[jboss-cvs] JBossAS SVN: r73557 - in trunk/connector/src/main/org/jboss/resource: deployers/builder and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed May 21 11:57:13 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-05-21 11:57:12 -0400 (Wed, 21 May 2008)
New Revision: 73557
Modified:
trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java
trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java
trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java
Log:
JBAS-5067: enhance JCA Security in ConnectionManagers with injection of SubjectFactory
Modified: trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java
===================================================================
--- trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java 2008-05-21 15:55:31 UTC (rev 73556)
+++ trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java 2008-05-21 15:57:12 UTC (rev 73557)
@@ -23,9 +23,6 @@
import java.io.PrintWriter;
import java.io.Serializable;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.AccessController;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
@@ -38,9 +35,7 @@
import javax.management.MBeanNotificationInfo;
import javax.management.MBeanServer;
import javax.management.Notification;
-import javax.management.NotificationFilter;
import javax.management.ObjectName;
-import javax.naming.InitialContext;
import javax.resource.ResourceException;
import javax.resource.spi.ConnectionEvent;
import javax.resource.spi.ConnectionManager;
@@ -53,14 +48,13 @@
import javax.transaction.Transaction;
import javax.transaction.TransactionManager;
-import org.jboss.deployment.DeploymentException;
+import org.jboss.deployers.spi.DeploymentException;
import org.jboss.logging.Logger;
import org.jboss.logging.util.LoggerPluginWriter;
import org.jboss.mx.util.JMXExceptionDecoder;
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.resource.JBossResourceException;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.SubjectFactory;
import org.jboss.system.ServiceMBeanSupport;
import org.jboss.tm.TransactionTimeoutConfiguration;
import org.jboss.util.NestedRuntimeException;
@@ -80,9 +74,11 @@
* @author <a href="mailto:E.Guib at ceyoniq.com">Erwin Guib</a>
* @author <a href="mailto:adrian at jboss.org">Adrian Brock</a>
* @author <a href="weston.price at jboss.com">Weston Price</a>
+ * @author Anil.Saldhana at redhat.com
*
* @version $Revision$
*/
+ at SuppressWarnings("unchecked")
public abstract class BaseConnectionManager2 extends ServiceMBeanSupport
implements
BaseConnectionManager2MBean,
@@ -106,9 +102,9 @@
protected String jndiName;
protected String securityDomainJndiName;
-
- protected SubjectSecurityManager securityDomain;
-
+
+ protected SubjectFactory subjectFactory;
+
protected ObjectName jaasSecurityManagerService;
protected ObjectName ccmName;
@@ -202,14 +198,30 @@
{
return securityDomainJndiName;
}
+
+ public SubjectFactory getSubjectFactory()
+ {
+ return subjectFactory;
+ }
+ public void setSubjectFactory(SubjectFactory subjectFactory)
+ {
+ this.subjectFactory = subjectFactory;
+ }
+
+ /**
+ * @deprecated
+ */
public ObjectName getJaasSecurityManagerService()
{
- return jaasSecurityManagerService;
+ return this.jaasSecurityManagerService;
}
+ /**
+ * @deprecated Maintained for legacy
+ */
public void setJaasSecurityManagerService(final ObjectName jaasSecurityManagerService)
- {
+ {
this.jaasSecurityManagerService = jaasSecurityManagerService;
}
@@ -254,13 +266,6 @@
if (ccm == null)
throw new DeploymentException("cached ConnectionManager not found: " + ccmName);
- if (securityDomainJndiName != null && jaasSecurityManagerService == null)
- throw new DeploymentException("You must supply both securityDomainJndiName and jaasSecurityManagerService to use container managed security");
-
- if (securityDomainJndiName != null)
- securityDomain = (SubjectSecurityManager) new InitialContext().lookup(SECURITY_MGR_PATH
- + securityDomainJndiName);
-
if (managedConnectionPoolName == null)
throw new DeploymentException("managedConnectionPool not set!");
try
@@ -308,13 +313,14 @@
{
//notify the login modules the mcf is going away, they need to look it up again later.
sendNotification(new Notification(STOPPING_NOTIFICATION, getServiceName(), getNextNotificationSequenceNumber()));
- if (jaasSecurityManagerService != null && securityDomainJndiName != null)
+ /*
+ * if (jaasSecurityManagerService != null && securityDomainJndiName != null)
server.invoke(jaasSecurityManagerService, "flushAuthenticationCache", new Object[] { securityDomainJndiName }, new String[] { String.class.getName() });
-
+ */
poolingStrategy.setConnectionListenerFactory(null);
poolingStrategy = null;
- securityDomain = null;
+ subjectFactory = null;
ccm = null;
}
@@ -581,19 +587,10 @@
private Subject getSubject()
{
Subject subject = null;
- if (securityDomain != null)
+ if(subjectFactory != null && securityDomainJndiName != null)
{
- /* Authenticate using the caller info and obtain a copy of the Subject
- state for use in establishing a secure connection. A copy must be
- obtained to avoid problems with multiple threads associated with
- the same principal changing the state of the resulting Subject.
- */
- Principal principal = GetPrincipalAction.getPrincipal();
- Object credential = GetCredentialAction.getCredential();
- subject = new Subject();
- if (securityDomain.isValid(principal, credential, subject) == false)
- throw new SecurityException("Invalid authentication attempt, principal=" + principal);
- }
+ subject = subjectFactory.createSubject(securityDomainJndiName);
+ }
if (trace)
log.trace("subject: " + subject);
return subject;
@@ -904,38 +901,4 @@
return realCm;
}
}
-
- private static class GetPrincipalAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetPrincipalAction();
-
- public Object run()
- {
- Principal principal = SecurityAssociation.getPrincipal();
- return principal;
- }
-
- static Principal getPrincipal()
- {
- Principal principal = (Principal) AccessController.doPrivileged(ACTION);
- return principal;
- }
- }
-
- private static class GetCredentialAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetCredentialAction();
-
- public Object run()
- {
- Object credential = SecurityAssociation.getCredential();
- return credential;
- }
-
- static Object getCredential()
- {
- Object credential = AccessController.doPrivileged(ACTION);
- return credential;
- }
- }
-}
+}
\ No newline at end of file
Modified: trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java
===================================================================
--- trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java 2008-05-21 15:55:31 UTC (rev 73556)
+++ trunk/connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2MBean.java 2008-05-21 15:57:12 UTC (rev 73557)
@@ -24,13 +24,15 @@
import javax.management.ObjectName;
import javax.resource.spi.ManagedConnectionFactory;
-import org.jboss.mx.util.ObjectNameFactory;
+import org.jboss.mx.util.ObjectNameFactory;
+import org.jboss.security.SubjectFactory;
import org.jboss.system.ServiceMBean;
/**
* MBean interface.
*
* @author <a href="mailto:adrian at jboss.com">Adrian Brock</a>
+ * @author Anil.Saldhana at redhat.com
* @version $Revision$
*/
public interface BaseConnectionManager2MBean extends ServiceMBean
@@ -97,6 +99,7 @@
* Get the JaasSecurityManagerService value.
*
* @return the JaasSecurityManagerService value.
+ * @deprecated
*/
ObjectName getJaasSecurityManagerService();
@@ -104,10 +107,17 @@
* Set the JaasSecurityManagerService value.
*
* @param jaasSecurityManagerService The new JaasSecurityManagerService value.
+ * @deprecated
*/
- void setJaasSecurityManagerService(ObjectName jaasSecurityManagerService);
-
+ void setJaasSecurityManagerService(ObjectName jaasSecurityManagerService);
+
/**
+ * Inject SubjectFactory to create Subjects
+ * @param subjectFactory
+ */
+ void setSubjectFactory(SubjectFactory subjectFactory);
+
+ /**
* ManagedConnectionFactory is an internal attribute that holds the ManagedConnectionFactory instance managed by this ConnectionManager.
*
* @return value of managedConnectionFactory
@@ -120,4 +130,4 @@
* @return a <code>BaseConnectionManager2</code> value
*/
BaseConnectionManager2 getInstance();
-}
+}
\ No newline at end of file
Modified: trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java
===================================================================
--- trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java 2008-05-21 15:55:31 UTC (rev 73556)
+++ trunk/connector/src/main/org/jboss/resource/deployers/builder/ConnectionManagerBuilder.java 2008-05-21 15:57:12 UTC (rev 73557)
@@ -34,6 +34,7 @@
import org.jboss.resource.metadata.mcf.ManagedConnectionFactoryTransactionSupportMetaData;
import org.jboss.system.metadata.ServiceAttributeMetaData;
import org.jboss.system.metadata.ServiceDependencyMetaData;
+import org.jboss.system.metadata.ServiceInjectionValueMetaData;
/**
* A ConnectionManagerBuilder.
@@ -47,10 +48,13 @@
private static final String JAAS_JMX = "jboss.security:service=JaasSecurityManager";
private static final String TM_JMX = "jboss:service=TransactionManager";
private static final String POOL_JMX = "jboss.jca:service=ManagedConnectionPool,name=";
+
+ private static final String SUBJECT_FACTORY_NAME = "JBossSecuritySubjectFactory";
private String ccmJMXName = CCM_JMX;
private String jaasJMXName = JAAS_JMX;
private String jaasJndiBeanName = "JBossSecurityJNDIContextEstablishment";
+ private String subjectFactoryName = SUBJECT_FACTORY_NAME;
private String tmJMXName = TM_JMX;
private String poolJMXPrefix = POOL_JMX;
@@ -81,7 +85,15 @@
{
this.jaasJndiBeanName = jaasJndiBeanName;
}
-
+
+ public String getSecurityManagementName()
+ {
+ return subjectFactoryName;
+ }
+ public void setSecurityManagementName(String securityManagementName)
+ {
+ this.subjectFactoryName = securityManagementName;
+ }
public String getTmJMXName()
{
return tmJMXName;
@@ -116,6 +128,13 @@
attribute = buildSimpleAttribute("SecurityDomainJndiName", md.getSecurityMetaData().getDomain());
attributes.add(attribute);
}
+
+ attribute = new ServiceAttributeMetaData();
+ attribute.setName("SubjectFactory");
+ ServiceInjectionValueMetaData injectionValue = new ServiceInjectionValueMetaData(subjectFactoryName);
+ attribute.setValue(injectionValue);
+ attributes.add(attribute);
+
attribute = buildDependencyAttribute("CachedConnectionManager", ccmJMXName);
attributes.add(attribute);
More information about the jboss-cvs-commits
mailing list