[jboss-cvs] jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates ...
Anil Saldhana
anil.saldhana at jboss.com
Thu Jul 27 16:22:05 EDT 2006
User: asaldhana
Date: 06/07/27 16:22:05
Modified: src/main/org/jboss/web/tomcat/security/authorization/delegates
WebXACMLPolicyModuleDelegate.java WebXACMLUtil.java
Log:
JBAS-3373: XACML Web layer changes
Revision Changes Path
1.2 +32 -6 jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLPolicyModuleDelegate.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: WebXACMLPolicyModuleDelegate.java
===================================================================
RCS file: /cvsroot/jboss/jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLPolicyModuleDelegate.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- WebXACMLPolicyModuleDelegate.java 26 Jul 2006 03:35:23 -0000 1.1
+++ WebXACMLPolicyModuleDelegate.java 27 Jul 2006 20:22:05 -0000 1.2
@@ -23,6 +23,7 @@
import java.util.Map;
+import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.apache.catalina.connector.Request;
@@ -31,23 +32,25 @@
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
import com.sun.xacml.Policy;
import com.sun.xacml.ctx.RequestCtx;
-//$Id: WebXACMLPolicyModuleDelegate.java,v 1.1 2006/07/26 03:35:23 asaldhana Exp $
+//$Id: WebXACMLPolicyModuleDelegate.java,v 1.2 2006/07/27 20:22:05 asaldhana Exp $
/**
* XACML based authorization module helper that deals with the web layer
* authorization decisions
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jun 13, 2006
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
{
+ private Subject callerSubject = null;
public WebXACMLPolicyModuleDelegate()
{
@@ -68,11 +71,22 @@
if(map.size() == 0)
throw new IllegalStateException("Map from the Resource is size zero");
//Get the Catalina Request Object
- Request request = (Request)map.get("catalina.request");
- SecurityConstraint[] constraints = (SecurityConstraint[])map.get("catalina.constraints");
- PolicyRegistration pr = (PolicyRegistration)map.get("authorizationManager");
+ Request request = (Request)map.get(ResourceKeys.WEB_REQUEST);
+ SecurityConstraint[] constraints = (SecurityConstraint[])map.get(ResourceKeys.WEB_SECURITY_CONSTRAINTS);
+ PolicyRegistration pr = (PolicyRegistration)map.get(ResourceKeys.AUTHORIZATION_MANAGER);
+ callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
if(pr != null)
this.authzManager = pr;
+ Boolean userDataCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.USERDATA_PERM_CHECK));
+ Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
+
+ //If it is a userDataCheck or a RoleRefCheck, then the base class (RealmBase) decision holds
+ if(userDataCheck || roleRefCheck)
+ return AuthorizationContext.PERMIT; //Base class decision holds good
+
+ if(request == null)
+ throw new IllegalStateException("Request is null");
+
return process(request, constraints);
}
@@ -85,6 +99,18 @@
}
/**
+ * Ensure that the bool is a valid value
+ * @param bool
+ * @return bool or Boolean.FALSE (when bool is null)
+ */
+ private Boolean checkBooleanValue(Boolean bool)
+ {
+ if(bool == null)
+ return Boolean.FALSE;
+ return bool;
+ }
+
+ /**
* Process the web request
* @param request
* @param sc
@@ -96,7 +122,7 @@
WebXACMLUtil util = new WebXACMLUtil();
try
{
- RequestCtx requestCtx = util.createXACMLRequest(request,this.authzManager);
+ RequestCtx requestCtx = util.createXACMLRequest(request,authzManager, callerSubject);
String contextID = PolicyContext.getContextID();
Policy policy = (Policy)authzManager.getPolicy(contextID,null);
if(policy == null)
1.2 +10 -8 jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLUtil.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: WebXACMLUtil.java
===================================================================
RCS file: /cvsroot/jboss/jboss-tomcat/src/main/org/jboss/web/tomcat/security/authorization/delegates/WebXACMLUtil.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- WebXACMLUtil.java 26 Jul 2006 03:35:23 -0000 1.1
+++ WebXACMLUtil.java 27 Jul 2006 20:22:05 -0000 1.2
@@ -46,13 +46,13 @@
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.Subject;
-//$Id: WebXACMLUtil.java,v 1.1 2006/07/26 03:35:23 asaldhana Exp $
+//$Id: WebXACMLUtil.java,v 1.2 2006/07/27 20:22:05 asaldhana Exp $
/**
* Utility class for creating XACML Requests
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jun 21, 2006
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
*/
public class WebXACMLUtil
{
@@ -64,9 +64,13 @@
}
public RequestCtx createXACMLRequest(Request request,
- AuthorizationManager authzManager) throws Exception
+ AuthorizationManager authzManager, javax.security.auth.Subject callerSubject) throws Exception
{
- HttpServletRequest httpRequest = (HttpServletRequest)request;
+ HttpServletRequest httpRequest = (HttpServletRequest)request.getRequest();
+ if(httpRequest == null)
+ throw new IllegalArgumentException("Http Request is null");
+ if(authzManager == null)
+ throw new IllegalArgumentException("Authorization Manager is null");
String httpMethod = httpRequest.getMethod();
String action = "GET".equals(httpMethod)?"read":"write";
@@ -75,7 +79,7 @@
RequestCtx requestCtx = null;
Principal principal = request.getPrincipal();
- String username = getUserName();
+ String username = getUserName(callerSubject);
//Get the roles from the authorization manager
Set roles = authzManager.getUserRoles(principal);
//Create the subject set
@@ -158,11 +162,9 @@
return requestUri;
}
- private String getUserName() throws Exception
+ private String getUserName(javax.security.auth.Subject caller) throws Exception
{
String user = "";
- String key = "javax.security.auth.Subject.container";
- javax.security.auth.Subject caller = (javax.security.auth.Subject) PolicyContext.getContext(key);
Iterator iter = caller.getPrincipals().iterator();
while(iter.hasNext())
{
More information about the jboss-cvs-commits
mailing list