org.jboss.security.identity.Identity;
-import org.jboss.security.mapping.MappingContext;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
+import org.jboss.util.NotImplementedException;
import org.jboss.util.xml.DOMUtils;
import org.w3c.dom.Element;
import com.sun.xacml.Policy;
-import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
-
//$Id$
/**
@@ -81,9 +87,7 @@
private static Logger log = Logger.getLogger(JBossAuthorizationManager.class);
- protected boolean trace = log.isTraceEnabled();
-
- private CallbackHandler callbackHandler = null;
+ protected boolean trace = log.isTraceEnabled();
private AuthorizationContext authorizationContext = null;
@@ -93,19 +97,15 @@
public JBossAuthorizationManager(String securityDomainName)
{
this.securityDomain = securityDomainName;
- }
+ }
- public JBossAuthorizationManager(String securityDomainName, CallbackHandler cbh)
- {
- this(securityDomainName);
- this.callbackHandler = cbh;
- }
-
/**
* @see AuthorizationManager#authorize(Resource)
*/
public int authorize(Resource resource) throws AuthorizationException
{
+ validateResource(resource);
+
String SUBJECT_CONTEXT_KEY = SecurityConstants.SUBJECT_CONTEXT_KEY;
Subject subject = null;
try
@@ -116,20 +116,31 @@
{
log.error("Error obtaining AuthenticatedSubject:",e);
}
- lock.lock();
- try
- {
- if(this.authorizationContext == null)
- this.authorizationContext = new JBossAuthorizationContext(this.securityDomain,subject,
- this.callbackHandler );
- return this.authorizationContext.authorize(resource);
- }
- finally
- {
- lock.unlock();
- }
- }
+ return internalAuthorization(resource,subject, null);
+ }
+ public int authorize(Resource resource, Subject subject,
+ RoleGroup role) throws AuthorizationException
+ {
+ this.validateResource(resource);
+ return internalAuthorization(resource, subject, role);
+ }
+
+ public int authorize(Resource resource, Subject subject,
+ Group roleGroup) throws AuthorizationException
+ {
+ this.validateResource(resource);
+ return internalAuthorization(resource, subject, getRoleGroup(roleGroup));
+ }
+
+
+ public EntitlementHolder<?> entitlements(Resource resource, Identity identity)
+ throws AuthorizationException
+ {
+ throw new NotImplementedException();
+ }
+
+
/** Does the current Subject have a role(a Principal) that equates to one
of the role names. This method obtains the Group named 'Roles' from
the principal set of the currently authenticated Subject as determined
@@ -276,7 +287,7 @@
/**
* @see PolicyRegistration#getPolicy(String, Map)
*/
- public Object getPolicy(String contextID, Map contextMap)
+ public Object getPolicy(String contextID, Map<String, Object> contextMap)
{
return this.contextIdToPolicy.get(contextID);
}
@@ -303,7 +314,11 @@
throw new IllegalArgumentException("AuthorizationContext is null");
lock.lock();
try
- {
+ {
+ String sc = ac.getSecurityDomain();
+ if(this.securityDomain.equals(sc) == false)
+ throw new IllegalArgumentException("The Security Domain "+ sc
+ + " does not match with " + this.securityDomain);
this.authorizationContext = ac;
}
finally
@@ -315,8 +330,17 @@
public String getSecurityDomain()
{
return this.securityDomain;
- }
+ }
+
+ /**
+ * @see AuthorizationManager#getTargetRoles(Principal, Map)
+ */
+ public Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
+ {
+ throw new NotImplementedException();
+ }
+
//Private Methods
private HashSet<Principal> getRolesAsSet(Group roles)
{
@@ -333,6 +357,33 @@
}
return userRoles;
}
+
+ /**
+ * @see AuthorizationManager#getSubjectRoles(Subject, CallbackHandler)
+ */
+ public RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
+ {
+ if(authenticatedSubject == null)
+ return null;
+
+ //Ask the CBH for the SecurityContext
+ SecurityContextCallback scb = new SecurityContextCallback();
+ try
+ {
+ cbh.handle(new Callback[]{scb});
+ }
+ catch (Exception e)
+ {
+ log.trace("Exception in getSubjectRoles:",e);
+ throw new RuntimeException(e);
+ }
+ SecurityContext sc = scb.getSecurityContext();
+ Group roles = this.getCurrentRoles(null, authenticatedSubject, sc);
+ if(roles == null)
+ return new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ else
+ return new SimpleRoleGroup(roles);
+ }
/*
* Get the current role group from the security context or
@@ -340,8 +391,7 @@
* @param principal The Principal in question
*/
private Group getCurrentRoles(Principal principal)
- {
- boolean emptyContextRoles = false;
+ {
//Check that the caller is authenticated to the current thread
Subject subject = null;
try
@@ -352,7 +402,6 @@
{
throw new IllegalStateException(e);
}
- Group subjectRoles = getSubjectRoles(subject);
//Deal with the security context
SecurityContext sc = SubjectActions.getSecurityContext();
@@ -361,7 +410,21 @@
sc = new JBossSecurityContext(securityDomain);
SubjectActions.setSecurityContext(sc);
}
-
+
+ return getCurrentRoles(principal,subject,sc);
+ }
+
+ private Group getCurrentRoles(Principal principal, Subject subject, SecurityContext sc)
+ {
+ if(subject == null)
+ throw new IllegalArgumentException("Subject passed is null");
+ if(sc == null)
+ throw new IllegalArgumentException("Sec Ctx sc passed is null");
+
+ Group subjectRoles = getGroupFromSubject(subject);
+
+ boolean emptyContextRoles = false;
+
Group userRoles = (Group)sc.getData().get(ROLES_IDENTIFIER);
if(userRoles == null || "true".equalsIgnoreCase(SubjectActions.getRefreshSecurityContextRoles()))
emptyContextRoles = true;
@@ -375,13 +438,14 @@
if(subjectRoles != userRoles || emptyContextRoles)
{
MappingManager mm = sc.getMappingManager();
- MappingContext mc = mm.getMappingContext(Group.class);
+ MappingContext<Group> mc = mm.getMappingContext(Group.class);
Group mappedUserRoles = userRoles;
- if(mc != null)
+ if(mc != null && mc.hasModules())
{
Map<String,Object> contextMap = new HashMap<String,Object>();
contextMap.put(SecurityConstants.ROLES_IDENTIFIER, userRoles);
- contextMap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, principal);
+ if(principal != null)
+ contextMap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, principal);
//Append any deployment role->principals configuration done by the user
contextMap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP,
SecurityRolesAssociation.getSecurityRoles());
@@ -399,8 +463,8 @@
}
//Send the final processed (mapping applied) roles
- return userRoles;
- }
+ return userRoles;
+ }
/**
* Copy the principals from the second group into the first.
@@ -423,13 +487,22 @@
return source;
}
-
- /**
- * @see AuthorizationManager#getTargetRoles(Principal, Map)
- */
- public Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
+
+ private int internalAuthorization(final Resource resource, Subject subject,
+ RoleGroup role)
+ throws AuthorizationException
{
- throw new RuntimeException("Not implemented");
+ lock.lock();
+ try
+ {
+ if(this.authorizationContext == null)
+ this.authorizationContext = new JBossAuthorizationContext(this.securityDomain);
+ return this.authorizationContext.authorize(resource, subject, role);
+ }
+ finally
+ {
+ lock.unlock();
+ }
}
/**
@@ -437,7 +510,7 @@
* @param theSubject - the Subject to search for roles
* @return the Group contain the subject roles if found, null otherwise
*/
- private Group getSubjectRoles(Subject theSubject)
+ private Group getGroupFromSubject(Subject theSubject)
{
if(theSubject == null)
throw new IllegalArgumentException("Subject is null");
@@ -453,10 +526,26 @@
}
return roles;
}
+
+ private RoleGroup getRoleGroup(Group roleGroup)
+ {
+ if(roleGroup == null)
+ throw new IllegalArgumentException("roleGroup is null");
+ SimpleRoleGroup srg = new SimpleRoleGroup(roleGroup.getName());
+ Enumeration<? extends Principal> principals = roleGroup.members();
+ while(principals.hasMoreElements())
+ {
+ srg.getRoles().add(new SimpleRole(principals.nextElement().getName()));
+ }
+ return srg;
+ }
+
- public EntitlementHolder<?> entitlements(Resource resource, Identity identity)
- throws AuthorizationException
- {
- return null;
- }
+ private void validateResource(Resource resource)
+ {
+ if(resource == null)
+ throw new IllegalArgumentException("resource is null");
+ if(resource.getMap() == null)
+ throw new IllegalArgumentException("resource has null context map");
+ }
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -208,10 +208,10 @@
Group newGroup = b;
if(a != null)
{
- Enumeration en = a.members();
+ Enumeration<? extends Principal> en = a.members();
while(en.hasMoreElements())
{
- newGroup.addMember((Principal)en.nextElement());
+ newGroup.addMember(en.nextElement());
}
}
return newGroup;
@@ -227,12 +227,16 @@
this.callbackHandler = callbackHandler;
}
+ @SuppressWarnings("unchecked")
@Override
public Object clone() throws CloneNotSupportedException
{
JBossSecurityContext jsc = (JBossSecurityContext) super.clone();
if(jsc != null)
- jsc.contextData = (Map<String, Object>) ((HashMap)contextData).clone();
+ {
+ HashMap<String,Object> cmap = (HashMap<String,Object>)contextData;
+ jsc.contextData = (Map<String, Object>) (cmap).clone();
+ }
return super.clone();
}
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,6 +21,10 @@
*/
package org.jboss.security.plugins;
+import static org.jboss.security.SecurityConstants.CALLER_RAI_IDENTIFIER;
+import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
+import static org.jboss.security.SecurityConstants.RUNAS_IDENTITY_IDENTIFIER;
+
import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
@@ -28,16 +32,12 @@
import javax.security.auth.Subject;
import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextUtil;
+import org.jboss.security.SecurityContextUtil;
import org.jboss.security.SecurityIdentity;
import org.jboss.security.SubjectInfo;
-import static org.jboss.security.SecurityConstants.CALLER_RAI_IDENTIFIER;
-import static org.jboss.security.SecurityConstants.RUNAS_IDENTITY_IDENTIFIER;
-import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
-
//$Id$
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NoAccessSecurityManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NoAccessSecurityManager.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NoAccessSecurityManager.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,16 +22,18 @@
package org.jboss.security.plugins;
import java.io.Serializable;
+import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import java.security.Principal;
+
import javax.security.auth.Subject;
import javax.security.auth.message.MessageInfo;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.NobodyPrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.SubjectSecurityManager;
-import org.jboss.security.NobodyPrincipal;
/** An implementation of SubjectSecurityManager, RealmMapping does not allow
@@ -99,7 +101,7 @@
/**
* @see AuthenticationManager#getTargetPrincipal(Principal,Map)
*/
- public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map contextMap)
+ public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap)
{
return anotherDomainPrincipal;
}
@@ -119,7 +121,7 @@
@param roleNames - ignored.
@return Always returns true.
*/
- public boolean doesUserHaveRole(Principal principal, Set roleNames)
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> roleNames)
{
boolean hasRole = false;
return hasRole;
@@ -128,21 +130,10 @@
/** Return the set of domain roles the principal has been assigned.
@return The Set<Principal> with the NobodyPrincipal as the sole role.
*/
- public Set getUserRoles(Principal principal)
+ public Set<Principal> getUserRoles(Principal principal)
{
- HashSet roles = new HashSet();
+ HashSet<Principal> roles = new HashSet<Principal>();
roles.add(NobodyPrincipal.NOBODY_PRINCIPAL);
return roles;
}
-
- /** Authenticate principal against credential
- * @param principal - the user id to authenticate
- * @param credential - an opaque credential.
- * @return Always returns true.
- */
- private boolean authenticate(Principal principal, Object credential)
- {
- boolean authenticated = false;
- return authenticated;
- }
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NullSecurityManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NullSecurityManager.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/NullSecurityManager.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,14 +22,16 @@
package org.jboss.security.plugins;
import java.io.Serializable;
+import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import java.security.Principal;
+
import javax.security.auth.Subject;
import javax.security.auth.message.MessageInfo;
import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.SubjectSecurityManager;
@@ -100,7 +102,7 @@
/**
* @see AuthenticationManager#getTargetPrincipal(Principal,Map)
*/
- public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map contextMap)
+ public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap)
{
return anotherDomainPrincipal;
}
@@ -120,7 +122,7 @@
@param roleNames - ignored.
@return Always returns true.
*/
- public boolean doesUserHaveRole(Principal principal, Set roleNames)
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> roleNames)
{
boolean hasRole = true;
return hasRole;
@@ -129,9 +131,9 @@
/** Return the set of domain roles the principal has been assigned.
@return The Set<Principal> with the AnybodyPrincipal as the sole role.
*/
- public Set getUserRoles(Principal principal)
+ public Set<Principal> getUserRoles(Principal principal)
{
- HashSet roles = new HashSet();
+ HashSet<Principal> roles = new HashSet<Principal>();
roles.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
return roles;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/SubjectActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/SubjectActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/SubjectActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,23 +22,24 @@
package org.jboss.security.plugins;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.Principal;
import java.security.PrivilegedAction;
-import java.security.AccessController;
+import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedActionException;
-import java.security.Principal;
+import java.util.Iterator;
import java.util.Set;
-import java.util.Iterator;
+
import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
-
-import org.jboss.security.SecurityAssociation;
+
+import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextFactory;
/** Common PrivilegedAction used by classes in this package.
@@ -49,24 +50,24 @@
*/
class SubjectActions
{
- private static class ToStringSubjectAction implements PrivilegedAction
+ private static class ToStringSubjectAction implements PrivilegedAction<String>
{
Subject subject;
ToStringSubjectAction(Subject subject)
{
this.subject = subject;
}
- public Object run()
+ public String run()
{
StringBuffer tmp = new StringBuffer();
tmp.append("Subject(");
tmp.append(System.identityHashCode(subject));
tmp.append(").principals=");
- Iterator principals = subject.getPrincipals().iterator();
+ Iterator<Principal> principals = subject.getPrincipals().iterator();
while( principals.hasNext() )
{
Object p = principals.next();
- Class c = p.getClass();
+ Class<?> c = p.getClass();
tmp.append(c.getName());
tmp.append('@');
tmp.append(System.identityHashCode(c));
@@ -78,16 +79,16 @@
}
}
- private static class GetSubjectAction implements PrivilegedExceptionAction
+ private static class GetSubjectAction implements PrivilegedExceptionAction<Subject>
{
- static PrivilegedExceptionAction ACTION = new GetSubjectAction();
- public Object run() throws PolicyContextException
+ static PrivilegedExceptionAction<Subject> ACTION = new GetSubjectAction();
+ public Subject run() throws PolicyContextException
{
return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
}
}
- private static class CopySubjectAction implements PrivilegedAction
+ private static class CopySubjectAction implements PrivilegedAction<Object>
{
Subject fromSubject;
Subject toSubject;
@@ -107,20 +108,20 @@
public Object run()
{
- Set principals = fromSubject.getPrincipals();
- Set principals2 = toSubject.getPrincipals();
- Iterator iter = principals.iterator();
+ Set<Principal> principals = fromSubject.getPrincipals();
+ Set<Principal> principals2 = toSubject.getPrincipals();
+ Iterator<Principal> iter = principals.iterator();
while( iter.hasNext() )
- principals2.add(getCloneIfNeeded(iter.next()));
- Set privateCreds = fromSubject.getPrivateCredentials();
- Set privateCreds2 = toSubject.getPrivateCredentials();
- iter = privateCreds.iterator();
- while( iter.hasNext() )
+ principals2.add((Principal) getCloneIfNeeded(iter.next()));
+ Set<Object> privateCreds = fromSubject.getPrivateCredentials();
+ Set<Object> privateCreds2 = toSubject.getPrivateCredentials();
+ Iterator<Object> iterCred = privateCreds.iterator();
+ while( iterCred.hasNext() )
privateCreds2.add(getCloneIfNeeded(iter.next()));
- Set publicCreds = fromSubject.getPublicCredentials();
- Set publicCreds2 = toSubject.getPublicCredentials();
- iter = publicCreds.iterator();
- while( iter.hasNext() )
+ Set<Object> publicCreds = fromSubject.getPublicCredentials();
+ Set<Object> publicCreds2 = toSubject.getPublicCredentials();
+ iterCred = publicCreds.iterator();
+ while( iterCred.hasNext() )
publicCreds2.add(getCloneIfNeeded(iter.next()));
if( setReadOnly == true )
toSubject.setReadOnly();
@@ -134,11 +135,11 @@
Object clonedObject = null;
if(this.deepCopy && obj instanceof Cloneable)
{
- Class clazz = obj.getClass();
+ Class<?> clazz = obj.getClass();
try
{
- Method cloneMethod = clazz.getMethod("clone", null);
- clonedObject = cloneMethod.invoke(obj, null);
+ Method cloneMethod = clazz.getMethod("clone", (Class[])null);
+ clonedObject = cloneMethod.invoke(obj, (Object[])null);
}
catch (Exception e)
{//Ignore non-cloneable issues
@@ -150,7 +151,7 @@
}
}
- private static class LoginContextAction implements PrivilegedExceptionAction
+ private static class LoginContextAction implements PrivilegedExceptionAction<LoginContext>
{
String securityDomain;
Subject subject;
@@ -162,24 +163,24 @@
this.subject = subject;
this.handler = handler;
}
- public Object run() throws Exception
+ public LoginContext run() throws Exception
{
LoginContext lc = new LoginContext(securityDomain, subject, handler);
return lc;
}
}
- private static class GetTCLAction implements PrivilegedAction
+ private static class GetTCLAction implements PrivilegedAction<ClassLoader>
{
- static PrivilegedAction ACTION = new GetTCLAction();
- public Object run()
+ static PrivilegedAction<ClassLoader> ACTION = new GetTCLAction();
+ public ClassLoader run()
{
ClassLoader loader = Thread.currentThread().getContextClassLoader();
return loader;
}
}
- private static class SetContextInfoAction implements PrivilegedAction
+ private static class SetContextInfoAction implements PrivilegedAction<Object>
{
Object key;
Object value;
@@ -208,7 +209,7 @@
final Subject subject, final String securityDomain)
{
AccessController.doPrivileged(
- new PrivilegedAction()
+ new PrivilegedAction<Object>()
{
public Object run()
{
@@ -235,7 +236,7 @@
public void pop()
{
AccessController.doPrivileged(
- new PrivilegedAction()
+ new PrivilegedAction<Object>()
{
public Object run()
{
@@ -380,9 +381,9 @@
static SecurityContext getSecurityContext()
{
- return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction(){
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>(){
- public Object run()
+ public SecurityContext run()
{
return SecurityContextAssociation.getSecurityContext();
}});
@@ -390,9 +391,9 @@
static void setSecurityContext(final SecurityContext sc)
{
- AccessController.doPrivileged(new PrivilegedAction(){
+ AccessController.doPrivileged(new PrivilegedAction<SecurityContext>(){
- public Object run()
+ public SecurityContext run()
{
SecurityContextAssociation.setSecurityContext(sc);
return null;
@@ -410,9 +411,9 @@
*/
static String getRefreshSecurityContextRoles()
{
- return (String)AccessController.doPrivileged(new PrivilegedAction()
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
{
- public Object run()
+ public String run()
{
return System.getProperty("jbosssx.context.roles.refresh","false");
}}
@@ -421,9 +422,9 @@
static String getSystemProperty(final String key, final String defaultValue)
{
- return (String)AccessController.doPrivileged(new PrivilegedAction()
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
{
- public Object run()
+ public String run()
{
return System.getProperty(key,defaultValue);
}}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/TmpFilePassword.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/TmpFilePassword.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/TmpFilePassword.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,10 +21,10 @@
*/
package org.jboss.security.plugins;
+import java.io.CharArrayWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
-import java.io.CharArrayWriter;
import java.io.RandomAccessFile;
import org.jboss.logging.Logger;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/JBossAuditManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/JBossAuditManager.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/JBossAuditManager.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -6,7 +6,7 @@
*/
package org.jboss.security.plugins.audit;
-import java.security.PrivilegedActionException;
+import java.security.PrivilegedActionException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
@@ -20,7 +20,7 @@
import org.jboss.security.audit.providers.LogAuditProvider;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuditInfo;
-import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.config.SecurityConfiguration;
/**
* Manages a set of AuditContext
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/audit/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,7 +21,7 @@
*/
package org.jboss.security.plugins.audit;
-import java.security.AccessController;
+import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -54,8 +54,8 @@
import org.jboss.security.SecurityUtil;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.auth.callback.AppCallbackHandler;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.security.plugins.SecurityContextAssociation;
import org.jboss.util.CachePolicy;
import org.jboss.util.TimedCachePolicy;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/auth/SubjectActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,23 +22,24 @@
package org.jboss.security.plugins.auth;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.Principal;
import java.security.PrivilegedAction;
-import java.security.AccessController;
+import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedActionException;
-import java.security.Principal;
+import java.util.Iterator;
import java.util.Set;
-import java.util.Iterator;
+
import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
-
-import org.jboss.security.SecurityAssociation;
+
+import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,24 +23,28 @@
import java.security.AccessController;
import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Map;
+import java.security.PrivilegedExceptionAction;
+import java.util.Map;
+
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.CallbackHandler;
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.ResourceType;
-import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
//$Id: JBossAuthorizationContext.java 62954 2007-05-10 04:12:18Z anil.saldhana at jboss.com $
@@ -64,18 +68,32 @@
{
private static Logger log = Logger.getLogger(JBossAuthorizationContext.class);
private boolean trace = log.isTraceEnabled();
+
+ private final String EJB = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
+ private final String WEB = SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY;
+
+ private Subject authenticatedSubject = null;
//Application Policy can be injected
private ApplicationPolicy applicationPolicy = null;
- public JBossAuthorizationContext(String name, Subject subject,
- CallbackHandler handler)
+ public JBossAuthorizationContext(String name)
{
this.securityDomainName = name;
- this.authenticatedSubject = subject;
- this.callbackHandler = handler;
}
+ public JBossAuthorizationContext(String name, CallbackHandler handler)
+ {
+ this(name);
+ this.callbackHandler = handler;
+ }
+
+ public JBossAuthorizationContext(String name, Subject subject, CallbackHandler handler)
+ {
+ this(name,handler);
+ this.authenticatedSubject = subject;
+ }
+
/**
* Inject an ApplicationPolicy that contains AuthorizationInfo
* @param aPolicy
@@ -105,9 +123,20 @@
@SuppressWarnings("unchecked")
public int authorize(final Resource resource) throws AuthorizationException
{
+ return this.authorize(resource, this.authenticatedSubject,
+ (RoleGroup)resource.getMap().get(ResourceKeys.SECURITY_CONTEXT_ROLES));
+ }
+
+ /**
+ * @see AuthorizationContext#authorize(Resource, Role)
+ */
+ public int authorize(final Resource resource,
+ final Subject subject,
+ final RoleGroup callerRoles) throws AuthorizationException
+ {
try
{
- initializeModules(resource);
+ initializeModules(resource, callerRoles);
}
catch (PrivilegedActionException e1)
{
@@ -116,7 +145,7 @@
//Do a PrivilegedAction
try
{
- AccessController.doPrivileged(new PrivilegedExceptionAction()
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
{
public Object run() throws AuthorizationException
{
@@ -141,11 +170,11 @@
throw ((AuthorizationException)exc);
}
return PERMIT;
- }
+ //return authorize(resource);
+ }
-
//Private Methods
- private void initializeModules(Resource resource) throws PrivilegedActionException
+ private void initializeModules(Resource resource, RoleGroup role) throws PrivilegedActionException
{
AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
if(authzInfo == null)
@@ -167,7 +196,7 @@
log.trace("Control flag for entry:"+entry+"is:["+flag+"]");
this.controlFlags.add(flag);
- modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions()));
+ modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
}
}
@@ -250,6 +279,7 @@
if(!bool)
throw new AuthorizationException("commit on modules failed");
}
+ modules.clear();
}
private void invokeAbort()
@@ -263,9 +293,11 @@
if(!bool)
throw new AuthorizationException("abort on modules failed");
}
+ modules.clear();
}
- private AuthorizationModule instantiateModule(String name, Map<String,Object> map)
+ private AuthorizationModule instantiateModule(String name,
+ Map<String,Object> map, RoleGroup subjectRoles)
throws PrivilegedActionException
{
AuthorizationModule am = null;
@@ -283,7 +315,7 @@
throw new IllegalStateException("AuthorizationModule has not " +
"been instantiated");
am.initialize(this.authenticatedSubject, this.callbackHandler,
- this.sharedState,map);
+ this.sharedState,map, subjectRoles);
return am;
}
@@ -303,10 +335,10 @@
log.trace("Application Policy not obtained for domain="+ domainName +
". Trying to obtain the App policy for the default domain of the layer:");
if(layer == ResourceType.EJB)
- aPolicy = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY);
+ aPolicy = SecurityConfiguration.getApplicationPolicy(EJB);
else
if(layer == ResourceType.WEB)
- aPolicy = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY);
+ aPolicy = SecurityConfiguration.getApplicationPolicy(WEB);
}
if(aPolicy == null)
throw new IllegalStateException("Application Policy is null for domain:"+ domainName);
@@ -323,10 +355,10 @@
AuthorizationInfo ai = null;
if(layer == ResourceType.EJB)
- ai = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY).getAuthorizationInfo();
+ ai = SecurityConfiguration.getApplicationPolicy(EJB).getAuthorizationInfo();
else
if(layer == ResourceType.WEB)
- ai = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY).getAuthorizationInfo();
+ ai = SecurityConfiguration.getApplicationPolicy(WEB).getAuthorizationInfo();
else
{
if(log.isTraceEnabled())
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/SecurityActions.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/authorization/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,7 +21,7 @@
*/
package org.jboss.security.plugins.authorization;
-import java.security.AccessController;
+import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -37,20 +37,20 @@
{
static ClassLoader getContextClassLoader() throws PrivilegedActionException
{
- return (ClassLoader) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
{
- public Object run()
+ public ClassLoader run()
{
return Thread.currentThread().getContextClassLoader();
}
});
}
- static Class loadClass(final String name) throws PrivilegedActionException
+ static Class<?> loadClass(final String name) throws PrivilegedActionException
{
- return (Class) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
{
- public Object run() throws PrivilegedActionException
+ public Class<?> run() throws PrivilegedActionException
{
try
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,13 +21,11 @@
*/
package org.jboss.security.plugins.mapping;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.ArrayList;
+import java.util.ArrayList;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContext;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.MappingInfo;
import org.jboss.security.config.SecurityConfiguration;
@@ -60,7 +58,7 @@
/**
* @see SecurityContext#getMappingContext(String)
*/
- public MappingContext getMappingContext(Class mappingType)
+ public <T> MappingContext<T> getMappingContext(Class<T> mappingType)
{
//Apply Mapping Logic
ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
@@ -76,29 +74,31 @@
if(aPolicy == null )
throw new IllegalStateException("Application Policy is null for the security domain:"
+ securityDomain);
- MappingInfo rmi = null;
- MappingContext mc = null;
- if(mappingType == Group.class)
+
+ MappingContext<T> mc = null;
+ MappingInfo rmi = aPolicy.getMappingInfo(mappingType);
+
+ /*if(mappingType == Group.class)
{
rmi = aPolicy.getRoleMappingInfo();
}
else if(mappingType == Principal.class)
{
rmi = aPolicy.getPrincipalMappingInfo();
- }
+ }*/
if(rmi != null)
{
MappingModuleEntry[] mpe = rmi.getMappingModuleEntry();
- ArrayList<MappingProvider> al = new ArrayList<MappingProvider>();
+ ArrayList<MappingProvider<T>> al = new ArrayList<MappingProvider<T>>();
for(int i = 0 ; i < mpe.length; i++)
{
- MappingProvider mp = getMappingProvider(mpe[i]);
+ MappingProvider<T> mp = getMappingProvider(mpe[i]);
if(mp != null)
al.add(mp);
}
- mc = new MappingContext(al);
+ mc = new MappingContext<T>(al);
}
return mc;
@@ -109,14 +109,16 @@
return this.securityDomain;
}
- private MappingProvider getMappingProvider(MappingModuleEntry mme)
+ @SuppressWarnings("unchecked")
+ private <T> MappingProvider<T> getMappingProvider(MappingModuleEntry mme)
{
- ClassLoader tcl = Thread.currentThread().getContextClassLoader();
- MappingProvider mp = null;
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ MappingProvider<T> mp = null;
try
{
- Class cl = tcl.loadClass(mme.getMappingModuleName());
- mp = (MappingProvider)cl.newInstance();
+ String fqn = mme.getMappingModuleName();
+ Class<?> cl = SecurityActions.loadClass(fqn,tcl);
+ mp = (MappingProvider<T>) cl.newInstance();
mp.init(mme.getOptions());
}
catch(Exception e)
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/mapping/SecurityActions.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.mapping;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+//$Id$
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 3, 2008
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static Class<?> loadClass(final String fqn, final ClassLoader tcl)
+ throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException, ClassNotFoundException
+ {
+ return tcl.loadClass(fqn);
+ }
+ });
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/DelegatingPolicyTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/DelegatingPolicyTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/DelegatingPolicyTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -31,6 +31,7 @@
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.Set;
+
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.PolicyConfiguration;
@@ -41,6 +42,7 @@
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
+
import org.apache.log4j.Logger;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimplePrincipal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermission.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermission.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermission.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,6 +24,7 @@
import java.security.BasicPermission;
import java.security.Permission;
import java.security.PermissionCollection;
+
import javax.naming.Name;
/** A path like heirarchical permission.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermissionCollection.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermissionCollection.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NamespacePermissionCollection.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -26,7 +26,6 @@
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
-import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.SortedMap;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestableGroupTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestableGroupTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestableGroupTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,13 +23,16 @@
import java.security.Principal;
import java.security.acl.Group;
+import java.util.Enumeration;
import java.util.HashSet;
-import java.util.Enumeration;
-import junit.framework.*;
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.NestableGroup;
import org.jboss.security.NobodyPrincipal;
-import org.jboss.security.NestableGroup;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestablePrincipalTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestablePrincipalTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/NestablePrincipalTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,10 +21,13 @@
*/
package org.jboss.test;
-import java.security.Principal;
+import java.security.Principal;
import java.util.Enumeration;
-import junit.framework.*;
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.NestablePrincipal;
import org.jboss.security.NobodyPrincipal;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/PermissionName.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/PermissionName.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/PermissionName.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,10 @@
*/
package org.jboss.test;
-import java.io.Serializable;
+import java.io.Serializable;
import java.util.Comparator;
import java.util.Properties;
+
import javax.naming.CompoundName;
import javax.naming.Name;
import javax.naming.NamingException;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/SecurityProviderlTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/SecurityProviderlTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/SecurityProviderlTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -30,7 +30,7 @@
import junit.framework.TestSuite;
import org.jboss.crypto.CryptoUtil;
-import org.jboss.crypto.JBossSXProvider;
+import org.jboss.crypto.JBossSXProvider;
/** Tests of the org.jboss.crypto.* Java Cryptography Architecture plugin
classes
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestJCE.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestJCE.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestJCE.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,11 +22,12 @@
package org.jboss.test;
import java.math.BigInteger;
-import java.security.AlgorithmParameters;
+import java.security.AlgorithmParameters;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Iterator;
+
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SealedObject;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLogin.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLogin.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLogin.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,9 +21,11 @@
*/
package org.jboss.test;
-import java.security.*;
-import javax.security.auth.*;
+import java.security.AccessController;
+import java.security.Permission;
+import javax.security.auth.AuthPermission;
+
public class TestLogin
{
public static void main(String[] args) throws Exception
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLoginModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/TestLoginModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,10 +22,12 @@
package org.jboss.test;
import java.util.Map;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+
import org.jboss.security.SimplePrincipal;
public class TestLoginModule implements LoginModule
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/UtilTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/UtilTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/UtilTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,9 +24,9 @@
import junit.framework.TestCase;
import junit.framework.TestSuite;
-
-import org.jboss.security.SecurityUtil;
+
import org.jboss.crypto.CryptoUtil;
+import org.jboss.security.SecurityUtil;
/** Tests of the org.jboss.security.CryptoUtil class
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditTestAssociation.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditTestAssociation.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditTestAssociation.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,6 +21,8 @@
*/
package org.jboss.test.audit;
+import org.jboss.security.audit.AuditEvent;
+
//$Id$
/**
@@ -31,5 +33,5 @@
*/
public class AuditTestAssociation
{
- public static ThreadLocal auditEventLocal = new ThreadLocal();
-}
+ public static ThreadLocal<AuditEvent> auditEventLocal = new ThreadLocal<AuditEvent>();
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/audit/AuditUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,18 +21,18 @@
*/
package org.jboss.test.audit;
-import org.jboss.security.SecurityContext;
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.audit.AuditEvent;
import org.jboss.security.audit.AuditLevel;
-import org.jboss.security.audit.AuditManager;
+import org.jboss.security.audit.AuditManager;
import org.jboss.security.audit.config.AuditProviderEntry;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuditInfo;
-import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.config.SecurityConfiguration;
-import junit.framework.TestCase;
-
//$Id$
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/JBossAuthenticationManagerUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/JBossAuthenticationManagerUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/JBossAuthenticationManagerUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -28,14 +28,14 @@
import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import junit.framework.TestCase;
+
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.AppCallbackHandler;
import org.jboss.security.plugins.JBossAuthenticationManager;
import org.jboss.test.SecurityActions;
-import junit.framework.TestCase;
-
//$Id$
/**
@@ -86,7 +86,7 @@
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name)
{
- HashMap map = new HashMap();
+ HashMap<String,Object> map = new HashMap<String,Object>();
map.put("usersProperties", "users.properties");
map.put("rolesProperties", "roles.properties");
String moduleName = "org.jboss.security.auth.spi.UsersRolesLoginModule";
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/WebJASPIAuthMgrUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,7 +22,6 @@
package org.jboss.test.authentication;
import java.net.URL;
-import java.security.Principal;
import javax.security.auth.login.Configuration;
import javax.security.auth.message.MessageInfo;
@@ -65,8 +64,7 @@
public void testLogin() throws Exception
{
HttpServletRequest hsr = getHttpServletRequest("jduke", "theduke");
- MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse)null);
- Principal p = new SimplePrincipal("jduke");
+ MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse)null);
AuthenticationManager am = new JBossAuthenticationManager(securityDomain,acbh);
assertTrue(am.isValid(mi, null, "HTTP"));
}
@@ -89,6 +87,7 @@
xli.loadConfig();
}
+ @SuppressWarnings("unchecked")
public HttpServletRequest getHttpServletRequest(String username, String pass)
{
HttpServletRequest hsr = new TestHttpServletRequest(new SimplePrincipal(username), pass, "GET");
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPILoginModuleDelgateUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -34,6 +34,8 @@
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
+import junit.framework.TestCase;
+
import org.jboss.security.SecurityConstants;
import org.jboss.security.auth.callback.AppCallbackHandler;
import org.jboss.security.auth.login.XMLLoginConfigImpl;
@@ -43,8 +45,6 @@
import org.jboss.security.plugins.SecurityContextAssociation;
import org.jboss.test.SecurityActions;
-import junit.framework.TestCase;
-
//$Id$
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -33,17 +33,17 @@
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
+import junit.framework.TestCase;
+
import org.jboss.security.SecurityConstants;
import org.jboss.security.auth.callback.AppCallbackHandler;
import org.jboss.security.auth.login.XMLLoginConfigImpl;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.auth.message.config.JBossAuthConfigProvider;
import org.jboss.security.plugins.JBossSecurityContext;
-import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.plugins.SecurityContextAssociation;
import org.jboss.test.SecurityActions;
-import junit.framework.TestCase;
-
//$Id$
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/LoginModuleServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/LoginModuleServerAuthModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/LoginModuleServerAuthModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,16 +21,10 @@
*/
package org.jboss.test.authentication.jaspi;
-import java.util.Map;
-
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.MessagePolicy;
import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
@@ -51,7 +45,7 @@
}
@Override
- protected boolean validate( Subject clientSubject) throws AuthException
+ protected boolean validate( Subject clientSubject, MessageInfo messageInfo) throws AuthException
{
throw new IllegalStateException("Configure a login module in the module options");
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -87,7 +87,7 @@
}
@Override
- protected boolean validate(Subject clientSubject) throws AuthException
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
{
try
{
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthZMgrSafetyUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,139 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.plugins.JBossAuthorizationManager;
+
+//$Id$
+
+/**
+ * Test the concurrency correctness of JBossAuthorizationManager
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 15, 2007
+ * @version $Revision$
+ */
+public class JBossAuthZMgrSafetyUnitTestCase extends TestCase
+{
+ private JBossAuthorizationManager am = new JBossAuthorizationManager("other");
+
+ protected void setUp() throws Exception
+ {
+ setUpRegularConfiguration();
+ }
+
+ public void testThreadSafety() throws Exception
+ {
+ //Create 3 authz threads and 2 authzsetandcall threads
+ AuthzCallable t1 = new AuthzCallable();
+ AuthzSetAndCall t2 = new AuthzSetAndCall();
+ AuthzCallable t3 = new AuthzCallable();
+ AuthzSetAndCall t4 = new AuthzSetAndCall();
+ AuthzCallable t5 = new AuthzCallable();
+
+ ExecutorService es = Executors.newFixedThreadPool(5) ;
+ assertTrue(es.submit(t1).get());
+ assertTrue(es.submit(t2).get());
+ assertTrue(es.submit(t3).get());
+ assertTrue(es.submit(t4).get());
+ assertTrue(es.submit(t5).get());
+ }
+
+ private class AuthzCallable implements Callable<Boolean>
+ {
+ private TestResource resource = new TestResource();
+ public Boolean call() throws Exception
+ {
+ RoleGroup role = getRoleGroup("roleA");
+ Subject subject = new Subject();
+ return am.authorize(resource, subject, role) == AuthorizationContext.PERMIT;
+ }
+ }
+
+ private class AuthzSetAndCall implements Callable<Boolean>
+ {
+ private TestResource resource = new TestResource();
+ public Boolean call() throws Exception
+ {
+ RoleGroup role = getRoleGroup("roleA");
+ Subject subject = new Subject();
+ return am.authorize(resource, subject, role) == AuthorizationContext.PERMIT;
+ }
+ }
+
+ private class TestResource implements Resource
+ {
+ public ResourceType getLayer()
+ {
+ return ResourceType.WEB;
+ }
+
+ public Map<String, Object> getMap()
+ {
+ return new HashMap<String,Object>();
+ }
+ }
+
+ private void setUpRegularConfiguration() throws Exception
+ {
+ SecurityConfiguration.addApplicationPolicy(getApplicationPolicy("other"));
+ }
+
+ private ApplicationPolicy getApplicationPolicy(String domain)
+ {
+ AuthorizationInfo ai = new AuthorizationInfo(domain);
+ String moduleName = DelegatingAuthorizationModule.class.getName();
+ AuthorizationModuleEntry ame = new AuthorizationModuleEntry(moduleName);
+ ai.add(ame);
+ ApplicationPolicy ap = new ApplicationPolicy(domain);
+ ap.setAuthorizationInfo(ai);
+ return ap;
+ }
+
+ private RoleGroup getRoleGroup(String rolename)
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ srg.getRoles().add(new SimpleRole(rolename));
+ return srg;
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -28,12 +28,14 @@
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
+import junit.framework.TestCase;
+
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.config.ApplicationPolicy;
@@ -42,11 +44,8 @@
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.plugins.JBossAuthorizationManager;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
import org.jboss.test.util.TestHttpServletRequest;
-import junit.framework.TestCase;
-
//$Id$
/**
@@ -58,8 +57,7 @@
public class JBossAuthorizationManagerUnitTestCase extends TestCase
{
private Principal p = new SimplePrincipal("jduke");
- private String contextID = "web.jar";
- private String uri = "/xacml-subjectrole/test";
+ private String contextID = "web.war";
protected void setUp() throws Exception
{
@@ -71,9 +69,9 @@
public void testAuthorization() throws Exception
{
- HashMap cmap = new HashMap();
- cmap.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p,"test", "get"));
+ HashMap<String,Object> cmap = new HashMap<String,Object>();
WebResource wr = new WebResource(cmap);
+ wr.setServletRequest(new TestHttpServletRequest(p,"test", "get"));
AuthorizationManager am = new JBossAuthorizationManager("other");
am.authorize(wr);//This should just pass as the default module PERMITS all
}
@@ -112,5 +110,4 @@
ap.setAuthorizationInfo(ai);
SecurityConfiguration.addApplicationPolicy(ap);
}
-
}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/StandaloneJBossAMgrUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/StandaloneJBossAMgrUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/StandaloneJBossAMgrUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.plugins.JBossAuthorizationManager;
+import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
+
+//$Id$
+
+/**
+ * Unit Test the JBoss Authorization Manager
+ * as a stand alone entity
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 3, 2008
+ * @version $Revision$
+ */
+public class StandaloneJBossAMgrUnitTestCase extends TestCase
+{
+ public void testAuthorizationWithInjectedCtx() throws Exception
+ {
+ JBossAuthorizationManager jam = new JBossAuthorizationManager("test");
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new SimplePrincipal("anil"));
+ jam.setAuthorizationContext(getTestAuthorizationContext("test", subject));
+
+ final HashMap<String, Object> cmap = new HashMap<String,Object>();
+ Resource testResource = new Resource()
+ {
+ public ResourceType getLayer()
+ {
+ return ResourceType.WEB;
+ }
+
+ public Map<String, Object> getMap()
+ {
+ return Collections.unmodifiableMap(cmap);
+ }
+ };
+ assertEquals(AuthorizationContext.PERMIT, jam.authorize(testResource, subject, getRoleGroup()));
+ }
+
+ private AuthorizationContext getTestAuthorizationContext(String name,Subject subject)
+ {
+ JBossAuthorizationContext jac = new JBossAuthorizationContext(name,subject,
+ new AppCallbackHandler("anil", "anilpass".toCharArray()));
+ jac.setApplicationPolicy(getTestApplicationPolicy());
+ return jac;
+ }
+
+ private ApplicationPolicy getTestApplicationPolicy()
+ {
+ ApplicationPolicy ap = new ApplicationPolicy("test");
+ AuthorizationInfo authorizationInfo = new AuthorizationInfo("test");
+ String moduleName = TestAuthorizationModule.class.getName();
+ AuthorizationModuleEntry ame = new AuthorizationModuleEntry(moduleName);
+ authorizationInfo.add(ame);
+ ap.setAuthorizationInfo(authorizationInfo);
+ return ap;
+ }
+
+ private RoleGroup getRoleGroup()
+ {
+ RoleGroup rg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ rg.getRoles().add(new SimpleRole("ServletUserRole"));
+ return rg;
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/TestAuthorizationModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/TestAuthorizationModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/TestAuthorizationModule.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.AuthorizationModule;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+
+//$Id$
+
+/**
+ * Test AuthorizationModule
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 3, 2008
+ * @version $Revision$
+ */
+public class TestAuthorizationModule implements AuthorizationModule
+{
+ private Subject subject = null;
+ private RoleGroup role = null;
+
+ public boolean abort() throws AuthorizationException
+ {
+ return true;
+ }
+
+ public int authorize(Resource resource)
+ {
+ if(subject == null)
+ return AuthorizationContext.DENY;
+ if(resource.getLayer() == ResourceType.WEB)
+ {
+ if(role != null && role.containsAll(new SimpleRole("ServletUserRole")))
+ return AuthorizationContext.PERMIT;
+ }
+ return AuthorizationContext.DENY;
+ }
+
+ public boolean commit() throws AuthorizationException
+ {
+ return true;
+ }
+
+ public boolean destroy()
+ {
+ return true;
+ }
+
+ public void initialize(Subject subject, CallbackHandler handler,
+ Map<String, Object> sharedState,
+ Map<String, Object> options,
+ RoleGroup role)
+ {
+ this.subject = subject;
+ this.role = role;
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,22 +21,18 @@
*/
package org.jboss.test.authorization.ejb;
-import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
import junit.framework.TestCase;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.AppCallbackHandler;
import org.jboss.security.authorization.AuthorizationContext;
@@ -48,9 +44,10 @@
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.jacc.SubjectPolicyContextHandler;
-import org.jboss.security.plugins.JBossAuthorizationManager;
-import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
//$Id$
@@ -64,9 +61,8 @@
public class EJBAuthorizationUnitTestCase extends TestCase
{
protected void setUp() throws Exception
- {
- PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
- new SubjectPolicyContextHandler(), true);
+ {
+ setUpRegularConfiguration();
}
/**
@@ -76,24 +72,22 @@
* @throws Exception
*/
public void testRegularEJBAuthorizationPass() throws Exception
- {
- Principal ejbPrincipal = new SimplePrincipal("SomePrincipal");
- setUpRegularConfiguration(ejbPrincipal);
+ {
+ RoleGroup principalRole = this.getRoleGroup(new String[] {"roleA"});
//Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
- cmap.put(ResourceKeys.AUTHORIZATION_MANAGER, new JBossAuthorizationManager("test"));
+ Map<String,Object> cmap = new HashMap<String,Object>();
EJBResource ejbResource = new EJBResource(cmap);
+ ejbResource.setPrincipal(new SimplePrincipal("AuthenticatedPrincipal"));
ejbResource.setEjbName("TestEJB");
ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
ejbResource.setEjbMethodInterface("void someMethod");
- ejbResource.setMethodRoles(this.getMethodRoles(new String[]{"roleA", "roleC"}));
- ejbResource.setPrincipal(ejbPrincipal);
+ ejbResource.setEjbMethodRoles(this.getRoleGroup(new String[]{"roleA", "roleC"}));
AuthorizationContext ac = new JBossAuthorizationContext("test",
- new Subject(), new AppCallbackHandler("a","b".toCharArray()));
- int result = ac.authorize(ejbResource);
+ new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(ejbResource, new Subject(), principalRole);
assertEquals(AuthorizationContext.PERMIT, result);
}
@@ -107,25 +101,22 @@
*/
public void testInvalidRegularEJBAuthorization() throws Exception
{
- Principal ejbPrincipal = new SimplePrincipal("SomePrincipal");
- setUpRegularConfiguration(ejbPrincipal);
-
+ RoleGroup principalRole = this.getRoleGroup(new String[] {"badRole"});
+
//Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
- cmap.put(ResourceKeys.AUTHORIZATION_MANAGER, new JBossAuthorizationManager("test"));
+ Map<String,Object> cmap = new HashMap<String,Object>();
EJBResource ejbResource = new EJBResource(cmap);
ejbResource.setEjbName("TestEJB");
ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
ejbResource.setEjbMethodInterface("void someMethod");
- ejbResource.setMethodRoles(getMethodRoles(new String[]{"badrole"}));
- ejbResource.setPrincipal(ejbPrincipal);
+ ejbResource.setEjbMethodRoles(this.getRoleGroup(new String[]{"roleA", "roleC"}));
AuthorizationContext ac = new JBossAuthorizationContext("test",
- new Subject(), new AppCallbackHandler("a","b".toCharArray()));
+ new AppCallbackHandler("a","b".toCharArray()));
try
{
- ac.authorize(ejbResource);
+ ac.authorize(ejbResource, new Subject(), principalRole);
fail("Should have failed");
}
catch(AuthorizationException ignore)
@@ -138,49 +129,37 @@
}
public void testSecurityRoleRef() throws Exception
- {
- Principal ejbPrincipal = new SimplePrincipal("SomePrincipal");
- setUpRegularConfiguration(ejbPrincipal);
-
+ {
+ RoleGroup principalRole = this.getRoleGroup(new String[] {"roleA"});
+
//Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
- cmap.put(ResourceKeys.AUTHORIZATION_MANAGER, new JBossAuthorizationManager("test"));
-
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
EJBResource ejbResource = new EJBResource(cmap);
ejbResource.setEjbName("TestEJB");
ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
ejbResource.setEjbMethodInterface("void someMethod");
- ejbResource.setMethodRoles(getMethodRoles(new String[]{"badrole"}));
- ejbResource.setPrincipal(ejbPrincipal);
-
+ ejbResource.setEjbMethodRoles(getRoleGroup(new String[]{"roleA"}));
+ //For Security Role Refs, we check that there is a principal
+ ejbResource.setPrincipal(new SimplePrincipal("SomePrincipal"));
+
//Additional entries needed for role ref
Set<SecurityRoleRef> roleRefSet = new HashSet<SecurityRoleRef>();
SecurityRoleRef srr = new SecurityRoleRef( "roleLink", "roleA", "something");
roleRefSet.add(srr);
ejbResource.setSecurityRoleReferences(roleRefSet);
- cmap.put(ResourceKeys.SECURITY_ROLE_REFERENCES, roleRefSet);
- cmap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
-
+ cmap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
cmap.put(ResourceKeys.ROLENAME, "roleLink");
AuthorizationContext ac = new JBossAuthorizationContext("test",
- new Subject(), new AppCallbackHandler("a","b".toCharArray()));
- int result = ac.authorize(ejbResource);
+ new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(ejbResource, new Subject(), principalRole);
assertEquals(AuthorizationContext.PERMIT, result);
}
- private void setUpRegularConfiguration(Principal ejbPrincipal) throws Exception
- {
- Subject subject = new Subject();
- SimpleGroup sg = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
- sg.addMember(new SimplePrincipal("roleA"));
- subject.getPrincipals().add(sg);
-
- SecurityContext jsc = SecurityContextFactory.createSecurityContext("test");
- jsc.getUtil().createSubjectInfo(ejbPrincipal, "dummy", subject);
- SecurityContextAssociation.setSecurityContext(jsc);
-
+ private void setUpRegularConfiguration() throws Exception
+ {
SecurityConfiguration.addApplicationPolicy(getApplicationPolicy("test"));
}
@@ -195,14 +174,17 @@
return ap;
}
- private Set<Principal> getMethodRoles(String[] roles)
+ private RoleGroup getRoleGroup(String[] roles)
{
- Set<Principal> roleSet = new HashSet<Principal>();
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+
+ List<Role> roleList = srg.getRoles();
+
for(String role:roles)
{
- roleSet.add(new SimplePrincipal(role));
+ roleList.add(new SimpleRole(role));
}
- return roleSet;
+ return srg;
}
/**
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBPolicyModuleDelegateUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBPolicyModuleDelegateUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBPolicyModuleDelegateUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,163 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.ejb;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+
+//$Id$
+
+/**
+ * Unit Test for the EJB Policy Module Delegate
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 20, 2007
+ * @version $Revision$
+ */
+public class EJBPolicyModuleDelegateUnitTestCase extends TestCase
+{
+ /**
+ * Test a successful authorization case
+ */
+ public void testEJBAuthorizationPass()
+ {
+ EJBPolicyModuleDelegate epmd = new EJBPolicyModuleDelegate();
+
+ //Create a context map
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
+ EJBResource resource = new EJBResource(cmap);
+ resource.setPrincipal(new SimplePrincipal("AuthenticatedPrincipal"));
+ resource.setEjbMethod(DummyClass.class.getDeclaredMethods()[0]);
+ resource.setEjbName(DummyClass.class.getCanonicalName());
+ resource.setEjbMethodRoles( getRoleGroup(new String[] {"gooduser"}) );
+
+ assertEquals(AuthorizationContext.PERMIT,epmd.authorize(resource,
+ new Subject(),
+ getRoleGroup(new String[]{"gooduser", "validuser" })) );;
+ }
+
+ /**
+ * Test an unsuccessful authorization case
+ */
+ public void testEJBAuthorizationFail()
+ {
+ EJBPolicyModuleDelegate epmd = new EJBPolicyModuleDelegate();
+
+ //Create a context map
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
+ EJBResource resource = new EJBResource(cmap);
+ resource.setPrincipal(new SimplePrincipal("AuthenticatedPrincipal"));
+ resource.setEjbMethod(DummyClass.class.getDeclaredMethods()[0]);
+ resource.setEjbName(DummyClass.class.getCanonicalName());
+ resource.setEjbMethodRoles( getRoleGroup(new String[] {"gooduser"}) );
+
+ int res = epmd.authorize(resource, new Subject(), getRoleGroup(new String[]{"baduser"}));
+
+ assertEquals(AuthorizationContext.DENY, res);;
+ }
+
+ /**
+ * Test the Unchecked method permissions
+ */
+ public void testEJBAuthorizationUnchecked()
+ {
+ EJBPolicyModuleDelegate epmd = new EJBPolicyModuleDelegate();
+
+ //Create a context map
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
+ EJBResource resource = new EJBResource(cmap);
+ resource.setPrincipal(new SimplePrincipal("AuthenticatedPrincipal"));
+ resource.setEjbMethod(DummyClass.class.getDeclaredMethods()[0]);
+ resource.setEjbName(DummyClass.class.getCanonicalName());
+ resource.setEjbMethodRoles( getRoleGroup(new String[] {AnybodyPrincipal.ANYBODY}) );
+
+ int res = epmd.authorize(resource, new Subject(), getRoleGroup(new String[]{"baduser"}));
+ assertEquals(AuthorizationContext.PERMIT, res);;
+ }
+
+ /**
+ * Test that in the absence of method roles sent, the authorization fails
+ */
+ public void testEJBAuthorizationMissingMethodRoles()
+ {
+ EJBPolicyModuleDelegate epmd = new EJBPolicyModuleDelegate();
+
+ //Create a context map
+ Map<String,Object> cmap = new HashMap<String,Object>();
+
+ EJBResource resource = new EJBResource(cmap);
+ resource.setPrincipal(new SimplePrincipal("AuthenticatedPrincipal"));
+ resource.setEjbMethod(DummyClass.class.getDeclaredMethods()[0]);
+ resource.setEjbName(DummyClass.class.getCanonicalName());
+
+ int res = epmd.authorize(resource, new Subject(), getRoleGroup(new String[]{"baduser"}));
+ assertEquals(AuthorizationContext.DENY, res);;
+ }
+
+ /**
+ * Create a RoleGroup given a set of roles
+ * @param roles
+ * @return
+ */
+ private RoleGroup getRoleGroup(String[] roles)
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+
+ List<Role> roleList = srg.getRoles();
+
+ for(String role:roles)
+ {
+ roleList.add(new SimpleRole(role));
+ }
+ return srg;
+ }
+
+
+ /**
+ * Dummy Class just to get a Method instance
+ * by calling DummyClass.class.getMethod()
+ * @author asaldhana
+ *
+ */
+ public class DummyClass
+ {
+ public void someMethod(){}
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/WebAuthorizationUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -21,36 +21,32 @@
*/
package org.jboss.test.authorization.web;
-import java.security.Principal;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
+import junit.framework.TestCase;
+
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.AppCallbackHandler;
import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.jacc.SubjectPolicyContextHandler;
-import org.jboss.security.plugins.JBossAuthorizationManager;
-import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
import org.jboss.test.util.TestHttpServletRequest;
-import junit.framework.TestCase;
-
//$Id$
/**
@@ -60,21 +56,13 @@
* @version $Revision$
*/
public class WebAuthorizationUnitTestCase extends TestCase
-{
- protected void setUp() throws Exception
- {
- PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
- new SubjectPolicyContextHandler(), true);
- }
-
+{
public void testRegularWebAccess() throws Exception
{
- Principal ejbPrincipal = new SimplePrincipal("SomePrincipal");
- setUpRegularConfiguration(ejbPrincipal);
+ setUpRegularConfiguration();
//Create a ContextMap
- Map<String,Object> cmap = new HashMap<String,Object>();
- cmap.put(ResourceKeys.AUTHORIZATION_MANAGER, new JBossAuthorizationManager("test"));
+ Map<String,Object> cmap = new HashMap<String,Object>();
HttpServletRequest hsr = new TestHttpServletRequest(new SimplePrincipal("someprincipal"),
"/someuri", "GET");
@@ -83,21 +71,12 @@
AuthorizationContext ac = new JBossAuthorizationContext("test",
new Subject(), new AppCallbackHandler("a","b".toCharArray()));
- int result = ac.authorize(webResource);
+ int result = ac.authorize(webResource, new Subject(), getRoleGroup(new String[]{"roleA"}));
assertEquals(AuthorizationContext.PERMIT, result);
}
- private void setUpRegularConfiguration(Principal ejbPrincipal) throws Exception
- {
- Subject subject = new Subject();
- SimpleGroup sg = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
- sg.addMember(new SimplePrincipal("roleA"));
- subject.getPrincipals().add(sg);
-
- SecurityContext jsc = SecurityContextFactory.createSecurityContext("test");
- jsc.getUtil().createSubjectInfo(ejbPrincipal, "dummy", subject);
- SecurityContextAssociation.setSecurityContext(jsc);
-
+ private void setUpRegularConfiguration() throws Exception
+ {
SecurityConfiguration.addApplicationPolicy(getApplicationPolicy("test"));
}
@@ -111,4 +90,17 @@
ap.setAuthorizationInfo(ai);
return ap;
}
+
+ private RoleGroup getRoleGroup(String[] roles)
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+
+ List<Role> roleList = srg.getRoles();
+
+ for(String role:roles)
+ {
+ roleList.add(new SimpleRole(role));
+ }
+ return srg;
+ }
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/EJBXACMLUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,31 +23,25 @@
import java.io.InputStream;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.HashMap;
import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
import junit.framework.TestCase;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.SimplePrincipal;
+import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate;
import org.jboss.security.authorization.resources.EJBResource;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.jacc.SubjectPolicyContextHandler;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.plugins.JBossAuthorizationManager;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
-import org.jboss.test.SecurityActions;
//$Id$
@@ -65,8 +59,8 @@
protected void setUp() throws Exception
{
super.setUp();
- setSecurityContext();
- setUpPolicyContext();
+ //setSecurityContext();
+ //setUpPolicyContext();
setSecurityConfiguration();
}
@@ -74,22 +68,27 @@
{
EJBXACMLPolicyModuleDelegate pc = new EJBXACMLPolicyModuleDelegate();
EJBResource er = getEJBResource();
- assertEquals(AuthorizationContext.PERMIT, pc.authorize(er));
+ er.setPolicyContextID(contextID);
+ int res = pc.authorize(er, new Subject(), getRoleGroup());
+ assertEquals(AuthorizationContext.PERMIT, res);
}
public void testInvalidEJBPolicyContextHandler() throws Exception
{
EJBXACMLPolicyModuleDelegate pc = new EJBXACMLPolicyModuleDelegate();
EJBResource er = getEJBResource();
+ er.setPolicyContextID(contextID);
er.setPrincipal(new SimplePrincipal("baduser"));
- assertEquals(AuthorizationContext.DENY, pc.authorize(er));
+
+ int res = pc.authorize(er, new Subject(), getRoleGroup());
+ assertEquals(AuthorizationContext.DENY, res);
}
private EJBResource getEJBResource()
{
HashMap<String,Object> map = new HashMap<String,Object>();
- map.put(ResourceKeys.SECURITY_CONTEXT_ROLES, getRoleGroup());
- map.put(ResourceKeys.AUTHORIZATION_MANAGER, this.getAuthorizationManager());
+ // map.put(ResourceKeys.SECURITY_CONTEXT_ROLES, getRoleGroup());
+ map.put(ResourceKeys.POLICY_REGISTRATION, this.getAuthorizationManager());
EJBResource er = new EJBResource(map);
er.setEjbName("StatelessSession");
@@ -110,8 +109,15 @@
return jam;
}
- private Group getRoleGroup()
+ private RoleGroup getRoleGroup()
{
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ srg.getRoles().add(new SimpleRole("ProjectUser"));
+ return srg;
+ }
+
+ /*private Group getRoleGroup()
+ {
Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
gp.addMember(new SimplePrincipal("ProjectUser"));
return gp;
@@ -141,7 +147,7 @@
PolicyContext.setContextID(contextID);
PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
new SubjectPolicyContextHandler(), true);
- }
+ }*/
private void setSecurityConfiguration() throws Exception
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/xacml/WebXACMLUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -23,7 +23,6 @@
import java.io.InputStream;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.HashMap;
import javax.security.auth.Subject;
@@ -36,7 +35,6 @@
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.ResourceKeys;
@@ -44,6 +42,9 @@
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.plugins.JBossAuthorizationManager;
import org.jboss.security.plugins.SecurityContextAssociation;
@@ -77,12 +78,15 @@
WebXACMLPolicyModuleDelegate pc = new WebXACMLPolicyModuleDelegate();
WebResource er = getResource();
er.setServletRequest(new TestHttpServletRequest(p, uri, "GET"));
- assertEquals(AuthorizationContext.PERMIT, pc.authorize(er));
+ assertEquals(AuthorizationContext.PERMIT,
+ pc.authorize(er, getSubject(), getRoleGroup()));
+
Principal principal = new SimplePrincipal("Notjduke");
HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
//Now change the ejb principal
er.setServletRequest(hsr);
- assertEquals(AuthorizationContext.DENY, pc.authorize(er));
+ assertEquals(AuthorizationContext.DENY,
+ pc.authorize(er, getSubject(), getRoleGroup()));
}
public void testInvalidWebPolicyContextHandler() throws Exception
@@ -93,14 +97,15 @@
HttpServletRequest hsr = new TestHttpServletRequest(principal, uri, "GET");
//Now change the ejb principal
er.setServletRequest(hsr);
- assertEquals(AuthorizationContext.DENY, pc.authorize(er));
+ assertEquals(AuthorizationContext.DENY,
+ pc.authorize(er, getSubject(), getRoleGroup()));
}
private WebResource getResource()
{
- HashMap map = new HashMap();
- // map.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p, uri, "GET"));
- map.put(ResourceKeys.AUTHORIZATION_MANAGER, this.getAuthorizationManager());
+ HashMap<String,Object> map = new HashMap<String,Object>();
+ // map.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p, uri, "GET"));
+ map.put(ResourceKeys.POLICY_REGISTRATION, this.getAuthorizationManager());
return new WebResource(map);
}
@@ -117,17 +122,22 @@
return jam;
}
- private Group getRoleGroup()
+ private RoleGroup getRoleGroup()
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ srg.getRoles().add(new SimpleRole("ServletUserRole"));
+ return srg;
+ }
+
+ private Subject getSubject()
{
- Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
- gp.addMember(new SimplePrincipal("ServletUserRole"));
- return gp;
+ Subject subj = new Subject();
+ SecurityActions.addPrincipalToSubject(subj, p);
+ return subj;
}
private void setSecurityContext()
{
- Subject subj = new Subject();
- SecurityActions.addPrincipalToSubject(subj, p);
SecurityContext sc = null;
try
{
@@ -137,8 +147,8 @@
{
throw new RuntimeException(e);
}
- sc.getUtil().createSubjectInfo(p, "cred", subj);
- sc.getUtil().setRoles(getRoleGroup());
+ sc.getUtil().createSubjectInfo(p, "cred", getSubject());
+ //sc.getUtil().setRoles(getRoleGroup());
SecurityContextAssociation.setSecurityContext(sc);
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -96,7 +96,7 @@
{
ApplicationPolicy jaasConfig = config.get("conf-jaas");
BaseAuthenticationInfo authInfo = jaasConfig.getAuthenticationInfo();
- List entries = authInfo.getModuleEntries();
+ List<?> entries = authInfo.getModuleEntries();
assertEquals("Number of entries = 2", 2, entries.size());
//First Entry
@@ -107,7 +107,7 @@
assertEquals("LM Name","org.jboss.test.TestLoginModule" ,ace.getLoginModuleName());
assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
ace.getControlFlag());
- Map aceOptions = ace.getOptions();
+ Map<String,?> aceOptions = ace.getOptions();
assertEquals("Number of options = 3", 3, aceOptions.size());
assertEquals("name=1.1", "1.1", aceOptions.get("name"));
assertEquals("succeed=true", "true", aceOptions.get("succeed"));
@@ -134,7 +134,7 @@
{
ApplicationPolicy jaspiConfig = config.get("conf-jaspi");
BaseAuthenticationInfo authInfo = jaspiConfig.getAuthenticationInfo();
- List entries = authInfo.getModuleEntries();
+ List<?> entries = authInfo.getModuleEntries();
assertEquals("Number of entries = 2", 2, entries.size());
//First Entry
@@ -145,7 +145,7 @@
assertEquals("LM Name","TestAuthModule" ,ace.getAuthModuleName());
assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
ace.getControlFlag());
- Map aceOptions = ace.getOptions();
+ Map<String,?> aceOptions = ace.getOptions();
assertEquals("Number of options = 3", 3, aceOptions.size());
assertEquals("usersProperties=u", "u", aceOptions.get("usersProperties"));
assertEquals("rolesProperties=r", "r", aceOptions.get("rolesProperties"));
@@ -175,7 +175,7 @@
appace.getLoginModuleName());
assertEquals("Optional", AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL,
appace.getControlFlag());
- Map appaceOptions = appace.getOptions();
+ Map<String,?> appaceOptions = appace.getOptions();
assertEquals("Number of options = 3", 3, appaceOptions.size());
assertEquals("usersProperties=u", "u", appaceOptions.get("usersProperties"));
assertEquals("rolesProperties=r", "r", appaceOptions.get("rolesProperties"));
@@ -187,7 +187,7 @@
{
ApplicationPolicy completeConfig = config.get("conf-complete");
BaseAuthenticationInfo authInfo = completeConfig.getAuthenticationInfo();
- List entries = authInfo.getModuleEntries();
+ List<?> entries = authInfo.getModuleEntries();
assertEquals("Number of entries = 1", 1, entries.size());
//First Entry
@@ -198,7 +198,7 @@
assertEquals("LM Name","org.jboss.test.TestLoginModule" ,ace.getLoginModuleName());
assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
ace.getControlFlag());
- Map aceOptions = ace.getOptions();
+ Map<String,?> aceOptions = ace.getOptions();
assertEquals("Number of options = 3", 3, aceOptions.size());
assertEquals("name=1.1", "1.1", aceOptions.get("name"));
assertEquals("succeed=true", "true", aceOptions.get("succeed"));
@@ -214,7 +214,7 @@
authzEntry.getPolicyModuleName());
assertEquals("Required", ControlFlag.REQUIRED,
authzEntry.getControlFlag());
- Map authzoptions = authzEntry.getOptions();
+ Map<String,?> authzoptions = authzEntry.getOptions();
assertEquals("Number of options = 2", 2, authzoptions.size());
assertEquals("name=authz", "authz", authzoptions.get("name"));
assertEquals("succeed=true", "true", authzoptions.get("succeed"));
@@ -227,7 +227,7 @@
MappingModuleEntry mme = mmearr[0];
assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
mme.getMappingModuleName());
- Map mmOptions = mme.getOptions();
+ Map<String,?> mmOptions = mme.getOptions();
assertEquals("Number of options = 2", 2, mmOptions.size());
assertEquals("name=rolemap", "rolemap", mmOptions.get("name"));
assertEquals("succeed=true", "true", mmOptions.get("succeed"));
@@ -240,7 +240,7 @@
AuditProviderEntry ape = apelist[0];
assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
mme.getMappingModuleName());
- Map auditOptions = ape.getOptions();
+ Map<String,?> auditOptions = ape.getOptions();
assertEquals("Number of options = 2", 2, auditOptions.size());
assertEquals("name=auditprovider", "auditprovider", auditOptions.get("name"));
assertEquals("succeed=false", "false", auditOptions.get("succeed"));
@@ -253,7 +253,7 @@
IdentityTrustModuleEntry itie = itilist[0];
assertEquals("TestMappingModule","org.jboss.test.TestMappingModule",
mme.getMappingModuleName());
- Map itieOptions = itie.getOptions();
+ Map<String,?> itieOptions = itie.getOptions();
assertEquals("Number of options = 3", 3, itieOptions.size());
assertEquals("name=trustprovider", "trustprovider", itieOptions.get("name"));
assertEquals("succeed=true", "true", itieOptions.get("succeed"));
@@ -295,4 +295,4 @@
InputStreamReader xmlReader = new InputStreamReader(is);
return xmlReader;
}
-}
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identity/SimpleRoleGroupUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identity/SimpleRoleGroupUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identity/SimpleRoleGroupUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.identity;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+
+//$Id$
+
+/**
+ * Test the SimpleRoleGroup implementation for JBossSX
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 8, 2008
+ * @version $Revision$
+ */
+public class SimpleRoleGroupUnitTestCase extends TestCase
+{
+ public void testCtrWithPrincipalSet()
+ {
+ Set<Principal> principalSet = new HashSet<Principal>();
+ principalSet.add(new SimplePrincipal("aRole"));
+
+ SimpleRoleGroup sr = new SimpleRoleGroup(principalSet);
+ assertNotNull(sr);
+ assertEquals("aRole",sr.getRoles().get(0).getRoleName());
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/identitytrust/IdentityTrustUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -158,6 +158,7 @@
assertEquals("Is Trusted",TrustDecision.Permit,itm.isTrusted(sc));
}
+ @SuppressWarnings("unchecked")
public void testJavaEERunAsIdentity() throws Exception
{
JBossSecurityContext sc = new JBossSecurityContext("conf-javaee");
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/ldap/OpenDSUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/ldap/OpenDSUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/ldap/OpenDSUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -22,7 +22,6 @@
package org.jboss.test.security.ldap;
import java.io.File;
-import java.net.URL;
import java.util.Hashtable;
import javax.naming.Context;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/PrincipalMappingUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/PrincipalMappingUnitTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/PrincipalMappingUnitTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -38,6 +38,7 @@
import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.mapping.config.MappingModuleEntry;
+import org.jboss.security.mapping.providers.principal.SubjectDNMapper;
//$Id$
@@ -57,9 +58,8 @@
public void testX509() throws Exception
{
- ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy("test");
- String name = "org.jboss.security.mapping.providers.principal.SubjectDNMapper";
- MappingModuleEntry mme = new MappingModuleEntry(name);
+ ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy("test");
+ MappingModuleEntry mme = new MappingModuleEntry(SubjectDNMapper.class.getName());
MappingInfo principalMappingInfo = new MappingInfo();
principalMappingInfo.add(mme);
ap.setPrincipalMappingInfo(principalMappingInfo);
@@ -67,13 +67,15 @@
String issuerDN = "CN=Fedora,OU=JBoss,O=Red Hat,C=US";
String subjectDN = "CN=Anil,OU=JBoss,O=Red Hat,C=US";
+
+ Principal x509 = new SimplePrincipal("CN=Fedora, OU=JBoss, O=Red Hat, C=DE");
+
SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
MappingManager mm = sc.getMappingManager();
assertNotNull("MappingManager != null", mm);
- MappingContext mc = mm.getMappingContext(Principal.class);
+ MappingContext<Principal> mc = mm.getMappingContext(Principal.class);
assertNotNull("MappingContext != null", mc);
- Principal x509 = new SimplePrincipal("CN=Fedora, OU=JBoss, O=Red Hat, C=DE");
- HashMap map = new HashMap();
+ HashMap<String,Object> map = new HashMap<String,Object>();
X509Certificate cert = getX509Certificate(issuerDN,subjectDN);
X509Certificate[] certs = new X509Certificate[]{cert};
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/TestX509Certificate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/TestX509Certificate.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/TestX509Certificate.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -28,17 +28,16 @@
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
-import java.util.Date;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Set;
+import javax.security.auth.x500.X500Principal;
+
//$Id$
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -89,6 +89,7 @@
//Create a security context with runas
sc = new JBossSecurityContext("TEST");
+ @SuppressWarnings("unchecked")
RunAs ras = new RunAs()
{
public <T> T getIdentity()
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/MappingContextTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/MappingContextTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/MappingContextTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -46,20 +46,20 @@
{
SecurityConfiguration.addApplicationPolicy(createApplicationPolicy(securityDomain));
SecurityContext sc= getSC(securityDomain);
- HashSet hs = new HashSet();
+ HashSet<String> hs = new HashSet<String>();
hs.add("t1");
hs.add("t2");
- HashMap rolesMap = new HashMap();
+ HashMap<String,Object> rolesMap = new HashMap<String,Object>();
rolesMap.put(principal.getName(), hs );
- HashMap map = new HashMap();
+ HashMap<String,Object> map = new HashMap<String,Object>();
map.put(SecurityConstants.PRINCIPAL_IDENTIFIER, principal);
map.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP, rolesMap);
Group grp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
grp.addMember(new SimplePrincipal("oldRole"));
- MappingContext mc = sc.getMappingManager().getMappingContext(Group.class);
+ MappingContext<Group> mc = sc.getMappingManager().getMappingContext(Group.class);
mc.performMapping(map, grp);
grp = (Group) mc.getMappingResult().getMappedObject();
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextBaseTest.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextBaseTest.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextBaseTest.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -24,15 +24,15 @@
import java.security.Principal;
import java.util.List;
-import org.jboss.security.SimplePrincipal;
+import junit.framework.TestCase;
+
+import org.jboss.security.SimplePrincipal;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.RoleMappingInfo;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.mapping.config.MappingModuleEntry;
import org.jboss.security.plugins.JBossSecurityContext;
-import junit.framework.TestCase;
-
//$Id$
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextTestCase.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/SecurityContextTestCase.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -30,13 +30,13 @@
import org.jboss.security.AuthorizationManager;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.audit.AuditManager;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.providers.DeploymentRolesMappingProvider;
import org.jboss.security.plugins.JBossSecurityContext;
-import org.jboss.security.SecurityContextFactory;
//$Id$
@@ -73,13 +73,13 @@
}
public void testMappingContext()
- {
+ {
JBossSecurityContext sc = getSC(securityDomain);
ISecurityManagement ism = sc.getSecurityManagement();
assertNotNull("Security Management is not null", ism);
- MappingContext mc = sc.getMappingManager().getMappingContext(Group.class);
+ MappingContext<Group> mc = sc.getMappingManager().getMappingContext(Group.class);
assertNotNull("Mapping Context is not null", mc);
- List modules = mc.getModules();
+ List<?> modules = mc.getModules();
assertNotNull("Mapping modules not null", modules);
assertEquals("Module size == 1", modules.size(),1);
assertTrue("Deployment Roles Provider is present",
@@ -108,6 +108,6 @@
AuditManager auditManager = sc.getAuditManager();
assertNotNull("AuditManager is not null", auditManager);
IdentityTrustManager itm = sc.getIdentityTrustManager();
- assertNotNull("IdentityTrustManager is not null", auditManager);
+ assertNotNull("IdentityTrustManager is not null", itm);
}
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/TestSecurityContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/TestSecurityContext.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/securitycontext/TestSecurityContext.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -124,4 +124,4 @@
{
return null;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/TestHttpServletRequest.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/TestHttpServletRequest.java 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/TestHttpServletRequest.java 2008-01-09 20:25:39 UTC (rev 68749)
@@ -51,7 +51,7 @@
private String uri;
private String meth;
- private Map parameterMap = new HashMap();
+ private Map<String,Object> parameterMap = new HashMap<String,Object>();
public TestHttpServletRequest(Principal p, String uri, String meth)
{
@@ -85,12 +85,12 @@
return null;
}
- public Enumeration getHeaderNames()
+ public Enumeration<String> getHeaderNames()
{
return null;
}
- public Enumeration getHeaders(String arg0)
+ public Enumeration<String> getHeaders(String arg0)
{
return null;
}
@@ -190,7 +190,7 @@
return null;
}
- public Enumeration getAttributeNames()
+ public Enumeration<String> getAttributeNames()
{
return null;
}
@@ -235,7 +235,7 @@
return null;
}
- public Enumeration getLocales()
+ public Enumeration<String> getLocales()
{
return null;
}
@@ -245,15 +245,14 @@
return (String) parameterMap.get(arg);
}
- public Map getParameterMap()
+ public Map<String,Object> getParameterMap()
{
return parameterMap;
}
- public Enumeration getParameterNames()
+ public Enumeration<String> getParameterNames()
{
- Vector v = new Vector();
- return v.elements();
+ return (new Vector<String>()).elements();
}
public String[] getParameterValues(String arg0)
Modified: projects/security/security-jboss-sx/trunk/pom.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/pom.xml 2008-01-09 20:24:06 UTC (rev 68748)
+++ projects/security/security-jboss-sx/trunk/pom.xml 2008-01-09 20:25:39 UTC (rev 68749)
@@ -6,7 +6,7 @@
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
+ <artifactId>jbosssx-parent</artifactId>
<version>2.0.2-SNAPSHOT</version>
<packaging>pom</packaging>
<name>JBoss Security Implementation for the JBAS - Parent</name>
@@ -87,6 +87,20 @@
<module>jbosssx</module>
</modules>
</profile>
+
+ <!-- Specify heap size for ACL tests -->
+ <profile>
+ <id>acl-heap-profile</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <properties>
+ <surefire.jvm.args>-Xms512m -Xmx1024m</surefire.jvm.args>
+ </properties>
+ <modules>
+ <module>acl</module>
+ </modules>
+ </profile>
</profiles>
<build>
More information about the jboss-cvs-commits
mailing list