[jboss-cvs] JBossAS SVN: r58420 - trunk/aspects/src/main/org/jboss/aspects/security
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Nov 15 16:57:16 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-11-15 16:57:15 -0500 (Wed, 15 Nov 2006)
New Revision: 58420
Modified:
trunk/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java
trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
Log:
set up the security context for the invocation
Modified: trunk/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java
===================================================================
--- trunk/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java 2006-11-15 21:55:43 UTC (rev 58419)
+++ trunk/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java 2006-11-15 21:57:15 UTC (rev 58420)
@@ -84,7 +84,11 @@
// only pop if it's been pushed
RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
if (authenticationManager == null || callerRunAsIdentity == null)
- SecurityActions.popSubjectContext();
+ {
+ SecurityActions.popSubjectContext();
+ }
+ if(authenticationManager != null)
+ SecurityActions.clearSecurityContext(authenticationManager.getSecurityDomain());
if (invocation.getMetaData("security", "principal") != null)
{
@@ -140,6 +144,8 @@
else
{
SecurityActions.pushSubjectContext(principal, credential, subject);
+ SecurityActions.establishSecurityContext(authenticationManager.getSecurityDomain(),
+ principal, credential, subject);
if (log.isTraceEnabled())
{
log.trace("Authenticated principal=" + principal);
Modified: trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
===================================================================
--- trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java 2006-11-15 21:55:43 UTC (rev 58419)
+++ trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java 2006-11-15 21:57:15 UTC (rev 58420)
@@ -26,15 +26,20 @@
import java.security.Principal;
import java.security.AccessController;
import java.security.PrivilegedActionException;
+import java.util.HashMap;
import java.lang.reflect.UndeclaredThrowableException;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
-
+
import org.jboss.logging.Logger;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContext.SubjectInfo;
+import org.jboss.security.plugins.JBossSecurityContext;
/** A collection of privileged actions for this package
* @author Scott.Stark at jboss.org
@@ -606,4 +611,106 @@
void setContextClassLoader(Thread thread, ClassLoader cl);
}
+
+
+ private static class GetSecurityContextAction implements PrivilegedAction
+ {
+ private String securityDomain;
+ GetSecurityContextAction(String sd)
+ {
+ this.securityDomain = sd;
+ }
+ public Object run()
+ {
+ String sc = SecurityConstants.SECURITY_CONTEXT;
+ HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
+ if(map == null)
+ {
+ map = new HashMap();
+ SecurityAssociation.setContextInfo(sc, map);
+ }
+ SecurityAssociation.setContextInfo(sc, map);
+ return map.get(this.securityDomain);
+ }
+ }
+
+ private static class SetSecurityContextAction implements PrivilegedAction
+ {
+ private SecurityContext securityContext;
+ private String securityDomain;
+ SetSecurityContextAction(SecurityContext sc, String sd)
+ {
+ this.securityContext = sc;
+ this.securityDomain = sd;
+ }
+
+ public Object run()
+ {
+ String sc = SecurityConstants.SECURITY_CONTEXT;
+ HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
+ if(map == null)
+ {
+ map = new HashMap();
+ SecurityAssociation.setContextInfo(sc, map);
+ }
+ map.put(securityDomain, securityContext);
+ SecurityAssociation.setContextInfo(sc, map);
+ return null;
+ }
+ }
+
+ private static class ClearSecurityContextAction implements PrivilegedAction
+ {
+ private String securityDomain;
+ ClearSecurityContextAction(String sd)
+ {
+ this.securityDomain = sd;
+ }
+ public Object run()
+ {
+ String sc = SecurityConstants.SECURITY_CONTEXT;
+ HashMap map = (HashMap)SecurityAssociation.getContextInfo(sc);
+ if(map == null)
+ {
+ map = new HashMap();
+ SecurityAssociation.setContextInfo(sc, map);
+ }
+ if(map.containsKey(securityDomain))
+ map.remove(securityDomain);
+
+ SecurityAssociation.setContextInfo(sc, map);
+ return null;
+ }
+ }
+
+ static void clearSecurityContext(String securityDomain)
+ {
+ ClearSecurityContextAction action = new ClearSecurityContextAction(securityDomain);
+ AccessController.doPrivileged(action);
+ }
+
+ static SecurityContext getSecurityContext(String securityDomain)
+ {
+ GetSecurityContextAction action = new GetSecurityContextAction(securityDomain);
+ return (SecurityContext)AccessController.doPrivileged(action);
+ }
+
+ static void setSecurityContext(SecurityContext sc, String securityDomain)
+ {
+ SetSecurityContextAction action = new SetSecurityContextAction(sc,securityDomain);
+ AccessController.doPrivileged(action);
+ }
+
+ static void establishSecurityContext(String domain, Principal p, Object cred,
+ Subject subject)
+ {
+ JBossSecurityContext jsc = new JBossSecurityContext(domain);
+ SubjectInfo si = jsc.new SubjectInfo();
+ si.setAuthenticatedSubject(subject);
+ si.setAuthenticationCredential(cred);
+ si.setAuthenticationPrincipal(p);
+ jsc.setSubjectInfo(si);
+ SecurityActions.setSecurityContext(jsc, domain);
+ }
+
}
More information about the jboss-cvs-commits
mailing list