Author: alessio.soldano(a)jboss.com Date: 2011-05-18 04:43:44 -0400 (Wed, 18 May 2011) New Revision: 14392 Added: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java Modified: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml Log: [JBWS-3296] Updating jboss600 container integration to support SecurityDomainContext abstraction Modified: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java =================================================================== --- container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java 2011-05-18 08:42:19 UTC (rev 14391) +++ container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityAdapterImpl.java 2011-05-18 08:43:44 UTC (rev 14392) @@ -21,15 +21,9 @@ */ package org.jboss.webservices.integration.security; -import java.security.AccessController; import java.security.Principal; -import java.security.PrivilegedAction; -import javax.security.auth.Subject; - import org.jboss.security.SecurityAssociation; -import org.jboss.security.SecurityContext; -import org.jboss.security.SecurityContextAssociation; import org.jboss.wsf.spi.invocation.SecurityAdaptor; /** @@ -87,31 +81,4 @@ { SecurityAssociation.setCredential(credential); } - - /** - * @see org.jboss.wsf.spi.invocation.SecurityAdaptor#pushSubjectContext(Subject, Principal, Object) - * - * @param subject subject - * @param principal principal - * @param credential credential - */ - public void pushSubjectContext(final Subject subject, final Principal principal, final Object credential) - { - AccessController.doPrivileged(new PrivilegedAction<Void>() - { - - public Void run() - { - final SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); - if (securityContext == null) - { - throw new IllegalStateException("Security Context is null"); - } - - securityContext.getUtil().createSubjectInfo(principal, credential, subject); - - return null; - } - }); - } } Added: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java =================================================================== --- container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java (rev 0) +++ container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextAdaptor.java 2011-05-18 08:43:44 UTC (rev 14392) @@ -0,0 +1,108 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2011, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.webservices.integration.security; + +import java.security.AccessController; +import java.security.Principal; +import java.security.PrivilegedAction; +import java.util.Set; + +import javax.naming.Context; +import javax.naming.InitialContext; +import javax.naming.NamingException; +import javax.security.auth.Subject; + +import org.jboss.security.AuthenticationManager; +import org.jboss.security.RealmMapping; +import org.jboss.security.SecurityContext; +import org.jboss.security.SecurityContextAssociation; + +/** + * org.jboss.wsf.spi.security.SecurityDomainContext implementation relying on AuthenticationManager + * + * @author alessio.soldano(a)jboss.com + * @since 18-May-2011 + */ +public final class SecurityDomainContextAdaptor implements org.jboss.wsf.spi.security.SecurityDomainContext { + + private AuthenticationManager authenticationManager; + private RealmMapping realmMapping; + + + public SecurityDomainContextAdaptor() { + //NOOP + } + + private void setupAuthenticationManager() { + if (authenticationManager == null) { + try + { + Context ctx = new InitialContext(); + Object obj = ctx.lookup("java:comp/env/security/securityMgr"); + authenticationManager = (AuthenticationManager)obj; + realmMapping = (RealmMapping)authenticationManager; + } + catch (NamingException ne) + { + throw new RuntimeException("Unable to lookup AuthenticationManager", ne); + } + } + } + + @Override + public boolean isValid(Principal principal, Object credential, Subject activeSubject) { + setupAuthenticationManager(); + return authenticationManager.isValid(principal, credential, activeSubject); + } + + @Override + public boolean doesUserHaveRole(Principal principal, Set<Principal> roles) { + setupAuthenticationManager(); + return realmMapping.doesUserHaveRole(principal, roles); + } + + @Override + public String getSecurityDomain() { + setupAuthenticationManager(); + return authenticationManager.getSecurityDomain(); + } + + @Override + public Set<Principal> getUserRoles(Principal principal) { + setupAuthenticationManager(); + return realmMapping.getUserRoles(principal); + } + + @Override + public void pushSubjectContext(final Subject subject, final Principal principal, final Object credential) { + AccessController.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + SecurityContext securityContext = SecurityContextAssociation.getSecurityContext(); + if (securityContext == null) { + throw new IllegalStateException("Security Context is null"); + } + securityContext.getUtil().createSubjectInfo(principal, credential, subject); + return null; + } + }); + } +} Added: container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java =================================================================== --- container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java (rev 0) +++ container/jboss60/branches/jbossws-jboss600/src/main/java/org/jboss/webservices/integration/security/SecurityDomainContextDeploymentAspect.java 2011-05-18 08:43:44 UTC (rev 14392) @@ -0,0 +1,53 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.webservices.integration.security; + +import org.jboss.ws.common.deployment.EndpointLifecycleDeploymentAspect; +import org.jboss.wsf.spi.deployment.Deployment; +import org.jboss.wsf.spi.deployment.Endpoint; +import org.jboss.wsf.spi.security.SecurityDomainContext; + +/** + * Extends EndpointLifecycleDeploymentAspect to setup the SecurityDomainContext + * + * @author <a href="mailto:alessio.soldano@jboss.com">Alessio Soldano/a> + */ +public final class SecurityDomainContextDeploymentAspect extends EndpointLifecycleDeploymentAspect +{ + /** + * Constructor. + */ + public SecurityDomainContextDeploymentAspect() + { + super(); + } + + @Override + public void start(final Deployment dep) + { + super.start(dep); + SecurityDomainContext context = new SecurityDomainContextAdaptor(); + for (Endpoint ep : dep.getService().getEndpoints()) { + ep.setSecurityDomainContext(context); + } + } +} Modified: container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml =================================================================== --- container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml 2011-05-18 08:42:19 UTC (rev 14391) +++ container/jboss60/branches/jbossws-jboss600/src/main/resources/jbossws-jboss.deployer/META-INF/stack-agnostic-jboss-beans.xml 2011-05-18 08:43:44 UTC (rev 14392) @@ -117,7 +117,7 @@ <property name="provides">EndpointAddress</property> </bean> - <bean name="WSEndpointLifecycleDeploymentAspect" class="org.jboss.ws.common.deployment.EndpointLifecycleDeploymentAspect"> + <bean name="WSEndpointLifecycleDeploymentAspect" class="org.jboss.webservices.integration.security.SecurityDomainContextDeploymentAspect"> <property name="provides">LifecycleHandler</property> <property name="last">true</property> </bean>