[jboss-cvs] JBossAS SVN: r68085 - in trunk/security/src/main/org/jboss/security: plugins and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sun Dec 9 18:49:29 EST 2007
Author: anil.saldhana at jboss.com
Date: 2007-12-09 18:49:29 -0500 (Sun, 09 Dec 2007)
New Revision: 68085
Added:
trunk/security/src/main/org/jboss/security/integration/SecurityConstantsBridge.java
Modified:
trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Log:
caching fixes in security management
Modified: trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2007-12-09 23:44:08 UTC (rev 68084)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2007-12-09 23:49:29 UTC (rev 68085)
@@ -27,6 +27,7 @@
import javax.naming.Context;
import javax.naming.InitialContext;
+import javax.naming.NamingException;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
@@ -72,18 +73,19 @@
protected String mappingMgrClass = "org.jboss.security.plugins.mapping.JBossMappingManager";
- protected CallbackHandler callBackHandler = new SecurityAssociationHandler();
+ protected CallbackHandler callBackHandler = new SecurityAssociationHandler();
- protected String cachePolicyName = TimedCachePolicy.class.getName();
-
/** Enable the IdentityTrust feature */
protected boolean enableIdentity = false;
/** Enable the Audit feature */
protected boolean enableAudit = true;
+
+ private CachePolicy cachePolicy = null;
+
public JNDIBasedSecurityManagement()
- {
+ {
}
public AuditManager getAuditManager(String securityDomain)
@@ -205,17 +207,72 @@
this.BASE_CTX = ctx;
}
- public void setCachePolicyName(String cachePolicyName)
+ public void setCachePolicy(CachePolicy cp)
{
- this.cachePolicyName = cachePolicyName;
+ this.cachePolicy = cp;
+ }
+
+ /** Set the indicated security domain cache timeout. This only has an
+ effect if the security domain is using the default jboss TimedCachePolicy
+ implementation.
+
+ @param securityDomain the name of the security domain cache
+ @param timeoutInSecs - the cache timeout in seconds.
+ @param resInSecs - resolution of timeouts in seconds.
+ */
+ public static void setCacheTimeout(String securityDomain, int timeoutInSecs, int resInSecs)
+ {
+ SecurityDomainContext securityDomainCtx = (SecurityDomainContext) securityMgrMap.get(securityDomain);
+ if(securityDomainCtx == null)
+ {
+ try
+ {
+ String lookupStr = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain;
+ securityDomainCtx = (SecurityDomainContext) new InitialContext().lookup(lookupStr);
+ securityMgrMap.put(securityDomain, securityDomainCtx);
+ }
+ catch (NamingException e)
+ {
+ log.trace("SetCacheTimeOut:Failed to look up SecurityDomainCtx:"+securityDomain);
+ }
+ }
+ if(securityDomainCtx != null)
+ {
+ CachePolicy cache = securityDomainCtx.getAuthenticationCache();
+ if( cache != null && cache instanceof TimedCachePolicy )
+ {
+ TimedCachePolicy tcp = (TimedCachePolicy) cache;
+ synchronized( tcp )
+ {
+ tcp.setDefaultLifetime(timeoutInSecs);
+ tcp.setResolution(resInSecs);
+ }
+ }
+ else
+ {
+ log.warn("Failed to find cache policy for securityDomain='"
+ + securityDomain + "'");
+ }
+ }
+ }
+
+ public static void setDefaultCacheTimeout(int defaultCacheTimeout)
+ {
+ SecurityConstantsBridge.defaultCacheTimeout = defaultCacheTimeout;
}
-
+
+ public static void setDefaultCacheResolution(int defaultCacheResolution)
+ {
+ SecurityConstantsBridge.defaultCacheResolution = defaultCacheResolution;
+ }
+
public SecurityDomainContext createSecurityDomainContext(String domain) throws Exception
- {
- CachePolicy cachePolicy = (CachePolicy)createObject(this.cachePolicyName);
- if(cachePolicy != null )
- cachePolicy.create();
+ {
AuthenticationManager am = createAuthenticationManager(domain);
+ if(cachePolicy == null)
+ {
+ cachePolicy = createDefaultCachePolicy();
+ }
//Set security cache if the auth manager implementation supports it
setSecurityDomainCache(am, cachePolicy);
//Set DeepCopySubject option if supported
@@ -253,7 +310,9 @@
sdc.setAuthenticationManager(jsd);
}
securityMgrMap.put(domain, sdc);
- }
+ }
+
+ // Private Methods
private Object lookUpJNDI(String ctxName)
{
@@ -290,11 +349,11 @@
return (AuditManager) ctr.newInstance(new Object[]{ securityDomain});
}
- private MappingManager createMappingManager(String securityDomain) throws Exception
+ private MappingManager<?> createMappingManager(String securityDomain) throws Exception
{
Class<?> clazz = SecurityActions.getContextClassLoader().loadClass(mappingMgrClass);
Constructor<?> ctr = clazz.getConstructor(new Class[] { String.class});
- return (MappingManager) ctr.newInstance(new Object[]{ securityDomain});
+ return (MappingManager<?>) ctr.newInstance(new Object[]{ securityDomain});
}
private IdentityTrustManager createIdentityTrustManager(String securityDomain) throws Exception
@@ -354,4 +413,19 @@
log.trace("Optional setDeepCopySubjectMode failed" + e2.getLocalizedMessage());
}
}
+
+ /**
+ * Create a Default Cache Policy
+ * @return
+ */
+ private CachePolicy createDefaultCachePolicy()
+ {
+ TimedCachePolicy cachePolicy =
+ new TimedCachePolicy(SecurityConstantsBridge.defaultCacheTimeout,
+ true,
+ SecurityConstantsBridge.defaultCacheResolution);
+ cachePolicy.create();
+ cachePolicy.start();
+ return cachePolicy;
+ }
}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/SecurityConstantsBridge.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/SecurityConstantsBridge.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/SecurityConstantsBridge.java 2007-12-09 23:49:29 UTC (rev 68085)
@@ -0,0 +1,37 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration;
+
+//$Id$
+
+/**
+ * Bridge between the legacy JaasSecurityManagerService
+ * and the new SecurityManagement POJOs
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 9, 2007
+ * @version $Revision$
+ */
+public class SecurityConstantsBridge
+{
+ public static int defaultCacheTimeout = 30*60;
+ public static int defaultCacheResolution = 60;
+}
Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2007-12-09 23:44:08 UTC (rev 68084)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2007-12-09 23:49:29 UTC (rev 68085)
@@ -21,20 +21,20 @@
*/
package org.jboss.security.plugins;
+import java.beans.PropertyEditorManager;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.Principal;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.Enumeration;
import java.util.Hashtable;
-import java.util.Set;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import java.util.Iterator;
-import java.beans.PropertyEditorManager;
-
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
import javax.naming.CommunicationException;
import javax.naming.Context;
import javax.naming.InitialContext;
@@ -48,19 +48,21 @@
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.naming.spi.ObjectFactory;
+import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityDomain;
import org.jboss.security.SecurityProxyFactory;
-import org.jboss.security.SecurityDomain;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.integration.JNDIBasedSecurityManagement;
+import org.jboss.security.integration.SecurityConstantsBridge;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.propertyeditor.PrincipalEditor;
import org.jboss.security.propertyeditor.SecurityDomainEditor;
@@ -217,6 +219,7 @@
public void setDefaultCacheTimeout(int timeoutInSecs)
{
defaultCacheTimeout = timeoutInSecs;
+ SecurityConstantsBridge.defaultCacheTimeout = timeoutInSecs;
}
/** Get the default timed cache policy resolution.
*/
@@ -231,6 +234,7 @@
public void setDefaultCacheResolution(int resInSecs)
{
defaultCacheResolution = resInSecs;
+ SecurityConstantsBridge.defaultCacheResolution = resInSecs;
}
/**
@@ -287,6 +291,9 @@
log.warn("Failed to find cache policy for securityDomain='"
+ securityDomain + "'");
}
+
+ //Set the CacheTimeOut on JNDIBasedSecurityManagement
+ JNDIBasedSecurityManagement.setCacheTimeout(securityDomain, timeoutInSecs, resInSecs);
}
/** flush the cache policy for the indicated security domain if one exists.
More information about the jboss-cvs-commits
mailing list