[jboss-cvs] JBossAS SVN: r88886 - in branches/Branch_5_x/security/src: main/org/jboss/security/integration and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu May 14 14:21:07 EDT 2009


Author: anil.saldhana at jboss.com
Date: 2009-05-14 14:21:07 -0400 (Thu, 14 May 2009)
New Revision: 88886

Modified:
   branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
   branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
   branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java
   branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Log:
JBAS-6747: JaasSecurityManagerService and JNDIBasedSecurityManagement callback handler reflected properly in the authentication manager

Modified: branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
===================================================================
--- branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml	2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml	2009-05-14 18:21:07 UTC (rev 88886)
@@ -53,14 +53,14 @@
       <property name="defaultLoginConfig"><inject bean="XMLLoginConfig"/></property>
    </bean>
  
+   <!-- JNDI Based Security Management -->
+   <bean name="JNDIBasedSecurityManagement"
+      class="org.jboss.security.integration.JNDIBasedSecurityManagement"/> 
+
    <!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
    <bean name="JBossSecurityJNDIContextEstablishment"
       class="org.jboss.security.integration.JNDIContextEstablishment"/> 
 
-   <!-- JNDI Based Security Management -->
-   <bean name="JNDIBasedSecurityManagement"
-      class="org.jboss.security.integration.JNDIBasedSecurityManagement"/> 
-
    <!-- Instance of JBoss Security Subject Factory -->
    <bean name="JBossSecuritySubjectFactory"
          class="org.jboss.security.integration.JBossSecuritySubjectFactory">

Modified: branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java	2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java	2009-05-14 18:21:07 UTC (rev 88886)
@@ -29,6 +29,8 @@
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
 
 import org.jboss.logging.Logger;
 import org.jboss.managed.api.annotation.ManagementComponent;
@@ -43,6 +45,7 @@
 import org.jboss.security.ISecurityManagement;
 import org.jboss.security.SecurityConstants;
 import org.jboss.security.audit.AuditManager;
+import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
 import org.jboss.security.auth.callback.JBossCallbackHandler;
 import org.jboss.security.config.SecurityConfiguration;
 import org.jboss.security.identitytrust.IdentityTrustManager;
@@ -64,6 +67,8 @@
 { 
    private static final long serialVersionUID = 1L;
 
+   public static final String CBH = "org.jboss.security.callbackhandler";
+   
    protected static Logger log = Logger.getLogger(JNDIBasedSecurityManagement.class);
    
    static transient ConcurrentHashMap<String,SecurityDomainContext> securityMgrMap = new ConcurrentHashMap<String,SecurityDomainContext>();
@@ -400,6 +405,19 @@
       securityMgrMap.remove(securityDomain); 
    }  
    
+   /**
+    * Clear all the maps
+    */
+   public static void clear()
+   {
+      RuntimePermission rtp = new RuntimePermission(JNDIBasedSecurityManagement.class.getName());
+      SecurityManager sm = System.getSecurityManager();
+      if(sm != null)
+         sm.checkPermission(rtp);
+      
+      securityMgrMap.clear();
+   }
+   
    // Private Methods
  
    private Object lookUpJNDI(String ctxName) 
@@ -532,6 +550,34 @@
       if(idmMgrMap == null)
          idmMgrMap = new ConcurrentHashMap<String,IdentityTrustManager>();
       
+      //Look for a system property for a VM wide Callback Handler
+      String cbh = SecurityActions.getSystemProperty(CBH, null);
+      if(cbh != null)
+      {
+         try
+         { 
+            ClassLoader tcl = SecurityActions.getContextClassLoader();
+            Class<?> clazz = tcl.loadClass(cbh);
+            callBackHandler = (CallbackHandler) clazz.newInstance();
+         }
+         catch(Exception e)
+         {
+            throw new RuntimeException("Error initializing JNDIBasedSecurityManagement:",e);
+         }
+      }
+      else
+      {
+         try
+         {
+            CallbackHandler cbhandler = 
+               (CallbackHandler) PolicyContext.getContext(CallbackHandlerPolicyContextHandler.CALLBACK_HANDLER_KEY);
+            if(cbhandler instanceof JBossCallbackHandler == false)
+               callBackHandler = cbhandler;
+         }
+         catch (PolicyContextException ignore)
+         {
+         }
+      }
       if(callBackHandler == null)
          callBackHandler = new JBossCallbackHandler();
    }

Modified: branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java	2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/integration/SecurityActions.java	2009-05-14 18:21:07 UTC (rev 88886)
@@ -92,4 +92,15 @@
          }
       });
    }
+   
+   static String getSystemProperty(final String key, final String defaultValue)
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<String>()
+      {
+         public String run()
+         { 
+            return System.getProperty(key, defaultValue); 
+         }
+      });
+   }
 }
\ No newline at end of file

Modified: branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java	2009-05-14 17:13:22 UTC (rev 88885)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java	2009-05-14 18:21:07 UTC (rev 88886)
@@ -26,7 +26,9 @@
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
+import java.security.AccessController;
 import java.security.Principal;
+import java.security.PrivilegedAction;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Iterator;
@@ -59,6 +61,7 @@
 import org.jboss.security.SecurityDomain;
 import org.jboss.security.SecurityProxyFactory;
 import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
+import org.jboss.security.auth.callback.JBossCallbackHandler;
 import org.jboss.security.config.SecurityConfiguration;
 import org.jboss.security.integration.JNDIBasedSecurityManagement;
 import org.jboss.security.integration.SecurityConstantsBridge;
@@ -82,6 +85,7 @@
  * @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
  * @author <a href="rickard at telkel.com">Rickard Oberg</a>
  * @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
  * @version $Revision$
  */
 public class JaasSecurityManagerService
@@ -471,12 +475,25 @@
       SecurityProxyFactory proxyFactory = (SecurityProxyFactory) securityProxyFactoryClass.newInstance();
       ctx.bind("java:/SecurityProxyFactory", proxyFactory);
       log.debug("SecurityProxyFactory="+proxyFactory);
+      
+      //Handler custom callbackhandler
+      if(callbackHandlerClass != JBossCallbackHandler.class)
+      {
+         AccessController.doPrivileged(new PrivilegedAction<Object>()
+         {
+            public Object run()
+            {
+               System.setProperty(JNDIBasedSecurityManagement.CBH, callbackHandlerClassName);
+               return null;
+            }
+         });
+      }
 
       // Register the Principal property editor
       PropertyEditorManager.registerEditor(Principal.class, PrincipalEditor.class);
       PropertyEditorManager.registerEditor(SecurityDomain.class, SecurityDomainEditor.class);
       log.debug("Registered PrincipalEditor, SecurityDomainEditor");
-
+      
       log.debug("ServerMode="+this.serverMode);
       log.debug("SecurityMgrClass="+JaasSecurityManagerService.securityMgrClass);
       log.debug("CallbackHandlerClass="+JaasSecurityManagerService.callbackHandlerClass);




More information about the jboss-cvs-commits mailing list