[jboss-cvs] JBossAS SVN: r88955 - in trunk/security/src/main/org/jboss/security: plugins and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri May 15 16:05:44 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-05-15 16:05:44 -0400 (Fri, 15 May 2009)
New Revision: 88955
Modified:
trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
trunk/security/src/main/org/jboss/security/integration/SecurityActions.java
trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Log:
JBAS-6747: JaasSecurityManagerService callbackhandler setting
Modified: trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-05-15 19:37:35 UTC (rev 88954)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-05-15 20:05:44 UTC (rev 88955)
@@ -64,6 +64,8 @@
{
private static final long serialVersionUID = 1L;
+ public static final String CBH = "org.jboss.security.callbackhandler";
+
protected static Logger log = Logger.getLogger(JNDIBasedSecurityManagement.class);
static transient ConcurrentHashMap<String,SecurityDomainContext> securityMgrMap = new ConcurrentHashMap<String,SecurityDomainContext>();
@@ -80,7 +82,7 @@
protected String mappingMgrClass = "org.jboss.security.plugins.mapping.JBossMappingManager";
- protected transient CallbackHandler callBackHandler = new JBossCallbackHandler();
+ protected static transient CallbackHandler callBackHandler = new JBossCallbackHandler();
/** Enable the IdentityTrust feature */
protected boolean enableIdentity = false;
@@ -99,6 +101,7 @@
public JNDIBasedSecurityManagement()
{
initialize();
+ initializeCallbackHandler();
}
@ManagementOperation(description = "Get the audit manager for the specified security domain",
@@ -253,9 +256,10 @@
this.mappingMgrClass = mappingMgrClass;
}
- public void setCallBackHandler(CallbackHandler callBackHandler)
+ public void setCallBackHandler(CallbackHandler cbh)
{
- this.callBackHandler = callBackHandler;
+ callBackHandler = cbh;
+ securityMgrMap.clear();
}
public void setEnableAudit(boolean enableAudit)
@@ -531,8 +535,26 @@
auditMgrMap = new ConcurrentHashMap<String,AuditManager>();
if(idmMgrMap == null)
idmMgrMap = new ConcurrentHashMap<String,IdentityTrustManager>();
-
- if(callBackHandler == null)
- callBackHandler = new JBossCallbackHandler();
}
+
+ private void initializeCallbackHandler()
+ {
+ //Look for a system property for a VM wide Callback Handler
+ String cbh = SecurityActions.getSystemProperty(CBH, null);
+ if(cbh != null)
+ {
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ Class<?> clazz = tcl.loadClass(cbh);
+ callBackHandler = (CallbackHandler) clazz.newInstance();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException("Error initializing JNDIBasedSecurityManagement:",e);
+ }
+ }
+ if(callBackHandler == null)
+ callBackHandler = new JBossCallbackHandler();
+ }
}
\ No newline at end of file
Modified: trunk/security/src/main/org/jboss/security/integration/SecurityActions.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/SecurityActions.java 2009-05-15 19:37:35 UTC (rev 88954)
+++ trunk/security/src/main/org/jboss/security/integration/SecurityActions.java 2009-05-15 20:05:44 UTC (rev 88955)
@@ -92,4 +92,15 @@
}
});
}
+
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
}
\ No newline at end of file
Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-05-15 19:37:35 UTC (rev 88954)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-05-15 20:05:44 UTC (rev 88955)
@@ -22,11 +22,12 @@
package org.jboss.security.plugins;
import java.beans.PropertyEditorManager;
-import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
+import java.security.AccessController;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
@@ -43,13 +44,11 @@
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
-import javax.naming.OperationNotSupportedException;
import javax.naming.RefAddr;
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.naming.spi.ObjectFactory;
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.jacc.PolicyContext;
import org.jboss.logging.Logger;
@@ -59,6 +58,7 @@
import org.jboss.security.SecurityDomain;
import org.jboss.security.SecurityProxyFactory;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
+import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.integration.JNDIBasedSecurityManagement;
import org.jboss.security.integration.SecurityConstantsBridge;
@@ -82,6 +82,7 @@
* @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
* @author <a href="rickard at telkel.com">Rickard Oberg</a>
* @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @version $Revision$
*/
public class JaasSecurityManagerService
@@ -450,20 +451,9 @@
Context ctx = new InitialContext();
parser = ctx.getNameParser("");
- /* Create a mapping from the java:/jaas context to a SecurityDomainObjectFactory
- so that any lookup against java:/jaas/domain returns an instance of our
- security manager class.
- */
- RefAddr refAddr = new StringRefAddr("nns", "JSM");
- String factoryName = SecurityDomainObjectFactory.class.getName();
+ RefAddr refAddr = new StringRefAddr("nns", "JSMCachePolicy");
+ String factoryName = DefaultCacheObjectFactory.class.getName();
Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
- /*ctx.rebind(SECURITY_MGR_PATH, ref);
- */
- log.debug("securityMgrCtxPath="+SECURITY_MGR_PATH);
-
- refAddr = new StringRefAddr("nns", "JSMCachePolicy");
- factoryName = DefaultCacheObjectFactory.class.getName();
- ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
ctx.rebind(DEFAULT_CACHE_POLICY_PATH, ref);
log.debug("cachePolicyCtxPath="+cacheJndiName);
@@ -471,12 +461,25 @@
SecurityProxyFactory proxyFactory = (SecurityProxyFactory) securityProxyFactoryClass.newInstance();
ctx.bind("java:/SecurityProxyFactory", proxyFactory);
log.debug("SecurityProxyFactory="+proxyFactory);
+
+ //Handler custom callbackhandler
+ if(callbackHandlerClass != JBossCallbackHandler.class)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty(JNDIBasedSecurityManagement.CBH, callbackHandlerClassName);
+ return null;
+ }
+ });
+ }
// Register the Principal property editor
PropertyEditorManager.registerEditor(Principal.class, PrincipalEditor.class);
PropertyEditorManager.registerEditor(SecurityDomain.class, SecurityDomainEditor.class);
log.debug("Registered PrincipalEditor, SecurityDomainEditor");
-
+
log.debug("ServerMode="+this.serverMode);
log.debug("SecurityMgrClass="+JaasSecurityManagerService.securityMgrClass);
log.debug("CallbackHandlerClass="+JaasSecurityManagerService.callbackHandlerClass);
@@ -635,48 +638,6 @@
}
return securityDomainCtx;
}
-
- /** Create a new SecurityDomainContext for securityDomain. This is
- * synchronized to ensure that the creation and setting of the domain
- * cache are atomic.
- * @param securityDomain
- * @return the SecurityDomainContext for securityDomain
- * @throws NamingException
- */
- private synchronized static SecurityDomainContext newSecurityDomainCtx(String securityDomain)
- throws NamingException
- {
- SecurityDomainContext sdc = null;
- try
- {
- // Create instance of securityMgrClass
- Class[] parameterTypes = {String.class, CallbackHandler.class};
- Constructor ctor = securityMgrClass.getConstructor(parameterTypes);
- CallbackHandler handler = (CallbackHandler) callbackHandlerClass.newInstance();
- Object[] args = {securityDomain, handler};
- AuthenticationManager securityMgr = (AuthenticationManager) ctor.newInstance(args);
- log.debug("Created securityMgr="+securityMgr);
- CachePolicy cachePolicy = lookupCachePolicy(securityDomain);
- sdc = new SecurityDomainContext(securityMgr, cachePolicy);
- // See if the security mgr supports an externalized cache policy
- setSecurityDomainCache(securityMgr, cachePolicy);
- if(deepCopySubjectMode)
- setDeepCopySubjectOption(securityMgr, true);
- //Set the Authorization Manager
- //AuthorizationManager am = AuthorizationManagerService.newAuthorizationManager(securityDomain);
- //sdc.setAuthorizationManager(am);
- }
- catch(Exception e2)
- {
- String msg = "Failed to create sec mgr('"+securityDomain+"'), securityMgrClass="
- +securityMgrClass +", callbackHandlerClass="
- +callbackHandlerClass;
- NamingException ne = new NamingException(msg);
- ne.setRootCause(e2);
- throw ne;
- }
- return sdc;
- }
/**
* Get the default unauthenticated principal.
@@ -712,63 +673,10 @@
{
sb.append(jsi.getJCAAlgorithms(serviceName));
}
- return sb.toString();
-
+ return sb.toString();
}
-
- // java:/jaas context ObjectFactory implementation
-
- public static class SecurityDomainObjectFactory
- implements InvocationHandler, ObjectFactory
- {
- /** Object factory implementation. This method returns a Context proxy
- that is only able to handle a lookup operation for an atomic name of
- a security domain.
- */
- public Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable environment)
- throws Exception
- {
- ClassLoader loader = SubjectActions.getContextClassLoader();
- Class[] interfaces = {Context.class};
- Context ctx = (Context) Proxy.newProxyInstance(loader, interfaces, this);
- return ctx;
- }
-
-
- /** This is the InvocationHandler callback for the Context interface that
- was created by out getObjectInstance() method. We handle the java:/jaas/domain
- level operations here.
- */
- public Object invoke(Object obj, Method method, Object[] args) throws Throwable
- {
- String methodName = method.getName();
- if( methodName.equals("toString") == true )
- return SECURITY_MGR_PATH + " Context proxy";
- if( methodName.equals("list") == true )
- return new DomainEnumeration(securityDomainCtxMap.keys(), securityDomainCtxMap);
-
- if( methodName.equals("lookup") == false )
- throw new OperationNotSupportedException("Only lookup is supported, op="+method);
- String securityDomain = null;
- Name name = null;
- if( args[0] instanceof String )
- name = parser.parse((String) args[0]);
- else
- name = (Name)args[0];
- securityDomain = name.get(0);
- SecurityDomainContext securityDomainCtx = lookupSecurityDomain(securityDomain);
- Object binding = securityDomainCtx.getSecurityManager();
- // Look for requests against the security domain context
- if( name.size() == 2 )
- {
- String request = name.get(1);
- binding = securityDomainCtx.lookup(request);
- }
- return binding;
- }
- }
+
static class DomainEnumeration implements NamingEnumeration
{
Enumeration domains;
More information about the jboss-cvs-commits
mailing list