[jboss-cvs] JBossAS SVN: r67051 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Nov 13 18:03:07 EST 2007 

Author: anil.saldhana at jboss.com
Date: 2007-11-13 18:03:07 -0500 (Tue, 13 Nov 2007)
New Revision: 67051

Modified:
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
Log:
JBAS-4751: consolidate the thread local holding the Request object to be in the SecurityAssociationValve so that we can remove the thread local for the active servlet name in JBossWebRealm

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2007-11-13 22:54:27 UTC (rev 67050)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2007-11-13 23:03:07 UTC (rev 67051)
@@ -31,7 +31,6 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -49,27 +48,27 @@
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.deploy.SecurityConstraint;
 import org.apache.catalina.realm.GenericPrincipal;
-import org.apache.catalina.realm.RealmBase; 
+import org.apache.catalina.realm.RealmBase;
 import org.jboss.logging.Logger;
 import org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData;
 import org.jboss.metadata.javaee.spec.SecurityRoleRefsMetaData;
-import org.jboss.metadata.web.jboss.JBossWebMetaData; 
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
 import org.jboss.metadata.web.spec.ServletMetaData;
 import org.jboss.security.AuthorizationManager;
 import org.jboss.security.CertificatePrincipal;
 import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityConstants; 
+import org.jboss.security.SecurityConstants;
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SimplePrincipal;
-import org.jboss.security.SubjectSecurityManager; 
+import org.jboss.security.SubjectSecurityManager;
 import org.jboss.security.audit.AuditEvent;
-import org.jboss.security.audit.AuditLevel;  
+import org.jboss.security.audit.AuditLevel;
 import org.jboss.security.audit.AuditManager;
 import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
 import org.jboss.security.auth.certs.SubjectDNMapping;
 import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.AuthorizationException; 
-import org.jboss.security.authorization.ResourceKeys;  
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.ResourceKeys;
 import org.jboss.security.authorization.resources.WebResource;
 
 //$Id$
@@ -97,9 +96,6 @@
     */
    private boolean trace = log.isTraceEnabled();  
    
-   /** The current servlet request */
-   private static ThreadLocal activeRequest = new ThreadLocal(); 
-   
    /** The JACC PolicyContext key for the current Subject */
    private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
    
@@ -462,13 +458,7 @@
    public boolean hasResourcePermission(Request request, Response response,
          SecurityConstraint[] securityConstraints, org.apache.catalina.Context context)
    throws IOException
-   {
-      Wrapper servlet = request.getWrapper();
-      if (servlet != null)
-      {
-         activeRequest.set(getServletName(servlet));
-      }
-      
+   {   
       boolean baseDecision =  ignoreBaseDecision ? true :
                    super.hasResourcePermission(request,response, 
                                       securityConstraints, context);  
@@ -510,18 +500,16 @@
     */
    public boolean hasRole(Principal principal, String role)
    { 
-      String servletName = (String) activeRequest.get();
-      if(servletName == null)
+      String servletName = null;
+      //WebProgrammaticAuthentication does not go through hasResourcePermission
+      //and hence the activeRequest thread local may not be set
+      Request req = (Request)SecurityAssociationValve.activeRequest.get();
+      Wrapper servlet = req.getWrapper();
+      if (servlet != null)
       {
-         //WebProgrammaticAuthentication does not go through hasResourcePermission
-         //and hence the activeRequest thread local may not be set
-         Request req = (Request)SecurityAssociationValve.activeRequest.get();
-         Wrapper servlet = req.getWrapper();
-         if (servlet != null)
-         {
-            servletName = getServletName(servlet);
-         }
+        servletName = getServletName(servlet);
       }
+      
       if(servletName == null)
         throw new IllegalStateException("servletName is null");
       JBossWebMetaData metaData = SecurityAssociationValve.activeWebMetaData.get();
@@ -947,4 +935,4 @@
       cmap.putAll(resource.getMap());
       audit(level,cmap,null);
    } 
-}
+}
\ No newline at end of file

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java	2007-11-13 22:54:27 UTC (rev 67050)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java	2007-11-13 23:03:07 UTC (rev 67051)
@@ -49,7 +49,7 @@
 public class JaccContextValve extends ValveBase
 {
    private static Logger log = Logger.getLogger(JaccContextValve.class);
-   public static ThreadLocal activeCS = new ThreadLocal();
+   public static ThreadLocal<CodeSource> activeCS = new ThreadLocal<CodeSource>();
 
    /** The web app metadata */
    private String contextID;
@@ -68,9 +68,7 @@
 
    public void invoke(Request request, Response response)
       throws IOException, ServletException
-   {
-      boolean createdSecurityContext = false;
-      
+   { 
       activeCS.set(warCS);
       HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest();
 
@@ -86,15 +84,18 @@
          PolicyContext.setContextID(contextID);
          // Set the JACC HttpServletRequest PolicyContextHandler data
          HttpServletRequestPolicyContextHandler.setRequest(httpRequest);
+         if(SecurityAssociationValve.activeRequest.get() == null)
+            SecurityAssociationValve.activeRequest.set(request);
          // Perform the request
          getNext().invoke(request, response);
       }
       finally
       {
+         SecurityAssociationValve.activeRequest.set(null);
          SecurityAssociationActions.clear();
          activeCS.set(null);
          SecurityRolesAssociation.setSecurityRoles(null);
          HttpServletRequestPolicyContextHandler.setRequest(null); 
       }
    } 
-}
+}
\ No newline at end of file

More information about the jboss-cvs-commits mailing list