[jboss-cvs] JBoss Messaging SVN: r4390 - in trunk/src/main/org/jboss/messaging/core: security and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jun 5 05:28:53 EDT 2008
Author: ataylor
Date: 2008-06-05 05:28:53 -0400 (Thu, 05 Jun 2008)
New Revision: 4390
Modified:
trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityDeployer.java
trunk/src/main/org/jboss/messaging/core/security/Role.java
trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java
Log:
made role immutable and tidied up
Modified: trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityDeployer.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityDeployer.java 2008-06-05 08:41:59 UTC (rev 4389)
+++ trunk/src/main/org/jboss/messaging/core/deployers/impl/SecurityDeployer.java 2008-06-05 09:28:53 UTC (rev 4390)
@@ -21,7 +21,6 @@
*/
package org.jboss.messaging.core.deployers.impl;
-import org.jboss.messaging.core.deployers.Deployer;
import org.jboss.messaging.core.security.Role;
import org.jboss.messaging.core.settings.HierarchicalRepository;
import org.w3c.dom.Node;
@@ -45,6 +44,10 @@
private static final String MATCH = "match";
private static final String SECURITY_ELEMENT_NAME = "security";
+ public static final String WRITE_NAME = "write";
+ public static final String READ_NAME = "read";
+ public static final String CREATE_NAME = "create";
+
/**
* The repository to add to
*/
@@ -54,8 +57,10 @@
{
this.securityRepository = securityRepository;
}
+
/**
* the names of the elements to deploy
+ *
* @return the names of the elements todeploy
*/
public String[] getElementTagName()
@@ -65,6 +70,7 @@
/**
* the key attribute for theelement, usually 'name' but can be overridden
+ *
* @return the key attribute
*/
public String getKeyAttribute()
@@ -74,6 +80,7 @@
/**
* deploy an element
+ *
* @param node the element to deploy
* @throws Exception .
*/
@@ -97,15 +104,15 @@
String[] roles = roleString.split(",");
for (String role : roles)
{
- if (Role.CREATE_NAME.equals(type))
+ if (CREATE_NAME.equals(type))
{
create.add(role.trim());
}
- else if (Role.WRITE_NAME.equals(type))
+ else if (WRITE_NAME.equals(type))
{
write.add(role.trim());
}
- else if (Role.READ_NAME.equals(type))
+ else if (READ_NAME.equals(type))
{
read.add(role);
}
@@ -124,6 +131,7 @@
/**
* undeploys an element
+ *
* @param node the element to undeploy
* @throws Exception .
*/
Modified: trunk/src/main/org/jboss/messaging/core/security/Role.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/Role.java 2008-06-05 08:41:59 UTC (rev 4389)
+++ trunk/src/main/org/jboss/messaging/core/security/Role.java 2008-06-05 09:28:53 UTC (rev 4390)
@@ -25,111 +25,71 @@
/**
* A role is used by the security store to define access rights and is configured on a connection factory or destination
+ *
* @author <a href="ataylor at redhat.com">Andy Taylor</a>
*/
public class Role implements Serializable
{
- private static final long serialVersionUID = 3560097227776448872L;
+ private static final long serialVersionUID = 3560097227776448872L;
- public static final String WRITE_NAME="write";
-
- public static final String READ_NAME="read";
-
- public static final String CREATE_NAME="create";
-
- private String name;
-
- private boolean read = false;
-
- private boolean write = false;
-
- private boolean create = false;
+ private String name;
- public Role(final String name)
- {
- this.name = name;
- }
+ private boolean read = false;
- public Role(final String name, final boolean read, final boolean write, final boolean create)
- {
- this.name = name;
- this.read = read;
- this.write = write;
- this.create = create;
- }
+ private boolean write = false;
- public String getName()
- {
- return name;
- }
+ private boolean create = false;
- public void setName(final String name)
- {
- this.name = name;
- }
+ public Role(final String name)
+ {
+ this.name = name;
+ }
- public boolean isRead()
- {
- return read;
- }
+ public Role(final String name, final boolean read, final boolean write, final boolean create)
+ {
+ this.name = name;
+ this.read = read;
+ this.write = write;
+ this.create = create;
+ }
- public void setRead(final boolean read)
- {
- this.read = read;
- }
+ public String getName()
+ {
+ return name;
+ }
- public boolean isWrite()
- {
- return write;
- }
+ public boolean isCheckType(final CheckType checkType)
+ {
+ return checkType.equals(CheckType.READ) ? read : checkType.equals(CheckType.WRITE) ? write : create;
+ }
- public void setWrite(final boolean write)
- {
- this.write = write;
- }
+ public String toString()
+ {
+ return "Role {name=" + name + ";read=" + read + ";write=" + write + ";create=" + create + "}";
+ }
- public boolean isCreate()
- {
- return create;
- }
+ public boolean equals(Object o)
+ {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
- public void setCreate(final boolean create)
- {
- this.create = create;
- }
+ Role role = (Role) o;
- public boolean isCheckType(final CheckType checkType)
- {
- return checkType.equals(CheckType.READ) ? read : checkType.equals(CheckType.WRITE) ? write : create;
- }
+ if (create != role.create) return false;
+ if (read != role.read) return false;
+ if (write != role.write) return false;
+ if (!name.equals(role.name)) return false;
- public String toString()
- {
- return "Role {name=" + name + ";read=" + read + ";write=" + write + ";create=" + create + "}";
- }
+ return true;
+ }
- public boolean equals(Object o)
- {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- Role role = (Role) o;
-
- if (create != role.create) return false;
- if (read != role.read) return false;
- if (write != role.write) return false;
- if (!name.equals(role.name)) return false;
-
- return true;
- }
-
- public int hashCode()
- {
- int result;
- result = name.hashCode();
- result = 31 * result + (read ? 1 : 0);
- result = 31 * result + (write ? 1 : 0);
- result = 31 * result + (create ? 1 : 0);
- return result;
- }
+ public int hashCode()
+ {
+ int result;
+ result = name.hashCode();
+ result = 31 * result + (read ? 1 : 0);
+ result = 31 * result + (write ? 1 : 0);
+ result = 31 * result + (create ? 1 : 0);
+ return result;
+ }
}
Modified: trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java 2008-06-05 08:41:59 UTC (rev 4389)
+++ trunk/src/main/org/jboss/messaging/core/security/impl/JAASSecurityManager.java 2008-06-05 09:28:53 UTC (rev 4390)
@@ -21,20 +21,18 @@
*/
package org.jboss.messaging.core.security.impl;
+import org.jboss.messaging.core.logging.Logger;
+import org.jboss.messaging.core.security.CheckType;
import org.jboss.messaging.core.security.JBMSecurityManager;
import org.jboss.messaging.core.security.Role;
-import org.jboss.messaging.core.security.CheckType;
-import org.jboss.messaging.core.logging.Logger;
-import org.jboss.messaging.core.exception.MessagingException;
+import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.AuthenticationManager;
+import javax.naming.InitialContext;
import javax.security.auth.Subject;
-import javax.naming.InitialContext;
import java.util.HashSet;
import java.util.Set;
-import java.security.Principal;
/**
* This implementation delegates to the a real JAAS Authentication Manager and will typically be used within an appserver
@@ -85,7 +83,7 @@
public boolean validateUserAndRole(String user, String password, HashSet<Role> roles, CheckType checkType)
{
- SimplePrincipal principal = user == null? null:new SimplePrincipal(user);
+ SimplePrincipal principal = user == null ? null : new SimplePrincipal(user);
char[] passwordChars = null;
@@ -96,19 +94,22 @@
Subject subject = new Subject();
- boolean authenticated = authenticationManager.isValid(principal, passwordChars, subject);
+ boolean authenticated = authenticationManager.isValid(principal, passwordChars, subject);
// Authenticate. Successful authentication will place a new SubjectContext on thread local,
// which will be used in the authorization process. However, we need to make sure we clean up
// thread local immediately after we used the information, otherwise some other people
// security my be screwed up, on account of thread local security stack being corrupted.
- if(authenticated)
+ if (authenticated)
{
SecurityActions.pushSubjectContext(principal, passwordChars, subject);
Set rolePrincipals = getRolePrincipals(checkType, roles);
authenticated = realmMapping.doesUserHaveRole(principal, rolePrincipals);
- if (trace) { log.trace("user " + user + (authenticated ? " is " : " is NOT ") + "authorized"); }
+ if (trace)
+ {
+ log.trace("user " + user + (authenticated ? " is " : " is NOT ") + "authorized");
+ }
SecurityActions.popSubjectContext();
}
return authenticated;
@@ -119,9 +120,9 @@
Set<SimplePrincipal> principals = new HashSet<SimplePrincipal>();
for (Role role : roles)
{
- if((checkType.equals(CheckType.CREATE) && role.isCreate()) ||
- (checkType.equals(CheckType.WRITE) && role.isWrite()) ||
- (checkType.equals(CheckType.READ) && role.isRead()))
+ if ((checkType.equals(CheckType.CREATE) && role.isCheckType(CheckType.CREATE)) ||
+ (checkType.equals(CheckType.WRITE) && role.isCheckType(CheckType.WRITE)) ||
+ (checkType.equals(CheckType.READ) && role.isCheckType(CheckType.READ)))
{
principals.add(new SimplePrincipal(role.getName()));
}
@@ -141,12 +142,13 @@
/**
* lifecycle method, needs to be called
+ *
* @throws Exception
*/
public void start() throws Exception
{
InitialContext ic = new InitialContext();
- authenticationManager = (AuthenticationManager)ic.lookup(securityDomainName);
+ authenticationManager = (AuthenticationManager) ic.lookup(securityDomainName);
realmMapping = (RealmMapping) authenticationManager;
}
More information about the jboss-cvs-commits
mailing list