[jboss-cvs] Picketbox SVN: r76 - in trunk: security-spi/authorization/src/main/java/org/jboss/security/authorization and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 6 16:00:42 EDT 2010
Author: anil.saldhana at jboss.com
Date: 2010-04-06 16:00:41 -0400 (Tue, 06 Apr 2010)
New Revision: 76
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
trunk/security-spi/authorization/src/main/java/org/jboss/security/authorization/AuthorizationContext.java
Log:
SECURITY-490: remove the modules and control flags list from the authorization context super class as they should be local to authorize methods of sub classes
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2010-04-06 17:40:43 UTC (rev 75)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2010-04-06 20:00:41 UTC (rev 76)
@@ -24,6 +24,7 @@
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -85,7 +86,7 @@
public JBossAuthorizationContext(String name)
{
- this.securityDomainName = name;
+ this.securityDomainName = name;
}
public JBossAuthorizationContext(String name, CallbackHandler handler)
@@ -136,58 +137,53 @@
*/
public int authorize(final Resource resource, final Subject subject, final RoleGroup callerRoles)
throws AuthorizationException
- {
+ {
+ final List<AuthorizationModule> modules = new ArrayList<AuthorizationModule>();
+ final List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
+
try
{
- try
+ this.authenticatedSubject = subject;
+
+ initializeModules(resource, callerRoles, modules, controlFlags);
+
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
{
- //Increase the counter of authorizations in use
- JBossAuthorizationContextManagement.increase();
- this.authenticatedSubject = subject;
- initializeModules(resource, callerRoles);
- }
- catch (PrivilegedActionException e1)
- {
- throw new RuntimeException(e1);
- }
- //Do a PrivilegedAction
- try
- {
- AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+ public Object run() throws AuthorizationException
{
- public Object run() throws AuthorizationException
+ int result = invokeAuthorize(resource, modules, controlFlags);
+ if (result == PERMIT)
+ invokeCommit( modules, controlFlags );
+ if (result == DENY)
{
- int result = invokeAuthorize(resource);
- if (result == PERMIT)
- invokeCommit();
- if (result == DENY)
- {
- invokeAbort();
- throw new AuthorizationException("Denied");
- }
- return null;
+ invokeAbort( modules, controlFlags );
+ throw new AuthorizationException("Denied");
}
- });
- }
- catch (PrivilegedActionException e)
- {
- Exception exc = e.getException();
- if (trace)
- log.trace("Error in authorize:", exc);
- invokeAbort();
- throw ((AuthorizationException) exc);
- }
- return PERMIT;
+ return null;
+ }
+ });
}
- finally
+ catch (PrivilegedActionException e)
{
- //Decrease the counter of authorizations in use and if it reaches 0, clear the lists
- JBossAuthorizationContextManagement.release(modules, controlFlags);
+ Exception exc = e.getException();
+ if (trace)
+ log.trace("Error in authorize:", exc);
+ invokeAbort( modules, controlFlags );
+ throw ((AuthorizationException) exc);
}
+ finally
+ {
+ if(modules != null)
+ modules.clear();
+ if(controlFlags != null )
+ controlFlags.clear();
+ }
+ return PERMIT;
}
//Private Methods
- private void initializeModules(Resource resource, RoleGroup role) throws PrivilegedActionException
+ private void initializeModules(Resource resource, RoleGroup role, List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags) throws PrivilegedActionException
{
AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
if (authzInfo == null)
@@ -207,12 +203,13 @@
else if (trace)
log.trace("Control flag for entry:" + entry + "is:[" + flag + "]");
- super.controlFlags.add(flag);
- super.modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
+ controlFlags.add(flag);
+ modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
}
}
- private int invokeAuthorize(Resource resource) throws AuthorizationException
+ private int invokeAuthorize(Resource resource, List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags) throws AuthorizationException
{
//Control Flag behavior
boolean encounteredRequiredError = false;
@@ -220,11 +217,11 @@
AuthorizationException moduleException = null;
int overallDecision = DENY;
- int length = super.modules.size();
+ int length = modules.size();
for (int i = 0; i < length; i++)
{
- AuthorizationModule module = (AuthorizationModule) super.modules.get(i);
- ControlFlag flag = (ControlFlag) super.controlFlags.get(i);
+ AuthorizationModule module = (AuthorizationModule) modules.get(i);
+ ControlFlag flag = (ControlFlag) controlFlags.get(i);
int decision = DENY;
try
{
@@ -279,24 +276,26 @@
return PERMIT;
}
- private void invokeCommit() throws AuthorizationException
+ private void invokeCommit( List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags ) throws AuthorizationException
{
- int length = super.modules.size();
+ int length = modules.size();
for (int i = 0; i < length; i++)
{
- AuthorizationModule module = (AuthorizationModule) super.modules.get(i);
+ AuthorizationModule module = (AuthorizationModule) modules.get(i);
boolean bool = module.commit();
if (!bool)
throw new AuthorizationException("commit on modules failed:" + module.getClass());
}
}
- private void invokeAbort() throws AuthorizationException
+ private void invokeAbort( List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags ) throws AuthorizationException
{
- int length = super.modules.size();
+ int length = modules.size();
for (int i = 0; i < length; i++)
{
- AuthorizationModule module = (AuthorizationModule) super.modules.get(i);
+ AuthorizationModule module = (AuthorizationModule) modules.get(i);
boolean bool = module.abort();
if (!bool)
throw new AuthorizationException("abort on modules failed:" + module.getClass());
@@ -384,41 +383,5 @@
if (e != null)
msg.append(e.getLocalizedMessage());
return msg.toString();
- }
-
- /**
- * <p>An internal static class that maintains a counter of authorizations in action.</p>
- * <p>Once the counter reaches 0, it is safe to clear the authorization modules and control flags,
- * to avoid the memory leaks.</p>
- * @author anil
- */
- private static class JBossAuthorizationContextManagement
- {
- private static Logger log = Logger.getLogger(JBossAuthorizationContextManagement.class);
- private static boolean trace = log.isTraceEnabled();
-
- private static int userCount = 0;
-
- public synchronized static void increase()
- {
- if(trace)
- log.trace("Increasing the count by 1.Count Will be:" + ( userCount + 1) );
- userCount++;
- }
-
- @SuppressWarnings("unchecked")
- public synchronized static void release(List modules, List controlFlags)
- {
- --userCount;
- if(userCount == 0)
- {
- if(trace)
- log.trace("Count is 0. Will be clearing the modules and control flags" );
-
- // clear the modules and control flags lists.
- modules.clear();
- controlFlags.clear();
- }
- }
- }
+ }
}
\ No newline at end of file
Modified: trunk/security-spi/authorization/src/main/java/org/jboss/security/authorization/AuthorizationContext.java
===================================================================
--- trunk/security-spi/authorization/src/main/java/org/jboss/security/authorization/AuthorizationContext.java 2010-04-06 17:40:43 UTC (rev 75)
+++ trunk/security-spi/authorization/src/main/java/org/jboss/security/authorization/AuthorizationContext.java 2010-04-06 20:00:41 UTC (rev 76)
@@ -21,15 +21,12 @@
*/
package org.jboss.security.authorization;
-import java.util.ArrayList;
import java.util.HashMap;
-import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import org.jboss.security.config.ControlFlag;
import org.jboss.security.identity.RoleGroup;
@@ -54,22 +51,9 @@
public abstract class AuthorizationContext
{
protected String securityDomainName = null;
- protected CallbackHandler callbackHandler = null;
- //protected Subject authenticatedSubject = null;
+ protected CallbackHandler callbackHandler = null;
protected Map<String,Object> sharedState = new HashMap<String,Object>();
- /**
- * Roles of the Subject
- */
- // protected Role subjectRoles = null;
-
- protected List<AuthorizationModule> modules = new ArrayList<AuthorizationModule>();
-
- /**
- * Control Flags for the individual modules
- */
- protected List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
-
public static final int PERMIT = 1;
public static final int DENY = -1;
More information about the jboss-cvs-commits
mailing list