[jboss-cvs] JBossAS SVN: r73556 - in trunk/messaging/src: main/org/jboss/jms/server/jbosssx and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed May 21 11:55:31 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-05-21 11:55:31 -0400 (Wed, 21 May 2008)
New Revision: 73556
Modified:
trunk/messaging/src/etc/deploy/common/messaging-service.xml
trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java
trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStoreMBean.java
Log:
JBAS-5538: SecurityMetadataStore should use SecurityManagement
Modified: trunk/messaging/src/etc/deploy/common/messaging-service.xml
===================================================================
--- trunk/messaging/src/etc/deploy/common/messaging-service.xml 2008-05-21 15:52:59 UTC (rev 73555)
+++ trunk/messaging/src/etc/deploy/common/messaging-service.xml 2008-05-21 15:55:31 UTC (rev 73556)
@@ -16,10 +16,9 @@
</security>
</attribute>
- <attribute name="SecurityDomain">java:/jaas/messaging</attribute>
+ <attribute name="SecurityDomain">messaging</attribute>
<attribute name="SuckerPassword">CHANGE ME!!</attribute>
-
<depends>XMLLoginConfig</depends>
</mbean>
Modified: trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java
===================================================================
--- trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java 2008-05-21 15:52:59 UTC (rev 73555)
+++ trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStore.java 2008-05-21 15:55:31 UTC (rev 73556)
@@ -36,9 +36,9 @@
import org.jboss.jms.server.security.SecurityMetadata;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RealmMapping;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.SubjectSecurityManager;
import org.w3c.dom.Element;
/**
@@ -49,10 +49,12 @@
* @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>
* @author <a href="mailto:tim.fox at jboss.com">Tim Fox</a>
* @author <a href="mailto:ovidiu at feodorov.com">Ovidiu Feodorov</a>
+ * @author Anil.Saldhana at redhat.com
* @version $Revision$
*
* $Id$
*/
+ at SuppressWarnings("unchecked")
public class JBossASSecurityMetadataStore implements SecurityStore, JBossASSecurityMetadataStoreMBean
{
// Constants -----------------------------------------------------
@@ -66,15 +68,14 @@
private boolean trace = log.isTraceEnabled();
private Map queueSecurityConf;
- private Map topicSecurityConf;
-
- private AuthenticationManager authenticationManager;
- private RealmMapping realmMapping;
+ private Map topicSecurityConf;
private Element defaultSecurityConfig;
- private String securityDomain = "java:/jaas/messaging";
+ private String securityDomain = "messaging";
- private String suckerPassword;
+ private String suckerPassword;
+
+ private ISecurityManagement securityManagement = null;
// Static --------------------------------------------------------
@@ -187,7 +188,22 @@
}
else
{
- authenticated = authenticationManager.isValid(principal, passwordChars, subject);
+ if(securityManagement == null)
+ {
+ try
+ {
+ lookupSecurityManagement();;
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ AuthenticationManager authenticationManager =
+ securityManagement.getAuthenticationManager(securityDomain);
+ if(authenticationManager == null)
+ throw new SecurityException("AuthenticationManager is null for domain=" + securityDomain);
+ authenticated = authenticationManager.isValid(principal, passwordChars, subject);
}
if (authenticated)
@@ -195,7 +211,7 @@
// Warning! This "taints" thread local. Make sure you pop it off the stack as soon as
// you're done with it.
SecurityActions.pushSubjectContext(principal, passwordChars, subject,
- authenticationManager.getSecurityDomain());
+ securityDomain);
return subject;
}
else
@@ -216,8 +232,22 @@
}
Principal principal = user == null ? null : new SimplePrincipal(user);
-
- boolean hasRole = realmMapping.doesUserHaveRole(principal, rolePrincipals);
+ if(securityManagement == null)
+ {
+ try
+ {
+ lookupSecurityManagement();;
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ AuthorizationManager authorizationManager =
+ securityManagement.getAuthorizationManager(securityDomain);
+ if(authorizationManager == null)
+ throw new SecurityException("AuthorizationManager is null for domain=" + securityDomain);
+ boolean hasRole = authorizationManager.doesUserHaveRole(principal, rolePrincipals);
if (trace) { log.trace("user " + user + (hasRole ? " is " : " is NOT ") + "authorized"); }
@@ -231,45 +261,18 @@
checkDefaultSuckerPassword(password);
this.suckerPassword = password;
- }
+ }
- public void start() throws NamingException
+ /**
+ * @see JBossASSecurityMetadataStoreMBean#setSecurityManagement(ISecurityManagement)
+ */
+ public void setSecurityManagement(ISecurityManagement securityManagement)
{
- if (trace) { log.trace("initializing SecurityMetadataStore"); }
+ this.securityManagement = securityManagement;
+ }
- // Get the JBoss security manager from JNDI
- InitialContext ic = new InitialContext();
-
- try
- {
- Object mgr = ic.lookup(securityDomain);
-
- log.debug("JaasSecurityManager is " + mgr);
-
- authenticationManager = (AuthenticationManager)mgr;
- realmMapping = (RealmMapping)mgr;
-
- log.trace("SecurityMetadataStore initialized");
- }
- catch (NamingException e)
- {
- // Apparently there is no security context, try adding java:/jaas
- log.warn("Failed to lookup securityDomain " + securityDomain, e);
-
- if (!securityDomain.startsWith("java:/jaas/"))
- {
- authenticationManager =
- (SubjectSecurityManager)ic.lookup("java:/jaas/" + securityDomain);
- }
- else
- {
- throw e;
- }
- }
- finally
- {
- ic.close();
- }
+ public void start() throws NamingException
+ {
}
public void stop() throws Exception
@@ -284,7 +287,7 @@
public void setSecurityDomain(String securityDomain)
{
this.securityDomain = securityDomain;
- }
+ }
public Element getDefaultSecurityConfig()
{
@@ -314,7 +317,18 @@
"Please see the JBoss Messaging user guide for instructions on how to do this.");
}
}
-
+
+ /**
+ * TODO: This method needs to go when ISecurityManagement is injected
+ * by the Microcontainer. (When this exists in messaging-beans.xml
+ * rather than messaging-service.xml)
+ * @throws NamingException
+ */
+ private void lookupSecurityManagement() throws NamingException
+ {
+ InitialContext ic = new InitialContext();
+ this.securityManagement = (ISecurityManagement) ic.lookup("java:/securityManagement");
+ }
+
// Inner class ---------------------------------------------------
-
-}
+}
\ No newline at end of file
Modified: trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStoreMBean.java
===================================================================
--- trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStoreMBean.java 2008-05-21 15:52:59 UTC (rev 73555)
+++ trunk/messaging/src/main/org/jboss/jms/server/jbosssx/JBossASSecurityMetadataStoreMBean.java 2008-05-21 15:55:31 UTC (rev 73556)
@@ -29,6 +29,7 @@
import org.jboss.jms.server.security.CheckType;
import org.jboss.jms.server.security.SecurityMetadata;
+import org.jboss.security.ISecurityManagement;
import org.w3c.dom.Element;
/**
@@ -51,8 +52,16 @@
* @return the security meta-data for the given destination.
*/
SecurityMetadata getSecurityMetadata(boolean isQueue, String destName);
+
+ /**
+ * Inject a SecurityManagement instance
+ * (Locator for Security Managers for authentication
+ * and authorization)
+ * @param securityManagement
+ */
+ void setSecurityManagement(ISecurityManagement securityManagement);
- void setSecurityConfig(boolean isQueue, String destName, Element conf) throws Exception;
+ void setSecurityConfig(boolean isQueue, String destName, Element conf) throws Exception;
void clearSecurityConfig(boolean isQueue, String name) throws Exception;
More information about the jboss-cvs-commits
mailing list