[jboss-cvs] JBossAS SVN: r74229 - in projects/jboss-aspects/trunk: security and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jun 6 02:28:47 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-06-06 02:28:47 -0400 (Fri, 06 Jun 2008)
New Revision: 74229
Modified:
projects/jboss-aspects/trunk/build/pom.xml
projects/jboss-aspects/trunk/security/.classpath
projects/jboss-aspects/trunk/security/pom.xml
projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/AuthenticationInterceptor.java
projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java
projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/SecurityActions.java
Log:
JBASPECT-20: fix aspects security
Modified: projects/jboss-aspects/trunk/build/pom.xml
===================================================================
--- projects/jboss-aspects/trunk/build/pom.xml 2008-06-06 06:16:36 UTC (rev 74228)
+++ projects/jboss-aspects/trunk/build/pom.xml 2008-06-06 06:28:47 UTC (rev 74229)
@@ -34,10 +34,10 @@
<version.jboss.common.core>2.2.5.GA</version.jboss.common.core>
<version.jboss.logging.spi>2.0.5.GA</version.jboss.logging.spi>
<version.jboss.aop>2.0.0.CR11</version.jboss.aop>
- <version.jboss.security.spi>2.0.2.Beta5</version.jboss.security.spi>
+ <version.jboss.security.spi>2.0.2.CR2</version.jboss.security.spi>
<version.jboss.transaction.spi>5.0.0.Beta4</version.jboss.transaction.spi>
<version.jboss.transaction.api>1.0.1.CR1</version.jboss.transaction.api>
- <version.jbosssx.client>2.0.2.Beta5</version.jbosssx.client>
+ <version.jboss.security.jbosssx>2.0.2.CR2</version.jboss.security.jbosssx>
<version.jboss.microcontainer>2.0.0.Beta13</version.jboss.microcontainer>
<version.org.jboss.man>2.0.0.Beta12</version.org.jboss.man>
<version.org.jboss.remoting>2.4.0.CR2</version.org.jboss.remoting>
@@ -198,8 +198,8 @@
<dependency>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-client</artifactId>
- <version>${version.jbosssx.client}</version>
+ <artifactId>jbosssx</artifactId>
+ <version>${version.jboss.security.jbosssx}</version>
</dependency>
<dependency>
Modified: projects/jboss-aspects/trunk/security/.classpath
===================================================================
--- projects/jboss-aspects/trunk/security/.classpath 2008-06-06 06:16:36 UTC (rev 74228)
+++ projects/jboss-aspects/trunk/security/.classpath 2008-06-06 06:28:47 UTC (rev 74229)
@@ -1,30 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="src/main"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.0.2/activation-1.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar" sourcepath="M2_REPO/ant/ant/1.6.5/ant-1.6.5-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/security/jacc/1.0/jacc-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javassist/3.7.1.GA/javassist-3.7.1.GA.jar" sourcepath="M2_REPO/org/jboss/javassist/3.7.1.GA/javassist-3.7.1.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.0/jaxb-api-2.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR8/jboss-aop-2.0.0.CR8.jar" sourcepath="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR8/jboss-aop-2.0.0.CR8-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA.jar" sourcepath="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar" sourcepath="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta10/jboss-container-2.0.0.Beta10.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta10/jboss-container-2.0.0.Beta10-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-dependency/2.0.0.Beta11/jboss-dependency-2.0.0.Beta11.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-dependency/2.0.0.Beta11/jboss-dependency-2.0.0.Beta11-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0-BETA1/jboss-jaspi-api-1.0-BETA1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0-BETA1/jboss-jaspi-api-1.0-BETA1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-kernel/2.0.0.Beta11/jboss-kernel-2.0.0.Beta11.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-kernel/2.0.0.Beta11/jboss-kernel-2.0.0.Beta11-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA.jar" sourcepath="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-mdr/2.0.0.Beta12/jboss-mdr-2.0.0.Beta12.jar" sourcepath="M2_REPO/org/jboss/jboss-mdr/2.0.0.Beta12/jboss-mdr-2.0.0.Beta12-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta12/jboss-reflect-2.0.0.Beta12.jar" sourcepath="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta12/jboss-reflect-2.0.0.Beta12-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx-client/2.0.2.Beta5/jbosssx-client-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx-client/2.0.2.Beta5/jbosssx-client-2.0.2.Beta5-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR7/jbossxb-2.0.0.CR7.jar" sourcepath="M2_REPO/org/jboss/jbossxb/2.0.0.CR7/jbossxb-2.0.0.CR7-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jsr173_api/1.0/jsr173_api-1.0.jar"/>
- <classpathentry kind="var" path="M2_REPO/qdox/qdox/1.6/qdox-1.6.jar" sourcepath="M2_REPO/qdox/qdox/1.6/qdox-1.6-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/trove/trove/2.1.1/trove-2.1.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
-</classpath>
\ No newline at end of file
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.0.2/activation-1.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar" sourcepath="M2_REPO/ant/ant/1.6.5/ant-1.6.5-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/security/jacc/1.0/jacc-1.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javassist/3.7.1.GA/javassist-3.7.1.GA.jar" sourcepath="M2_REPO/org/jboss/javassist/3.7.1.GA/javassist-3.7.1.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR8/jboss-aop-2.0.0.CR8.jar" sourcepath="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR8/jboss-aop-2.0.0.CR8-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA.jar" sourcepath="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar" sourcepath="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta10/jboss-container-2.0.0.Beta10.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta10/jboss-container-2.0.0.Beta10-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-dependency/2.0.0.Beta14/jboss-dependency-2.0.0.Beta14.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-dependency/2.0.0.Beta11/jboss-dependency-2.0.0.Beta11-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.CR1/jboss-jaspi-api-1.0.0.CR1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0-BETA1/jboss-jaspi-api-1.0-BETA1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-kernel/2.0.0.Beta14/jboss-kernel-2.0.0.Beta14.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-kernel/2.0.0.Beta11/jboss-kernel-2.0.0.Beta11-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA.jar" sourcepath="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-mdr/2.0.0.Beta15/jboss-mdr-2.0.0.Beta15.jar" sourcepath="M2_REPO/org/jboss/jboss-mdr/2.0.0.Beta12/jboss-mdr-2.0.0.Beta12-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta12/jboss-reflect-2.0.0.Beta12.jar" sourcepath="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta12/jboss-reflect-2.0.0.Beta12-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.CR2/jboss-security-spi-2.0.2.CR2.jar" sourcepath="/M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.CR2/jboss-security-spi-2.0.2.CR2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx/2.0.2.CR1/jbosssx-2.0.2.CR1.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx-client/2.0.2.Beta5/jbosssx-client-2.0.2.Beta5-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR9/jbossxb-2.0.0.CR9.jar" sourcepath="M2_REPO/org/jboss/jbossxb/2.0.0.CR7/jbossxb-2.0.0.CR7-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/qdox/qdox/1.6/qdox-1.6.jar" sourcepath="M2_REPO/qdox/qdox/1.6/qdox-1.6-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/trove/trove/2.1.1/trove-2.1.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="output" path="target/eclipse-classes"/>
+</classpath>
Modified: projects/jboss-aspects/trunk/security/pom.xml
===================================================================
--- projects/jboss-aspects/trunk/security/pom.xml 2008-06-06 06:16:36 UTC (rev 74228)
+++ projects/jboss-aspects/trunk/security/pom.xml 2008-06-06 06:28:47 UTC (rev 74229)
@@ -2,8 +2,8 @@
<parent>
<groupId>org.jboss.aspects</groupId>
<artifactId>jboss-aspects-build</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- <relativePath>../build</relativePath>
+ <version>1.0.1-SNAPSHOT</version>
+ <relativePath>../build/pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>jboss-security-aspects</artifactId>
@@ -72,20 +72,20 @@
</dependency>
<dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.jboss.javaee</groupId>
<artifactId>jboss-jaspi-api</artifactId>
</dependency>
<dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-client</artifactId>
- </dependency>
-
- <dependency>
<groupId>javax.security</groupId>
<artifactId>jacc</artifactId>
</dependency>
<!-- Test dependencies -->
</dependencies>
-</project>
\ No newline at end of file
+</project>
Modified: projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/AuthenticationInterceptor.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/AuthenticationInterceptor.java 2008-06-06 06:16:36 UTC (rev 74228)
+++ projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/AuthenticationInterceptor.java 2008-06-06 06:28:47 UTC (rev 74229)
@@ -21,12 +21,13 @@
*/
package org.jboss.aspects.security;
+import java.security.GeneralSecurityException;
import java.security.Principal;
-import java.security.GeneralSecurityException;
+
import javax.security.auth.Subject;
+
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RunAsIdentity;
/**
* The AuthenticationInterceptor authenticates the caller.
@@ -61,6 +62,8 @@
*/
public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
{
+ org.jboss.security.SecurityContext sc = SecurityActions.getSecurityContext();
+
try
{
authenticate(invocation);
@@ -82,19 +85,17 @@
// so that the principal doesn't keep being associated with thread if the thread is pooled
// only pop if it's been pushed
- RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
+ org.jboss.security.RunAs callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
if (authenticationManager == null || callerRunAsIdentity == null)
{
SecurityActions.popSubjectContext();
- }
- if(authenticationManager != null)
- SecurityActions.clearSecurityContext();
+ }
if (invocation.getMetaData("security", "principal") != null)
{
- SecurityActions.setPrincipal(null);
- SecurityActions.setCredential(null);
+ SecurityActions.pushSubjectContext(null, null, null); ;
}
+ SecurityActions.setSecurityContext(sc);
}
}
@@ -120,7 +121,7 @@
// authenticate the current principal
- RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
+ org.jboss.security.RunAs callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
if (callerRunAsIdentity == null)
{
// Check the security info from the method invocation
Modified: projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java 2008-06-06 06:16:36 UTC (rev 74228)
+++ projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java 2008-06-06 06:28:47 UTC (rev 74229)
@@ -21,6 +21,10 @@
*/
package org.jboss.aspects.security;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.logging.Logger;
import org.jboss.security.AnybodyPrincipal;
@@ -30,10 +34,6 @@
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SimplePrincipal;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
-
/**
* The RoleBasedAuthorizationInterceptor checks that the caller principal is
* authorized to call a method by verifing that it contains at least one
@@ -132,7 +132,7 @@
}
// Check if the caller is allowed to access the method
- RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
+ org.jboss.security.RunAs callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
if (roles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
{
// The caller is using a the caller identity
@@ -154,16 +154,22 @@
else
{
// Check that the run-as role is in the set of method roles
- if (callerRunAsIdentity.doesUserHaveRole(roles) == false)
+ if (callerRunAsIdentity instanceof RunAsIdentity)
{
- String msg = "Insufficient permissions, runAsPrincipal=" + callerRunAsIdentity.getName()
- + ", requiredRoles=" + roles + ", runAsRoles=" + callerRunAsIdentity.getRunAsRoles();
- log.error(msg);
- throw new SecurityException(msg);
- }
+ RunAsIdentity rai = (RunAsIdentity) callerRunAsIdentity;
+ if(rai.doesUserHaveRole(roles) == false)
+ {
+ String msg = "Insufficient permissions, runAsPrincipal=" + rai.getName()
+ + ", requiredRoles=" + roles + ", runAsRoles=" + rai.getRunAsRoles();
+ log.error(msg);
+ throw new SecurityException(msg);
+ }
+ }
+ else
+ throw new RuntimeException("Unknown RunAs type");
}
}
return invocation.invokeNext();
}
-}
+}
\ No newline at end of file
Modified: projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/SecurityActions.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/SecurityActions.java 2008-06-06 06:16:36 UTC (rev 74228)
+++ projects/jboss-aspects/trunk/security/src/main/java/org/jboss/aspects/security/SecurityActions.java 2008-06-06 06:28:47 UTC (rev 74229)
@@ -21,274 +21,37 @@
*/
package org.jboss.aspects.security;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.security.AccessController;
+import java.security.Principal;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
-import java.security.Principal;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.lang.reflect.UndeclaredThrowableException;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
-
+
import org.jboss.logging.Logger;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.SimpleIdentity;
/** A collection of privileged actions for this package
* @author Scott.Stark at jboss.org
* @author <a href="mailto:alex at jboss.org">Alexey Loubyansky</a>
+ * @author Anil.Saldhana at redhat.com
* @version $Revison: $
*/
+
+ at SuppressWarnings({"unchecked", "unused"})
class SecurityActions
{
private static final Logger log = Logger.getLogger(SecurityActions.class);
-
- interface PrincipalInfoAction
- {
- PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
- {
- public void push(final Principal principal, final Object credential,
- final Subject subject)
- {
- AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
- return null;
- }
- }
- );
- }
- public void pop()
- {
- AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- SecurityAssociation.popSubjectContext();
- return null;
- }
- }
- );
- }
-
- public Principal getPrincipal()
- {
- return (Principal)AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getPrincipal();
- }
- }
- );
- }
-
- public void setPrincipal(final Principal principal)
- {
- AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- SecurityAssociation.setPrincipal(principal);
- return null;
- }
- }
- );
- }
-
- public Principal getCallerPrincipal()
- {
- return (Principal)AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getCallerPrincipal();
- }
- }
- );
- }
-
- public Object getCredential()
- {
- return AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getCredential();
- }
- }
- );
- }
-
- public void setCredential(final Object credential)
- {
- AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- SecurityAssociation.setCredential(credential);
- return null;
- }
- }
- );
- }
- };
-
- PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
- {
- public void push(Principal principal, Object credential, Subject subject)
- {
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
- }
- public void pop()
- {
- SecurityAssociation.popSubjectContext();
- }
- public Principal getPrincipal()
- {
- return SecurityAssociation.getPrincipal();
- }
- public void setPrincipal(Principal principal)
- {
- SecurityAssociation.setPrincipal(principal);
- }
- public Principal getCallerPrincipal()
- {
- return SecurityAssociation.getPrincipal();
- }
- public Object getCredential()
- {
- return SecurityAssociation.getCredential();
- }
- public void setCredential(Object credential)
- {
- SecurityAssociation.setCredential(credential);
- }
- };
-
- void push(Principal principal, Object credential, Subject subject);
- void pop();
- Principal getPrincipal();
- void setPrincipal(Principal principal);
- Principal getCallerPrincipal();
- Object getCredential();
- void setCredential(Object credential);
- }
-
-
- interface RunAsIdentityActions
- {
- RunAsIdentityActions PRIVILEGED = new RunAsIdentityActions()
- {
- private final PrivilegedAction peekAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.peekRunAsIdentity();
- }
- };
-
- private final PrivilegedAction popAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.popRunAsIdentity();
- }
- };
-
- public RunAsIdentity peek()
- {
- return (RunAsIdentity)AccessController.doPrivileged(peekAction);
- }
-
- public void push(final RunAsIdentity id)
- {
- AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- SecurityAssociation.pushRunAsIdentity(id);
- return null;
- }
- }
- );
- }
-
- public RunAsIdentity pop()
- {
- return (RunAsIdentity)AccessController.doPrivileged(popAction);
- }
- };
-
- RunAsIdentityActions NON_PRIVILEGED = new RunAsIdentityActions()
- {
- public RunAsIdentity peek()
- {
- return SecurityAssociation.peekRunAsIdentity();
- }
-
- public void push(RunAsIdentity id)
- {
- SecurityAssociation.pushRunAsIdentity(id);
- }
-
- public RunAsIdentity pop()
- {
- return SecurityAssociation.popRunAsIdentity();
- }
- };
-
- RunAsIdentity peek();
-
- void push(RunAsIdentity id);
-
- RunAsIdentity pop();
- }
-
- interface ContextInfoActions
- {
- static final String EX_KEY = "org.jboss.security.exception";
- ContextInfoActions PRIVILEGED = new ContextInfoActions()
- {
- private final PrivilegedAction exAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getContextInfo(EX_KEY);
- }
- };
- public Exception getContextException()
- {
- return (Exception)AccessController.doPrivileged(exAction);
- }
- };
-
- ContextInfoActions NON_PRIVILEGED = new ContextInfoActions()
- {
- public Exception getContextException()
- {
- return (Exception)SecurityAssociation.getContextInfo(EX_KEY);
- }
- };
-
- Exception getContextException();
- }
-
+
interface PolicyContextActions
{
/** The JACC PolicyContext key for the current Subject */
@@ -345,134 +108,151 @@
static Principal getCallerPrincipal()
{
- if (System.getSecurityManager() == null)
+ return AccessController.doPrivileged(new PrivilegedAction<Principal>()
{
- return PrincipalInfoAction.NON_PRIVILEGED.getCallerPrincipal();
- }
- else
- {
- return PrincipalInfoAction.PRIVILEGED.getCallerPrincipal();
- }
+ public Principal run()
+ {
+ org.jboss.security.RunAs runas = getSecurityContext().getIncomingRunAs();
+ if(runas != null)
+ return new SimplePrincipal(runas.getName());
+ return getSecurityContext().getUtil().getUserPrincipal();
+ }
+ });
}
static Principal getPrincipal()
{
- if (System.getSecurityManager() == null)
+ return AccessController.doPrivileged(new PrivilegedAction<Principal>()
{
- return PrincipalInfoAction.NON_PRIVILEGED.getPrincipal();
- }
- else
- {
- return PrincipalInfoAction.PRIVILEGED.getPrincipal();
- }
+ public Principal run()
+ {
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+ return sc != null ? sc.getUtil().getUserPrincipal() : null;
+ }
+ });
}
- static void setPrincipal(Principal principal)
+ static void setPrincipal(final Principal principal)
{
- if (System.getSecurityManager() == null)
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
{
- PrincipalInfoAction.NON_PRIVILEGED.setPrincipal(principal);
- }
- else
- {
- PrincipalInfoAction.PRIVILEGED.setPrincipal(principal);
- }
+ public Object run()
+ {
+ Identity identity = new SimpleIdentity(principal.getName());
+
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+ sc.getUtil().addIdentity(identity);
+ return null;
+ }
+ });
}
static Object getCredential()
{
- if (System.getSecurityManager() == null)
+ return AccessController.doPrivileged(new PrivilegedAction<Object>()
{
- return PrincipalInfoAction.NON_PRIVILEGED.getCredential();
- }
- else
- {
- return PrincipalInfoAction.PRIVILEGED.getCredential();
- }
+ public Object run()
+ {
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+ return sc.getUtil().getCredential();
+ }
+ });
}
-
- static void setCredential(Object credential)
- {
- if (System.getSecurityManager() == null)
- {
- PrincipalInfoAction.NON_PRIVILEGED.setCredential(credential);
- }
- else
- {
- PrincipalInfoAction.PRIVILEGED.setCredential(credential);
- }
- }
- static void pushSubjectContext(Principal principal, Object credential,
- Subject subject)
+ static void pushSubjectContext(final Principal principal, final Object credential,
+ final Subject subject)
{
- if(System.getSecurityManager() == null)
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
{
- PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject);
- }
- else
- {
- PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject);
- }
+ public Object run()
+ {
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+ sc.getUtil().createSubjectInfo(principal,
+ credential, subject);
+ return null;
+ }
+ });
}
static void popSubjectContext()
{
- if(System.getSecurityManager() == null)
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
{
- PrincipalInfoAction.NON_PRIVILEGED.pop();
- }
- else
- {
- PrincipalInfoAction.PRIVILEGED.pop();
- }
+ public Object run()
+ {
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+ sc.setSubjectInfo(null);
+ return null;
+ }
+ });
}
- static RunAsIdentity peekRunAsIdentity()
+ static org.jboss.security.RunAs peekRunAsIdentity()
{
- if(System.getSecurityManager() == null)
+ return AccessController.doPrivileged(new PrivilegedAction<org.jboss.security.RunAs>()
{
- return RunAsIdentityActions.NON_PRIVILEGED.peek();
- }
- else
- {
- return RunAsIdentityActions.PRIVILEGED.peek();
- }
+ public org.jboss.security.RunAs run()
+ {
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+
+ return sc.getIncomingRunAs();
+ }
+ });
}
- static void pushRunAsIdentity(RunAsIdentity principal)
+ static void pushRunAsIdentity(final org.jboss.security.RunAs runas)
{
- if(System.getSecurityManager() == null)
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>()
{
- RunAsIdentityActions.NON_PRIVILEGED.push(principal);
- }
- else
- {
- RunAsIdentityActions.PRIVILEGED.push(principal);
- }
+ public Object run()
+ {
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+ sc.setIncomingRunAs(runas);
+ return null;
+ }
+ });
}
- static RunAsIdentity popRunAsIdentity()
+ static org.jboss.security.RunAs popRunAsIdentity()
{
- if(System.getSecurityManager() == null)
+ return AccessController.doPrivileged(
+ new PrivilegedAction<org.jboss.security.RunAs>()
{
- return RunAsIdentityActions.NON_PRIVILEGED.pop();
- }
- else
- {
- return RunAsIdentityActions.PRIVILEGED.pop();
- }
+ public org.jboss.security.RunAs run()
+ {
+ SecurityContext sc = getSecurityContext();
+ if(sc == null)
+ throw new RuntimeException("No Security Context");
+
+ return sc.getIncomingRunAs();
+ }
+ });
}
static Exception getContextException()
{
- if(System.getSecurityManager() == null)
+ return AccessController.doPrivileged(
+ new PrivilegedAction<Exception>()
{
- return ContextInfoActions.NON_PRIVILEGED.getContextException();
- }
- else
- {
- return ContextInfoActions.PRIVILEGED.getContextException();
- }
+ public Exception run()
+ {
+ return (Exception) getSecurityContext().getData().get("CONTEXTEXCEPTION");
+ }
+ });
}
static Subject getContextSubject()
@@ -487,12 +267,7 @@
return PolicyContextActions.PRIVILEGED.getContextSubject();
}
}
-
-
-
-
-
interface TCLAction
{
class UTIL
@@ -685,6 +460,5 @@
SecurityContext sc = SecurityContextFactory.createSecurityContext(p,
cred, subject, domain);
SecurityActions.setSecurityContext(sc);
- }
-
-}
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list