[jboss-cvs] JBossAS SVN: r67051 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Nov 13 18:03:07 EST 2007
Author: anil.saldhana at jboss.com
Date: 2007-11-13 18:03:07 -0500 (Tue, 13 Nov 2007)
New Revision: 67051
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
Log:
JBAS-4751: consolidate the thread local holding the Request object to be in the SecurityAssociationValve so that we can remove the thread local for the active servlet name in JBossWebRealm
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2007-11-13 22:54:27 UTC (rev 67050)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2007-11-13 23:03:07 UTC (rev 67051)
@@ -31,7 +31,6 @@
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
-import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -49,27 +48,27 @@
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.realm.GenericPrincipal;
-import org.apache.catalina.realm.RealmBase;
+import org.apache.catalina.realm.RealmBase;
import org.jboss.logging.Logger;
import org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData;
import org.jboss.metadata.javaee.spec.SecurityRoleRefsMetaData;
-import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.spec.ServletMetaData;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.audit.AuditEvent;
-import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.audit.AuditLevel;
import org.jboss.security.audit.AuditManager;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.auth.certs.SubjectDNMapping;
import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.AuthorizationException;
-import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.resources.WebResource;
//$Id$
@@ -97,9 +96,6 @@
*/
private boolean trace = log.isTraceEnabled();
- /** The current servlet request */
- private static ThreadLocal activeRequest = new ThreadLocal();
-
/** The JACC PolicyContext key for the current Subject */
private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
@@ -462,13 +458,7 @@
public boolean hasResourcePermission(Request request, Response response,
SecurityConstraint[] securityConstraints, org.apache.catalina.Context context)
throws IOException
- {
- Wrapper servlet = request.getWrapper();
- if (servlet != null)
- {
- activeRequest.set(getServletName(servlet));
- }
-
+ {
boolean baseDecision = ignoreBaseDecision ? true :
super.hasResourcePermission(request,response,
securityConstraints, context);
@@ -510,18 +500,16 @@
*/
public boolean hasRole(Principal principal, String role)
{
- String servletName = (String) activeRequest.get();
- if(servletName == null)
+ String servletName = null;
+ //WebProgrammaticAuthentication does not go through hasResourcePermission
+ //and hence the activeRequest thread local may not be set
+ Request req = (Request)SecurityAssociationValve.activeRequest.get();
+ Wrapper servlet = req.getWrapper();
+ if (servlet != null)
{
- //WebProgrammaticAuthentication does not go through hasResourcePermission
- //and hence the activeRequest thread local may not be set
- Request req = (Request)SecurityAssociationValve.activeRequest.get();
- Wrapper servlet = req.getWrapper();
- if (servlet != null)
- {
- servletName = getServletName(servlet);
- }
+ servletName = getServletName(servlet);
}
+
if(servletName == null)
throw new IllegalStateException("servletName is null");
JBossWebMetaData metaData = SecurityAssociationValve.activeWebMetaData.get();
@@ -947,4 +935,4 @@
cmap.putAll(resource.getMap());
audit(level,cmap,null);
}
-}
+}
\ No newline at end of file
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java 2007-11-13 22:54:27 UTC (rev 67050)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JaccContextValve.java 2007-11-13 23:03:07 UTC (rev 67051)
@@ -49,7 +49,7 @@
public class JaccContextValve extends ValveBase
{
private static Logger log = Logger.getLogger(JaccContextValve.class);
- public static ThreadLocal activeCS = new ThreadLocal();
+ public static ThreadLocal<CodeSource> activeCS = new ThreadLocal<CodeSource>();
/** The web app metadata */
private String contextID;
@@ -68,9 +68,7 @@
public void invoke(Request request, Response response)
throws IOException, ServletException
- {
- boolean createdSecurityContext = false;
-
+ {
activeCS.set(warCS);
HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest();
@@ -86,15 +84,18 @@
PolicyContext.setContextID(contextID);
// Set the JACC HttpServletRequest PolicyContextHandler data
HttpServletRequestPolicyContextHandler.setRequest(httpRequest);
+ if(SecurityAssociationValve.activeRequest.get() == null)
+ SecurityAssociationValve.activeRequest.set(request);
// Perform the request
getNext().invoke(request, response);
}
finally
{
+ SecurityAssociationValve.activeRequest.set(null);
SecurityAssociationActions.clear();
activeCS.set(null);
SecurityRolesAssociation.setSecurityRoles(null);
HttpServletRequestPolicyContextHandler.setRequest(null);
}
}
-}
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list