[jboss-cvs] JBossAS SVN: r88886 - in branches/Branch_5_x/security/src: main/org/jboss/security/integration and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 14 14:21:07 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-05-14 14:21:07 -0400 (Thu, 14 May 2009)
New Revision: 88886
Modified:
branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java
branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Log:
JBAS-6747: JaasSecurityManagerService and JNDIBasedSecurityManagement callback handler reflected properly in the authentication manager
Modified: branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
===================================================================
--- branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml 2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml 2009-05-14 18:21:07 UTC (rev 88886)
@@ -53,14 +53,14 @@
<property name="defaultLoginConfig"><inject bean="XMLLoginConfig"/></property>
</bean>
+ <!-- JNDI Based Security Management -->
+ <bean name="JNDIBasedSecurityManagement"
+ class="org.jboss.security.integration.JNDIBasedSecurityManagement"/>
+
<!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
<bean name="JBossSecurityJNDIContextEstablishment"
class="org.jboss.security.integration.JNDIContextEstablishment"/>
- <!-- JNDI Based Security Management -->
- <bean name="JNDIBasedSecurityManagement"
- class="org.jboss.security.integration.JNDIBasedSecurityManagement"/>
-
<!-- Instance of JBoss Security Subject Factory -->
<bean name="JBossSecuritySubjectFactory"
class="org.jboss.security.integration.JBossSecuritySubjectFactory">
Modified: branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-05-14 18:21:07 UTC (rev 88886)
@@ -29,6 +29,8 @@
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
import org.jboss.logging.Logger;
import org.jboss.managed.api.annotation.ManagementComponent;
@@ -43,6 +45,7 @@
import org.jboss.security.ISecurityManagement;
import org.jboss.security.SecurityConstants;
import org.jboss.security.audit.AuditManager;
+import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager;
@@ -64,6 +67,8 @@
{
private static final long serialVersionUID = 1L;
+ public static final String CBH = "org.jboss.security.callbackhandler";
+
protected static Logger log = Logger.getLogger(JNDIBasedSecurityManagement.class);
static transient ConcurrentHashMap<String,SecurityDomainContext> securityMgrMap = new ConcurrentHashMap<String,SecurityDomainContext>();
@@ -400,6 +405,19 @@
securityMgrMap.remove(securityDomain);
}
+ /**
+ * Clear all the maps
+ */
+ public static void clear()
+ {
+ RuntimePermission rtp = new RuntimePermission(JNDIBasedSecurityManagement.class.getName());
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(rtp);
+
+ securityMgrMap.clear();
+ }
+
// Private Methods
private Object lookUpJNDI(String ctxName)
@@ -532,6 +550,34 @@
if(idmMgrMap == null)
idmMgrMap = new ConcurrentHashMap<String,IdentityTrustManager>();
+ //Look for a system property for a VM wide Callback Handler
+ String cbh = SecurityActions.getSystemProperty(CBH, null);
+ if(cbh != null)
+ {
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ Class<?> clazz = tcl.loadClass(cbh);
+ callBackHandler = (CallbackHandler) clazz.newInstance();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException("Error initializing JNDIBasedSecurityManagement:",e);
+ }
+ }
+ else
+ {
+ try
+ {
+ CallbackHandler cbhandler =
+ (CallbackHandler) PolicyContext.getContext(CallbackHandlerPolicyContextHandler.CALLBACK_HANDLER_KEY);
+ if(cbhandler instanceof JBossCallbackHandler == false)
+ callBackHandler = cbhandler;
+ }
+ catch (PolicyContextException ignore)
+ {
+ }
+ }
if(callBackHandler == null)
callBackHandler = new JBossCallbackHandler();
}
Modified: branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java 2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java 2009-05-14 18:21:07 UTC (rev 88886)
@@ -92,4 +92,15 @@
}
});
}
+
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
}
\ No newline at end of file
Modified: branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-05-14 18:21:07 UTC (rev 88886)
@@ -26,7 +26,9 @@
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
+import java.security.AccessController;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
@@ -59,6 +61,7 @@
import org.jboss.security.SecurityDomain;
import org.jboss.security.SecurityProxyFactory;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
+import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.integration.JNDIBasedSecurityManagement;
import org.jboss.security.integration.SecurityConstantsBridge;
@@ -82,6 +85,7 @@
* @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
* @author <a href="rickard at telkel.com">Rickard Oberg</a>
* @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @version $Revision$
*/
public class JaasSecurityManagerService
@@ -471,12 +475,25 @@
SecurityProxyFactory proxyFactory = (SecurityProxyFactory) securityProxyFactoryClass.newInstance();
ctx.bind("java:/SecurityProxyFactory", proxyFactory);
log.debug("SecurityProxyFactory="+proxyFactory);
+
+ //Handler custom callbackhandler
+ if(callbackHandlerClass != JBossCallbackHandler.class)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty(JNDIBasedSecurityManagement.CBH, callbackHandlerClassName);
+ return null;
+ }
+ });
+ }
// Register the Principal property editor
PropertyEditorManager.registerEditor(Principal.class, PrincipalEditor.class);
PropertyEditorManager.registerEditor(SecurityDomain.class, SecurityDomainEditor.class);
log.debug("Registered PrincipalEditor, SecurityDomainEditor");
-
+
log.debug("ServerMode="+this.serverMode);
log.debug("SecurityMgrClass="+JaasSecurityManagerService.securityMgrClass);
log.debug("CallbackHandlerClass="+JaasSecurityManagerService.callbackHandlerClass);
More information about the jboss-cvs-commits
mailing list