[jboss-cvs] JBossAS SVN: r62460 - projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Sat Apr 21 02:35:03 EDT 2007


Author: anil.saldhana at jboss.com
Date: 2007-04-21 02:35:03 -0400 (Sat, 21 Apr 2007)
New Revision: 62460

Removed:
   projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java
Log:
remove jaspi prototype as these will be present in the authentication managers

Deleted: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java	2007-04-21 06:34:53 UTC (rev 62459)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java	2007-04-21 06:35:03 UTC (rev 62460)
@@ -1,480 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins;
- 
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.lang.reflect.UndeclaredThrowableException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.Configuration; 
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthParam;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.config.ServerAuthContext;
-import javax.security.auth.message.module.ServerAuthModule;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.GeneralizedAuthenticationManager;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.auth.container.config.AuthModuleEntry;
-import org.jboss.security.auth.login.AuthenticationInfo;
-import org.jboss.security.auth.login.BaseAuthenticationInfo;
-import org.jboss.security.auth.login.JASPIAuthenticationInfo;
-import org.jboss.security.auth.login.LoginModuleStackHolder;
-import org.jboss.security.auth.login.XMLLoginConfigImpl;
-import org.jboss.security.auth.message.GenericAuthParam;
-
-//$Id$
-
-/**
- *  Security Manager that is based on the new GeneralizedAuthenticationManager 
- *  @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- *  @since  Dec 29, 2005 
- *  @version $Revision$
- */
-public class JASPISecurityManager 
-implements GeneralizedAuthenticationManager 
-{    
-   /** The name of the domain this instance is securing. It is used as
-    the appName into the SecurityPolicy.
-    */
-   protected String securityDomain;
-   /** The JAAS callback handler */
-   protected CallbackHandler handler;
-   /** The setSecurityInfo(Principal, Object) method of the handler obj */
-   private Method setSecurityInfo; 
-   
-   private ThreadLocal sharedStateLocal = new ThreadLocal();
-   
-   private List serverAuthModules = new ArrayList();
-   
-   /** The log4j category for the security manager domain
-    */
-   protected Logger log;
-   protected boolean trace;
-   
-   /** 
-    * Creates a default JaasSecurityManager for with a 
-    * securityDomain name of 'other'.
-    */
-   public JASPISecurityManager()
-   {
-      this("other", new SecurityAssociationHandler());
-   }
-   
-   
-   /** Creates a JaasSecurityManager for with a securityDomain 
-    * name of that given by the 'securityDomain' argument. 
-    * @param securityDomain the name of the security domain 
-    * @param handler the JAAS callback handler instance to use
-    * @exception UndeclaredThrowableException thrown if handler does not 
-    * implement a setSecurityInfo(Princpal, Object) method
-    */
-   public JASPISecurityManager(String securityDomain, CallbackHandler handler)
-   {
-      this.securityDomain = securityDomain;
-      this.handler = handler;
-      String categoryName = getClass().getName()+'.'+securityDomain;
-      this.log = Logger.getLogger(categoryName);
-      this.trace = log.isTraceEnabled();
-      
-      // Get the setSecurityInfo(Principal principal, Object credential) method
-      Class[] sig = {Principal.class, Object.class};
-      try
-      {
-         setSecurityInfo = handler.getClass().getMethod("setSecurityInfo", sig);
-      }
-      catch (Exception e)
-      {
-         String msg = "Failed to find setSecurityInfo(Princpal, Object) method in handler";
-         throw new UndeclaredThrowableException(e, msg);
-      }
-      log.debug("CallbackHandler: "+handler); 
-      this.configureServerAuthModules(handler);
-   }
-   
-   
-   //********************************************************
-   // AuthenticationManager Interface Methods
-   //********************************************************
-   /**
-    * @see AuthenticationManager#getSecurityDomain()
-    */
-   public String getSecurityDomain()
-   {
-      return securityDomain;
-   }
-   
-   /**
-    * @see AuthenticationManager#isValid(Principal, Object)
-    */
-   public boolean isValid(Principal principal, Object credential)
-   {
-      return isValid(principal, credential, null);
-   }
-   
-   /**
-    * @see AuthenticationManager#isValid(Principal, Object, Subject)
-    */
-   public boolean isValid(Principal principal, Object credential, Subject activeSubject)
-   {
-      boolean isValid = authenticate(principal, credential, activeSubject);
-      if( trace )
-         log.trace("End isValid, "+isValid);
-      return isValid;
-   }
-   
-   /**
-    * @see AuthenticationManager#getActiveSubject()
-    */
-   public Subject getActiveSubject()
-   {
-      /* This does not use SubjectActions.getActiveSubject since the caller
-       must have the correct permissions to access the
-       SecurityAssociation.getSubject method.
-       */
-      return SecurityAssociation.getSubject();
-   }
-   
-   //********************************************************
-   // ServerAuthContext Interface Methods
-   //********************************************************
-   /**
-    * @see ServerAuthContext#cleanSubject(Subject, Map)
-    */
-   public void cleanSubject(Subject subject, Map sharedState) throws AuthException
-   {
-      updateSharedState(sharedState);
-      int len = this.serverAuthModules.size();
-      for(int i = 0 ; i < len ; i++)
-      {
-         ServerAuthModule sam = (ServerAuthModule)this.serverAuthModules.get(i);
-         sam.cleanSubject(subject, (Map)this.sharedStateLocal.get() );
-      } 
-   } 
-   
-   /**
-    * @see ServerAuthContext#secureResponse(AuthParam, Subject, Map)
-    */
-   public AuthStatus secureResponse(AuthParam authParam, Subject source, 
-         Map sharedState) throws AuthException
-   { 
-      throw new IllegalStateException("NotImplemented Yet"); 
-   }
-   
-   /**
-    * @see ServerAuthContext#validateRequest(AuthParam, Subject, Subject, Map)
-    */
-   public AuthStatus validateRequest(AuthParam authParam, Subject source, 
-         Subject recipient, Map sharedState) 
-   throws AuthException
-   {  
-      //TODO: Implement an authentication cache
-      AuthStatus status = AuthStatus.FAIL;
-      AuthException authException = null;
-      
-      if(authParam == null)
-         throw new IllegalArgumentException("Illegal Null Argument:authParam");
-      
-      if(source == null)
-         source = new Subject();
-      
-      CallbackHandler theHandler = populateCallbackHandler(sharedState); 
-      updateSharedState(sharedState);
-      this.serverAuthModules.clear();
-      this.configureServerAuthModules(theHandler);
-      int len = this.serverAuthModules.size();
-      try
-      {
-         for(int i = 0 ; i < len; i++)
-         {
-            ServerAuthModule sam = (ServerAuthModule)this.serverAuthModules.get(i);  
-            do
-            {
-               status = sam.validateRequest(authParam, source, recipient, 
-                     (HashMap)this.sharedStateLocal.get());
-            }while(status.equals(AuthStatus.RETRY)); 
-            if(status.equals(AuthStatus.FAIL))
-               break;
-         }  
-      } 
-      catch(AuthException e)
-      {
-         authException = e;
-         //Set the security association thread context info exception
-         SubjectActions.setContextInfo("org.jboss.security.exception", authException);
-         throw e;
-      }
-      
-      if(status.equals(AuthStatus.PROCEED))
-      {
-         //Reset any old AuthExceptions
-         SubjectActions.setContextInfo("org.jboss.security.exception", authException); 
-         //Push the subject onto the SecurityAssociation
-         SubjectActions.pushSubjectContext(null,null,source);  
-      }
-      return status;
-   }  
-   
-   /**
-    * @see AuthenticationManager#getTargetPrincipal(Principal,Map)
-    */
-   public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map contextMap)
-   {
-      throw new RuntimeException("Not implemented yet");
-   }
-   
-   // ********************************************************
-   // Custom Methods
-   //********************************************************  
-   /** flush the cache policy for the indicated security domain if one exists.
-    * @param securityDomain the name of the security domain cache
-    */
-   public void flushAuthenticationCache()
-   {  
-   }
-
-   /** Flush a principal's authentication cache entry associated with the
-    * given securityDomain.
-    *
-    * @param securityDomain the name of the security domain cache
-    * @param user the principal of the user to flush
-    */
-   public void flushAuthenticationCache(Principal user)
-   { 
-   }  
-    
-   
-   /** Currently this delegates to the 
-    * @see #validateRequest(AuthParam, Subject, Subject, Map)
-    * method with a GenericAuthParam and the principal/credential
-    * passed via the shared map
-    
-    * @param principal - the user id to authenticate
-    * @param credential - an opaque credential.
-    * @return false on failure, true on success.
-    */
-   protected boolean authenticate(Principal principal, Object credential,
-         Subject theSubject)
-   {
-      boolean isValid = false;
-      
-      Map sharedState = (Map)this.sharedStateLocal.get();
-      if(sharedState == null)
-         sharedState = new HashMap();
-      sharedState.put("javax.security.auth.login.name", principal);
-      sharedState.put("javax.security.auth.login.password", credential);
-      try
-      {
-         AuthStatus status = this.validateRequest(new GenericAuthParam(),
-               theSubject, null,sharedState);
-         if(status.equals(AuthStatus.PROCEED))
-            isValid = true;
-      }
-      catch(AuthException e)
-      {   
-      }
-      return isValid; 
-   }  
-    
-   
-   private JASPIAuthenticationInfo getAuthenticationInfo()
-   {  
-      BaseAuthenticationInfo authInfo = getBaseAuthenticationInfo();
-      if(authInfo == null)
-         throw new IllegalStateException("authInfo is null");
-      if(authInfo instanceof AuthenticationInfo)
-      {
-         return convertJaasConfigToJASPI(authInfo);
-      }
-      else if(authInfo instanceof JASPIAuthenticationInfo)
-         return (JASPIAuthenticationInfo)authInfo; 
-      
-      throw new IllegalStateException("AuthenticationInfo for securityDomain=" + securityDomain 
-            + " not found");
-   }  
-   
-   private BaseAuthenticationInfo getBaseAuthenticationInfo()
-   {
-      /**
-       * We need to move away from the XMLLoginConfigImpl (extension of Configuration)
-       * to provide a better configuration capabilities for JASPI
-       */
-      Configuration config = Configuration.getConfiguration();
-      if(config instanceof XMLLoginConfigImpl == false)
-         throw new IllegalStateException("Configuration not an instanceof XMLLoginConfigImpl");
-      
-      XMLLoginConfigImpl xmlConfig = (XMLLoginConfigImpl)config; 
-      BaseAuthenticationInfo bai = xmlConfig.getAuthenticationInfo(this.securityDomain);
-      if(bai == null )
-      {
-         String defaultDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
-         if( trace)
-            log.trace("App Config for securityDomain=" + securityDomain + 
-                  "not found. Defaulting to securityDomain=" + defaultDomain);
-         bai = xmlConfig.getAuthenticationInfo(defaultDomain);
-      }
-         
-      return bai;
-   } 
-   
-   private JASPIAuthenticationInfo convertJaasConfigToJASPI(BaseAuthenticationInfo authInfo)
-   {  
-      if(authInfo instanceof AuthenticationInfo == false)
-         throw new IllegalArgumentException("authInfo not an instance of Jaas AuthenticationInfo");
-      AuthenticationInfo aInfo = (AuthenticationInfo)authInfo;
-      LoginModuleStackHolder lmsh = new LoginModuleStackHolder(this.securityDomain,
-            Arrays.asList(aInfo.getAppConfigurationEntry()));
-      AuthModuleEntry authEntry = new AuthModuleEntry(SecurityConstants.JASPI_DELEGATING_MODULE, 
-            null, null); 
-      authEntry.setLoginModuleStackHolder(lmsh); 
-      
-      JASPIAuthenticationInfo jaspi = new JASPIAuthenticationInfo(this.securityDomain);
-      jaspi.add(authEntry);
-      return jaspi;
-   }  
-   
-   /**
-    * Method where a ServerAuthModule gets configured
-    * 
-    * @param entry
-    * @return
-    */
-   private ServerAuthModule getServerAuthModule(AuthModuleEntry entry,
-         CallbackHandler theHandler) throws AuthException
-   {
-      String errorMsg = "Cannot instantiate " + entry.getAuthModuleName() + "::";
-      ServerAuthModule sam = null;
-      Class authClass = null;
-      try
-      {
-         authClass = SubjectActions.getContextClassLoader().loadClass(entry.getAuthModuleName());
-         if(entry.getAuthModuleName().equals(SecurityConstants.JASPI_DELEGATING_MODULE))
-         { 
-            Constructor ctr = authClass.getConstructor(new Class[] {LoginModuleStackHolder.class});
-            sam = (ServerAuthModule)ctr.newInstance(new Object[]{entry.getLoginModuleStackHolder()}); 
-         }
-         else
-         {
-            sam = (ServerAuthModule)authClass.newInstance();
-         } 
-      } 
-      catch (SecurityException e)
-      {
-         throw new IllegalStateException(errorMsg + e.getLocalizedMessage());
-      }
-      catch (Exception e)
-      {
-         throw new IllegalStateException(errorMsg + e.getLocalizedMessage());
-      } 
-      
-      //Initialize the sam
-      Map options = entry.getOptions();
-      sam.initialize(null, null, theHandler, options);
-      return sam;
-   } 
-   
-   /**
-    * Configure the ServerAuthModules from the configuration
-    *
-    */
-   private void configureServerAuthModules(CallbackHandler theHandler)
-   {
-      //Here we go through the stack of ServerAuthModules and call validateRequest
-      JASPIAuthenticationInfo jAuthInfo = getAuthenticationInfo();
-      AuthModuleEntry[] entries = jAuthInfo.getAuthModuleEntry();
-      int lenOfEntries = entries != null ? entries.length : 0;
-       
-      for(int i=0; i < lenOfEntries; i++)
-      { 
-         AuthModuleEntry entry = entries[i]; 
-         try
-         {
-            this.serverAuthModules.add( getServerAuthModule(entry, theHandler)); 
-         }catch(AuthException ae)
-         {
-            log.error("Configuration of server auth modules failed::" + ae.getLocalizedMessage());
-         } 
-      } 
-   }
-   
-   /**
-    * This method updates the threadlocal storage of a common shared state map 
-    * 
-    * @param sharedState
-    */ 
-   private void updateSharedState(Map sharedState)
-   {
-      HashMap _sharedStateMap = (HashMap)this.sharedStateLocal.get();
-      if(sharedState != null)
-      { 
-         if(_sharedStateMap == null)
-            _sharedStateMap = new HashMap(sharedState);
-         else
-            _sharedStateMap.putAll(sharedState);
-         this.sharedStateLocal.set(_sharedStateMap);
-      }
-   }
-   
-   /**
-    * Update the CBH with principal/credential passed in the sharedState
-    * @param sharedState Map
-    * @return Preconfigured CBH
-    */
-   private CallbackHandler populateCallbackHandler(Map sharedState)
-   {
-      CallbackHandler theHandler = handler;
-      /* We use our internal CallbackHandler to provide the security info. A
-      copy must be made to ensure there is a unique handler per active
-      login since there can be multiple active logins.
-      */  
-      if(sharedState != null)
-      {
-         Principal principal = (Principal) sharedState.get("javax.security.auth.login.name");
-         Object credential = sharedState.get("javax.security.auth.login.password"); 
-         Object[] securityInfo = {principal, credential}; 
-         try
-         { 
-            theHandler = (CallbackHandler) handler.getClass().newInstance();
-            setSecurityInfo.invoke(theHandler, securityInfo);
-         }
-         catch (Throwable e)
-         {
-            if( trace )
-               log.trace("Failed to create/setSecurityInfo on handler", e);
-            throw new IllegalStateException("Failed to setSecurityInfo on handler"); 
-         } 
-      } 
-      return theHandler;
-   }
-}




More information about the jboss-cvs-commits mailing list