[jboss-cvs] JBossAS SVN: r72543 - in trunk: server/src/main/org/jboss/web/deployers and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 22 00:47:57 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-22 00:47:57 -0400 (Tue, 22 Apr 2008)
New Revision: 72543
Modified:
trunk/server/src/main/org/jboss/ejb/EjbModule.java
trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java
Log:
JBAS-5469: policyRegistration from JNDI
Modified: trunk/server/src/main/org/jboss/ejb/EjbModule.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-04-22 04:46:09 UTC (rev 72542)
+++ trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-04-22 04:47:57 UTC (rev 72543)
@@ -64,8 +64,7 @@
import org.jboss.metadata.XmlLoadable;
import org.jboss.mx.util.MBeanProxyExt;
import org.jboss.mx.util.ObjectNameFactory;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
+import org.jboss.security.AuthenticationManager;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityConstants;
@@ -433,22 +432,20 @@
VirtualFile xacmlFile = deploymentUnit.getMetaDataFile("jboss-xacml-policy.xml");
if(xacmlFile != null)
{
- //Look up JNDI for the AuthorizationManager
InitialContext ic = new InitialContext();
- String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + "/authorizationMgr";
try
{
- AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
- if(authzmgr instanceof PolicyRegistration)
+ PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
+ if(policyRegistration != null)
{
- PolicyRegistration xam = (PolicyRegistration)authzmgr;
- xam.registerPolicy(contextID, xacmlFile.toURL());
+ policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML,
+ xacmlFile.toURL());
}
- }
- catch(ClassCastException cce)
+ }
+ catch(Exception e)
{
- log.trace("CCE encountered while looking up authorizationmgr for " + securityDomain, cce);
- }
+ log.trace("Error in policyregistration",e);
+ }
}
}
catch (Exception e)
@@ -543,22 +540,18 @@
String securityDomain = SecurityUtil.unprefixSecurityDomain(appMetaData.getSecurityDomain());
if(securityDomain != null)
{
- //Look up JNDI for the AuthorizationManager
+ //Look up JNDI for the PolicyRegistration
InitialContext ic = new InitialContext();
- String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + "/authorizationMgr";
try
{
- AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
- if(authzmgr instanceof PolicyRegistration)
- {
- PolicyRegistration xam = (PolicyRegistration)authzmgr;
- xam.deRegisterPolicy(contextID);
- }
- }
- catch(ClassCastException cce)
- {
- log.trace("CCE experienced in looking up authorization manager for "+ securityDomain, cce);
+ PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
+ if(policyRegistration != null)
+ policyRegistration.deRegisterPolicy(contextID, PolicyRegistration.XACML);
}
+ catch(Exception e)
+ {
+ log.trace("Error in policy registration deregistration", e);
+ }
}
while ( iter.hasPrevious() )
Modified: trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2008-04-22 04:46:09 UTC (rev 72542)
+++ trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2008-04-22 04:47:57 UTC (rev 72543)
@@ -62,10 +62,7 @@
import org.jboss.mx.loading.LoaderRepositoryFactory;
import org.jboss.naming.NonSerializableFactory;
import org.jboss.naming.Util;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.ISecurityManagement;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityUtil;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.web.WebApplication;
import org.jboss.wsf.spi.deployment.UnifiedVirtualFile;
@@ -417,20 +414,19 @@
String prefixedSecurityDomain = webApp.getMetaData().getSecurityDomain();
if(prefixedSecurityDomain != null)
{
- String unPrefixedDomain = SecurityUtil.unprefixSecurityDomain(prefixedSecurityDomain);
- //Look up JNDI for the AuthorizationManager
InitialContext ic = new InitialContext();
- String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT +
- "/" + unPrefixedDomain + "/authorizationMgr";
-
- AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
- /**AuthorizationManager authzmgr =
- org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
- if(authzmgr instanceof PolicyRegistration)
+ try
{
- PolicyRegistration xam = (PolicyRegistration)authzmgr;
- xam.deRegisterPolicy(contextID);
- }
+ PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
+ if(policyRegistration != null)
+ {
+ policyRegistration.deRegisterPolicy(contextID, PolicyRegistration.XACML);
+ }
+ }
+ catch(Exception e)
+ {
+ log.trace("Error in policyRegistration",e);
+ }
}
}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-04-22 04:46:09 UTC (rev 72542)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-04-22 04:47:57 UTC (rev 72543)
@@ -53,7 +53,6 @@
import org.jboss.metadata.javaee.spec.SecurityRoleRefsMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.metadata.web.spec.ServletMetaData;
-import org.jboss.security.AuthorizationManager;
import org.jboss.security.CertificatePrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityConstants;
@@ -65,8 +64,10 @@
import org.jboss.security.audit.AuditManager;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.auth.certs.SubjectDNMapping;
+import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.integration.web.WebAuthorizationHelper;
+import org.jboss.security.javaee.AbstractWebAuthorizationHelper;
+import org.jboss.security.javaee.SecurityHelperFactory;
//$Id$
@@ -465,18 +466,33 @@
if(baseDecision)
{
Subject caller = this.establishSubjectContext(request.getPrincipal());
+
+ PolicyRegistration policyRegistration = getPolicyRegistration();
SecurityContext sc = SecurityAssociationActions.getSecurityContext();
- AuthorizationManager am = getAuthorizationManager();
Map<String,Object> contextMap = new HashMap<String,Object>();
- contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
- contextMap.put(ResourceKeys.POLICY_REGISTRATION, am);
-
+ contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
+ contextMap.put(ResourceKeys.POLICY_REGISTRATION, policyRegistration);
contextMap.put("securityConstraints", securityConstraints);
- WebAuthorizationHelper helper = new WebAuthorizationHelper(sc, this.enableAudit);
- ok = helper.checkResourcePermission(contextMap, request, response,
- caller, am,
+ AbstractWebAuthorizationHelper helper = null;
+ try
+ {
+ helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
+ }
+ catch (Exception e)
+ {
+ log.error("Exception in obtaining helper", e);
+ return false;
+ }
+
+ helper.setPolicyRegistration(policyRegistration);
+ helper.setEnableAudit(this.enableAudit);
+
+ //WebAuthorizationHelper helper = new WebAuthorizationHelper(sc, this.enableAudit);
+ ok = helper.checkResourcePermission(contextMap,
+ request, response,
+ caller, PolicyContext.getContextID(),
requestURI(request));
}
if(trace)
@@ -547,9 +563,21 @@
if(baseDecision)
{
SecurityContext sc = SecurityAssociationActions.getSecurityContext();
- WebAuthorizationHelper wah = new WebAuthorizationHelper(sc, this.enableAudit);
- authzDecision = wah.hasRole(roleName, principal, servletName,
- getPrincipalRoles(principal), getAuthorizationManager());
+
+ AbstractWebAuthorizationHelper helper = null;
+ try
+ {
+ helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
+ }
+ catch (Exception e)
+ {
+ log.error("Error obtaining helper",e);
+ }
+ helper.setPolicyRegistration(getPolicyRegistration());
+ helper.setEnableAudit(enableAudit);
+
+ authzDecision = helper.hasRole(roleName, principal, servletName, getPrincipalRoles(principal),
+ PolicyContext.getContextID(), SecurityAssociationActions.getSubject());
}
boolean finalDecision = baseDecision && authzDecision;
if(trace)
@@ -576,12 +604,20 @@
map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);
SecurityContext sc = SecurityAssociationActions.getSecurityContext();
- AuthorizationManager am = getAuthorizationManager();
-
- if(am == null)
- throw new IllegalStateException("Null AuthorizationManager for SC:"+sc.getSecurityDomain());
- WebAuthorizationHelper wah = new WebAuthorizationHelper(sc, this.enableAudit);
- ok = wah.hasUserDataPermission(map, request, response, am);
+ AbstractWebAuthorizationHelper helper = null;
+ try
+ {
+ helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
+ }
+ catch (Exception e)
+ {
+ log.error("Error obtaining helper",e);
+ }
+ helper.setPolicyRegistration(getPolicyRegistration());
+ helper.setEnableAudit(enableAudit);
+
+ ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(),
+ SecurityAssociationActions.getSubject());
}
return ok;
@@ -733,27 +769,8 @@
}
}
return caller;
- }
+ }
- /**
- * Get the Authorization Manager for the security domain
- * @return
- */
- private AuthorizationManager getAuthorizationManager()
- {
- AuthorizationManager am = null;
- try
- {
- am = (AuthorizationManager)getSecurityNamingContext().lookup("authorizationMgr");
- }
- catch (Exception e)
- {
- if(trace)
- log.trace("Lookup of authorization manager failed", e);
- }
- return am;
- }
-
private Context getSecurityNamingContext()
{
Context securityCtx = null;
@@ -913,4 +930,18 @@
cmap.put("principal", principal);
audit(AuditLevel.ERROR,cmap,e);
}
-}
+
+ private PolicyRegistration getPolicyRegistration()
+ {
+ PolicyRegistration policyRegistration = null;
+ try
+ {
+ policyRegistration = (PolicyRegistration) (new InitialContext()).lookup("java:/policyRegistration");
+ }
+ catch(Exception e)
+ {
+ log.trace("Error obtaining PolicyRegistration",e);
+ }
+ return policyRegistration;
+ }
+}
\ No newline at end of file
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java 2008-04-22 04:46:09 UTC (rev 72542)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java 2008-04-22 04:47:57 UTC (rev 72543)
@@ -60,8 +60,6 @@
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.naming.NonSerializableFactory;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityUtil;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.virtual.VirtualFile;
@@ -428,7 +426,6 @@
if (metaData.getSecurityDomain() != null)
{
- String secDomain = SecurityUtil.unprefixSecurityDomain(metaData.getSecurityDomain());
// Associate the Context Id with the Security Domain
String contextID = metaData.getJaccContextID();
@@ -436,16 +433,18 @@
URL xacmlPolicyFile = this.config.getXacmlPolicyURL();
if (xacmlPolicyFile != null)
{
- //Look up JNDI for the AuthorizationManager
InitialContext ic = new InitialContext();
- String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + secDomain + "/authorizationMgr";
- AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
- /**AuthorizationManager authzmgr =
- org.jboss.security.SecurityUtil.getAuthorizationManager(secDomain);*/
- if (authzmgr instanceof PolicyRegistration)
+ try
{
- PolicyRegistration xam = (PolicyRegistration)authzmgr;
- xam.registerPolicy(contextID, xacmlPolicyFile);
+ PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
+ if(policyRegistration != null)
+ {
+ policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, xacmlPolicyFile);
+ }
+ }
+ catch(Exception e)
+ {
+ log.trace("Error in policyRegistration",e);
}
}
}
More information about the jboss-cvs-commits
mailing list