[jboss-cvs] JBossAS SVN: r73557 - in trunk/connector/src/main/org/jboss/resource: deployers/builder and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed May 21 11:57:13 EDT 2008 

Author: anil.saldhana at jboss.com
Date: 2008-05-21 11:57:12 -0400 (Wed, 21 May 2008)
New Revision: 73557

Modified:
   trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java
   trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java
   trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java
Log:
JBAS-5067: enhance JCA Security in ConnectionManagers with injection of SubjectFactory

Modified: trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java
===================================================================
--- trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java	2008-05-21 15:55:31 UTC (rev 73556)
+++ trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java	2008-05-21 15:57:12 UTC (rev 73557)
@@ -23,9 +23,6 @@
 
 import java.io.PrintWriter;
 import java.io.Serializable;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.AccessController;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -38,9 +35,7 @@
 import javax.management.MBeanNotificationInfo;
 import javax.management.MBeanServer;
 import javax.management.Notification;
-import javax.management.NotificationFilter;
 import javax.management.ObjectName;
-import javax.naming.InitialContext;
 import javax.resource.ResourceException;
 import javax.resource.spi.ConnectionEvent;
 import javax.resource.spi.ConnectionManager;
@@ -53,14 +48,13 @@
 import javax.transaction.Transaction;
 import javax.transaction.TransactionManager;
 
-import org.jboss.deployment.DeploymentException;
+import org.jboss.deployers.spi.DeploymentException;
 import org.jboss.logging.Logger;
 import org.jboss.logging.util.LoggerPluginWriter;
 import org.jboss.mx.util.JMXExceptionDecoder;
 import org.jboss.mx.util.MBeanServerLocator;
 import org.jboss.resource.JBossResourceException;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.SubjectFactory;
 import org.jboss.system.ServiceMBeanSupport;
 import org.jboss.tm.TransactionTimeoutConfiguration;
 import org.jboss.util.NestedRuntimeException;
@@ -80,9 +74,11 @@
  * @author <a href="mailto:E.Guib at ceyoniq.com">Erwin Guib</a>
  * @author <a href="mailto:adrian at jboss.org">Adrian Brock</a>
  * @author <a href="weston.price at jboss.com">Weston Price</a>
+ * @author Anil.Saldhana at redhat.com
  * 
  * @version $Revision$
  */
+ at SuppressWarnings("unchecked")
 public abstract class BaseConnectionManager2 extends ServiceMBeanSupport
       implements
          BaseConnectionManager2MBean,
@@ -106,9 +102,9 @@
    protected String jndiName;
 
    protected String securityDomainJndiName;
-
-   protected SubjectSecurityManager securityDomain;
-
+   
+   protected SubjectFactory subjectFactory;
+   
    protected ObjectName jaasSecurityManagerService;
 
    protected ObjectName ccmName;
@@ -202,14 +198,30 @@
    {
       return securityDomainJndiName;
    }
+ 
+   public SubjectFactory getSubjectFactory()
+   {
+      return subjectFactory;
+   }
 
+   public void setSubjectFactory(SubjectFactory subjectFactory)
+   {
+      this.subjectFactory = subjectFactory;
+   }
+
+   /**
+    * @deprecated
+    */
    public ObjectName getJaasSecurityManagerService()
    {
-      return jaasSecurityManagerService;
+      return this.jaasSecurityManagerService; 
    }
 
+   /**
+    * @deprecated  Maintained for legacy
+    */
    public void setJaasSecurityManagerService(final ObjectName jaasSecurityManagerService)
-   {
+   {   
       this.jaasSecurityManagerService = jaasSecurityManagerService;
    }
 
@@ -254,13 +266,6 @@
       if (ccm == null)
          throw new DeploymentException("cached ConnectionManager not found: " + ccmName);
 
-      if (securityDomainJndiName != null && jaasSecurityManagerService == null)
-         throw new DeploymentException("You must supply both securityDomainJndiName and jaasSecurityManagerService to use container managed security");
-
-      if (securityDomainJndiName != null)
-         securityDomain = (SubjectSecurityManager) new InitialContext().lookup(SECURITY_MGR_PATH
-               + securityDomainJndiName);
-
       if (managedConnectionPoolName == null)
          throw new DeploymentException("managedConnectionPool not set!");
       try
@@ -308,13 +313,14 @@
    {
       //notify the login modules the mcf is going away, they need to look it up again later.
       sendNotification(new Notification(STOPPING_NOTIFICATION, getServiceName(), getNextNotificationSequenceNumber()));
-      if (jaasSecurityManagerService != null && securityDomainJndiName != null)
+      /*
+       * if (jaasSecurityManagerService != null && securityDomainJndiName != null)
          server.invoke(jaasSecurityManagerService, "flushAuthenticationCache", new Object[] { securityDomainJndiName }, new String[] { String.class.getName() });
-
+       */
       poolingStrategy.setConnectionListenerFactory(null);
 
       poolingStrategy = null;
-      securityDomain = null;
+      subjectFactory = null;
       ccm = null;
    }
 
@@ -581,19 +587,10 @@
    private Subject getSubject()
    {
       Subject subject = null;
-      if (securityDomain != null)
+      if(subjectFactory != null && securityDomainJndiName != null)
       {
-         /* Authenticate using the caller info and obtain a copy of the Subject
-          state for use in establishing a secure connection. A copy must be
-          obtained to avoid problems with multiple threads associated with
-          the same principal changing the state of the resulting Subject.
-          */
-         Principal principal = GetPrincipalAction.getPrincipal();
-         Object credential = GetCredentialAction.getCredential();
-         subject = new Subject();
-         if (securityDomain.isValid(principal, credential, subject) == false)
-            throw new SecurityException("Invalid authentication attempt, principal=" + principal);
-      }
+         subject = subjectFactory.createSubject(securityDomainJndiName);
+      } 
       if (trace)
          log.trace("subject: " + subject);
       return subject;
@@ -904,38 +901,4 @@
          return realCm;
       }
    }
-
-   private static class GetPrincipalAction implements PrivilegedAction
-   {
-      static PrivilegedAction ACTION = new GetPrincipalAction();
-
-      public Object run()
-      {
-         Principal principal = SecurityAssociation.getPrincipal();
-         return principal;
-      }
-
-      static Principal getPrincipal()
-      {
-         Principal principal = (Principal) AccessController.doPrivileged(ACTION);
-         return principal;
-      }
-   }
-
-   private static class GetCredentialAction implements PrivilegedAction
-   {
-      static PrivilegedAction ACTION = new GetCredentialAction();
-
-      public Object run()
-      {
-         Object credential = SecurityAssociation.getCredential();
-         return credential;
-      }
-
-      static Object getCredential()
-      {
-         Object credential = AccessController.doPrivileged(ACTION);
-         return credential;
-      }
-   }
-}
+}
\ No newline at end of file

Modified: trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java
===================================================================
--- trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java	2008-05-21 15:55:31 UTC (rev 73556)
+++ trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java	2008-05-21 15:57:12 UTC (rev 73557)
@@ -24,13 +24,15 @@
 import javax.management.ObjectName;
 import javax.resource.spi.ManagedConnectionFactory;
 
-import org.jboss.mx.util.ObjectNameFactory;
+import org.jboss.mx.util.ObjectNameFactory; 
+import org.jboss.security.SubjectFactory; 
 import org.jboss.system.ServiceMBean;
 
 /**
  * MBean interface.
  * 
  * @author <a href="mailto:adrian at jboss.com">Adrian Brock</a>
+ * @author Anil.Saldhana at redhat.com
  * @version $Revision$
  */
 public interface BaseConnectionManager2MBean extends ServiceMBean
@@ -97,6 +99,7 @@
     * Get the JaasSecurityManagerService value.
     * 
     * @return the JaasSecurityManagerService value.
+    * @deprecated
     */
    ObjectName getJaasSecurityManagerService();
 
@@ -104,10 +107,17 @@
     * Set the JaasSecurityManagerService value.
     * 
     * @param jaasSecurityManagerService The new JaasSecurityManagerService value.
+    * @deprecated
     */
-   void setJaasSecurityManagerService(ObjectName jaasSecurityManagerService);
-
+   void setJaasSecurityManagerService(ObjectName jaasSecurityManagerService); 
+   
    /**
+    * Inject SubjectFactory to create Subjects
+    * @param subjectFactory
+    */
+   void setSubjectFactory(SubjectFactory subjectFactory);
+   
+   /**
     * ManagedConnectionFactory is an internal attribute that holds the ManagedConnectionFactory instance managed by this ConnectionManager.
     * 
     * @return value of managedConnectionFactory
@@ -120,4 +130,4 @@
     * @return a <code>BaseConnectionManager2</code> value
     */
    BaseConnectionManager2 getInstance();
-}
+}
\ No newline at end of file

Modified: trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java
===================================================================
--- trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java	2008-05-21 15:55:31 UTC (rev 73556)
+++ trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java	2008-05-21 15:57:12 UTC (rev 73557)
@@ -34,6 +34,7 @@
 import org.jboss.resource.metadata.mcf.ManagedConnectionFactoryTransactionSupportMetaData;
 import org.jboss.system.metadata.ServiceAttributeMetaData;
 import org.jboss.system.metadata.ServiceDependencyMetaData;
+import org.jboss.system.metadata.ServiceInjectionValueMetaData;
 
 /**
  * A ConnectionManagerBuilder.
@@ -47,10 +48,13 @@
    private static final String JAAS_JMX = "jboss.security:service=JaasSecurityManager";
    private static final String TM_JMX = "jboss:service=TransactionManager";
    private static final String POOL_JMX = "jboss.jca:service=ManagedConnectionPool,name=";
+   
+   private static final String SUBJECT_FACTORY_NAME = "JBossSecuritySubjectFactory";
 
    private String ccmJMXName = CCM_JMX;
    private String jaasJMXName = JAAS_JMX;
    private String jaasJndiBeanName = "JBossSecurityJNDIContextEstablishment";
+   private String subjectFactoryName = SUBJECT_FACTORY_NAME;
    private String tmJMXName = TM_JMX;
    private String poolJMXPrefix = POOL_JMX;
 
@@ -81,7 +85,15 @@
    {
       this.jaasJndiBeanName = jaasJndiBeanName;
    }
-
+   
+   public String getSecurityManagementName()
+   {
+      return subjectFactoryName;
+   }
+   public void setSecurityManagementName(String securityManagementName)
+   {
+      this.subjectFactoryName = securityManagementName;
+   }
    public String getTmJMXName()
    {
       return tmJMXName;
@@ -116,6 +128,13 @@
          attribute = buildSimpleAttribute("SecurityDomainJndiName", md.getSecurityMetaData().getDomain());
          attributes.add(attribute);
       }
+      
+      attribute = new ServiceAttributeMetaData();
+      attribute.setName("SubjectFactory");
+      ServiceInjectionValueMetaData injectionValue = new ServiceInjectionValueMetaData(subjectFactoryName);
+      attribute.setValue(injectionValue);      
+      attributes.add(attribute);
+       
 
       attribute = buildDependencyAttribute("CachedConnectionManager", ccmJMXName);      
       attributes.add(attribute);

More information about the jboss-cvs-commits mailing list