[jboss-cvs] JBossAS SVN: r73943 - trunk/tomcat/src/main/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jun 2 13:55:42 EDT 2008
Author: mmoyses
Date: 2008-06-02 13:55:42 -0400 (Mon, 02 Jun 2008)
New Revision: 73943
Modified:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
Log:
fixing typo on getCachingPrincipal method name
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-06-02 17:50:57 UTC (rev 73942)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2008-06-02 17:55:42 UTC (rev 73943)
@@ -82,37 +82,40 @@
* @since Jul 10, 2006
* @version $Revision$
*/
-public class JBossWebRealm extends RealmBase
-{
+public class JBossWebRealm extends RealmBase
+{
static Logger log = Logger.getLogger(JBossWebRealm.class);
+
/**
* The converter from X509 cert chain to Princpal
*/
protected CertificatePrincipal certMapping = new SubjectDNMapping();
+
/**
* The JBossSecurityMgrRealm category trace flag
*/
- private boolean trace = log.isTraceEnabled();
-
+ private boolean trace = log.isTraceEnabled();
+
/** The JACC PolicyContext key for the current Subject */
private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
-
+
protected String securityDomain = SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY;
-
+
/**
* JBAS-2519:Delegate to JACC provider for unsecured resources in web.xml
*/
protected boolean unprotectedResourceDelegation = false;
- protected String securityConstraintProviderClass = "";
-
+
+ protected String securityConstraintProviderClass = "";
+
/** Should Security Audit be done **/
protected boolean enableAudit = true;
-
+
/** Should RealmBase Authorization decision be considered or not?
* false - consider, true - do not consider
*/
protected boolean ignoreBaseDecision = false;
-
+
/**
* Set the class name of the CertificatePrincipal used for mapping X509 cert
* chains to a Princpal.
@@ -134,12 +137,12 @@
log.error("Failed to load CertificatePrincipal: " + className, e);
certMapping = new SubjectDNMapping();
}
- }
+ }
public void setSecurityConstraintProviderClass(String securityConstraintProviderClass)
{
this.securityConstraintProviderClass = securityConstraintProviderClass;
- }
+ }
/**
* Override the security domain driving the authorization for the realm
@@ -148,23 +151,23 @@
public void setSecurityDomain(String securityDomain)
{
this.securityDomain = securityDomain;
- }
+ }
public void setUnprotectedResourceDelegation(boolean unprotectedResourceDelegation)
{
this.unprotectedResourceDelegation = unprotectedResourceDelegation;
- }
+ }
public void setEnableAudit(boolean enableAudit)
{
this.enableAudit = enableAudit;
- }
+ }
- public void setIgnoreBaseDecision(boolean ignoreBaseDecision)
+ public void setIgnoreBaseDecision(boolean ignoreBaseDecision)
{
- this.ignoreBaseDecision = ignoreBaseDecision;
- }
-
+ this.ignoreBaseDecision = ignoreBaseDecision;
+ }
+
//*************************************************************************
// Realm.Authenticate Methods
//*************************************************************************
@@ -201,23 +204,21 @@
{
log.trace("User: " + principal + " is authenticated");
}
- securityDomain = securityMgr.getSecurityDomain();
- SecurityAssociationActions.setPrincipalInfo(principal, certs, subject);
-
+ securityDomain = securityMgr.getSecurityDomain();
+ SecurityAssociationActions.setPrincipalInfo(principal, certs, subject);
+
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
principal = realmMapping.getPrincipal(oldPrincipal);
if (trace)
{
- log.trace("Mapped from input principal: " + oldPrincipal
- + "to: " + principal);
+ log.trace("Mapped from input principal: " + oldPrincipal + "to: " + principal);
}
// Get the caching principal
- principal = getCachingPrincpal(realmMapping, oldPrincipal,
- principal, certs, subject);
- if(enableAudit)
- successAudit(oldPrincipal,principal);
+ principal = getCachingPrincipal(realmMapping, oldPrincipal, principal, certs, subject);
+ if (enableAudit)
+ successAudit(oldPrincipal, principal);
}
else
{
@@ -225,20 +226,20 @@
{
log.trace("User: " + principal + " is NOT authenticated");
}
- if(enableAudit)
- failureAudit(principal);
+ if (enableAudit)
+ failureAudit(principal);
principal = null;
}
}
catch (NamingException e)
{
log.error("Error during authenticate", e);
- if(enableAudit)
- errorAudit(principal,e);
+ if (enableAudit)
+ errorAudit(principal, e);
}
return principal;
}
-
+
/**
* Return the Principal associated with the specified username, which matches
* the digest calculated using the given parameters using the method
@@ -255,8 +256,8 @@
* @param md5a2 Second MD5 digest used to calculate the digest : MD5(Method +
* ":" + uri)
*/
- public Principal authenticate(String username, String digest, String nonce,
- String nc, String cnonce, String qop, String realm, String md5a2)
+ public Principal authenticate(String username, String digest, String nonce, String nc, String cnonce, String qop,
+ String realm, String md5a2)
{
Principal principal = null;
Context securityCtx = getSecurityNamingContext();
@@ -277,8 +278,7 @@
try
{
- DigestCallbackHandler handler = new DigestCallbackHandler(username, nonce,
- nc, cnonce, qop, realm, md5a2);
+ DigestCallbackHandler handler = new DigestCallbackHandler(username, nonce, nc, cnonce, qop, realm, md5a2);
CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
// Get the JBoss security manager from the ENC context
@@ -287,29 +287,27 @@
Subject subject = new Subject();
if (securityMgr.isValid(principal, digest, subject))
{
- log.trace("User: " + username + " is authenticated");
+ log.trace("User: " + username + " is authenticated");
securityDomain = securityMgr.getSecurityDomain();
- SecurityAssociationActions.setPrincipalInfo(principal, digest, subject);
-
+ SecurityAssociationActions.setPrincipalInfo(principal, digest, subject);
+
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
principal = realmMapping.getPrincipal(oldPrincipal);
if (trace)
{
- log.trace("Mapped from input principal: " + oldPrincipal
- + "to: " + principal);
+ log.trace("Mapped from input principal: " + oldPrincipal + "to: " + principal);
}
// Get the caching principal
- principal = getCachingPrincpal(realmMapping, oldPrincipal,
- principal, digest, subject);
- if(enableAudit)
- successAudit(oldPrincipal,principal);
+ principal = getCachingPrincipal(realmMapping, oldPrincipal, principal, digest, subject);
+ if (enableAudit)
+ successAudit(oldPrincipal, principal);
}
else
{
- if(enableAudit)
- failureAudit(principal);
+ if (enableAudit)
+ failureAudit(principal);
principal = null;
if (trace)
{
@@ -321,8 +319,8 @@
{
principal = null;
log.error("Error during authenticate", e);
- if(enableAudit)
- errorAudit(principal,e);
+ if (enableAudit)
+ errorAudit(principal, e);
}
finally
{
@@ -376,30 +374,28 @@
{
log.trace("User: " + username + " is authenticated");
securityDomain = securityMgr.getSecurityDomain();
- SecurityAssociationActions.setPrincipalInfo(principal, credentials, subject);
+ SecurityAssociationActions.setPrincipalInfo(principal, credentials, subject);
// Get the CallerPrincipal mapping
RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
Principal oldPrincipal = principal;
principal = realmMapping.getPrincipal(oldPrincipal);
if (trace)
{
- log.trace("Mapped from input principal: " + oldPrincipal
- + "to: " + principal);
+ log.trace("Mapped from input principal: " + oldPrincipal + "to: " + principal);
}
// Get the caching principal
- principal = getCachingPrincpal(realmMapping, oldPrincipal,
- principal, credentials, subject);
- if(enableAudit)
- successAudit(oldPrincipal,principal);
+ principal = getCachingPrincipal(realmMapping, oldPrincipal, principal, credentials, subject);
+ if (enableAudit)
+ successAudit(oldPrincipal, principal);
}
else
{
- if(enableAudit)
- failureAudit(principal);
+ if (enableAudit)
+ failureAudit(principal);
if (trace)
{
log.trace("User: " + username + " is NOT authenticated");
- }
+ }
principal = null;
}
}
@@ -407,8 +403,8 @@
{
principal = null;
log.error("Error during authenticate", e);
- if(enableAudit)
- errorAudit(principal,e);
+ if (enableAudit)
+ errorAudit(principal, e);
}
if (trace)
{
@@ -416,7 +412,7 @@
}
return principal;
}
-
+
/**
* Return the Principal associated with the specified username and
* credentials, if there is one; otherwise return <code>null</code>.
@@ -429,52 +425,48 @@
{
return authenticate(username, new String(credentials));
}
-
+
//*************************************************************************
// Realm.hasXXX Methods
//*************************************************************************
/**
* JBAS-2519:Delegate to JACC provider for unsecured resources in web.xml
*/
- public SecurityConstraint[] findSecurityConstraints(Request request,
- org.apache.catalina.Context context)
- {
+ public SecurityConstraint[] findSecurityConstraints(Request request, org.apache.catalina.Context context)
+ {
SecurityConstraint[] scarr = super.findSecurityConstraints(request, context);
- if( (scarr == null || scarr.length == 0)
- && this.unprotectedResourceDelegation)
+ if ((scarr == null || scarr.length == 0) && this.unprotectedResourceDelegation)
{
scarr = getSecurityConstraintsFromProvider(request, context);
}
return scarr;
}
-
+
/**
* @see RealmBase#hasResourcePermission(Request, Response, SecurityConstraint[],
* org.apache.catalina.Context)
*/
- public boolean hasResourcePermission(Request request, Response response,
- SecurityConstraint[] securityConstraints, org.apache.catalina.Context context)
- throws IOException
- {
+ public boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] securityConstraints,
+ org.apache.catalina.Context context) throws IOException
+ {
boolean ok = false;
- boolean baseDecision = ignoreBaseDecision ? true :
- super.hasResourcePermission(request,response,
- securityConstraints, context);
-
+ boolean baseDecision = ignoreBaseDecision ? true : super.hasResourcePermission(request, response,
+ securityConstraints, context);
+
//By default, the authorization framework always returns PERMIT such that the
//decision of the realm base holds.
- if(baseDecision)
+ if (baseDecision)
{
- Subject caller = this.establishSubjectContext(request.getPrincipal());
-
+ Subject caller = this.establishSubjectContext(request.getPrincipal());
+
PolicyRegistration policyRegistration = getPolicyRegistration();
SecurityContext sc = SecurityAssociationActions.getSecurityContext();
- Map<String,Object> contextMap = new HashMap<String,Object>();
- contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
+ Map<String, Object> contextMap = new HashMap<String, Object>();
+ contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
contextMap.put(ResourceKeys.POLICY_REGISTRATION, policyRegistration);
contextMap.put("securityConstraints", securityConstraints);
-
+
AbstractWebAuthorizationHelper helper = null;
try
{
@@ -488,24 +480,20 @@
helper.setPolicyRegistration(policyRegistration);
helper.setEnableAudit(this.enableAudit);
-
+
//WebAuthorizationHelper helper = new WebAuthorizationHelper(sc, this.enableAudit);
- ok = helper.checkResourcePermission(contextMap,
- request, response,
- caller, PolicyContext.getContextID(),
- requestURI(request));
- }
- if(trace)
- log.trace("hasResourcePerm:RealmBase says:" + baseDecision +
- "::Authz framework says:" + ok + ":final=" + ok);
- if( ok == false )
+ ok = helper.checkResourcePermission(contextMap, request, response, caller, PolicyContext.getContextID(),
+ requestURI(request));
+ }
+ if (trace)
+ log.trace("hasResourcePerm:RealmBase says:" + baseDecision + "::Authz framework says:" + ok + ":final=" + ok);
+ if (ok == false)
{
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- sm.getString("realmBase.forbidden"));
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, sm.getString("realmBase.forbidden"));
}
return ok;
}
-
+
/**
* Returns <code>true</code> if the specified user <code>Principal</code> has
* the specified security role, within the context of this
@@ -519,36 +507,36 @@
* @param role Security role to be checked
*/
public boolean hasRole(Principal principal, String role)
- {
+ {
String servletName = null;
//WebProgrammaticAuthentication does not go through hasResourcePermission
//and hence the activeRequest thread local may not be set
- Request req = (Request)SecurityAssociationValve.activeRequest.get();
+ Request req = (Request) SecurityAssociationValve.activeRequest.get();
Wrapper servlet = req.getWrapper();
if (servlet != null)
{
- servletName = getServletName(servlet);
+ servletName = getServletName(servlet);
}
-
- if(servletName == null)
- throw new IllegalStateException("servletName is null");
+
+ if (servletName == null)
+ throw new IllegalStateException("servletName is null");
JBossWebMetaData metaData = SecurityAssociationValve.activeWebMetaData.get();
String roleName = role;
-
+
/**
* If the metaData is null, this is an internal call made by RealmBase.hasResourcePermission
*/
- if(metaData != null)
+ if (metaData != null)
{
ServletMetaData servletMD = metaData.getServlets().get(servletName);
SecurityRoleRefsMetaData roleRefs = null;
- if(servletMD != null)
+ if (servletMD != null)
roleRefs = servletMD.getSecurityRoleRefs();
- if(roleRefs != null)
+ if (roleRefs != null)
{
- for(SecurityRoleRefMetaData ref : roleRefs)
+ for (SecurityRoleRefMetaData ref : roleRefs)
{
- if( ref.getRoleLink().equals(role) )
+ if (ref.getRoleLink().equals(role))
{
roleName = ref.getName();
break;
@@ -558,12 +546,12 @@
}
boolean authzDecision = false;
- boolean baseDecision = ignoreBaseDecision ? true : super.hasRole(principal, role);
-
- if(baseDecision)
- {
- SecurityContext sc = SecurityAssociationActions.getSecurityContext();
-
+ boolean baseDecision = ignoreBaseDecision ? true : super.hasRole(principal, role);
+
+ if (baseDecision)
+ {
+ SecurityContext sc = SecurityAssociationActions.getSecurityContext();
+
AbstractWebAuthorizationHelper helper = null;
try
{
@@ -571,65 +559,65 @@
}
catch (Exception e)
{
- log.error("Error obtaining helper",e);
+ log.error("Error obtaining helper", e);
}
helper.setPolicyRegistration(getPolicyRegistration());
- helper.setEnableAudit(enableAudit);
+ helper.setEnableAudit(enableAudit);
Subject callerSubject = SecurityAssociationActions.getSubject();
- if(callerSubject == null)
+ if (callerSubject == null)
{
- //During hasResourcePermission check, catalina calls hasRole. But we have not established
- // a subject yet in the security context. So we will get the subject from the cached principal
- callerSubject = SecurityAssociationActions.getSubjectFromRequestPrincipal(principal);
+ //During hasResourcePermission check, catalina calls hasRole. But we have not established
+ // a subject yet in the security context. So we will get the subject from the cached principal
+ callerSubject = SecurityAssociationActions.getSubjectFromRequestPrincipal(principal);
}
-
- authzDecision = helper.hasRole(roleName, principal, servletName, getPrincipalRoles(principal),
- PolicyContext.getContextID(), callerSubject);
+
+ authzDecision = helper.hasRole(roleName, principal, servletName, getPrincipalRoles(principal), PolicyContext
+ .getContextID(), callerSubject);
}
- boolean finalDecision = baseDecision && authzDecision;
- if(trace)
- log.trace("hasRole:RealmBase says:" + baseDecision +
- "::Authz framework says:" + authzDecision + ":final=" + finalDecision);
-
- return finalDecision;
+ boolean finalDecision = baseDecision && authzDecision;
+ if (trace)
+ log.trace("hasRole:RealmBase says:" + baseDecision + "::Authz framework says:" + authzDecision + ":final="
+ + finalDecision);
+
+ return finalDecision;
}
-
+
/**
* @see RealmBase#hasUserDataPermission(Request, Response, SecurityConstraint[])
*/
- public boolean hasUserDataPermission(Request request, Response response,
- SecurityConstraint[] constraints) throws IOException
- {
+ public boolean hasUserDataPermission(Request request, Response response, SecurityConstraint[] constraints)
+ throws IOException
+ {
boolean ok = ignoreBaseDecision ? true : super.hasUserDataPermission(request, response, constraints);
//If the realmbase check has passed, then we can go to authz framework
- if(ok)
+ if (ok)
{
- Principal requestPrincipal = request.getPrincipal();
- establishSubjectContext(requestPrincipal);
- Map<String,Object> map = new HashMap<String,Object>();
- map.put("securityConstraints", constraints);
- map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);
-
- SecurityContext sc = SecurityAssociationActions.getSecurityContext();
- AbstractWebAuthorizationHelper helper = null;
- try
- {
- helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
- }
- catch (Exception e)
- {
- log.error("Error obtaining helper",e);
- }
- helper.setPolicyRegistration(getPolicyRegistration());
- helper.setEnableAudit(enableAudit);
-
- ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(),
- SecurityAssociationActions.getSubject());
+ Principal requestPrincipal = request.getPrincipal();
+ establishSubjectContext(requestPrincipal);
+ Map<String, Object> map = new HashMap<String, Object>();
+ map.put("securityConstraints", constraints);
+ map.put(ResourceKeys.USERDATA_PERM_CHECK, Boolean.TRUE);
+
+ SecurityContext sc = SecurityAssociationActions.getSecurityContext();
+ AbstractWebAuthorizationHelper helper = null;
+ try
+ {
+ helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
+ }
+ catch (Exception e)
+ {
+ log.error("Error obtaining helper", e);
+ }
+ helper.setPolicyRegistration(getPolicyRegistration());
+ helper.setEnableAudit(enableAudit);
+
+ ok = helper.hasUserDataPermission(map, request, response, PolicyContext.getContextID(),
+ SecurityAssociationActions.getSubject());
}
-
+
return ok;
}
-
+
//*****************************************************************************
// PROTECTED METHODS
//*****************************************************************************
@@ -645,9 +633,8 @@
* @param credential - the credential used for authentication
* @return the tomcat session principal wrapper
*/
- protected Principal getCachingPrincpal(RealmMapping realmMapping,
- Principal authPrincipal, Principal callerPrincipal, Object credential,
- Subject subject)
+ protected Principal getCachingPrincipal(RealmMapping realmMapping, Principal authPrincipal,
+ Principal callerPrincipal, Object credential, Subject subject)
{
// Cache the user roles in the principal
Set<Principal> userRoles = realmMapping.getUserRoles(authPrincipal);
@@ -661,11 +648,11 @@
roles.add(role.getName());
}
}
- JBossGenericPrincipal gp = new JBossGenericPrincipal(this, subject,
- authPrincipal, callerPrincipal, credential, roles, userRoles);
+ JBossGenericPrincipal gp = new JBossGenericPrincipal(this, subject, authPrincipal, callerPrincipal, credential,
+ roles, userRoles);
return gp;
}
-
+
/**
* Return a short name for this Realm implementation, for use in log
* messages.
@@ -674,7 +661,7 @@
{
return getClass().getName();
}
-
+
/**
* Return the password associated with the given principal's user name.
*/
@@ -683,17 +670,15 @@
String password = null;
return password;
}
-
+
/**
* Return the Principal associated with the given user name.
*/
protected Principal getPrincipal(String username)
{
return new SimplePrincipal(username);
- }
-
-
-
+ }
+
/**
* Get the canonical request uri from the request mapping data requestPath
* @param request
@@ -702,14 +687,13 @@
static String requestURI(Request request)
{
String uri = request.getMappingData().requestPath.getString();
- if( uri == null || uri.equals("/") )
+ if (uri == null || uri.equals("/"))
{
uri = "";
}
return uri;
}
-
-
+
/**
* Access the set of role Princpals associated with the given caller princpal.
*
@@ -719,14 +703,14 @@
*/
protected Set<Principal> getPrincipalRoles(Principal principal)
{
- if( (principal instanceof GenericPrincipal) == false )
- throw new IllegalStateException("Expected GenericPrincipal, but saw: "+principal.getClass());
+ if ((principal instanceof GenericPrincipal) == false)
+ throw new IllegalStateException("Expected GenericPrincipal, but saw: " + principal.getClass());
GenericPrincipal gp = (GenericPrincipal) principal;
String[] roleNames = gp.getRoles();
Set<Principal> userRoles = new HashSet<Principal>();
- if( roleNames != null )
+ if (roleNames != null)
{
- for(int n = 0; n < roleNames.length; n ++)
+ for (int n = 0; n < roleNames.length; n++)
{
SimplePrincipal sp = new SimplePrincipal(roleNames[n]);
userRoles.add(sp);
@@ -734,11 +718,11 @@
}
return userRoles;
}
-
+
//*****************************************************************************
// PRIVATE METHODS
//*****************************************************************************
-
+
/**
* Ensure that the JACC PolicyContext Subject handler has access to the
* authenticated Subject. The caching of the authentication state by tomcat
@@ -747,7 +731,7 @@
*
* @param principal - the http request getPrincipal
* @return the authenticated Subject is there is one, null otherwise
- */
+ */
private Subject establishSubjectContext(Principal principal)
{
Subject caller = null;
@@ -757,27 +741,26 @@
}
catch (PolicyContextException e)
{
- if( trace )
+ if (trace)
log.trace("Failed to get subject from PolicyContext", e);
}
- if( caller == null )
+ if (caller == null)
{
// Test the request principal that may come from the session cache
- if( principal instanceof JBossGenericPrincipal )
+ if (principal instanceof JBossGenericPrincipal)
{
JBossGenericPrincipal jgp = (JBossGenericPrincipal) principal;
caller = jgp.getSubject();
//
if (trace)
log.trace("Restoring principal info from cache");
- SecurityAssociationActions.setPrincipalInfo(jgp.getAuthPrincipal(),
- jgp.getCredentials(), jgp.getSubject());
+ SecurityAssociationActions.setPrincipalInfo(jgp.getAuthPrincipal(), jgp.getCredentials(), jgp.getSubject());
}
}
return caller;
- }
-
+ }
+
private Context getSecurityNamingContext()
{
Context securityCtx = null;
@@ -793,7 +776,7 @@
}
return securityCtx;
}
-
+
/**
* Get a set of SecurityConstraints from either the PolicyProvider
* or the securityConstraintProviderClass class, via reflection
@@ -802,57 +785,56 @@
* @param context
* @return an array of SecurityConstraints
*/
- private SecurityConstraint[] getSecurityConstraintsFromProvider(Request request,
- org.apache.catalina.Context context)
- {
+ private SecurityConstraint[] getSecurityConstraintsFromProvider(Request request, org.apache.catalina.Context context)
+ {
SecurityConstraint[] scarr = null;
- Class<?>[] sig = {Request.class, Context.class};
- Object[] args = {request, context};
-
+ Class<?>[] sig =
+ {Request.class, Context.class};
+ Object[] args =
+ {request, context};
+
Method findsc = null;
-
+
//Try the Policy Provider
try
{
Policy policy = Policy.getPolicy();
findsc = policy.getClass().getMethod("findSecurityConstraints", sig);
- scarr = (SecurityConstraint[])findsc.invoke(policy, args);
+ scarr = (SecurityConstraint[]) findsc.invoke(policy, args);
}
- catch(Throwable t)
+ catch (Throwable t)
{
- if(trace)
- log.error("Error obtaining security constraints from policy",t);
+ if (trace)
+ log.error("Error obtaining security constraints from policy", t);
}
//If the policy provider did not provide the security constraints
//check if a seperate SC provider is plugged in
- if(scarr == null || scarr.length == 0)
+ if (scarr == null || scarr.length == 0)
{
- if(securityConstraintProviderClass == "" ||
- securityConstraintProviderClass.length() == 0)
+ if (securityConstraintProviderClass == "" || securityConstraintProviderClass.length() == 0)
{
- if(trace)
- log.trace("unprotectedResourceDelegation is true "+
- "but securityConstraintProviderClass is empty");
+ if (trace)
+ log.trace("unprotectedResourceDelegation is true " + "but securityConstraintProviderClass is empty");
}
else
//Try to call the method on the provider class
try
- {
+ {
Class<?> clazz = SecurityAssociationActions.loadClass(securityConstraintProviderClass);
- Object obj = clazz.newInstance();
- findsc = clazz.getMethod("findSecurityConstraints", sig);
- if(trace)
+ Object obj = clazz.newInstance();
+ findsc = clazz.getMethod("findSecurityConstraints", sig);
+ if (trace)
log.trace("findSecurityConstraints method found in securityConstraintProviderClass");
- scarr = (SecurityConstraint[])findsc.invoke(obj, args);
- }
- catch (Throwable t)
- {
- log.error("Error instantiating "+securityConstraintProviderClass,t);
- }
- }
+ scarr = (SecurityConstraint[]) findsc.invoke(obj, args);
+ }
+ catch (Throwable t)
+ {
+ log.error("Error instantiating " + securityConstraintProviderClass, t);
+ }
+ }
return scarr;
}
-
+
/**
* Jacc Specification : Appendix
* B.19 Calling isUserInRole from JSP not mapped to a Servlet
@@ -872,72 +854,69 @@
* @return empty string if it is for an unmapped jsp or name of the servlet for others
*/
private String getServletName(Wrapper servlet)
- {
+ {
//For jsp, the mapping will be (*.jsp, *.jspx)
String[] mappings = servlet.findMappings();
- if(trace)
- log.trace("[getServletName:servletmappings="+mappings +
- ":servlet.getName()="+servlet.getName()+"]");
- if("jsp".equals(servlet.getName())
- && (mappings != null && mappings[0].indexOf("*.jsp")> -1))
+ if (trace)
+ log.trace("[getServletName:servletmappings=" + mappings + ":servlet.getName()=" + servlet.getName() + "]");
+ if ("jsp".equals(servlet.getName()) && (mappings != null && mappings[0].indexOf("*.jsp") > -1))
return "";
else
return servlet.getName();
- }
-
- private void audit(String level,
- Map<String,Object> contextMap, Exception e)
- {
+ }
+
+ private void audit(String level, Map<String, Object> contextMap, Exception e)
+ {
String requestInfo = "";
try
{
- HttpServletRequest hsr = (HttpServletRequest)PolicyContext.getContext(SecurityConstants.WEB_REQUEST_KEY);
+ HttpServletRequest hsr = (HttpServletRequest) PolicyContext.getContext(SecurityConstants.WEB_REQUEST_KEY);
requestInfo = WebUtil.deriveUsefulInfo(hsr);
contextMap.put("request", requestInfo);
}
catch (PolicyContextException pe)
{
- if(trace)
+ if (trace)
log.trace("Error obtaining the servlet request:", pe);
}
contextMap.put("Source", getClass().getName());
AuditEvent ae = new AuditEvent(level);
ae.setContextMap(contextMap);
ae.setUnderlyingException(e);
-
+
SecurityContext sc = SecurityAssociationActions.getSecurityContext();
- if(sc != null)
+ if (sc != null)
{
AuditManager auditManager = sc.getAuditManager();
- if(auditManager != null)
- auditManager.audit(ae);
+ if (auditManager != null)
+ auditManager.audit(ae);
else
log.trace("Audit Manager obtained from Security Context is null");
- }
+ }
}
-
+
private void successAudit(Principal callerPrincipal, Principal principal)
{
- Map<String,Object> cmap = new HashMap<String,Object>();
+ Map<String, Object> cmap = new HashMap<String, Object>();
cmap.put("principal", principal);
cmap.put("CallerPrincipal", callerPrincipal);
- audit(AuditLevel.SUCCESS,cmap,null);
- }
-
+ audit(AuditLevel.SUCCESS, cmap, null);
+ }
+
private void failureAudit(Principal principal)
{
- Map<String,Object> cmap = new HashMap<String,Object>();
+ Map<String, Object> cmap = new HashMap<String, Object>();
cmap.put("principal", principal);
- audit(AuditLevel.FAILURE,cmap,null);
+ audit(AuditLevel.FAILURE, cmap, null);
}
-
+
private void errorAudit(Principal principal, Exception e)
{
- Map<String,Object> cmap = new HashMap<String,Object>();
+ Map<String, Object> cmap = new HashMap<String, Object>();
cmap.put("principal", principal);
- audit(AuditLevel.ERROR,cmap,e);
- }
-
+ audit(AuditLevel.ERROR, cmap, e);
+ }
+
private PolicyRegistration getPolicyRegistration()
{
PolicyRegistration policyRegistration = null;
@@ -945,10 +924,10 @@
{
policyRegistration = (PolicyRegistration) (new InitialContext()).lookup("java:/policyRegistration");
}
- catch(Exception e)
+ catch (Exception e)
{
- log.trace("Error obtaining PolicyRegistration",e);
- }
+ log.trace("Error obtaining PolicyRegistration", e);
+ }
return policyRegistration;
}
}
More information about the jboss-cvs-commits
mailing list