[jboss-cvs] JBossAS SVN: r80840 - in trunk/tomcat/src/main/org/jboss/web/tomcat: service/deployers and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Nov 12 00:53:47 EST 2008 

Author: anil.saldhana at jboss.com
Date: 2008-11-12 00:53:47 -0500 (Wed, 12 Nov 2008)
New Revision: 80840

Added:
   trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/SecurityActions.java
Modified:
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
   trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
   trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatService.java
Log:
JBAS-5988: privileged blocks

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2008-11-12 05:42:35 UTC (rev 80839)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java	2008-11-12 05:53:47 UTC (rev 80840)
@@ -593,8 +593,10 @@
             callerSubject = SecurityAssociationActions.getSubjectFromRequestPrincipal(principal);
          }
 
-         authzDecision = helper.hasRole(roleName, principal, servletName, getPrincipalRoles(principal), PolicyContext
-               .getContextID(), callerSubject);
+         String contextID = PolicyContext.getContextID();
+         
+         authzDecision = SecurityAssociationActions.hasRole(helper, roleName, principal, servletName, 
+                            getPrincipalRoles(principal), contextID, callerSubject);
       }
       boolean finalDecision = baseDecision && authzDecision;
       if (trace)

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java	2008-11-12 05:42:35 UTC (rev 80839)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java	2008-11-12 05:53:47 UTC (rev 80840)
@@ -21,19 +21,21 @@
 */
 package org.jboss.web.tomcat.security;
 
+import java.security.AccessController;
+import java.security.Principal;
 import java.security.PrivilegedAction;
-import java.security.Principal;
-import java.security.AccessController; 
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Set;
 
 import javax.security.auth.Subject;
- 
+
 import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity; 
-import org.jboss.security.SecurityContext; 
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
 import org.jboss.security.SecurityContextFactory;
-import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.javaee.AbstractWebAuthorizationHelper;
 
 /** A PrivilegedAction implementation for setting the SecurityAssociation
  * principal and credential
@@ -332,4 +334,20 @@
          }
       });
    }
+   
+   static boolean hasRole(final AbstractWebAuthorizationHelper helper,
+         final String roleName,
+         final Principal principal, final String servletName, 
+         final Set<Principal> principalRoles,
+         final String contextID, final Subject callerSubject)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<Boolean>()
+      {
+         public Boolean run()
+         {
+            return helper.hasRole(roleName, principal, servletName, principalRoles, contextID, 
+                  callerSubject);
+         }
+      });
+   }
 }
\ No newline at end of file

Added: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/SecurityActions.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/SecurityActions.java	                        (rev 0)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/SecurityActions.java	2008-11-12 05:53:47 UTC (rev 80840)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.web.tomcat.service.deployers;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 7, 2008
+ */
+class SecurityActions
+{
+   static String getSystemProperty(final String key, final String defaultValue)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<String>()
+      {
+         public String run()
+         {
+            return System.getProperty(key, defaultValue); 
+         }
+      });
+   }
+   
+   static void setSystemProperty(final String key, final String value)
+   {
+      AccessController.doPrivileged(new PrivilegedAction<Object>()
+      {
+         public Object run()
+         {
+            System.setProperty(key, value);
+            return null;
+         }
+      });
+   }
+
+}

Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatService.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatService.java	2008-11-12 05:42:35 UTC (rev 80839)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatService.java	2008-11-12 05:53:47 UTC (rev 80840)
@@ -119,7 +119,8 @@
 
       log.debug("Starting tomcat deployer");
       MBeanServer server = super.getServer();
-      System.setProperty("catalina.ext.dirs", (System.getProperty("jboss.server.home.dir") + File.separator + "lib"));
+      SecurityActions.setSystemProperty("catalina.ext.dirs", 
+            (SecurityActions.getSystemProperty("jboss.server.home.dir", null) + File.separator + "lib"));
 
       String objectNameS = tomcatDeployer.getDomain() + ":type=server";
       ObjectName objectName = new ObjectName(objectNameS);

More information about the jboss-cvs-commits mailing list