[jboss-cvs] JBossAS SVN: r88956 - in branches/Branch_5_x/security/src: main/org/jboss/security/integration and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri May 15 16:26:23 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-05-15 16:26:23 -0400 (Fri, 15 May 2009)
New Revision: 88956
Modified:
branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Log:
JBAS-6747: JaasSecurityManagerService callbackhandler setting: merge in rev 88955 from trunk
Modified: branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
===================================================================
--- branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml 2009-05-15 20:05:44 UTC (rev 88955)
+++ branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml 2009-05-15 20:26:23 UTC (rev 88956)
@@ -53,14 +53,14 @@
<property name="defaultLoginConfig"><inject bean="XMLLoginConfig"/></property>
</bean>
+ <!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
+ <bean name="JBossSecurityJNDIContextEstablishment"
+ class="org.jboss.security.integration.JNDIContextEstablishment"/>
+
<!-- JNDI Based Security Management -->
<bean name="JNDIBasedSecurityManagement"
class="org.jboss.security.integration.JNDIBasedSecurityManagement"/>
- <!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
- <bean name="JBossSecurityJNDIContextEstablishment"
- class="org.jboss.security.integration.JNDIContextEstablishment"/>
-
<!-- Instance of JBoss Security Subject Factory -->
<bean name="JBossSecuritySubjectFactory"
class="org.jboss.security.integration.JBossSecuritySubjectFactory">
Modified: branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-05-15 20:05:44 UTC (rev 88955)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2009-05-15 20:26:23 UTC (rev 88956)
@@ -82,7 +82,7 @@
protected String mappingMgrClass = "org.jboss.security.plugins.mapping.JBossMappingManager";
- protected transient CallbackHandler callBackHandler = new JBossCallbackHandler();
+ protected static transient CallbackHandler callBackHandler = new JBossCallbackHandler();
/** Enable the IdentityTrust feature */
protected boolean enableIdentity = false;
@@ -101,6 +101,7 @@
public JNDIBasedSecurityManagement()
{
initialize();
+ initializeCallbackHandler();
}
@ManagementOperation(description = "Get the audit manager for the specified security domain",
@@ -255,9 +256,10 @@
this.mappingMgrClass = mappingMgrClass;
}
- public void setCallBackHandler(CallbackHandler callBackHandler)
+ public void setCallBackHandler(CallbackHandler cbh)
{
- this.callBackHandler = callBackHandler;
+ callBackHandler = cbh;
+ securityMgrMap.clear();
}
public void setEnableAudit(boolean enableAudit)
@@ -546,23 +548,26 @@
auditMgrMap = new ConcurrentHashMap<String,AuditManager>();
if(idmMgrMap == null)
idmMgrMap = new ConcurrentHashMap<String,IdentityTrustManager>();
-
- //Look for a system property for a VM wide Callback Handler
- String cbh = SecurityActions.getSystemProperty(CBH, null);
- if(cbh != null)
- {
- try
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- Class<?> clazz = tcl.loadClass(cbh);
- callBackHandler = (CallbackHandler) clazz.newInstance();
- }
- catch(Exception e)
- {
- throw new RuntimeException("Error initializing JNDIBasedSecurityManagement:",e);
- }
- }
- if(callBackHandler == null)
- callBackHandler = new JBossCallbackHandler();
}
-}
\ No newline at end of file
+
+ private void initializeCallbackHandler()
+ {
+ //Look for a system property for a VM wide Callback Handler
+ String cbh = SecurityActions.getSystemProperty(CBH, null);
+ if(cbh != null)
+ {
+ try
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ Class<?> clazz = tcl.loadClass(cbh);
+ callBackHandler = (CallbackHandler) clazz.newInstance();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException("Error initializing JNDIBasedSecurityManagement:",e);
+ }
+ }
+ if(callBackHandler == null)
+ callBackHandler = new JBossCallbackHandler();
+ }
+}
Modified: branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-05-15 20:05:44 UTC (rev 88955)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2009-05-15 20:26:23 UTC (rev 88956)
@@ -22,7 +22,6 @@
package org.jboss.security.plugins;
import java.beans.PropertyEditorManager;
-import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
@@ -45,13 +44,11 @@
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
-import javax.naming.OperationNotSupportedException;
import javax.naming.RefAddr;
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.naming.spi.ObjectFactory;
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.jacc.PolicyContext;
import org.jboss.logging.Logger;
@@ -454,20 +451,9 @@
Context ctx = new InitialContext();
parser = ctx.getNameParser("");
- /* Create a mapping from the java:/jaas context to a SecurityDomainObjectFactory
- so that any lookup against java:/jaas/domain returns an instance of our
- security manager class.
- */
- RefAddr refAddr = new StringRefAddr("nns", "JSM");
- String factoryName = SecurityDomainObjectFactory.class.getName();
+ RefAddr refAddr = new StringRefAddr("nns", "JSMCachePolicy");
+ String factoryName = DefaultCacheObjectFactory.class.getName();
Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
- /*ctx.rebind(SECURITY_MGR_PATH, ref);
- */
- log.debug("securityMgrCtxPath="+SECURITY_MGR_PATH);
-
- refAddr = new StringRefAddr("nns", "JSMCachePolicy");
- factoryName = DefaultCacheObjectFactory.class.getName();
- ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
ctx.rebind(DEFAULT_CACHE_POLICY_PATH, ref);
log.debug("cachePolicyCtxPath="+cacheJndiName);
@@ -652,48 +638,6 @@
}
return securityDomainCtx;
}
-
- /** Create a new SecurityDomainContext for securityDomain. This is
- * synchronized to ensure that the creation and setting of the domain
- * cache are atomic.
- * @param securityDomain
- * @return the SecurityDomainContext for securityDomain
- * @throws NamingException
- */
- private synchronized static SecurityDomainContext newSecurityDomainCtx(String securityDomain)
- throws NamingException
- {
- SecurityDomainContext sdc = null;
- try
- {
- // Create instance of securityMgrClass
- Class[] parameterTypes = {String.class, CallbackHandler.class};
- Constructor ctor = securityMgrClass.getConstructor(parameterTypes);
- CallbackHandler handler = (CallbackHandler) callbackHandlerClass.newInstance();
- Object[] args = {securityDomain, handler};
- AuthenticationManager securityMgr = (AuthenticationManager) ctor.newInstance(args);
- log.debug("Created securityMgr="+securityMgr);
- CachePolicy cachePolicy = lookupCachePolicy(securityDomain);
- sdc = new SecurityDomainContext(securityMgr, cachePolicy);
- // See if the security mgr supports an externalized cache policy
- setSecurityDomainCache(securityMgr, cachePolicy);
- if(deepCopySubjectMode)
- setDeepCopySubjectOption(securityMgr, true);
- //Set the Authorization Manager
- //AuthorizationManager am = AuthorizationManagerService.newAuthorizationManager(securityDomain);
- //sdc.setAuthorizationManager(am);
- }
- catch(Exception e2)
- {
- String msg = "Failed to create sec mgr('"+securityDomain+"'), securityMgrClass="
- +securityMgrClass +", callbackHandlerClass="
- +callbackHandlerClass;
- NamingException ne = new NamingException(msg);
- ne.setRootCause(e2);
- throw ne;
- }
- return sdc;
- }
/**
* Get the default unauthenticated principal.
@@ -729,63 +673,10 @@
{
sb.append(jsi.getJCAAlgorithms(serviceName));
}
- return sb.toString();
-
+ return sb.toString();
}
-
- // java:/jaas context ObjectFactory implementation
-
- public static class SecurityDomainObjectFactory
- implements InvocationHandler, ObjectFactory
- {
- /** Object factory implementation. This method returns a Context proxy
- that is only able to handle a lookup operation for an atomic name of
- a security domain.
- */
- public Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable environment)
- throws Exception
- {
- ClassLoader loader = SubjectActions.getContextClassLoader();
- Class[] interfaces = {Context.class};
- Context ctx = (Context) Proxy.newProxyInstance(loader, interfaces, this);
- return ctx;
- }
-
-
- /** This is the InvocationHandler callback for the Context interface that
- was created by out getObjectInstance() method. We handle the java:/jaas/domain
- level operations here.
- */
- public Object invoke(Object obj, Method method, Object[] args) throws Throwable
- {
- String methodName = method.getName();
- if( methodName.equals("toString") == true )
- return SECURITY_MGR_PATH + " Context proxy";
- if( methodName.equals("list") == true )
- return new DomainEnumeration(securityDomainCtxMap.keys(), securityDomainCtxMap);
-
- if( methodName.equals("lookup") == false )
- throw new OperationNotSupportedException("Only lookup is supported, op="+method);
- String securityDomain = null;
- Name name = null;
- if( args[0] instanceof String )
- name = parser.parse((String) args[0]);
- else
- name = (Name)args[0];
- securityDomain = name.get(0);
- SecurityDomainContext securityDomainCtx = lookupSecurityDomain(securityDomain);
- Object binding = securityDomainCtx.getSecurityManager();
- // Look for requests against the security domain context
- if( name.size() == 2 )
- {
- String request = name.get(1);
- binding = securityDomainCtx.lookup(request);
- }
- return binding;
- }
- }
+
static class DomainEnumeration implements NamingEnumeration
{
Enumeration domains;
More information about the jboss-cvs-commits
mailing list