[jboss-cvs] JBossAS SVN: r62466 - projects/security/security-jboss-sx/trunk/src/main/org/jboss/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Apr 21 02:41:14 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-04-21 02:41:14 -0400 (Sat, 21 Apr 2007)
New Revision: 62466
Modified:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java
Log:
deprecate the methods and act as facade to security context
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java 2007-04-21 06:40:20 UTC (rev 62465)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java 2007-04-21 06:41:14 UTC (rev 62466)
@@ -28,6 +28,8 @@
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
+import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.plugins.SecurityContextFactory;
/**
* The SecurityAssociation class maintains the security principal and
@@ -54,6 +56,7 @@
*
* @author Daniel O'Connor (docodan at nycap.rr.com)
* @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at redhat.com
* @version $Revision$
*/
public final class SecurityAssociation
@@ -189,7 +192,14 @@
if( trace )
log.trace("getPrincipal, principal="+thePrincipal);
-
+
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ if( trace )
+ log.warn("You are using deprecated api to getPrincipal. Use security context based approach");
+ thePrincipal = sc.getUtil().getUserPrincipal();
+ }
return thePrincipal;
}
@@ -236,10 +246,19 @@
if (sm != null)
sm.checkPermission(getPrincipalInfoPermission);
- if (server)
+ /*if (server)
return threadCredential.get();
else
- return credential;
+ return credential;*/
+
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ if(trace)
+ log.warn("You are using deprecated api to getCredential. Use security context based approach");
+ credential = sc.getUtil().getCredential();
+ }
+ return credential;
}
/**
@@ -264,8 +283,17 @@
if( trace )
log.trace("getSubject, sc="+sc);
Subject subject = null;
- if( sc != null )
+ /*if( sc != null )
subject = sc.getSubject();
+ return subject;*/
+
+ SecurityContext secContext = SecurityContextAssociation.getSecurityContext();
+ if(secContext != null)
+ {
+ if(trace)
+ log.warn("You are using deprecated api to getSubject. Use security context based approach");
+ subject = secContext.getUtil().getSubject();
+ }
return subject;
}
@@ -308,6 +336,16 @@
sc.setPrincipal(principal);
if (trace)
log.trace("setPrincipal, sc="+sc);
+ SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
+ if(securityContext != null)
+ {
+ if(trace)
+ log.warn("Using deprecated API. Move to a security context based approach");
+ Object cred = securityContext.getUtil().getCredential();
+ Subject subj = securityContext.getUtil().getSubject();
+ securityContext.getUtil().createSubjectInfo(principal,cred, subj);
+ }
+
}
/**
@@ -348,6 +386,15 @@
sc.setCredential(credential);
if (trace)
log.trace("setCredential, sc="+sc);
+ SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
+ if(securityContext != null)
+ {
+ if(trace)
+ log.warn("Using deprecated API. Move to a security context based approach");
+ Principal principal = securityContext.getUtil().getUserPrincipal();
+ Subject subj = securityContext.getUtil().getSubject();
+ securityContext.getUtil().createSubjectInfo(principal,credential, subj);
+ }
}
/**
@@ -383,6 +430,18 @@
sc.setSubject(subject);
if (trace)
log.trace("setSubject, sc="+sc);
+
+ SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
+ if(sctx != null)
+ {
+ SubjectInfo si = sctx.getSubjectInfo();
+ if(si != null)
+ {
+ si.setAuthenticatedSubject(subject);
+ }
+ else
+ sctx.getUtil().createSubjectInfo(null, null, subject);
+ }
}
/**
@@ -437,6 +496,7 @@
* @param subject - the authenticated subject
* @param principal - the principal that was input into the authentication
* @param credential - the credential that was input into the authentication
+ * @deprecated
*/
public static void pushSubjectContext(Subject subject,
Principal principal, Object credential)
@@ -461,6 +521,16 @@
threadSubjectStacks.push(sc);
if (trace)
log.trace("pushSubjectContext, subject=" + subject + ", sc="+sc);
+ //Use the new method
+ SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
+ if(sctx == null)
+ {
+ if(trace)
+ log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
+ sctx = SecurityContextFactory.createSecurityContext("FROM_SECURITY_ASSOCIATION");
+ }
+ sctx.getUtil().createSubjectInfo(principal, credential,subject);
+ SecurityContextAssociation.setSecurityContext(sctx);
}
/**
* Push a duplicate of the current SubjectContext if one exists.
@@ -486,6 +556,7 @@
* RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
* permission.
* @return the SubjectContext pushed previously by a pushSubjectContext call
+ * @deprecated
*/
public static SubjectContext popSubjectContext()
{
@@ -521,6 +592,18 @@
SecurityAssociation.credential = credential;
}
+ if(trace)
+ log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
+ if(sc == null)
+ {
+ SecurityContext sctx = SecurityContextAssociation.getSecurityContext();
+ if(sctx != null)
+ {
+ SubjectInfo si = sctx.getSubjectInfo();
+ sc = new SubjectContext(si.getAuthenticatedSubject(), si.getAuthenticationPrincipal(),
+ si.getAuthenticationCredential());
+ }
+ }
return sc;
}
@@ -538,7 +621,16 @@
if (sm != null)
sm.checkPermission(getPrincipalInfoPermission);
- return threadSubjectStacks.peek();
+ //Get the subject context from the security context
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ SubjectContext subjectCtx = null;
+ if( sc != null)
+ {
+ SecurityContextUtil util = sc.getUtil();
+ subjectCtx = new SubjectContext(util.getSubject(), util.getUserPrincipal(), util.getCredential());
+ }
+ return subjectCtx;
+ //return threadSubjectStacks.peek();
}
/**
@@ -568,6 +660,9 @@
}
// Remove all subject contexts
threadSubjectStacks.clear();
+
+ //Clear the security context
+ SecurityContextAssociation.clearSecurityContext();
}
/**
@@ -582,6 +677,11 @@
log.trace("pushRunAsIdentity, runAs=" + runAs);
threadRunAsStacks.push(runAs);
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if( sc != null)
+ {
+ sc.setRunAs(runAs);
+ }
}
/**
@@ -592,10 +692,18 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(setRunAsIdentity);
- RunAsIdentity runAs = threadRunAsStacks.pop();
+ /*RunAsIdentity runAs = threadRunAsStacks.pop();
if (trace)
log.trace("popRunAsIdentity, runAs=" + runAs);
- return runAs;
+ return runAs;*/
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ RunAsIdentity ra = null;
+ if( sc != null)
+ {
+ ra = (RunAsIdentity) sc.getRunAs();
+ sc.setRunAs(null);
+ }
+ return ra;
}
/**
@@ -604,7 +712,14 @@
*/
public static RunAsIdentity peekRunAsIdentity()
{
- return peekRunAsIdentity(0);
+ //return peekRunAsIdentity(0);
+ RunAsIdentity ra = null;
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if( sc != null)
+ {
+ ra = (RunAsIdentity) sc.getRunAs();
+ }
+ return ra;
}
/**
@@ -616,8 +731,22 @@
*/
public static RunAsIdentity peekRunAsIdentity(int depth)
{
- RunAsIdentity runAs = threadRunAsStacks.peek(depth);
- return runAs;
+ //RunAsIdentity runAs = threadRunAsStacks.peek(depth);
+ //return runAs;
+ if(depth > 1)
+ throw new IllegalArgumentException("Security Context approach needs to be used. Depth upto 1");
+ if(depth == 0)
+ return peekRunAsIdentity();
+ else
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ RunAsIdentity ra = null;
+ if( sc != null)
+ {
+ ra = (RunAsIdentity) sc.getUtil().getCallerRunAs();
+ }
+ return ra;
+ }
}
/**
More information about the jboss-cvs-commits
mailing list