[jboss-cvs] JBossAS SVN: r65383 - in trunk: build and 16 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Sep 13 18:03:02 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-09-13 18:03:02 -0400 (Thu, 13 Sep 2007)
New Revision: 65383
Added:
trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java
trunk/security/src/main/org/jboss/security/integration/SecurityActions.java
trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java
Modified:
trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
trunk/build/build-thirdparty.xml
trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java
trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java
trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java
trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java
trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java
trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java
trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java
trunk/server/src/etc/deployers/ejb-deployer-beans.xml
trunk/server/src/etc/deployers/security-deployer-beans.xml
trunk/server/src/main/org/jboss/ejb/Container.java
trunk/server/src/main/org/jboss/ejb/EjbModule.java
trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java
trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java
trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java
trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java
trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java
trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java
trunk/server/src/main/org/jboss/proxy/SecurityActions.java
trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java
trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java
trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
Log:
JBAS-4721: Usage of SecurityContextFactory and SecurityContext plus injection of SecurityManagement into ejb/web deployers
Modified: trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
===================================================================
--- trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -36,8 +36,8 @@
import org.jboss.security.SecurityAssociation;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
/** A collection of privileged actions for this package
* @author Scott.Stark at jboss.org
@@ -655,12 +655,12 @@
AccessController.doPrivileged(action);
}
- static SecurityContext createSecurityContext()
+ static SecurityContext createSecurityContext() throws PrivilegedActionException
{
- return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction()
+ return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
{
- public Object run()
+ public Object run() throws Exception
{
return SecurityContextFactory.createSecurityContext("CLIENT");
}
@@ -680,7 +680,7 @@
}
static void establishSecurityContext(String domain, Principal p, Object cred,
- Subject subject)
+ Subject subject) throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext(p,
cred, subject, domain);
Modified: trunk/build/build-thirdparty.xml
===================================================================
--- trunk/build/build-thirdparty.xml 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/build/build-thirdparty.xml 2007-09-13 22:03:02 UTC (rev 65383)
@@ -84,18 +84,18 @@
<componentref name="jaxen" version="1.1-brew"/>
<componentref name="jboss/aop" version="2.0.0.beta1"/>
<componentref name="jboss/cache" version="2.0.0.GA"/>
- <componentref name="jboss/common-core" version="2.2.1.GA"/>
+ <componentref name="jboss/common-core" version="2.2.2.snapshot"/>
<componentref name="jboss/common-logging-jdk" version="2.0.2.GA"/>
<componentref name="jboss/common-logging-log4j" version="2.0.2.GA"/>
<componentref name="jboss/common-logging-spi" version="2.0.2.GA"/>
<componentref name="jboss/integration" version="5.0.0.Beta3"/>
<componentref name="jboss/jaxr" version="1.2.0.GA"/>
<componentref name="jboss/jboss-ejb3-cache" version="0.11-SNAPSHOT"/>
- <componentref name="jboss/jboss-jaspi-api" version="1.0-SNAPSHOT"/>
+ <componentref name="jboss/jboss-jaspi-api" version="1.0-BETA1"/>
<componentref name="jboss/jboss-javaee" version="5.0.0.Beta3"/>
- <componentref name="jboss/jboss-security-spi" version="2.0.1-SNAPSHOT"/>
- <componentref name="jboss/jbosssx" version="2.0.1-SNAPSHOT"/>
- <componentref name="jboss/jbosssx-client" version="2.0.1-SNAPSHOT"/>
+ <componentref name="jboss/jboss-security-spi" version="2.0.1-BETA1"/>
+ <componentref name="jboss/jbosssx" version="2.0.1-BETA1"/>
+ <componentref name="jboss/jbosssx-client" version="2.0.1-BETA1"/>
<componentref name="jboss/jbossts" version="4.2.3.SP5"/>
<componentref name="jboss/jboss-vfs" version="2.0.0.Beta4"/>
<componentref name="jboss/jbossws-jboss50" version="2.0.1.GA"/>
Modified: trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,12 +23,16 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
/**
@@ -310,4 +314,14 @@
void setContextClassLoader(Thread thread, ClassLoader cl);
}
+
+ public static SecurityContext createSecurityContext(final String securityDomain) throws PrivilegedActionException
+ {
+ return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext(securityDomain);
+ }});
+ }
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -39,8 +39,7 @@
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.security.plugins.SecurityContextAssociation;
/**
* Authentication Interceptor
@@ -81,7 +80,7 @@
Principal principal = (Principal)invocation.getMetaData("security", "principal");
Subject subject = new Subject();
String securityDomain = manager.getSecurityDomain();
- SecurityContext sc = SecurityContextFactory.createSecurityContext(principal, null, subject, securityDomain);
+ SecurityContext sc = SecurityActions.createSecurityContext(principal, null, subject, securityDomain);
SecurityContextAssociation.setSecurityContext(sc);
}
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -39,6 +39,7 @@
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SecurityUtil;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.integration.JNDIBasedSecurityManagement;
import org.jboss.security.integration.ejb.EJBAuthenticationHelper;
//$Id$
@@ -113,6 +114,10 @@
String unprefixed = SecurityUtil.unprefixSecurityDomain(domain.value());
sc = SecurityActions.createSecurityContext(p,
cred, null, unprefixed);
+
+ //TODO: Need to get the SecurityManagement instance
+ sc.setSecurityManagement(new JNDIBasedSecurityManagement());
+
//Set the security context
SecurityActions.setSecurityContext(sc);
sc.getUtil().setSecurityIdentity(invSC.getUtil().getSecurityIdentity());
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -30,8 +30,7 @@
import org.jboss.logging.Logger;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.security.plugins.SecurityContextAssociation;
/**
* An interceptor that enforces the run-as identity declared by a bean.
@@ -105,7 +104,7 @@
SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
if(domain != null)
{
- sc = SecurityContextFactory.createSecurityContext(domain.value());
+ sc = SecurityActions.createSecurityContext(domain.value());
SecurityContextAssociation.setSecurityContext(sc);
}
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -35,8 +35,8 @@
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
/**
@@ -254,22 +254,23 @@
}});
}
- static SecurityContext createSecurityContext(final String domainName)
+ static SecurityContext createSecurityContext(final String domainName) throws PrivilegedActionException
{
- return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction(){
+ return (SecurityContext)AccessController.doPrivileged(new PrivilegedExceptionAction(){
- public Object run()
- {
- return SecurityContextFactory.createSecurityContext(domainName);
- }});
+ public Object run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext(domainName);
+ }
+ });
}
static SecurityContext createSecurityContext(final Principal p, final Object cred,
- final Subject s, final String domainName)
+ final Subject s, final String domainName) throws PrivilegedActionException
{
- return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction(){
-
- public Object run()
+ return (SecurityContext)AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception
{
return SecurityContextFactory.createSecurityContext(p, cred,s,domainName);
}});
Added: trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,260 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration;
+
+import java.lang.reflect.Constructor;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
+import org.jboss.security.plugins.SecurityDomainContext;
+import org.jboss.util.CachePolicy;
+import org.jboss.util.TimedCachePolicy;
+
+//$Id$
+
+/**
+ * JNDI Based Security Management
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 9, 2007
+ * @version $Revision$
+ */
+public class JNDIBasedSecurityManagement implements ISecurityManagement
+{
+ protected static Logger log = Logger.getLogger(JNDIBasedSecurityManagement.class);
+
+ protected String BASE_CTX = SecurityConstants.JAAS_CONTEXT_ROOT;
+
+ protected String authenticationMgrClass = "org.jboss.security.plugins.JaasSecurityManager";
+
+ protected String authorizationMgrClass = "org.jboss.security.plugins.JBossAuthorizationManager";
+
+ protected String auditMgrClass = "org.jboss.security.plugins.audit.JBossAuditManager";
+
+ protected String identityTrustMgrClass = "org.jboss.security.plugins.identitytrust.JBossIdentityTrustManager";
+
+ protected String mappingMgrClass = "org.jboss.security.plugins.mapping.JBossMappingManager";
+
+ protected CallbackHandler callBackHandler = new SecurityAssociationHandler();
+
+ protected String cachePolicyName = TimedCachePolicy.class.getName();
+
+ protected SecurityDomainContext securityDomainContext = null;
+
+ public JNDIBasedSecurityManagement()
+ {
+ }
+
+ public AuditManager getAuditManager(String securityDomain)
+ {
+ AuditManager auditManager = null;
+ try
+ {
+ auditManager = (AuditManager) lookUpJNDI(securityDomain + "/auditMgr");
+ }
+ catch(Exception e)
+ {
+ log.trace("Exception in getting audit mgr", e);
+ }
+ return auditManager;
+ }
+
+ public AuthenticationManager getAuthenticationManager(String securityDomain)
+ {
+ AuthenticationManager am = null;
+ try
+ {
+ am = (AuthenticationManager) lookUpJNDI(securityDomain + "/authenticationMgr");
+ }
+ catch(Exception e)
+ {
+ log.trace("Exception in getting authentication mgr", e);
+ }
+ return am;
+ }
+
+ public AuthorizationManager getAuthorizationManager(String securityDomain)
+ {
+ AuthorizationManager am = null;
+ try
+ {
+ am = (AuthorizationManager) lookUpJNDI(securityDomain + "/authorizationMgr");
+ }
+ catch(Exception e)
+ {
+ log.trace("Exception in getting authorization mgr", e);
+ }
+ return am;
+ }
+
+ public IdentityTrustManager getIdentityTrustManager(String securityDomain)
+ {
+ IdentityTrustManager am = null;
+ try
+ {
+ am = (IdentityTrustManager) lookUpJNDI(securityDomain + "/identityTrustMgr");
+ }
+ catch(Exception e)
+ {
+ log.trace("Exception in getting IdentityTrustManager", e);
+ }
+ return am;
+ }
+
+ public MappingManager getMappingManager(String securityDomain)
+ {
+ MappingManager am = null;
+ try
+ {
+ am = (MappingManager) lookUpJNDI(securityDomain + "/mappingMgr");
+ }
+ catch(Exception e)
+ {
+ log.trace("Exception in getting MappingManager", e);
+ }
+ return am;
+ }
+
+ public void setAuthenticationMgrClass(String authenticationMgrClass)
+ {
+ this.authenticationMgrClass = authenticationMgrClass;
+ }
+
+ public void setAuthorizationMgrClass(String authorizationMgrClass)
+ {
+ this.authorizationMgrClass = authorizationMgrClass;
+ }
+
+ public void setAuditMgrClass(String auditMgrClass)
+ {
+ this.auditMgrClass = auditMgrClass;
+ }
+
+ public void setIdentityTrustMgrClass(String identityTrustMgrClass)
+ {
+ this.identityTrustMgrClass = identityTrustMgrClass;
+ }
+
+ public void setMappingMgrClass(String mappingMgrClass)
+ {
+ this.mappingMgrClass = mappingMgrClass;
+ }
+
+ public void setCallBackHandler(CallbackHandler callBackHandler)
+ {
+ this.callBackHandler = callBackHandler;
+ }
+
+ public void setBaseContext(String ctx)
+ {
+ if(ctx == null)
+ throw new IllegalArgumentException("ctx is null");
+ this.BASE_CTX = ctx;
+ }
+
+ public void setCachePolicyName(String cachePolicyName)
+ {
+ this.cachePolicyName = cachePolicyName;
+ }
+
+ public SecurityDomainContext createSecurityDomainContext(String domain) throws Exception
+ {
+ securityDomainContext = new SecurityDomainContext(createAuthenticationManager(domain),
+ (CachePolicy)createObject(this.cachePolicyName));
+
+ securityDomainContext.setAuthorizationManager(createAuthorizationManager(domain));
+ securityDomainContext.setAuditMgr(createAuditManager(domain));
+ securityDomainContext.setIdentityTrustMgr(createIdentityTrustManager(domain));
+ securityDomainContext.setMappingMgr(createMappingManager(domain));
+ return securityDomainContext;
+ }
+
+ public SecurityDomainContext getSecurityDomainContext()
+ {
+ return securityDomainContext;
+ }
+
+ private Object lookUpJNDI(String ctxName)
+ {
+ try
+ {
+ Context ctx = new InitialContext();
+ return ctx.lookup(BASE_CTX + "/" + ctxName);
+ }
+ catch(Exception e)
+ {
+ log.trace("Look up of JNDI for " + ctxName + " failed with "+ e.getLocalizedMessage());
+ return null;
+ }
+ }
+
+ private AuthenticationManager createAuthenticationManager(String securityDomain) throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(authenticationMgrClass);
+ Constructor ctr = clazz.getConstructor(new Class[] { String.class, CallbackHandler.class});
+ return (AuthenticationManager) ctr.newInstance(new Object[]{ securityDomain, callBackHandler});
+ }
+
+ private AuthorizationManager createAuthorizationManager(String securityDomain) throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(authorizationMgrClass);
+ Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+ return (AuthorizationManager) ctr.newInstance(new Object[]{ securityDomain});
+ }
+
+ private AuditManager createAuditManager(String securityDomain) throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(auditMgrClass);
+ Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+ return (AuditManager) ctr.newInstance(new Object[]{ securityDomain});
+ }
+
+ private MappingManager createMappingManager(String securityDomain) throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(mappingMgrClass);
+ Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+ return (MappingManager) ctr.newInstance(new Object[]{ securityDomain});
+ }
+
+ private IdentityTrustManager createIdentityTrustManager(String securityDomain) throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(identityTrustMgrClass);
+ Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+ return (IdentityTrustManager) ctr.newInstance(new Object[]{ securityDomain});
+ }
+
+ private Object createObject(String fqn) throws Exception
+ {
+ Class clazz = SecurityActions.getContextClassLoader().loadClass(fqn);
+ return clazz.newInstance();
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.RefAddr;
+import javax.naming.Reference;
+import javax.naming.StringRefAddr;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+
+/**
+ * Establishes the legacy java:/jaas/securityDomain
+ * to provide the SubjectSecurityManager implementation
+ * for legacy integration
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 10, 2007
+ * @version $Revision$
+ */
+public class JNDIContextEstablishment
+{
+ private Logger log = Logger.getLogger(JNDIContextEstablishment.class);
+
+ protected String BASE_CTX = SecurityConstants.JAAS_CONTEXT_ROOT;
+
+ private String factoryName = SecurityDomainObjectFactory.class.getName();
+
+ public JNDIContextEstablishment()
+ {
+ try
+ {
+ initialize();
+ }
+ catch (Exception e)
+ {
+ log.trace("Error in initialization of JNDIContextEstablishment",e);
+ }
+ }
+
+ public void setBaseContext(String ctx) throws Exception
+ {
+ if(ctx == null)
+ throw new IllegalArgumentException("ctx is null");
+ this.BASE_CTX = ctx;
+ initialize();
+ }
+
+ public void setFactoryName(String factoryName)
+ {
+ this.factoryName = factoryName;
+ try
+ {
+ initialize();
+ }
+ catch (Exception e)
+ {
+ log.trace("Error in initialization of JNDIContextEstablishment",e);
+ }
+ }
+
+ private void initialize() throws Exception
+ {
+ Context ctx = new InitialContext();
+
+ /* Create a mapping from the java:/jaas context to a SecurityDomainObjectFactory
+ so that any lookup against java:/jaas/domain returns an instance of our
+ security manager class.
+ */
+ RefAddr refAddr = new StringRefAddr("nns", "JSM");
+ Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
+ ctx.rebind(this.BASE_CTX, ref);
+ }
+}
Added: trunk/security/src/main/org/jboss/security/integration/SecurityActions.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/SecurityActions.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+//$Id$
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 10, 2007
+ * @version $Revision$
+ */
+public class SecurityActions
+{
+ public static ClassLoader getContextClassLoader()
+ {
+ return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Added: trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.util.Hashtable;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.Name;
+import javax.naming.NameParser;
+import javax.naming.OperationNotSupportedException;
+import javax.naming.spi.ObjectFactory;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.plugins.SecurityDomainContext;
+
+//$Id$
+
+/**
+ * A JNDI Object Factory for the legacy integration
+ * to return an instance of SubjectSecurityManager
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 10, 2007
+ * @version $Revision$
+ */
+public class SecurityDomainObjectFactory
+implements InvocationHandler, ObjectFactory
+{
+ private static ConcurrentHashMap securityMgrMap = new ConcurrentHashMap();
+
+ private JNDIBasedSecurityManagement securityManagement = new JNDIBasedSecurityManagement();
+
+ public void setSecurityManagement(JNDIBasedSecurityManagement sm)
+ {
+ this.securityManagement = sm;
+ }
+
+ /** Object factory implementation. This method returns a Context proxy
+ that is only able to handle a lookup operation for an atomic name of
+ a security domain.
+ */
+ public Object getObjectInstance(Object obj, Name name, Context nameCtx,
+ Hashtable environment)
+ throws Exception
+ {
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ Class[] interfaces = {Context.class};
+ Context ctx = (Context) Proxy.newProxyInstance(loader, interfaces, this);
+ return ctx;
+ }
+
+
+ /** This is the InvocationHandler callback for the Context interface that
+ was created by out getObjectInstance() method. We handle the java:/jaas/domain
+ level operations here.
+ */
+ public Object invoke(Object obj, Method method, Object[] args) throws Throwable
+ {
+ Context ctx = new InitialContext();
+ NameParser parser = ctx.getNameParser("");
+ String securityDomain = null;
+ Name name = null;
+
+
+ String methodName = method.getName();
+ if( methodName.equals("toString") == true )
+ return SecurityConstants.JAAS_CONTEXT_ROOT + " Context proxy";
+
+ if( methodName.equals("list") == true )
+ throw new OperationNotSupportedException();
+
+ if(methodName.equals("bind") || methodName.equals("rebind"))
+ {
+ if( args[0] instanceof String )
+ name = parser.parse((String) args[0]);
+ else
+ name = (Name)args[0];
+ securityDomain = name.get(0);
+ Object val = (SecurityDomainContext)args[1];
+ this.securityMgrMap.put(securityDomain, val);
+ return obj;
+ }
+ if( methodName.equals("lookup") == false )
+ throw new OperationNotSupportedException("Only lookup is supported, op="+method);
+ if( args[0] instanceof String )
+ name = parser.parse((String) args[0]);
+ else
+ name = (Name)args[0];
+ securityDomain = name.get(0);
+ SecurityDomainContext securityDomainCtx = lookupSecurityDomain(securityDomain);
+ //TODO: Legacy expectation was subjectsecuritymgr
+ Object binding = securityDomainCtx.getSecurityManager();
+ // Look for requests against the security domain context
+ if( name.size() == 2 )
+ {
+ String request = name.get(1);
+ binding = securityDomainCtx.lookup(request);
+ }
+ return binding;
+ }
+
+ private SecurityDomainContext lookupSecurityDomain(String securityDomain)
+ throws Exception
+ {
+ SecurityDomainContext sdc = (SecurityDomainContext) securityMgrMap.get(securityDomain);
+ if( sdc == null )
+ {
+ sdc = securityManagement.createSecurityDomainContext(securityDomain);
+ securityMgrMap.put(securityDomain, sdc);
+ }
+ return sdc;
+ }
+}
\ No newline at end of file
Modified: trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -26,6 +26,7 @@
import javax.security.auth.Subject;
import org.jboss.security.SecurityContext;
+import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
//$Id$
@@ -54,7 +55,8 @@
public boolean isTrusted()
{
- TrustDecision td = securityContext.getIdentityTrustManager().isTrusted();
+ IdentityTrustManager itm = securityContext.getIdentityTrustManager();
+ TrustDecision td = itm.isTrusted(securityContext);
if(td == TrustDecision.Deny)
trustDenied = true;
return td == TrustDecision.Permit;
Modified: trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -29,7 +29,7 @@
import java.util.Set;
import javax.security.auth.Subject;
-
+
import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
@@ -52,6 +52,7 @@
public class EJBAuthorizationHelper
{
private SecurityContext securityContext = null;
+ private String securityDomain = null;
private static Logger log = Logger.getLogger(EJBAuthorizationHelper.class);
public EJBAuthorizationHelper(SecurityContext sc)
@@ -61,6 +62,7 @@
if(sc == null)
throw new IllegalArgumentException("Security Context is null");
this.securityContext = sc;
+ this.securityDomain = sc.getSecurityDomain();
}
/**
@@ -137,6 +139,9 @@
boolean isAuthorized = false;
AuthorizationManager am = securityContext.getAuthorizationManager();
+ if(am == null)
+ throw new IllegalStateException("AuthorizationManager is null");
+
HashMap<String,Object> map = new HashMap<String,Object>();
map.put(ResourceKeys.EJB_NAME ,ejbName);
map.put(ResourceKeys.EJB_PRINCIPAL, ejbPrincipal);
@@ -171,7 +176,7 @@
{
contextMap.put("Source", getClass().getName());
AuditEvent ae = new AuditEvent(level,contextMap,e);
- securityContext.getAuditManager().audit(ae);
+ securityContext.getAuditManager().audit(ae);
}
public void authorizationAudit(String level, EJBResource resource, Exception e)
Modified: trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -256,4 +256,9 @@
{
throw new RuntimeException("Not implemented");
}
+
+ public String getSecurityDomain()
+ {
+ throw new RuntimeException("Call the method on the authorization manager");
+ }
}
Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -21,6 +21,7 @@
*/
package org.jboss.security.plugins;
+import java.io.Serializable;
import java.lang.reflect.Method;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.Principal;
@@ -39,6 +40,7 @@
import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityUtil;
import org.jboss.security.SubjectSecurityManager;
@@ -63,7 +65,7 @@
@version $Revision: 62860 $
*/
public class JaasSecurityManager extends ServiceMBeanSupport
- implements SubjectSecurityManager, RealmMapping
+ implements SubjectSecurityManager, RealmMapping, Serializable
{
/** The authentication cache object.
*/
@@ -205,7 +207,7 @@
/** The JAAS callback handler to use in defaultLogin */
private CallbackHandler handler;
/** The setSecurityInfo(Principal, Object) method of the handler obj */
- private Method setSecurityInfo;
+ private transient Method setSecurityInfo;
/** The flag to indicate that the Subject sets need to be deep copied*/
private boolean deepCopySubjectOption = false;
@@ -412,7 +414,8 @@
*/
public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
{
- AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain);
+ AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
+ SecurityConstants.JAAS_CONTEXT_ROOT);
return am.doesUserHaveRole(principal, rolePrincipals);
}
@@ -426,7 +429,8 @@
*/
public Set getUserRoles(Principal principal)
{
- AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain);
+ AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
+ SecurityConstants.JAAS_CONTEXT_ROOT);
return am.getUserRoles(principal);
}
Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -449,7 +449,8 @@
RefAddr refAddr = new StringRefAddr("nns", "JSM");
String factoryName = SecurityDomainObjectFactory.class.getName();
Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
- ctx.rebind(SECURITY_MGR_PATH, ref);
+ /*ctx.rebind(SECURITY_MGR_PATH, ref);
+ */
log.debug("securityMgrCtxPath="+SECURITY_MGR_PATH);
refAddr = new StringRefAddr("nns", "JSMCachePolicy");
Modified: trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -29,6 +29,9 @@
import org.jboss.security.RealmMapping;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
import org.jboss.util.CachePolicy;
/** An encapsulation of the JNDI security context infomation
@@ -40,15 +43,22 @@
public class SecurityDomainContext
{
static final String ACTIVE_SUBJECT = "subject";
- static final String AUTHENTICATION_MGR = "securityMgr";
+ static final String AUTHENTICATION_MGR = "authenticationMgr";
+ static final String SECURITY_MGR = "securityMgr";
static final String REALM_MAPPING = "realmMapping";
static final String AUTHORIZATION_MGR = "authorizationMgr";
+ static final String AUDIT_MGR = "auditMgr";
+ static final String MAPPING_MGR = "mappingMgr";
+ static final String IDENTITY_TRUST_MGR = "identityTrustMgr";
static final String AUTH_CACHE = "authenticationCache";
static final String DOMAIN_CONTEXT = "domainContext";
AuthenticationManager securityMgr;
AuthorizationManager authorizationMgr;
CachePolicy authenticationCache;
+ AuditManager auditMgr;
+ MappingManager mappingMgr;
+ IdentityTrustManager identityTrustMgr;
/** Creates new SecurityDomainContextHandler */
public SecurityDomainContext(AuthenticationManager securityMgr,
@@ -66,12 +76,18 @@
if( name.equals(ACTIVE_SUBJECT) )
binding = getSubject();
- else if( name.equals(AUTHENTICATION_MGR) )
+ else if( name.equals(AUTHENTICATION_MGR) || name.equals(SECURITY_MGR))
binding = securityMgr;
else if( name.equals(REALM_MAPPING) )
binding = getRealmMapping();
else if( name.equals(AUTHORIZATION_MGR) )
binding = getAuthorizationManager();
+ else if( name.equals(AUDIT_MGR) )
+ binding = this.getAuditMgr();
+ else if( name.equals(MAPPING_MGR) )
+ binding = this.getMappingMgr();
+ else if( name.equals(IDENTITY_TRUST_MGR) )
+ binding = this.getIdentityTrustMgr();
else if( name.equals(AUTH_CACHE) )
binding = authenticationCache;
else if( name.equals(DOMAIN_CONTEXT) )
@@ -116,9 +132,39 @@
{
return authorizationMgr;
}
-
+
public CachePolicy getAuthenticationCache()
{
return authenticationCache;
+ }
+
+ public AuditManager getAuditMgr()
+ {
+ return auditMgr;
+ }
+
+ public void setAuditMgr(AuditManager auditMgr)
+ {
+ this.auditMgr = auditMgr;
+ }
+
+ public MappingManager getMappingMgr()
+ {
+ return mappingMgr;
+ }
+
+ public void setMappingMgr(MappingManager mappingMgr)
+ {
+ this.mappingMgr = mappingMgr;
+ }
+
+ public IdentityTrustManager getIdentityTrustMgr()
+ {
+ return identityTrustMgr;
+ }
+
+ public void setIdentityTrustMgr(IdentityTrustManager identityTrustMgr)
+ {
+ this.identityTrustMgr = identityTrustMgr;
}
}
Modified: trunk/server/src/etc/deployers/ejb-deployer-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/ejb-deployer-beans.xml 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/etc/deployers/ejb-deployer-beans.xml 2007-09-13 22:03:02 UTC (rev 65383)
@@ -31,6 +31,16 @@
<!-- Specify an unauthenticated identity -->
<property name="unauthenticatedIdentity">anonymous</property>
+ <!-- Specify a SecurityManagement Wrapper -->
+ <property name="securityManagement">
+ <inject bean="JNDIBasedSecurityManagement"/>
+ </property>
+ <!-- Specify a SecurityContext FQN class name -->
+ <property name="securityContextClassName">org.jboss.security.plugins.JBossSecurityContext</property>
+
+ <!-- Specify a SecurityDomain as fallback -->
+ <property name="defaultSecurityDomain">jboss-ejb-policy</property>
+
<depends>SecurityDeployer</depends>
</bean>
</deployment>
Modified: trunk/server/src/etc/deployers/security-deployer-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/security-deployer-beans.xml 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/etc/deployers/security-deployer-beans.xml 2007-09-13 22:03:02 UTC (rev 65383)
@@ -16,4 +16,15 @@
</set>
</property>
</bean>
+
+ <!-- JNDI Object Factory to establish SecurityDomainContext objects -->
+ <bean name="SecurityDomainObjectFactory" class="org.jboss.security.integration.SecurityDomainObjectFactory" />
+
+ <!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
+ <bean name="JBossSecurityJNDIContextEstablishment" class="org.jboss.security.integration.JNDIContextEstablishment"/>
+
+ <!-- JNDI Based Security Management -->
+ <bean name="JNDIBasedSecurityManagement" class="org.jboss.security.integration.JNDIBasedSecurityManagement">
+ </bean>
+
</deployment>
Modified: trunk/server/src/main/org/jboss/ejb/Container.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/Container.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/Container.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -85,8 +85,8 @@
import org.jboss.naming.NonSerializableFactory;
import org.jboss.naming.Util;
import org.jboss.security.AnybodyPrincipal;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.ISecurityManagement;
import org.jboss.security.RealmMapping;
import org.jboss.system.ServiceMBeanSupport;
import org.jboss.util.NestedError;
@@ -176,13 +176,19 @@
/** This is the TransactionManager */
protected TransactionManager tm;
+
+ /** The Security Context FQN */
+ protected String securityContextClassName;
+ /** Security Domain to fall back on **/
+ protected String defaultSecurityDomain;
+
+ /** SecurityManagement Instance - holder of all security managers */
+ protected ISecurityManagement securityManagement;
+
/** This is the SecurityManager */
- protected AuthenticationManager sm;
+ protected AuthenticationManager sm;
- /** Authorization Manager */
- protected AuthorizationManager authorizationManager;
-
/** This is the realm mapping */
protected RealmMapping rm;
@@ -316,28 +322,38 @@
public AuthenticationManager getSecurityManager()
{
return sm;
+ }
+
+ public ISecurityManagement getSecurityManagement()
+ {
+ return securityManagement;
}
- /**
- * Get the authorizationManager.
- *
- * @return the authorizationManager.
- */
- public AuthorizationManager getAuthorizationManager()
+ public void setSecurityManagement(ISecurityManagement securityManagement)
{
- return authorizationManager;
+ this.securityManagement = securityManagement;
+ }
+
+ public String getDefaultSecurityDomain()
+ {
+ return defaultSecurityDomain;
}
- /**
- * Set the authorizationManager.
- *
- * @param authorizationManager The authorizationManager to set.
- */
- public void setAuthorizationManager(AuthorizationManager authorizationManager)
+ public void setDefaultSecurityDomain(String defaultSecurityDomain)
{
- this.authorizationManager = authorizationManager;
+ this.defaultSecurityDomain = defaultSecurityDomain;
}
+
+ public String getSecurityContextClassName()
+ {
+ return securityContextClassName;
+ }
+ public void setSecurityContextClassName(String securityContextClassName)
+ {
+ this.securityContextClassName = securityContextClassName;
+ }
+
public BeanLockManager getLockManager()
{
return lockManager;
Modified: trunk/server/src/main/org/jboss/ejb/EjbModule.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EjbModule.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/EjbModule.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -21,7 +21,6 @@
*/
package org.jboss.ejb;
-import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.net.URL;
import java.util.ArrayList;
@@ -35,7 +34,6 @@
import java.util.Map;
import javax.ejb.EJBLocalHome;
-import javax.ejb.TimerService;
import javax.management.ObjectName;
import javax.naming.InitialContext;
import javax.naming.NamingException;
@@ -63,15 +61,16 @@
import org.jboss.metadata.MetaData;
import org.jboss.metadata.SessionMetaData;
import org.jboss.metadata.XmlLoadable;
-import org.jboss.mx.loading.RepositoryClassLoader;
import org.jboss.mx.util.MBeanProxyExt;
import org.jboss.mx.util.ObjectNameFactory;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityUtil;
import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.plugins.SecurityDomainContext;
import org.jboss.system.Registry;
import org.jboss.system.ServiceControllerMBean;
import org.jboss.system.ServiceMBeanSupport;
@@ -415,7 +414,12 @@
VirtualFile xacmlFile = deploymentUnit.getMetaDataFile("jboss-xacml-policy.xml");
if(xacmlFile != null)
{
- AuthorizationManager authzmgr = SecurityUtil.getAuthorizationManager(securityDomain);
+ //Look up JNDI for the AuthorizationManager
+ InitialContext ic = new InitialContext();
+ String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + "/authorizationMgr";
+ AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+ /**AuthorizationManager authzmgr =
+ org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
if(authzmgr instanceof PolicyRegistration)
{
PolicyRegistration xam = (PolicyRegistration)authzmgr;
@@ -515,7 +519,12 @@
String securityDomain = SecurityUtil.unprefixSecurityDomain(appMetaData.getSecurityDomain());
if(securityDomain != null)
{
- AuthorizationManager authzmgr = SecurityUtil.getAuthorizationManager(securityDomain);
+ //Look up JNDI for the AuthorizationManager
+ InitialContext ic = new InitialContext();
+ String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + "/authorizationMgr";
+ AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+ /**AuthorizationManager authzmgr =
+ org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
if(authzmgr instanceof PolicyRegistration)
{
PolicyRegistration xam = (PolicyRegistration)authzmgr;
@@ -582,8 +591,8 @@
con.setTransactionManager(null);
con.setSecurityManager(null);
con.setRealmMapping(null);
- con.setSecurityProxy(null);
- con.setAuthorizationManager(null);
+ con.setSecurityProxy(null);
+ con.setSecurityManagement(null);
con.proxyFactories.clear();
}
@@ -823,13 +832,22 @@
{ // Either the application has a security domain or the container has security setup
try
{
+ String unprefixed = SecurityUtil.unprefixSecurityDomain(confSecurityDomain);
log.debug("Setting security domain from: " + confSecurityDomain);
- Object securityMgr = iniCtx.lookup(confSecurityDomain);
+ String domainCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + unprefixed + "/domainContext";
+ SecurityDomainContext sdc = (SecurityDomainContext) iniCtx.lookup(domainCtx);
+ Object securityMgr = sdc.getSecurityManager();
+
+ //Object securityMgr = iniCtx.lookup(confSecurityDomain);
AuthenticationManager ejbS = (AuthenticationManager) securityMgr;
RealmMapping rM = (RealmMapping) securityMgr;
container.setSecurityManager(ejbS);
- container.setRealmMapping(rM);
- container.setAuthorizationManager(SecurityUtil.getAuthorizationManager(confSecurityDomain));
+ container.setRealmMapping(rM);
+
+ container.setSecurityManagement((ISecurityManagement) unit.getAttachment("EJB.securityManagement"));
+
+ container.setDefaultSecurityDomain((String) unit.getAttachment("EJB.defaultSecurityDomain"));
+ container.setSecurityContextClassName((String) unit.getAttachment("EJB.securityContextClassName"));
}
catch (NamingException e)
{
Modified: trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -39,6 +39,7 @@
import org.jboss.metadata.BeanMetaData;
import org.jboss.metadata.ConfigurationMetaData;
import org.jboss.metadata.InvokerProxyBindingMetaData;
+import org.jboss.security.ISecurityManagement;
import org.jboss.system.metadata.ServiceAttributeMetaData;
import org.jboss.system.metadata.ServiceConstructorMetaData;
import org.jboss.system.metadata.ServiceDependencyMetaData;
@@ -68,6 +69,9 @@
private boolean callByValue;
private String unauthenticatedIdentity = null;
+ private ISecurityManagement securityManagement;
+ private String securityContextClassName;
+ private String defaultSecurityDomain;
/**
* Create a new EjbDeployer.
@@ -148,7 +152,22 @@
{
this.unauthenticatedIdentity = unauthenticatedIdentity;
}
+
+ public void setDefaultSecurityDomain(String defaultSecurityDomain)
+ {
+ this.defaultSecurityDomain = defaultSecurityDomain;
+ }
+ public void setSecurityManagement(ISecurityManagement sm)
+ {
+ this.securityManagement = sm;
+ }
+
+ public void setSecurityContextClassName(String securityContextClassName)
+ {
+ this.securityContextClassName = securityContextClassName;
+ }
+
@Override
public void deploy(VFSDeploymentUnit unit, ApplicationMetaData deployment)
throws DeploymentException
@@ -157,8 +176,8 @@
if (deployment.getEjbVersion() > 2) return; // let EJB3 deployer handle this
// TODO What is this hack?
- if(unit.getName().startsWith("jboss:") && unit.getName().contains("id="))
- return;
+ // if(unit.getName().startsWith("jboss:") && unit.getName().contains("id="))
+ // return;
ServiceMetaData ejbModule = new ServiceMetaData();
ejbModule.setCode(EjbModule.class.getName());
@@ -274,6 +293,15 @@
//Pass the unauthenticated identity
if(this.unauthenticatedIdentity != null)
unit.addAttachment("EJB.unauthenticatedIdentity", this.unauthenticatedIdentity, String.class);
+ //Pass the SecurityManagement Instance
+ if(this.securityManagement != null)
+ unit.addAttachment("EJB.securityManagement", securityManagement, ISecurityManagement.class);
+ //Pass the SecurityContextClassName
+ if(this.securityContextClassName != null)
+ unit.addAttachment("EJB.securityContextClassName", securityContextClassName, String.class);
+ //Pass the Default SecurityDomain
+ if(this.defaultSecurityDomain != null)
+ unit.addAttachment("EJB.defaultSecurityDomain", defaultSecurityDomain, String.class);
}
@Override
Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -34,8 +34,8 @@
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
/** A collection of privileged actions for this package
@@ -374,11 +374,12 @@
- static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain)
+ static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain)
+ throws PrivilegedActionException
{
- AccessController.doPrivileged(new PrivilegedAction(){
+ AccessController.doPrivileged(new PrivilegedExceptionAction(){
- public Object run()
+ public Object run() throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext(p, cred, null, domain);
SecurityContextAssociation.setSecurityContext(sc);
@@ -387,11 +388,11 @@
}
static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain,
- final Subject subject)
+ final Subject subject) throws PrivilegedActionException
{
- AccessController.doPrivileged(new PrivilegedAction(){
+ AccessController.doPrivileged(new PrivilegedExceptionAction(){
- public Object run()
+ public Object run() throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext(domain);
sc.getUtil().createSubjectInfo(p, cred, subject);
Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -21,38 +21,41 @@
*/
package org.jboss.ejb.plugins;
-import static org.jboss.security.SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
+import static org.jboss.security.SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
+import java.lang.reflect.Method;
+import java.security.CodeSource;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.ejb.TimedObject;
+import javax.ejb.Timer;
+import javax.security.auth.Subject;
+
import org.jboss.ejb.Container;
-import org.jboss.invocation.Invocation;
+import org.jboss.invocation.Invocation;
import org.jboss.metadata.ApplicationMetaData;
import org.jboss.metadata.AssemblyDescriptorMetaData;
import org.jboss.metadata.BeanMetaData;
-import org.jboss.metadata.SecurityIdentityMetaData;
+import org.jboss.metadata.SecurityIdentityMetaData;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityRolesAssociation;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SecurityUtil;
import org.jboss.security.audit.AuditEvent;
-import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
-import org.jboss.system.Registry;
+import org.jboss.system.Registry;
-import java.security.CodeSource;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-import java.lang.reflect.Method;
-import javax.security.auth.Subject;
-import javax.ejb.TimedObject;
-import javax.ejb.Timer;
-
/**
* The SecurityInterceptor is where the EJB 2.0 declarative security model
* is enforced. This is where the caller identity propagation is controlled as well.
@@ -78,7 +81,7 @@
*/
protected AuthenticationManager securityManager;
- protected AuthorizationManager authorizationManager;
+ //protected AuthorizationManager authorizationManager;
/** The authorization manager plugin
*/
@@ -114,6 +117,12 @@
* for the use case of caller identity coming with run-as
*/
protected boolean isUseCallerIdentity = false;
+
+ /**
+ * Represents the holder of the various security managers
+ * configured at the container level
+ */
+ protected ISecurityManagement securityManagement = null;
/** Called by the super class to set the container to which this interceptor
belongs. We obtain the security manager and runAs identity to use here.
@@ -145,7 +154,7 @@
securityManager = container.getSecurityManager();
realmMapping = container.getRealmMapping();
- authorizationManager = container.getAuthorizationManager();
+ //authorizationManager = container.getAuthorizationManager();
try
{
@@ -162,7 +171,8 @@
appSecurityDomain = SecurityUtil.unprefixSecurityDomain(appSecurityDomain);
}
ejbName = beanMetaData.getEjbName();
- ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource();
+ ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource();
+ securityManagement = (ISecurityManagement) container.getSecurityManagement();
}
}
@@ -176,8 +186,11 @@
public Object invokeHome(Invocation mi) throws Exception
{
+ if(this.shouldBypassSecurity(mi))
+ return getNext().invoke(mi);
+
RunAs callerRunAsIdentity = getCallerRunAsIdentity(mi);
-
+
if(SecurityActions.getSecurityContext() == null)
throw new IllegalStateException("Security Context is null");
@@ -212,7 +225,10 @@
public Object invoke(Invocation mi) throws Exception
- {
+ {
+ if(this.shouldBypassSecurity(mi))
+ return getNext().invoke(mi);
+
RunAs callerRunAsIdentity = getCallerRunAsIdentity(mi);
if(SecurityActions.getSecurityContext() == null)
throw new IllegalStateException("Security Context is null");
@@ -266,7 +282,12 @@
//Add additional data on the security context for use
callerSC.getData().put("INVOCATION_SECURE", inv.isSecure());
callerSC.getData().put("INVOCATION_INTERVM", inv.isInterVM());
- TrustDecision td = callerSC.getIdentityTrustManager().isTrusted();
+ if(callerSC.getSecurityManagement() == null)
+ callerSC.setSecurityManagement(securityManagement);
+
+ //Use the container's securitymanagement
+ IdentityTrustManager itm = callerSC.getIdentityTrustManager();
+ TrustDecision td = itm.isTrusted(callerSC);
if(td == TrustDecision.Deny)
throw new SecurityException("Caller not trusted");
trusted = td == TrustDecision.Permit;
@@ -371,7 +392,10 @@
boolean isAuthorized = false;
Set<Principal> methodRoles = container.getMethodPermissions(ejbMethod, mi.getType());
- EJBAuthorizationHelper eah = new EJBAuthorizationHelper(SecurityActions.getSecurityContext());
+ SecurityContext currentSC = SecurityActions.getSecurityContext();
+ if(currentSC.getSecurityManagement() == null)
+ currentSC.setSecurityManagement(securityManagement);
+ EJBAuthorizationHelper eah = new EJBAuthorizationHelper(currentSC);
isAuthorized = eah.authorize(ejbName,
ejbMethod,
mi.getPrincipal(),
@@ -385,6 +409,23 @@
if(!isAuthorized)
throw new SecurityException(msg);
}
+
+ private boolean shouldBypassSecurity(Invocation mi) throws Exception
+ {
+ // If there is not a security manager then there is no authentication required
+ Method m = mi.getMethod();
+ boolean containerMethod = m == null || m.equals(ejbTimeout);
+ if ( containerMethod == true || securityManager == null || container == null )
+ {
+ // Allow for the progatation of caller info to other beans
+ SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
+ mi.getCredential(), "BYPASSED-SECURITY");
+ // Allow for the progatation of caller info to other beans
+ //SecurityActions.pushSubjectContext(mi.getPrincipal(), mi.getCredential(), null);
+ return true;
+ }
+ return false;
+ }
private RunAs getCallerRunAsIdentity(Invocation inv)
{
Modified: trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -34,8 +34,8 @@
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
/** A collection of privileged actions for this package
@@ -374,11 +374,12 @@
- static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain)
+ static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain)
+ throws PrivilegedActionException
{
- AccessController.doPrivileged(new PrivilegedAction(){
+ AccessController.doPrivileged(new PrivilegedExceptionAction(){
- public Object run()
+ public Object run() throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext(p, cred, null, domain);
SecurityContextAssociation.setSecurityContext(sc);
@@ -387,11 +388,11 @@
}
static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain,
- final Subject subject)
+ final Subject subject) throws PrivilegedActionException
{
- AccessController.doPrivileged(new PrivilegedAction(){
+ AccessController.doPrivileged(new PrivilegedExceptionAction(){
- public Object run()
+ public Object run() throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext(domain);
sc.getUtil().createSubjectInfo(p, cred, subject);
Modified: trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -49,7 +49,7 @@
*/
public class PreSecurityInterceptor extends AbstractInterceptor
{
- private String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+ private String securityDomain = null;
private String timedObjectMethod = null;
@@ -79,6 +79,11 @@
@Override
public Object invoke(Invocation mi) throws Exception
{
+ //No Security in the absence of SecurityDomain
+ if(securityDomain == null)
+ return getNext().invoke(mi);
+
+
SecurityIdentity si = null;
Method m = mi.getMethod();
boolean isEjbTimeOutMethod = m!= null && m.getName().equals(timedObjectMethod);
@@ -116,6 +121,10 @@
@Override
public Object invokeHome(Invocation mi) throws Exception
{
+ //No Security in the absence of SecurityDomain
+ if(securityDomain == null)
+ return getNext().invoke(mi);
+
SecurityIdentity si = null;
Method m = mi.getMethod();
boolean isEjbTimeOutMethod = m!= null && m.getName().equals(timedObjectMethod);
@@ -148,13 +157,14 @@
}
}
- private void establishSecurityContext(Invocation mi)
+ private void establishSecurityContext(Invocation mi) throws Exception
{
//For Local EJB invocations, the security context needs
//to be obtained from the thread local. For remote ejb
//invocations, the SC is obtained in the invocation
SecurityContext sc = mi.getSecurityContext();
- SecurityContext newSC = SecurityActions.createAndSetSecurityContext(securityDomain);
+ SecurityContext newSC = SecurityActions.createAndSetSecurityContext(securityDomain,
+ container.getSecurityContextClassName());
if(sc != null)
{
@@ -167,5 +177,7 @@
//Local EJB Invocation or some one created the Invocation object on the server side
mi.setSecurityContext(newSC);
}
+ //Set the SecurityManagement on the context
+ newSC.setSecurityManagement(container.getSecurityManagement());
}
}
Modified: trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,12 +23,14 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityIdentity;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
//$Id$
@@ -40,13 +42,14 @@
*/
class SecurityActions
{
- public static SecurityContext createAndSetSecurityContext(final String domain)
+ public static SecurityContext createAndSetSecurityContext(final String domain,
+ final String fqnClassName) throws PrivilegedActionException
{
- return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction()
+ return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
{
- public Object run()
+ public Object run() throws Exception
{
- SecurityContext sc = SecurityContextFactory.createSecurityContext(domain);
+ SecurityContext sc = SecurityContextFactory.createSecurityContext(domain, fqnClassName);
setSecurityContext(sc);
return sc;
}}
Modified: trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,11 +23,13 @@
import java.security.PrivilegedAction;
import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
/**
* A collection of privileged actions for this package
@@ -146,11 +148,12 @@
return TCLAction.UTIL.getContextClassLoader(thread);
}
- static SecurityContext createSecurityContext(final String securityDomain)
+ static SecurityContext createSecurityContext(final String securityDomain)
+ throws PrivilegedActionException
{
- return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction()
+ return (SecurityContext)AccessController.doPrivileged(new PrivilegedExceptionAction()
{
- public Object run()
+ public Object run() throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext(securityDomain);
SecurityContextAssociation.setSecurityContext(sc);
Modified: trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -24,13 +24,15 @@
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
/** Common PrivilegedAction used by classes in this package.
*
@@ -189,12 +191,13 @@
}
}
- static SecurityContext createSecurityContext(final String domain)
+ static SecurityContext createSecurityContext(final String domain)
+ throws PrivilegedActionException
{
- return (SecurityContext)AccessController.doPrivileged( new PrivilegedAction()
+ return (SecurityContext)AccessController.doPrivileged( new PrivilegedExceptionAction()
{
- public Object run()
+ public Object run() throws Exception
{
return SecurityContextFactory.createSecurityContext(domain);
}});
Modified: trunk/server/src/main/org/jboss/proxy/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/SecurityActions.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/proxy/SecurityActions.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,12 +23,14 @@
import java.security.AccessController;
import java.security.Principal;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
//$Id$
@@ -97,7 +99,7 @@
}
public SecurityContext createSecurityContext(Principal p, Object cred,
- String sdomain)
+ String sdomain) throws Exception
{
return SecurityContextFactory.createSecurityContext(p,cred, null, sdomain);
}
@@ -188,11 +190,11 @@
}
public SecurityContext createSecurityContext(final Principal p, final Object cred,
- final String sdomain)
+ final String sdomain) throws PrivilegedActionException
{
- return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction(){
-
- public Object run()
+ return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception
{
return SecurityContextFactory.createSecurityContext(p,cred, null, sdomain);
}
@@ -208,7 +210,7 @@
RunAs getCallerRunAsIdentity();
SecurityContext createSecurityContext( Principal p, Object cred,
- String sdomain);
+ String sdomain) throws Exception;
SecurityContext getSecurityContext();
Modified: trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -97,7 +97,7 @@
* @param invocation invocation instance
* @return
*/
- private SecurityContext createSecurityContext(Invocation invocation)
+ private SecurityContext createSecurityContext(Invocation invocation) throws Exception
{
SecurityActions sa = SecurityActions.UTIL.getSecurityActions();
Modified: trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -57,6 +57,7 @@
import org.jboss.naming.NonSerializableFactory;
import org.jboss.naming.Util;
import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.web.AbstractWebContainer.WebDescriptorParser;
import org.omg.CORBA.ORB;
@@ -443,8 +444,12 @@
String prefixedSecurityDomain = webApp.getMetaData().getSecurityDomain();
if(prefixedSecurityDomain != null)
{
- AuthorizationManager authzmgr =
- org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);
+ //Look up JNDI for the AuthorizationManager
+ InitialContext ic = new InitialContext();
+ String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/authorizationMgr";
+ AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+ /**AuthorizationManager authzmgr =
+ org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
if(authzmgr instanceof PolicyRegistration)
{
PolicyRegistration xam = (PolicyRegistration)authzmgr;
Modified: trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2007-09-13 22:03:02 UTC (rev 65383)
@@ -56,6 +56,8 @@
import org.jboss.naming.NonSerializableFactory;
import org.jboss.naming.Util;
import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityUtil;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.web.WebApplication;
import org.jboss.web.AbstractWebContainer.WebDescriptorParser;
@@ -360,8 +362,15 @@
String prefixedSecurityDomain = webApp.getMetaData().getSecurityDomain();
if(prefixedSecurityDomain != null)
{
- AuthorizationManager authzmgr =
- org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);
+ String unPrefixedDomain = SecurityUtil.unprefixSecurityDomain(prefixedSecurityDomain);
+ //Look up JNDI for the AuthorizationManager
+ InitialContext ic = new InitialContext();
+ String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT +
+ "/" + unPrefixedDomain + "/authorizationMgr";
+
+ AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+ /**AuthorizationManager authzmgr =
+ org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
if(authzmgr instanceof PolicyRegistration)
{
PolicyRegistration xam = (PolicyRegistration)authzmgr;
More information about the jboss-cvs-commits
mailing list