[jboss-cvs] JBoss Messaging SVN: r3147 - in trunk/src/main/org/jboss/jms: server/container and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Sep 27 15:12:12 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-09-27 15:12:12 -0400 (Thu, 27 Sep 2007)
New Revision: 3147
Added:
trunk/src/main/org/jboss/jms/server/container/SecurityActions.java
trunk/src/main/org/jboss/jms/server/endpoint/SecurityActions.java
Modified:
trunk/src/main/org/jboss/jms/client/remoting/JMSRemotingConnection.java
trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java
Log:
MESSAGING-1082: add privileged blocks to access SecurityAssociation
Modified: trunk/src/main/org/jboss/jms/client/remoting/JMSRemotingConnection.java
===================================================================
--- trunk/src/main/org/jboss/jms/client/remoting/JMSRemotingConnection.java 2007-09-27 18:42:02 UTC (rev 3146)
+++ trunk/src/main/org/jboss/jms/client/remoting/JMSRemotingConnection.java 2007-09-27 19:12:12 UTC (rev 3147)
@@ -21,21 +21,19 @@
*/
package org.jboss.jms.client.remoting;
-import java.util.HashMap;
-import java.util.Map;
-import java.net.MalformedURLException;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedActionException;
+import java.util.HashMap;
+import java.util.Map;
import org.jboss.jms.server.ServerPeer;
import org.jboss.jms.wireformat.JMSWireFormat;
import org.jboss.logging.Logger;
import org.jboss.messaging.util.GUIDGenerator;
import org.jboss.remoting.Client;
+import org.jboss.remoting.ConnectionListener;
import org.jboss.remoting.InvokerLocator;
import org.jboss.remoting.ServerInvoker;
-import org.jboss.remoting.ConnectionListener;
import org.jboss.remoting.callback.CallbackPoller;
import org.jboss.remoting.callback.InvokerCallbackHandler;
import org.jboss.remoting.transport.bisocket.Bisocket;
Added: trunk/src/main/org/jboss/jms/server/container/SecurityActions.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/container/SecurityActions.java (rev 0)
+++ trunk/src/main/org/jboss/jms/server/container/SecurityActions.java 2007-09-27 19:12:12 UTC (rev 3147)
@@ -0,0 +1,133 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jms.server.container;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityAssociation;
+
+
+/** A collection of privileged actions for this package
+ * @author Scott.Stark at jboss.org
+ * @author <a href="mailto:alex at jboss.org">Alexey Loubyansky</a>
+ * @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a>
+ * @author <a href="mailto:anil.saldhana at jboss.com">anil saldhana</a>
+ * @version $Revison: 1.0$
+ */
+class SecurityActions
+{
+ interface PrincipalInfoAction
+ {
+ PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(final Principal principal, final Object credential,
+ final Subject subject)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ return null;
+ }
+ }
+ );
+ }
+ public void dup()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.dupSubjectContext();
+ return null;
+ }
+ }
+ );
+ }
+ public void pop()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.popSubjectContext();
+ return null;
+ }
+ }
+ );
+ }
+ };
+
+ PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(Principal principal, Object credential, Subject subject)
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ }
+ public void dup()
+ {
+ SecurityAssociation.dupSubjectContext();
+ }
+ public void pop()
+ {
+ SecurityAssociation.popSubjectContext();
+ }
+ };
+
+ void push(Principal principal, Object credential, Subject subject);
+ void dup();
+ void pop();
+ }
+
+ static void pushSubjectContext(Principal principal, Object credential,
+ Subject subject)
+ {
+ if(System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject);
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject);
+ }
+ }
+
+ static void popSubjectContext()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.pop();
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.pop();
+ }
+ }
+ }
Modified: trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2007-09-27 18:42:02 UTC (rev 3146)
+++ trunk/src/main/org/jboss/jms/server/container/SecurityAspect.java 2007-09-27 19:12:12 UTC (rev 3147)
@@ -44,8 +44,7 @@
import org.jboss.jms.server.security.SecurityMetadata;
import org.jboss.jms.tx.ClientTransaction;
import org.jboss.jms.tx.TransactionRequest;
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityAssociation;
+import org.jboss.logging.Logger;
/**
* This aspect enforces the JBossMessaging JMS security policy.
@@ -316,7 +315,7 @@
finally
{
// pop the Messaging SecurityContext, it did its job
- SecurityAssociation.popSubjectContext();
+ SecurityActions.popSubjectContext();
}
// if we get here we're granted, add to the cache
Added: trunk/src/main/org/jboss/jms/server/endpoint/SecurityActions.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/endpoint/SecurityActions.java (rev 0)
+++ trunk/src/main/org/jboss/jms/server/endpoint/SecurityActions.java 2007-09-27 19:12:12 UTC (rev 3147)
@@ -0,0 +1,133 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.jms.server.endpoint;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityAssociation;
+
+
+/** A collection of privileged actions for this package
+ * @author Scott.Stark at jboss.org
+ * @author <a href="mailto:alex at jboss.org">Alexey Loubyansky</a>
+ * @author tim.fox at jboss.com
+ * @author anil.saldhana at jboss.com
+ * @version $Revison: 1.0$
+ */
+class SecurityActions
+{
+ interface PrincipalInfoAction
+ {
+ PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(final Principal principal, final Object credential,
+ final Subject subject)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ return null;
+ }
+ }
+ );
+ }
+ public void dup()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.dupSubjectContext();
+ return null;
+ }
+ }
+ );
+ }
+ public void pop()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.popSubjectContext();
+ return null;
+ }
+ }
+ );
+ }
+ };
+
+ PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(Principal principal, Object credential, Subject subject)
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ }
+ public void dup()
+ {
+ SecurityAssociation.dupSubjectContext();
+ }
+ public void pop()
+ {
+ SecurityAssociation.popSubjectContext();
+ }
+ };
+
+ void push(Principal principal, Object credential, Subject subject);
+ void dup();
+ void pop();
+ }
+
+ static void pushSubjectContext(Principal principal, Object credential,
+ Subject subject)
+ {
+ if(System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject);
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject);
+ }
+ }
+
+ static void popSubjectContext()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.pop();
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.pop();
+ }
+ }
+ }
Modified: trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java 2007-09-27 18:42:02 UTC (rev 3146)
+++ trunk/src/main/org/jboss/jms/server/endpoint/ServerConnectionFactoryEndpoint.java 2007-09-27 19:12:12 UTC (rev 3147)
@@ -21,8 +21,6 @@
*/
package org.jboss.jms.server.endpoint;
-import java.util.Iterator;
-import java.util.List;
import java.util.Map;
import javax.jms.JMSException;
@@ -40,10 +38,8 @@
import org.jboss.jms.wireformat.Dispatcher;
import org.jboss.logging.Logger;
import org.jboss.messaging.util.ExceptionUtil;
-import org.jboss.messaging.util.ConcurrentHashSet;
import org.jboss.remoting.callback.Callback;
-import org.jboss.remoting.callback.ServerInvokerCallbackHandler;
-import org.jboss.security.SecurityAssociation;
+import org.jboss.remoting.callback.ServerInvokerCallbackHandler;
/**
* Concrete implementation of ConnectionFactoryEndpoint
@@ -226,7 +222,7 @@
serverPeer.getSecurityManager().authenticate(username, password);
// We don't need the SubjectContext on thread local anymore, clean it up
- SecurityAssociation.popSubjectContext();
+ SecurityActions.popSubjectContext();
String clientIDUsed = clientID;
More information about the jboss-cvs-commits
mailing list