[jboss-cvs] JBossAS SVN: r111199 - projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 18 13:59:48 EDT 2011
Author: jesper.pedersen
Date: 2011-04-18 13:59:48 -0400 (Mon, 18 Apr 2011)
New Revision: 111199
Modified:
projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractDsDeployer.java
projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractResourceAdapterDeployer.java
Log:
Add createSubject(SubjectFactory, String, ManagedConnectionFactory)
Modified: projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractDsDeployer.java
===================================================================
--- projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractDsDeployer.java 2011-04-18 16:16:27 UTC (rev 111198)
+++ projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractDsDeployer.java 2011-04-18 17:59:48 UTC (rev 111199)
@@ -32,7 +32,6 @@
import org.jboss.jca.common.api.metadata.ds.DataSources;
import org.jboss.jca.common.api.metadata.ds.XaDataSource;
import org.jboss.jca.common.api.metadata.ra.ConfigProperty;
-import org.jboss.jca.common.api.metadata.ra.Connector;
import org.jboss.jca.common.api.metadata.ra.XsdString;
import org.jboss.jca.common.metadata.ra.common.ConfigPropertyImpl;
import org.jboss.jca.core.api.connectionmanager.ccm.CachedConnectionManager;
@@ -54,17 +53,24 @@
import java.lang.reflect.Method;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Set;
import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.TransactionSupport.TransactionSupportLevel;
+import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SubjectFactory;
/**
@@ -464,7 +470,7 @@
Subject subject = null;
if (subjectFactory != null)
- subject = subjectFactory.createSubject(securityDomain);
+ subject = createSubject(subjectFactory, securityDomain, mcf);
pp.prefill(subject, null, false);
}
@@ -473,9 +479,6 @@
return mcf.createConnectionFactory(cm);
}
-
-
-
/**
* Deploy an XA datasource
* @param ds The datasource
@@ -727,7 +730,7 @@
Subject subject = null;
if (subjectFactory != null)
- subject = subjectFactory.createSubject(securityDomain);
+ subject = createSubject(subjectFactory, securityDomain, mcf);
pp.prefill(subject, null, noTxSeparatePool.booleanValue());
}
@@ -891,4 +894,68 @@
* @exception DeployException Thrown if the security domain can't be resolved
*/
protected abstract SubjectFactory getSubjectFactory(String securityDomain) throws DeployException;
+
+ /**
+ * Create a subject
+ * @param subjectFactory The subject factory
+ * @param securityDomain The security domain
+ * @param mcf The managed connection factory
+ * @return The subject; <code>null</code> in case of an error
+ */
+ protected Subject createSubject(final SubjectFactory subjectFactory,
+ final String securityDomain,
+ final ManagedConnectionFactory mcf)
+ {
+ if (subjectFactory == null)
+ throw new IllegalArgumentException("SubjectFactory is null");
+
+ if (securityDomain == null)
+ throw new IllegalArgumentException("SecurityDomain is null");
+
+ return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+ {
+ public Subject run()
+ {
+ try
+ {
+ // Create a security context on the association
+ SecurityContext securityContext = SecurityContextFactory.createSecurityContext(securityDomain);
+ SecurityContextAssociation.setSecurityContext(securityContext);
+
+ // Unauthenticated
+ Subject unauthenticated = new Subject();
+
+ // Leave the subject empty as we don't have any information to do the
+ // authentication with - and we only need it to be able to get the
+ // real subject from the SubjectFactory
+
+ // Set the authenticated subject
+ securityContext.getSubjectInfo().setAuthenticatedSubject(unauthenticated);
+
+ // Use the unauthenticated subject to get the real subject instance
+ Subject subject = subjectFactory.createSubject(securityDomain);
+
+ Set<PasswordCredential> pcs = subject.getPrivateCredentials(PasswordCredential.class);
+ if (pcs != null && pcs.size() > 0)
+ {
+ for (PasswordCredential pc : pcs)
+ {
+ pc.setManagedConnectionFactory(mcf);
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Subject=" + subject);
+
+ return subject;
+ }
+ catch (Throwable t)
+ {
+ log.error("Exception during createSubject()" + t.getMessage(), t);
+ }
+
+ return null;
+ }
+ });
+ }
}
Modified: projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractResourceAdapterDeployer.java
===================================================================
--- projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractResourceAdapterDeployer.java 2011-04-18 16:16:27 UTC (rev 111198)
+++ projects/jboss-jca/trunk/deployers/src/main/java/org/jboss/jca/deployers/common/AbstractResourceAdapterDeployer.java 2011-04-18 17:59:48 UTC (rev 111199)
@@ -76,6 +76,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -92,10 +94,14 @@
import javax.resource.spi.ResourceAdapterAssociation;
import javax.resource.spi.TransactionSupport;
import javax.resource.spi.TransactionSupport.TransactionSupportLevel;
+import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.transaction.TransactionManager;
import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SubjectFactory;
/**
@@ -1156,7 +1162,7 @@
Subject subject = null;
if (subjectFactory != null)
- subject = subjectFactory.createSubject(securityDomain);
+ subject = createSubject(subjectFactory, securityDomain, mcf);
pp.prefill(subject, null, noTxSeparatePool.booleanValue());
}
@@ -1625,7 +1631,7 @@
Subject subject = null;
if (subjectFactory != null)
- subject = subjectFactory.createSubject(securityDomain);
+ subject = createSubject(subjectFactory, securityDomain, mcf);
pp.prefill(subject, null, noTxSeparatePool.booleanValue());
}
@@ -1794,6 +1800,70 @@
protected abstract SubjectFactory getSubjectFactory(String securityDomain) throws DeployException;
/**
+ * Create a subject
+ * @param subjectFactory The subject factory
+ * @param securityDomain The security domain
+ * @param mcf The managed connection factory
+ * @return The subject; <code>null</code> in case of an error
+ */
+ protected Subject createSubject(final SubjectFactory subjectFactory,
+ final String securityDomain,
+ final ManagedConnectionFactory mcf)
+ {
+ if (subjectFactory == null)
+ throw new IllegalArgumentException("SubjectFactory is null");
+
+ if (securityDomain == null)
+ throw new IllegalArgumentException("SecurityDomain is null");
+
+ return AccessController.doPrivileged(new PrivilegedAction<Subject>()
+ {
+ public Subject run()
+ {
+ try
+ {
+ // Create a security context on the association
+ SecurityContext securityContext = SecurityContextFactory.createSecurityContext(securityDomain);
+ SecurityContextAssociation.setSecurityContext(securityContext);
+
+ // Unauthenticated
+ Subject unauthenticated = new Subject();
+
+ // Leave the subject empty as we don't have any information to do the
+ // authentication with - and we only need it to be able to get the
+ // real subject from the SubjectFactory
+
+ // Set the authenticated subject
+ securityContext.getSubjectInfo().setAuthenticatedSubject(unauthenticated);
+
+ // Use the unauthenticated subject to get the real subject instance
+ Subject subject = subjectFactory.createSubject(securityDomain);
+
+ Set<PasswordCredential> pcs = subject.getPrivateCredentials(PasswordCredential.class);
+ if (pcs != null && pcs.size() > 0)
+ {
+ for (PasswordCredential pc : pcs)
+ {
+ pc.setManagedConnectionFactory(mcf);
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Subject=" + subject);
+
+ return subject;
+ }
+ catch (Throwable t)
+ {
+ log.error("Exception during createSubject()" + t.getMessage(), t);
+ }
+
+ return null;
+ }
+ });
+ }
+
+ /**
* Get the cached connection manager
* @return The handle
*/
More information about the jboss-cvs-commits
mailing list