[jboss-cvs] JBossAS SVN: r60319 - projects/security/trunk/src/main/org/jboss/security/jndi.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Feb 6 00:52:39 EST 2007
Author: scott.stark at jboss.org
Date: 2007-02-06 00:52:39 -0500 (Tue, 06 Feb 2007)
New Revision: 60319
Modified:
projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java
projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java
Log:
JBAS-2523, add jnp.multi-threaded and jnp.restoreLoginIdentity options.
Modified: projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java
===================================================================
--- projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java 2007-02-06 05:44:57 UTC (rev 60318)
+++ projects/security/trunk/src/main/org/jboss/security/jndi/JndiLoginInitialContextFactory.java 2007-02-06 05:52:39 UTC (rev 60319)
@@ -1,31 +1,36 @@
/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.jndi;
+import org.jboss.naming.NamingContextFactory;
import org.jboss.security.SimplePrincipal;
-import org.jnp.interfaces.NamingContextFactory;
import javax.naming.Context;
import javax.naming.NamingException;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
import java.security.Principal;
import java.util.Hashtable;
@@ -64,6 +69,21 @@
Object credentials = env.get(Context.SECURITY_CREDENTIALS);
Object principal = env.get(Context.SECURITY_PRINCIPAL);
Principal securityPrincipal = null;
+ /** Flag indicating if the SecurityAssociation existing at login should
+ be restored on logout.
+ */
+ String flag = (String) env.get("jnp.multi-threaded");
+ if (Boolean.valueOf(flag).booleanValue() == true)
+ {
+ /* Turn on the server mode which uses thread local storage for
+ the principal information.
+ */
+ SecurityAssociationActions.setServer();
+ }
+ boolean restoreLoginIdentity = false;
+ flag = (String) env.get("jnp.restoreLoginIdentity");
+ if( flag != null )
+ restoreLoginIdentity = Boolean.parseBoolean(flag);
// See if the principal is a Principal or String
if( principal instanceof Principal )
{
@@ -76,10 +96,65 @@
securityPrincipal = new SimplePrincipal(username);
}
// Associate this security context
- SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials);
+ if( restoreLoginIdentity )
+ {
+ SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials, null);
+ }
+ else
+ {
+ SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials);
+ }
// Now return the context using the standard jnp naming context factory
Context iniCtx = super.getInitialContext(env);
+ if( restoreLoginIdentity )
+ {
+ // Use a proxy to pop the stack when the context is closed
+ ClassLoader loader = SecurityAssociationActions.getContextClassLoader();
+ ContextProxy handler = new ContextProxy(iniCtx);
+ Class[] ifaces = {Context.class};
+ iniCtx = (Context) Proxy.newProxyInstance(loader, ifaces, handler);
+ }
return iniCtx;
}
+ /**
+ *
+ */
+ public static class ContextProxy implements InvocationHandler
+ {
+ private Context delegate;
+ ContextProxy(Context delegate)
+ {
+ this.delegate = delegate;
+ }
+ public Object invoke(Object proxy, Method method, Object[] args)
+ throws Throwable
+ {
+ boolean close = false;
+ try
+ {
+ close = method.getName().equals("close");
+ return method.invoke(delegate, args);
+ }
+ catch(InvocationTargetException e)
+ {
+ throw e.getTargetException();
+ }
+ finally
+ {
+ if( close )
+ {
+ // Pop the security context on close
+ try
+ {
+ SecurityAssociationActions.popPrincipalInfo();
+ }
+ catch(Throwable ignore)
+ {
+ }
+ }
+ }
+ }
+
+ }
}
Modified: projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java
===================================================================
--- projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java 2007-02-06 05:44:57 UTC (rev 60318)
+++ projects/security/trunk/src/main/org/jboss/security/jndi/SecurityAssociationActions.java 2007-02-06 05:52:39 UTC (rev 60319)
@@ -1,30 +1,32 @@
/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.jndi;
import java.security.PrivilegedAction;
import java.security.Principal;
-import java.security.AccessController;
+import java.security.AccessController;
+import javax.security.auth.Subject;
+
import org.jboss.security.SecurityAssociation;
/** A PrivilegedAction implementation for setting the SecurityAssociation
@@ -35,6 +37,27 @@
*/
class SecurityAssociationActions
{
+ private static class SetPrincipalInfoStackAction implements PrivilegedAction
+ {
+ Principal principal;
+ Object credential;
+ Subject subject;
+ SetPrincipalInfoStackAction(Principal principal, Object credential, Subject subject)
+ {
+ this.principal = principal;
+ this.credential = credential;
+ this.subject = subject;
+ }
+ public Object run()
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ credential = null;
+ principal = null;
+ subject = null;
+ return null;
+ }
+ }
+
private static class SetPrincipalInfoAction implements PrivilegedAction
{
Principal principal;
@@ -53,11 +76,58 @@
return null;
}
}
+ private static class PopPrincipalInfoAction implements PrivilegedAction
+ {
+ public Object run()
+ {
+ SecurityAssociation.popSubjectContext();
+ return null;
+ }
+ }
+ private static class GetTCLAction implements PrivilegedAction
+ {
+ static PrivilegedAction ACTION = new GetTCLAction();
+ public Object run()
+ {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ return loader;
+ }
+ }
+
+ private static class SetServerAction implements PrivilegedAction
+ {
+ static PrivilegedAction ACTION = new SetServerAction();
+ public Object run()
+ {
+ SecurityAssociation.setServer();
+ return null;
+ }
+ }
static void setPrincipalInfo(Principal principal, Object credential)
{
SetPrincipalInfoAction action = new SetPrincipalInfoAction(principal, credential);
AccessController.doPrivileged(action);
}
+ static void setPrincipalInfo(Principal principal, Object credential, Subject subject)
+ {
+ SetPrincipalInfoStackAction action = new SetPrincipalInfoStackAction(principal, credential, subject);
+ AccessController.doPrivileged(action);
+ }
+ static void popPrincipalInfo()
+ {
+ PopPrincipalInfoAction action = new PopPrincipalInfoAction();
+ AccessController.doPrivileged(action);
+ }
+ static void setServer()
+ {
+ AccessController.doPrivileged(SetServerAction.ACTION);
+ }
+ static ClassLoader getContextClassLoader()
+ {
+ ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
+ return loader;
+ }
+
}
More information about the jboss-cvs-commits
mailing list