[jboss-cvs] JBossAS SVN: r69642 - in projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security: mapping/providers and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Feb 5 17:44:52 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-02-05 17:44:52 -0500 (Tue, 05 Feb 2008)
New Revision: 69642
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/OptionsRoleMappingProvider.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java
Log:
SECURITY-108: use rolegroup for role usage in sec ctx SECURITY-119: use rolegroup
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java 2008-02-05 22:44:00 UTC (rev 69641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicy.java 2008-02-05 22:44:52 UTC (rev 69642)
@@ -22,9 +22,9 @@
package org.jboss.security.config;
import java.security.Principal;
-import java.security.acl.Group;
import org.jboss.security.auth.login.BaseAuthenticationInfo;
+import org.jboss.security.identity.RoleGroup;
//$Id$
@@ -173,7 +173,7 @@
public <T> MappingInfo getMappingInfo(Class<T> t)
{
- if(t == Group.class)
+ if(t == RoleGroup.class)
return this.getRoleMappingInfo();
if(t == Principal.class)
return this.getPrincipalMappingInfo();
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java 2008-02-05 22:44:00 UTC (rev 69641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/config/ApplicationPolicyContainer.java 2008-02-05 22:44:52 UTC (rev 69642)
@@ -62,6 +62,7 @@
String baseAppPolicyName = null;
+ @SuppressWarnings("unchecked")
List authenticationModuleEntries = new ArrayList();
List<AuthorizationModuleEntry> authorizationModuleEntries = new ArrayList<AuthorizationModuleEntry>();
List<AuditProviderEntry> auditProviderEntries = new ArrayList<AuditProviderEntry>();
@@ -84,6 +85,7 @@
/**
* @see GenericValueContainer#addChild(javax.xml.namespace.QName, java.lang.Object)
*/
+ @SuppressWarnings("unchecked")
public void addChild(QName name, Object value)
{
log.debug("addChild::" + name + ":" + value);
@@ -180,6 +182,7 @@
/**
* @see GenericValueContainer#instantiate()
*/
+ @SuppressWarnings("unchecked")
public Object instantiate()
{
info = new ApplicationPolicy(authName);
@@ -229,7 +232,7 @@
/**
* @see GenericValueContainer#getTargetClass()
*/
- public Class getTargetClass()
+ public Class<?> getTargetClass()
{
return ApplicationPolicy.class;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java 2008-02-05 22:44:00 UTC (rev 69641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java 2008-02-05 22:44:52 UTC (rev 69642)
@@ -23,14 +23,14 @@
import java.security.Principal;
import java.security.acl.Group;
-import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.SimplePrincipal;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.mapping.MappingProvider;
import org.jboss.security.mapping.MappingResult;
@@ -44,18 +44,18 @@
* @since Nov 1, 2006
* @version $Revision$
*/
-public class DeploymentRolesMappingProvider implements MappingProvider<Group>
+public class DeploymentRolesMappingProvider implements MappingProvider<RoleGroup>
{
private static Logger log = Logger.getLogger(DeploymentRolesMappingProvider.class);
private boolean trace = log.isTraceEnabled();
- private MappingResult<Group> result;
+ private MappingResult<RoleGroup> result;
public void init(Map<String,Object> options)
{
}
- public void setMappingResult(MappingResult<Group> res)
+ public void setMappingResult(MappingResult<RoleGroup> res)
{
result = res;
}
@@ -66,7 +66,7 @@
* @see MappingProvider#performMapping(Map, Object)
*/
@SuppressWarnings("unchecked")
- public void performMapping(Map<String,Object> map, Group mappedObject)
+ public void performMapping(Map<String,Object> map, RoleGroup mappedObject)
{
if(map == null || map.isEmpty())
throw new IllegalArgumentException("Context Map is null or empty");
@@ -99,58 +99,29 @@
mappedObject = mapGroup(p, principalRolesMap, mappedObject);
}
}
-
- /*Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
- if(roleset != null)
- {
- Group newRoles = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
- Iterator<String> iter = roleset.iterator();
- while(iter.hasNext())
- {
- String rolename = iter.next();
- newRoles.addMember(createNewPrincipal(mappedObject,rolename));
- }
- mappedObject = MappingProviderUtil.replacePrincipals(mappedObject, newRoles);
- }*/
+
result.setMappedObject(mappedObject);
}
- private Group mapGroup(Principal principal, Map<String, Set<String>> principalRolesMap,
- Group mappedObject)
+ private RoleGroup mapGroup(Principal principal, Map<String, Set<String>> principalRolesMap,
+ RoleGroup mappedObject)
{
Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
if(roleset != null)
{
- Group newRoles = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
- Iterator<String> iter = roleset.iterator();
- while(iter.hasNext())
+ RoleGroup newRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+
+ if(roleset != null)
{
- String rolename = iter.next();
- newRoles.addMember(createNewPrincipal(mappedObject,rolename));
+ for(String r:roleset)
+ {
+ newRoles.addRole(new SimpleRole(r));
+ }
}
- mappedObject = MappingProviderUtil.replacePrincipals(mappedObject, newRoles);
+
+ mappedObject.clearRoles();
+ mappedObject.getRoles().addAll(newRoles.getRoles());
}
return mappedObject;
- }
-
- /**
- * Need to maintain the Principal type from the original group
- * @param mappedObject
- * @param name
- * @return
- */
- private Principal createNewPrincipal(Group mappedObject, String name)
- {
- Principal p = new SimplePrincipal(name);
-
- //If the original group had a different principal than simpleprincipal
- if(mappedObject.members().hasMoreElements())
- {
- Principal origp = mappedObject.members().nextElement();
- p = MappingProviderUtil.instantiatePrincipal(origp.getClass(), name);
- if(p == null)
- p = new SimplePrincipal(name);
- }
- return p;
}
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/OptionsRoleMappingProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/OptionsRoleMappingProvider.java 2008-02-05 22:44:00 UTC (rev 69641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/OptionsRoleMappingProvider.java 2008-02-05 22:44:52 UTC (rev 69642)
@@ -6,13 +6,14 @@
*/
package org.jboss.security.mapping.providers;
-import java.security.Principal;
-import java.security.acl.Group;
import java.util.ArrayList;
-import java.util.Enumeration;
+import java.util.List;
import java.util.Map;
import java.util.Properties;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.mapping.MappingProvider;
import org.jboss.security.mapping.MappingResult;
@@ -24,13 +25,13 @@
* @version $Revision$
* @since Aug 24, 2006
*/
-public class OptionsRoleMappingProvider implements MappingProvider<Group>
+public class OptionsRoleMappingProvider implements MappingProvider<RoleGroup>
{
//Standard Strings
private static final String REPLACE_ROLES_STRING = "replaceRoles";
private static final String ROLES_MAP = "rolesMap";
- private MappingResult<Group> result;
+ private MappingResult<RoleGroup> result;
private Map<String,Object> options = null;
@@ -57,44 +58,45 @@
}
}
- public void setMappingResult(MappingResult<Group> res)
+ public void setMappingResult(MappingResult<RoleGroup> res)
{
result = res;
}
- public void performMapping(Map<String,Object> contextMap, Group mappedObject)
+ public void performMapping(Map<String,Object> contextMap, RoleGroup mappedObject)
{
- ArrayList<Principal> removeMembers = new ArrayList<Principal>();
- ArrayList<Principal> addMembers = new ArrayList<Principal>();
+ ArrayList<Role> removeMembers = new ArrayList<Role>();
+ ArrayList<Role> addMembers = new ArrayList<Role>();
- //Enumerate over the members
- Enumeration<? extends Principal> enumer = mappedObject.members();
- while(enumer.hasMoreElements())
+ List<Role> rolesList = mappedObject.getRoles();
+ if(rolesList != null)
{
- Principal p = (Principal)enumer.nextElement();
- String name = p.getName();
- String commaSeparatedRoles = roleMapProperties.getProperty(name);
- if(commaSeparatedRoles != null)
+ for(Role r: rolesList)
{
- String[] tokens = MappingProviderUtil.getRolesFromCommaSeparatedString(commaSeparatedRoles);
- int len = tokens != null ? tokens.length : 0;
- for(int i = 0; i < len; i++)
+ String commaSeparatedRoles = roleMapProperties.getProperty(r.getRoleName());
+ if(commaSeparatedRoles != null)
{
- if(this.REPLACE_ROLES)
- removeMembers.add(p);
- addMembers.add(MappingProviderUtil.instantiatePrincipal(p.getClass(),tokens[i]));
- }
- }
- }
+ String[] tokens = MappingProviderUtil.getRolesFromCommaSeparatedString(commaSeparatedRoles);
+ int len = tokens != null ? tokens.length : 0;
+ for(int i = 0; i < len; i++)
+ {
+ if(this.REPLACE_ROLES)
+ removeMembers.add(r);
+ addMembers.add(new SimpleRole(tokens[i]));
+ }
+ }
+ }
+ }
+
//Go through the remove list
- for(Principal p:removeMembers)
+ for(Role p:removeMembers)
{
- mappedObject.removeMember(p);
+ mappedObject.removeRole(p);
}
//Go through the add list
- for(Principal p:addMembers)
+ for(Role p:addMembers)
{
- mappedObject.addMember(p);
+ mappedObject.addRole(p);
}
result.setMappedObject(mappedObject);
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2008-02-05 22:44:00 UTC (rev 69641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2008-02-05 22:44:52 UTC (rev 69642)
@@ -32,6 +32,7 @@
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Lock;
@@ -50,7 +51,7 @@
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
-import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
import org.jboss.security.acl.ACLContext;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
@@ -59,6 +60,7 @@
import org.jboss.security.authorization.Resource;
import org.jboss.security.callbacks.SecurityContextCallback;
import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
@@ -168,7 +170,7 @@
public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
{
boolean hasRole = false;
- Group roles = this.getCurrentRoles(principal);
+ RoleGroup roles = this.getCurrentRoles(principal);
if( trace )
log.trace("doesUserHaveRole(Set), roles: "+roles);
if(roles != null)
@@ -201,7 +203,7 @@
public boolean doesUserHaveRole(Principal principal, Principal role)
{
boolean hasRole = false;
- Group roles = this.getCurrentRoles(principal);
+ RoleGroup roles = this.getCurrentRoles(principal);
hasRole = doesRoleGroupHaveRole(role, roles);
return hasRole;
}
@@ -216,7 +218,7 @@
*/
public Set<Principal> getUserRoles(Principal principal)
{
- Group userRoles = getCurrentRoles(principal);
+ RoleGroup userRoles = getCurrentRoles(principal);
return this.getRolesAsSet(userRoles);
}
@@ -230,14 +232,14 @@
@return true if role is in userRoles or an AnybodyPrincipal instance, false
if role is a NobodyPrincipal or no a member of userRoles
*/
- protected boolean doesRoleGroupHaveRole(Principal role, Group userRoles)
+ protected boolean doesRoleGroupHaveRole(Principal role, RoleGroup userRoles)
{
// First check that role is not a NobodyPrincipal
if (role instanceof NobodyPrincipal)
return false;
// Check for inclusion in the user's role set
- boolean isMember = userRoles.isMember(role);
+ boolean isMember = userRoles.containsRole(new SimpleRole(role.getName()));
if (isMember == false)
{ // Check the AnybodyPrincipal special cases
isMember = (role instanceof AnybodyPrincipal);
@@ -349,18 +351,17 @@
}
//Private Methods
- private HashSet<Principal> getRolesAsSet(Group roles)
+ private HashSet<Principal> getRolesAsSet(RoleGroup roles)
{
HashSet<Principal> userRoles = null;
if( roles != null )
{
userRoles = new HashSet<Principal>();
- Enumeration<? extends Principal> members = roles.members();
- while( members.hasMoreElements() )
+ List<Role> rolesList = roles.getRoles();
+ for(Role r: rolesList)
{
- Principal role = (Principal) members.nextElement();
- userRoles.add(role);
- }
+ userRoles.add(new SimplePrincipal(r.getRoleName()));
+ }
}
return userRoles;
}
@@ -385,11 +386,11 @@
throw new RuntimeException(e);
}
SecurityContext sc = scb.getSecurityContext();
- Group roles = this.getCurrentRoles(null, authenticatedSubject, sc);
+
+ RoleGroup roles = this.getCurrentRoles(null, authenticatedSubject, sc);
if(roles == null)
- return new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
- else
- return new SimpleRoleGroup(roles);
+ roles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ return roles;
}
/*
@@ -397,7 +398,7 @@
* the Subject
* @param principal The Principal in question
*/
- private Group getCurrentRoles(Principal principal)
+ private RoleGroup getCurrentRoles(Principal principal)
{
//Check that the caller is authenticated to the current thread
Subject subject = null;
@@ -421,7 +422,7 @@
return getCurrentRoles(principal,subject,sc);
}
- private Group getCurrentRoles(Principal principal, Subject subject, SecurityContext sc)
+ private RoleGroup getCurrentRoles(Principal principal, Subject subject, SecurityContext sc)
{
if(subject == null)
throw new IllegalArgumentException("Subject passed is null");
@@ -432,7 +433,8 @@
boolean emptyContextRoles = false;
- Group userRoles = (Group)sc.getData().get(ROLES_IDENTIFIER);
+ RoleGroup userRoles = sc.getUtil().getRoles();
+ //Group userRoles = (Group)sc.getData().get(ROLES_IDENTIFIER);
if(userRoles == null || "true".equalsIgnoreCase(SubjectActions.getRefreshSecurityContextRoles()))
emptyContextRoles = true;
userRoles = copyGroups(userRoles, subjectRoles);
@@ -445,8 +447,9 @@
if(subjectRoles != userRoles || emptyContextRoles)
{
MappingManager mm = sc.getMappingManager();
- MappingContext<Group> mc = mm.getMappingContext(Group.class);
- Group mappedUserRoles = userRoles;
+ MappingContext<RoleGroup> mc = mm.getMappingContext(RoleGroup.class);
+
+ RoleGroup mappedUserRoles = userRoles;
if(mc != null && mc.hasModules())
{
Map<String,Object> contextMap = new HashMap<String,Object>();
@@ -462,7 +465,7 @@
if(trace)
log.trace("Roles before mapping:"+ userRoles);
mc.performMapping(contextMap, userRoles);
- mappedUserRoles = (Group) mc.getMappingResult().getMappedObject();
+ mappedUserRoles = (RoleGroup) mc.getMappingResult().getMappedObject();
if(trace)
log.trace("Roles after mapping:"+ userRoles);
}
@@ -480,16 +483,16 @@
* @param source
* @param toCopy
*/
- private Group copyGroups(Group source, Group toCopy)
+ private RoleGroup copyGroups(RoleGroup source, Group toCopy)
{
if(toCopy == null)
return source;
if(source == null && toCopy != null)
- source = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ source = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
Enumeration<? extends Principal> en = toCopy.members();
while(en.hasMoreElements())
{
- source.addMember((Principal)en.nextElement());
+ source.addRole(new SimpleRole(en.nextElement().getName()));
}
return source;
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java 2008-02-05 22:44:00 UTC (rev 69641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/JBossSecurityContextUtil.java 2008-02-05 22:44:52 UTC (rev 69642)
@@ -37,6 +37,7 @@
import org.jboss.security.SecurityContextUtil;
import org.jboss.security.SecurityIdentity;
import org.jboss.security.SubjectInfo;
+import org.jboss.security.identity.RoleGroup;
//$Id$
@@ -53,6 +54,7 @@
this.securityContext = sc;
}
+ @SuppressWarnings("unchecked")
@Override
public <T> T get(String key)
{
@@ -126,6 +128,7 @@
securityContext.getData().put(key, obj);
}
+ @SuppressWarnings("unchecked")
@Override
public <T> T remove(String key)
{
@@ -146,10 +149,10 @@
}
@Override
- public <T> void setRoles(T roles)
+ public void setRoles(RoleGroup roles)
{
validateSecurityContext();
- securityContext.getData().put(ROLES_IDENTIFIER, roles);
+ securityContext.getSubjectInfo().setRoles(roles);
}
@@ -184,10 +187,10 @@
@Override
- public <T> T getRoles()
+ public RoleGroup getRoles()
{
- validateSecurityContext();
- return (T) securityContext.getData().get(ROLES_IDENTIFIER);
+ validateSecurityContext();
+ return securityContext.getSubjectInfo().getRoles();
}
// Private Methods
More information about the jboss-cvs-commits
mailing list