[jboss-cvs] JBossAS SVN: r60319 - projects/security/trunk/src/main/org/jboss/security/jndi.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Feb 6 00:52:39 EST 2007 

Author: scott.stark at jboss.org
Date: 2007-02-06 00:52:39 -0500 (Tue, 06 Feb 2007)
New Revision: 60319

Modified:
   projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java
   projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java
Log:
JBAS-2523, add jnp.multi-threaded and jnp.restoreLoginIdentity options.

Modified: projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java
===================================================================
--- projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java	2007-02-06 05:44:57 UTC (rev 60318)
+++ projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java	2007-02-06 05:52:39 UTC (rev 60319)
@@ -1,31 +1,36 @@
 /*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
 package org.jboss.security.jndi;
 
+import org.jboss.naming.NamingContextFactory;
 import org.jboss.security.SimplePrincipal;
-import org.jnp.interfaces.NamingContextFactory;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
 import java.security.Principal;
 import java.util.Hashtable;
 
@@ -64,6 +69,21 @@
       Object credentials = env.get(Context.SECURITY_CREDENTIALS);
       Object principal = env.get(Context.SECURITY_PRINCIPAL);
       Principal securityPrincipal = null;
+      /** Flag indicating if the SecurityAssociation existing at login should
+      be restored on logout.
+      */
+      String flag = (String) env.get("jnp.multi-threaded");
+      if (Boolean.valueOf(flag).booleanValue() == true)
+      {
+         /* Turn on the server mode which uses thread local storage for
+            the principal information.
+         */
+         SecurityAssociationActions.setServer();
+      }
+      boolean restoreLoginIdentity = false;
+      flag = (String) env.get("jnp.restoreLoginIdentity");
+      if( flag != null )
+         restoreLoginIdentity = Boolean.parseBoolean(flag);
       // See if the principal is a Principal or String
       if( principal instanceof Principal )
       {
@@ -76,10 +96,65 @@
          securityPrincipal = new SimplePrincipal(username);
       }
       // Associate this security context
-      SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials);
+      if( restoreLoginIdentity )
+      {
+         SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials, null);
+      }
+      else
+      {
+         SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials);
+      }
       // Now return the context using the standard jnp naming context factory
       Context iniCtx = super.getInitialContext(env);
+      if( restoreLoginIdentity )
+      {
+         // Use a proxy to pop the stack when the context is closed
+         ClassLoader loader = SecurityAssociationActions.getContextClassLoader();
+         ContextProxy handler = new ContextProxy(iniCtx);
+         Class[] ifaces = {Context.class};
+         iniCtx = (Context) Proxy.newProxyInstance(loader, ifaces, handler);
+      }
       return iniCtx;
    }
 
+   /**
+    * 
+    */
+   public static class ContextProxy implements InvocationHandler
+   {
+      private Context delegate;
+      ContextProxy(Context delegate)
+      {
+         this.delegate = delegate;
+      }
+      public Object invoke(Object proxy, Method method, Object[] args)
+         throws Throwable
+      {
+         boolean close = false;
+         try
+         {
+            close = method.getName().equals("close");
+            return method.invoke(delegate, args);
+         }
+         catch(InvocationTargetException e)
+         {
+            throw e.getTargetException();
+         }
+         finally
+         {
+            if( close )
+            {
+               // Pop the security context on close
+               try
+               {
+                  SecurityAssociationActions.popPrincipalInfo();
+               }
+               catch(Throwable ignore)
+               {
+               }
+            }
+         }
+      }
+      
+   }
 }

Modified: projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java
===================================================================
--- projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java	2007-02-06 05:44:57 UTC (rev 60318)
+++ projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java	2007-02-06 05:52:39 UTC (rev 60319)
@@ -1,30 +1,32 @@
 /*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
 package org.jboss.security.jndi;
 
 import java.security.PrivilegedAction;
 import java.security.Principal;
-import java.security.AccessController; 
+import java.security.AccessController;
 
+import javax.security.auth.Subject;
+
 import org.jboss.security.SecurityAssociation;
 
 /** A PrivilegedAction implementation for setting the SecurityAssociation
@@ -35,6 +37,27 @@
  */
 class SecurityAssociationActions
 {
+   private static class SetPrincipalInfoStackAction implements PrivilegedAction
+   {
+      Principal principal;
+      Object credential;
+      Subject subject;
+      SetPrincipalInfoStackAction(Principal principal, Object credential, Subject subject)
+      {
+         this.principal = principal;
+         this.credential = credential;
+         this.subject = subject;
+      }
+      public Object run()
+      {
+         SecurityAssociation.pushSubjectContext(subject, principal, credential);
+         credential = null;
+         principal = null;
+         subject = null;
+         return null;
+      }
+   }
+
    private static class SetPrincipalInfoAction implements PrivilegedAction
    {
       Principal principal;
@@ -53,11 +76,58 @@
          return null;
       }
    }
+   private static class PopPrincipalInfoAction implements PrivilegedAction
+   {
+      public Object run()
+      {
+         SecurityAssociation.popSubjectContext();
+         return null;
+      }
+   }
 
+   private static class GetTCLAction implements PrivilegedAction
+   {
+      static PrivilegedAction ACTION = new GetTCLAction();
+      public Object run()
+      {
+         ClassLoader loader = Thread.currentThread().getContextClassLoader();
+         return loader;
+      }
+   }
+
+   private static class SetServerAction implements PrivilegedAction
+   {
+      static PrivilegedAction ACTION = new SetServerAction();
+      public Object run()
+      {
+         SecurityAssociation.setServer();
+         return null;
+      }
+   }
    static void setPrincipalInfo(Principal principal, Object credential)
    {
       SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential);
       AccessController.doPrivileged(action);
    }
+   static void setPrincipalInfo(Principal principal, Object credential, Subject subject)
+   {
+      SetPrincipalInfoStackAction action = new SetPrincipalInfoStackAction(principal, credential, subject);
+      AccessController.doPrivileged(action);
+   }
+   static void popPrincipalInfo()
+   {
+      PopPrincipalInfoAction action = new PopPrincipalInfoAction();
+      AccessController.doPrivileged(action);
+   }
 
+   static void setServer()
+   {
+      AccessController.doPrivileged(SetServerAction.ACTION);
+   }
+   static ClassLoader getContextClassLoader()
+   {
+      ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
+      return loader;
+   }
+
 }

More information about the jboss-cvs-commits mailing list