[jboss-cvs] JBossAS SVN: r90068 - branches/Branch_5_x/security/src/main/org/jboss/security/jndi.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Jun 10 19:31:12 EDT 2009
Author: scott.stark at jboss.org
Date: 2009-06-10 19:31:12 -0400 (Wed, 10 Jun 2009)
New Revision: 90068
Modified:
branches/Branch_5_x/security/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java
branches/Branch_5_x/security/src/main/org/jboss/security/jndi/SecurityAssociationActions.java
Log:
JBAS-7010, update the security actions to create a SecurityContext
Modified: branches/Branch_5_x/security/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java 2009-06-10 22:52:19 UTC (rev 90067)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java 2009-06-10 23:31:12 UTC (rev 90068)
@@ -102,7 +102,7 @@
}
else
{
- SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials);
+ SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials, null);
}
// Now return the context using the standard jnp naming context factory
Context iniCtx = super.getInitialContext(env);
Modified: branches/Branch_5_x/security/src/main/org/jboss/security/jndi/SecurityAssociationActions.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/jndi/SecurityAssociationActions.java 2009-06-10 22:52:19 UTC (rev 90067)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/jndi/SecurityAssociationActions.java 2009-06-10 23:31:12 UTC (rev 90068)
@@ -27,6 +27,9 @@
import javax.security.auth.Subject;
import org.jboss.security.SecurityAssociation;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
/** A PrivilegedAction implementation for setting the SecurityAssociation
* principal and credential
@@ -36,81 +39,146 @@
*/
class SecurityAssociationActions
{
- private static class SetPrincipalInfoStackAction implements PrivilegedAction
+ private static class SetPrincipalInfoAction implements PrivilegedAction<Object>
{
Principal principal;
Object credential;
Subject subject;
- SetPrincipalInfoStackAction(Principal principal, Object credential, Subject subject)
+ SetPrincipalInfoAction(Principal principal, Object credential, Subject subject)
{
this.principal = principal;
this.credential = credential;
this.subject = subject;
}
+
+ @SuppressWarnings("deprecation")
public Object run()
{
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ //Client Side usage
+ if(!getServer())
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ }
+
+ //Always create a new security context
+ SecurityContext sc = null;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal,
+ credential, subject, "CLIENT_LOGIN_MODULE");
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ setSecurityContext(sc);
+
credential = null;
principal = null;
subject = null;
return null;
}
}
-
- private static class SetPrincipalInfoAction implements PrivilegedAction
+ private static class PopPrincipalInfoAction implements PrivilegedAction<Object>
{
- Principal principal;
- Object credential;
- SetPrincipalInfoAction(Principal principal, Object credential)
- {
- this.principal = principal;
- this.credential = credential;
- }
+ @SuppressWarnings("deprecation")
public Object run()
{
- SecurityAssociation.setCredential(credential);
- credential = null;
- SecurityAssociation.setPrincipal(principal);
- principal = null;
+ if(!getServer())
+ SecurityAssociation.popSubjectContext();
return null;
}
}
- private static class PopPrincipalInfoAction implements PrivilegedAction
- {
- public Object run()
- {
- SecurityAssociation.popSubjectContext();
- return null;
- }
- }
- private static class GetTCLAction implements PrivilegedAction
+ private static class GetTCLAction implements PrivilegedAction<Object>
{
- static PrivilegedAction ACTION = new GetTCLAction();
+ static PrivilegedAction<Object> ACTION = new GetTCLAction();
public Object run()
{
ClassLoader loader = Thread.currentThread().getContextClassLoader();
return loader;
}
}
-
- private static class SetServerAction implements PrivilegedAction
+ private static class SetServerAction implements PrivilegedAction<Object>
{
- static PrivilegedAction ACTION = new SetServerAction();
+ static PrivilegedAction<Object> ACTION = new SetServerAction();
public Object run()
{
SecurityAssociation.setServer();
return null;
}
}
- static void setPrincipalInfo(Principal principal, Object credential)
+
+ static void setSecurityContext(final SecurityContext sc)
{
- SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential);
- AccessController.doPrivileged(action);
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
}
+
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
+
+ static void pushSecurityContext(final Principal p, final Object cred,
+ final Subject subject, final String securityDomain)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ @SuppressWarnings("deprecation")
+ public Object run()
+ {
+ SecurityContext sc;
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(p, cred,
+ subject, securityDomain);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ setSecurityContext(sc);
+ //For Client Side legacy usage
+ if(getServer() == Boolean.FALSE)
+ {
+ SecurityAssociation.pushSubjectContext(subject, p, cred);
+ }
+ return null;
+ }
+ });
+ }
+ static Boolean getServer()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return SecurityAssociation.isServer();
+ }
+ });
+ }
+
+ static void setServer()
+ {
+ AccessController.doPrivileged(SetServerAction.ACTION);
+ }
+
static void setPrincipalInfo(Principal principal, Object credential, Subject subject)
{
- SetPrincipalInfoStackAction action = new SetPrincipalInfoStackAction(principal, credential, subject);
+ SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential, subject);
AccessController.doPrivileged(action);
}
static void popPrincipalInfo()
@@ -119,10 +187,6 @@
AccessController.doPrivileged(action);
}
- static void setServer()
- {
- AccessController.doPrivileged(SetServerAction.ACTION);
- }
static ClassLoader getContextClassLoader()
{
ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
More information about the jboss-cvs-commits
mailing list