[jboss-cvs] JBossAS SVN: r80748 - trunk/server/src/main/org/jboss/jmx/connector/invoker.

[jboss-cvs-commits at lists.jboss.org]

Author: mmoyses
Date: 2008-11-10 15:43:10 -0500 (Mon, 10 Nov 2008)
New Revision: 80748

Modified:
   trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthenticationInterceptor.java
Log:
JBAS-6181: delayed lookup of security domain so that the security beans have started

Modified: trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthenticationInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthenticationInterceptor.java	2008-11-10 18:15:06 UTC (rev 80747)
+++ trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthenticationInterceptor.java	2008-11-10 20:43:10 UTC (rev 80748)
@@ -22,17 +22,17 @@
 package org.jboss.jmx.connector.invoker;
 
 import java.security.Principal;
+
 import javax.naming.InitialContext;
 import javax.security.auth.Subject;
- 
-import org.jboss.mx.server.Invocation;
+
 import org.jboss.mx.interceptor.AbstractInterceptor;
 import org.jboss.mx.interceptor.Interceptor;
+import org.jboss.mx.server.Invocation;
 import org.jboss.security.SecurityConstants;
 import org.jboss.security.SecurityContext;
-import org.jboss.security.SubjectSecurityManager;  
+import org.jboss.security.SubjectSecurityManager;
 
-
 /** A security interceptor that requires an authorized user for invoke(Invocation)
  * operation calls when the SecurityDomain and SecurityMgr attributes are
  * specified. Access to attributes and the MBeanInfo are not intercepted.
@@ -44,24 +44,17 @@
  * @version $Revision$
  *   
  */
-public final class AuthenticationInterceptor
-   extends AbstractInterceptor
+public final class AuthenticationInterceptor extends AbstractInterceptor
 {
    private SubjectSecurityManager securityMgr;
 
-   public void setSecurityDomain(String securityDomain)
-      throws Exception
+   private String securityDomain;
+
+   private boolean initialized = false;
+
+   public void setSecurityDomain(String securityDomain) throws Exception
    {
-      try
-      {
-         InitialContext ctx = new InitialContext();
-         securityMgr = (SubjectSecurityManager) ctx.lookup(securityDomain);
-      }
-      catch(Exception e)
-      {
-         
-      }
-      
+      this.securityDomain = securityDomain;
    }
 
    /**
@@ -69,15 +62,17 @@
     * @param invocation
     * @return
     * @throws Throwable
-    */ 
+    */
    public Object invoke(Invocation invocation) throws Throwable
    {
       String type = invocation.getType();
       Subject subject = null;
-      if( type == Invocation.OP_INVOKE && securityMgr != null )
+      if (!initialized)
+         initialize();
+      if (type == Invocation.OP_INVOKE && securityMgr != null)
       {
          String opName = invocation.getName();
-         if( opName.equals("invoke") )
+         if (opName.equals("invoke"))
          {
             Object[] args = invocation.getArgs();
             org.jboss.invocation.Invocation inv = (org.jboss.invocation.Invocation) args[0];
@@ -86,20 +81,20 @@
             Object credential = inv.getCredential();
             subject = new Subject();
             boolean isValid = securityMgr.isValid(caller, credential, subject);
-            if( isValid == false )
+            if (isValid == false)
             {
-               String msg = "Failed to authenticate principal="+caller
-                  +", securityDomain="+securityMgr.getSecurityDomain();
+               String msg = "Failed to authenticate principal=" + caller + ", securityDomain="
+                     + securityMgr.getSecurityDomain();
                throw new SecurityException(msg);
-            
+
             }
             String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
-            if(securityMgr != null)
+            if (securityMgr != null)
                securityDomain = securityMgr.getSecurityDomain();
             SecurityContext sc = SecurityActions.createSecurityContext(securityDomain);
             SecurityActions.setSecurityContext(sc);
             // Push the caller security context
-            SecurityActions.pushSubjectContext(caller, credential, subject); 
+            SecurityActions.pushSubjectContext(caller, credential, subject);
          }
       }
 
@@ -111,8 +106,25 @@
       finally
       {
          // Don't leak the security context
-         if( subject != null )
+         if (subject != null)
             SecurityActions.popSubjectContext();
       }
-   } 
+   }
+
+   private void initialize()
+   {
+      try
+      {
+         InitialContext ctx = new InitialContext();
+         securityMgr = (SubjectSecurityManager) ctx.lookup(securityDomain);
+      }
+      catch (Exception e)
+      {
+
+      }
+      if (securityMgr == null)
+         log.warn("Unable to locate security domain " + securityDomain
+               + ". The AuthenticationInterceptor will have no effect");
+      initialized = true;
+   }
 }