[jboss-cvs] jbosssx/src/main/org/jboss/security/authorization ...
Anil Saldhana
anil.saldhana at jboss.com
Wed Jul 19 14:24:37 EDT 2006
User: asaldhana
Date: 06/07/19 14:24:37
Modified: src/main/org/jboss/security/authorization
AuthorizationContext.java
Log:
JBAS-3324: Have a fallback mechanism wrt security domain based on resource layer
Revision Changes Path
1.5 +46 -16 jbosssx/src/main/org/jboss/security/authorization/AuthorizationContext.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: AuthorizationContext.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/authorization/AuthorizationContext.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- AuthorizationContext.java 17 Jul 2006 17:14:23 -0000 1.4
+++ AuthorizationContext.java 19 Jul 2006 18:24:37 -0000 1.5
@@ -42,10 +42,10 @@
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
-//$Id: AuthorizationContext.java,v 1.4 2006/07/17 17:14:23 asaldhana Exp $
+//$Id: AuthorizationContext.java,v 1.5 2006/07/19 18:24:37 asaldhana Exp $
/**
- * Authorization Framework for Policy Decision Modules
+ * JBAS-3374: Authorization Framework for Policy Decision Modules
* For information on the behavior of the Authorization Modules,
* For Authorization Modules behavior(Required, Requisite, Sufficient and Optional)
* please refer to the javadoc for @see javax.security.auth.login.Configuration
@@ -58,7 +58,7 @@
*
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jun 11, 2006
- * @version $Revision: 1.4 $
+ * @version $Revision: 1.5 $
*/
public class AuthorizationContext
{
@@ -140,7 +140,7 @@
*/
public int authorize(final Resource resource) throws AuthorizationException
{
- initializeModules();
+ initializeModules(resource);
//Do a PrivilegedAction
try
{
@@ -162,7 +162,10 @@
}
catch (PrivilegedActionException e)
{
- log.error("Error in authorize:",e.getException());
+ if(trace)
+ log.trace("Error in authorize:", e.getException());
+ else
+ log.error("Error in authorize:"+e.getException().getLocalizedMessage());
invokeAbort();
throw ((AuthorizationException)e.getException());
}
@@ -176,11 +179,11 @@
return MBeanServerLocator.locateJBoss();
}
- private void initializeModules()
+ private void initializeModules(Resource resource)
{
- AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName);
+ AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
if(authzInfo == null)
- authzInfo = getAuthorizationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY);
+ authzInfo = getAuthorizationInfo(SecurityConstants.DEFAULT_APPLICATION_POLICY, resource);
AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry();
int len = entries != null ? entries.length : 0;
for(int i = 0 ; i < len; i++)
@@ -305,14 +308,15 @@
if(am == null)
throw new IllegalStateException("AuthorizationModule has not " +
"been instantiated");
- //TODO:Add options from configuration
am.initialize(this.authenticatedSubject, this.callbackHandler,
this.sharedState,map);
return am;
}
- private AuthorizationInfo getAuthorizationInfo(String domainName)
+ private AuthorizationInfo getAuthorizationInfo(String domainName, Resource resource)
{
+ String layer = resource.getLayer();
+
//Check if an instance of ApplicationPolicy is available
if(this.applicationPolicy != null)
return applicationPolicy.getAuthorizationInfo();
@@ -323,12 +327,38 @@
throw new IllegalStateException("MBean Server not located");
if(this.securityConfigService == null)
throw new IllegalStateException("Security Config Service not injected");
+ ApplicationPolicy aPolicy = getApplicationPolicy(domainName, mbeanServer);
+ if(aPolicy == null)
+ {
+ if(trace)
+ log.trace("Application Policy not obtained for domain="+ domainName +
+ ". Trying to obtain the App policy for the default domain of the layer:");
+ if(Resource.EJB.equals(layer))
+ aPolicy = getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY,mbeanServer);
+ else
+ if(Resource.WEB.equals(layer))
+ aPolicy = getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY,mbeanServer);
+ }
+ if(aPolicy == null)
+ throw new IllegalStateException("Application Policy is null for domain:"+ domainName);
+ return aPolicy.getAuthorizationInfo();
+ }
+
+ /**
+ * Obtain the Application Policy
+ *
+ * @param domainName Security Domain
+ * @param mbeanServer MBeanServer
+ * @return
+ */
+ private ApplicationPolicy getApplicationPolicy(String domainName, MBeanServer mbeanServer)
+ {
ApplicationPolicy aPolicy = null;
try
{
aPolicy = (ApplicationPolicy)mbeanServer.invoke(this.securityConfigService,
"getApplicationPolicy",
- new Object[]{securityDomainName},
+ new Object[]{domainName},
new String[]{"java.lang.String"});
}
catch (JMException jme)
@@ -336,8 +366,8 @@
throw new IllegalStateException("Cannot obtain Application Policy::" +
jme.getLocalizedMessage());
}
- if(aPolicy == null)
- throw new IllegalStateException("Application Policy is null for domain:"+ domainName);
- return aPolicy.getAuthorizationInfo();
+ if(trace)
+ log.trace("Application Policy for domain=" + domainName + " ::" + aPolicy);
+ return aPolicy;
}
}
More information about the jboss-cvs-commits
mailing list