[jboss-cvs] JBossAS SVN: r80205 - in branches/JBPAPP_4_2_0_GA_CP: security/src/main/org/jboss/security and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Oct 29 13:37:22 EDT 2008


Author: mmoyses
Date: 2008-10-29 13:37:22 -0400 (Wed, 29 Oct 2008)
New Revision: 80205

Modified:
   branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java
   branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
   branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/SecurityAssociation.java
Log:
JBPAPP-1348: fixing SubjectContext memory leak

Modified: branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java	2008-10-29 17:07:31 UTC (rev 80204)
+++ branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java	2008-10-29 17:37:22 UTC (rev 80205)
@@ -85,7 +85,7 @@
          if (authenticationManager == null || callerRunAsIdentity == null)
             SecurityActions.popSubjectContext();
          
-         if (invocation.getMetaData("security", "principal") != null)
+         if (invocation.getMetaData("security", "principal") != null && !SecurityActions.isServer())
          {
             SecurityActions.setPrincipal(null);
             SecurityActions.setCredential(null);

Modified: branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/SecurityActions.java	2008-10-29 17:07:31 UTC (rev 80204)
+++ branches/JBPAPP_4_2_0_GA_CP/aspects/src/main/org/jboss/aspects/security/SecurityActions.java	2008-10-29 17:37:22 UTC (rev 80205)
@@ -485,11 +485,11 @@
       }      
    }
 
-   
-   
-   
-   
-   
+   static boolean isServer()
+   {
+      return SecurityAssociation.isServer();
+   }
+      
    interface TCLAction
    {
       class UTIL

Modified: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/SecurityAssociation.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/SecurityAssociation.java	2008-10-29 17:07:31 UTC (rev 80204)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/SecurityAssociation.java	2008-10-29 17:37:22 UTC (rev 80205)
@@ -58,18 +58,22 @@
 public final class SecurityAssociation
 {
    private static Logger log = Logger.getLogger(SecurityAssociation.class);
+
    /**
     * A flag indicating if trace level logging should be performed
     */
    private static boolean trace;
+
    /**
     * A flag indicating if security information is global or thread local
     */
    private static boolean server;
+
    /**
     * The SecurityAssociation principal used when the server flag is false
     */
    private static Principal principal;
+
    /**
     * The SecurityAssociation credential used when the server flag is false
     */
@@ -79,10 +83,12 @@
     * The SecurityAssociation principal used when the server flag is true
     */
    private static ThreadLocal threadPrincipal;
+
    /**
     * The SecurityAssociation credential used when the server flag is true
     */
    private static ThreadLocal threadCredential;
+
    /**
     * The SecurityAssociation HashMap<String, Object>
     */
@@ -93,10 +99,11 @@
     * run-as identity propagation
     */
    private static RunAsThreadLocalStack threadRunAsStacks;
+
    /**
     * Thread local stacks of authenticated subject used to control the current
     * caller security context
-    */ 
+    */
    private static SubjectThreadLocalStack threadSubjectStacks;
 
    /**
@@ -140,7 +147,7 @@
    {
       String flag = SecurityActions.getProperty("org.jboss.security.SecurityAssociation.ThreadLocal", "false");
       boolean useThreadLocal = Boolean.valueOf(flag).booleanValue();
-      log.debug("Using ThreadLocal: "+useThreadLocal);
+      log.debug("Using ThreadLocal: " + useThreadLocal);
 
       trace = log.isTraceEnabled();
       if (useThreadLocal)
@@ -181,14 +188,13 @@
          sm.checkPermission(getPrincipalInfoPermission);
 
       Principal thePrincipal = principal;
-      
-      
+
       if (server)
          thePrincipal = (Principal) threadPrincipal.get();
-      
-      if( trace )
-         log.trace("getPrincipal, principal="+thePrincipal);
-         
+
+      if (trace)
+         log.trace("getPrincipal, principal=" + thePrincipal);
+
       return thePrincipal;
    }
 
@@ -208,15 +214,15 @@
          sm.checkPermission(getPrincipalInfoPermission);
 
       Principal thePrincipal = peekRunAsIdentity(1);
-      if( thePrincipal == null )
+      if (thePrincipal == null)
       {
          if (server)
             thePrincipal = (Principal) threadPrincipal.get();
          else
             thePrincipal = principal;
       }
-      if( trace )
-         log.trace("getCallerPrincipal, principal="+thePrincipal);
+      if (trace)
+         log.trace("getCallerPrincipal, principal=" + thePrincipal);
       return thePrincipal;
    }
 
@@ -260,10 +266,10 @@
          sm.checkPermission(getSubjectPermission);
 
       SubjectContext sc = threadSubjectStacks.peek();
-      if( trace )
-         log.trace("getSubject, sc="+sc);
+      if (trace)
+         log.trace("getSubject, sc=" + sc);
       Subject subject = null;
-      if( sc != null )
+      if (sc != null)
          subject = sc.getSubject();
       return subject;
    }
@@ -292,21 +298,21 @@
          SecurityAssociation.principal = principal;
       // Integrate with the new SubjectContext 
       SubjectContext sc = threadSubjectStacks.peek();
-      if( sc == null )
+      if (sc == null)
       {
          // There is no active security context
          sc = new SubjectContext();
          threadSubjectStacks.push(sc);
       }
-      else if( (sc.getFlags() & SubjectContext.PRINCIPAL_WAS_SET) != 0 )
+      else if ((sc.getFlags() & SubjectContext.PRINCIPAL_WAS_SET) != 0)
       {
          // The current security context has its principal set
          sc = new SubjectContext();
-         threadSubjectStacks.push(sc);    
+         threadSubjectStacks.push(sc);
       }
       sc.setPrincipal(principal);
       if (trace)
-         log.trace("setPrincipal, sc="+sc);
+         log.trace("setPrincipal, sc=" + sc);
    }
 
    /**
@@ -332,21 +338,21 @@
          SecurityAssociation.credential = credential;
       // Integrate with the new SubjectContext 
       SubjectContext sc = threadSubjectStacks.peek();
-      if( sc == null )
+      if (sc == null)
       {
          // There is no active security context
          sc = new SubjectContext();
          threadSubjectStacks.push(sc);
       }
-      else if( (sc.getFlags() & SubjectContext.CREDENTIAL_WAS_SET) != 0 )
+      else if ((sc.getFlags() & SubjectContext.CREDENTIAL_WAS_SET) != 0)
       {
          // The current security context has its principal set
          sc = new SubjectContext();
-         threadSubjectStacks.push(sc);   
+         threadSubjectStacks.push(sc);
       }
       sc.setCredential(credential);
       if (trace)
-         log.trace("setCredential, sc="+sc);
+         log.trace("setCredential, sc=" + sc);
    }
 
    /**
@@ -367,21 +373,21 @@
          log.trace("setSubject, s=" + subject + ", server=" + server);
       // Integrate with the new SubjectContext 
       SubjectContext sc = threadSubjectStacks.peek();
-      if( sc == null )
+      if (sc == null)
       {
          // There is no active security context
          sc = new SubjectContext();
          threadSubjectStacks.push(sc);
       }
-      else if( (sc.getFlags() & SubjectContext.SUBJECT_WAS_SET) != 0 )
+      else if ((sc.getFlags() & SubjectContext.SUBJECT_WAS_SET) != 0)
       {
          // The current security context has its subject set
          sc = new SubjectContext();
-         threadSubjectStacks.push(sc); 
+         threadSubjectStacks.push(sc);
       }
       sc.setSubject(subject);
       if (trace)
-         log.trace("setSubject, sc="+sc);
+         log.trace("setSubject, sc=" + sc);
    }
 
    /**
@@ -434,7 +440,7 @@
     * @param subject - the authenticated subject
     * @param principal - the principal that was input into the authentication
     * @param credential - the credential that was input into the authentication
-    */ 
+    */
    public static void pushSubjectContext(Subject subject,
       Principal principal, Object credential)
    {
@@ -457,8 +463,9 @@
       SubjectContext sc = new SubjectContext(subject, principal, credential);
       threadSubjectStacks.push(sc);
       if (trace)
-         log.trace("pushSubjectContext, subject=" + subject + ", sc="+sc);
+         log.trace("pushSubjectContext, subject=" + subject + ", sc=" + sc);
    }
+
    /**
     * Push a duplicate of the current SubjectContext if one exists.
     * When run under a security manager this requires the
@@ -473,7 +480,7 @@
 
       SubjectContext sc = threadSubjectStacks.dup();
       if (trace)
-         log.trace("dupSubjectContext, sc="+sc);
+         log.trace("dupSubjectContext, sc=" + sc);
    }
 
    /**
@@ -483,7 +490,7 @@
     * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
     * permission.
     * @return the SubjectContext pushed previously by a pushSubjectContext call
-    */ 
+    */
    public static SubjectContext popSubjectContext()
    {
       SecurityManager sm = System.getSecurityManager();
@@ -493,20 +500,20 @@
       SubjectContext sc = threadSubjectStacks.pop();
       if (trace)
       {
-         log.trace("popSubjectContext, sc="+sc);
+         log.trace("popSubjectContext, sc=" + sc);
       }
-      
+
       Principal principal = null;
       Object credential = null;
-      
+
       SubjectContext top = threadSubjectStacks.peek();
-      
+
       if (top != null)
       {
          principal = top.getPrincipal();
          credential = top.getCredential();
       }
-      
+
       if (server)
       {
          threadPrincipal.set(principal);
@@ -517,10 +524,10 @@
          SecurityAssociation.principal = principal;
          SecurityAssociation.credential = credential;
       }
-      
+
       return sc;
    }
-   
+
    /**
     * Look at the current thread of control's authenticated identity on the top
     * of the stack.
@@ -577,7 +584,7 @@
          sm.checkPermission(setRunAsIdentity);
       if (trace)
          log.trace("pushRunAsIdentity, runAs=" + runAs);
-      
+
       threadRunAsStacks.push(runAs);
    }
 
@@ -638,6 +645,11 @@
 
       server = true;
    }
+   
+   public static boolean isServer()
+   {
+      return server;
+   }
 
    /**
     * A subclass of ThreadLocal that implements a value stack using an ArrayList
@@ -650,12 +662,12 @@
 
       RunAsThreadLocalStack(boolean threadLocal)
       {
-         if( threadLocal == true )
+         if (threadLocal == true)
             local = new ArrayListLocal();
          else
             local = new ArrayListInheritableLocal();
       }
-      
+
       int size()
       {
          ArrayList stack = (ArrayList) local.get();
@@ -691,9 +703,9 @@
          do
          {
             int index = stackSize - 1 - depth;
-            if( index >= 0 )
+            if (index >= 0)
                runAs = (RunAsIdentity) stack.get(index);
-            depth ++;
+            depth++;
          }
          while (runAs == null && depth <= stackSize - 1);
          return runAs;
@@ -702,22 +714,28 @@
 
    /**
     * The encapsulation of the authenticated subject
-    */ 
+    */
    public static class SubjectContext
    {
       public static final int SUBJECT_WAS_SET = 1;
+
       public static final int PRINCIPAL_WAS_SET = 2;
+
       public static final int CREDENTIAL_WAS_SET = 4;
 
       private Subject subject;
+
       private Principal principal;
+
       private Object credential;
+
       private int flags;
 
       public SubjectContext()
       {
          this.flags = 0;
       }
+
       public SubjectContext(Subject s, Principal p, Object cred)
       {
          this.subject = s;
@@ -730,6 +748,7 @@
       {
          return subject;
       }
+
       public void setSubject(Subject subject)
       {
          this.subject = subject;
@@ -740,6 +759,7 @@
       {
          return principal;
       }
+
       public void setPrincipal(Principal principal)
       {
          this.principal = principal;
@@ -750,6 +770,7 @@
       {
          return credential;
       }
+
       public void setCredential(Object credential)
       {
          this.credential = credential;
@@ -767,7 +788,7 @@
          tmp.append("{principal=");
          tmp.append(principal);
          tmp.append(",subject=");
-         if( subject != null )
+         if (subject != null)
             tmp.append(System.identityHashCode(subject));
          else
             tmp.append("null");
@@ -782,12 +803,12 @@
 
       SubjectThreadLocalStack(boolean threadLocal)
       {
-         if( threadLocal == true )
+         if (threadLocal == true)
             local = new ArrayListLocal();
          else
             local = new ArrayListInheritableLocal();
       }
-      
+
       int size()
       {
          ArrayList stack = (ArrayList) local.get();
@@ -837,9 +858,10 @@
             context = (SubjectContext) stack.get(lastIndex);
          return context;
       }
+
       /**
        * Remove all SubjectContext from the current thread stack
-       */ 
+       */
       void clear()
       {
          ArrayList stack = (ArrayList) local.get();
@@ -853,7 +875,7 @@
       {
          return new ArrayList();
       }
-      
+
    }
 
    private static class ArrayListInheritableLocal extends InheritableThreadLocal
@@ -875,7 +897,7 @@
          {
             copy = new ArrayList(list);
          }
-         catch(Throwable t)
+         catch (Throwable t)
          {
             log.debug("Failed to copy parent list, using new list");
             copy = new ArrayList();
@@ -887,8 +909,9 @@
       {
          return new ArrayList();
       }
-      
+
    }
+
    private static class HashMapInheritableLocal extends InheritableThreadLocal
    {
       /**
@@ -908,7 +931,7 @@
          {
             copy = new HashMap(map);
          }
-         catch(Throwable t)
+         catch (Throwable t)
          {
             log.debug("Failed to copy parent map, using new map");
             copy = new HashMap();
@@ -920,6 +943,6 @@
       {
          return new HashMap();
       }
-      
+
    }
 }
\ No newline at end of file




More information about the jboss-cvs-commits mailing list