[jboss-cvs] JBossAS SVN: r88956 - in branches/Branch_5_x/security/src: main/org/jboss/security/integration and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri May 15 16:26:23 EDT 2009 

Author: anil.saldhana at jboss.com
Date: 2009-05-15 16:26:23 -0400 (Fri, 15 May 2009)
New Revision: 88956

Modified:
   branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
   branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
   branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Log:
JBAS-6747: JaasSecurityManagerService callbackhandler setting: merge in rev 88955 from trunk

Modified: branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml
===================================================================
--- branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml	2009-05-15 20:05:44 UTC (rev 88955)
+++ branches/Branch_5_x/security/src/etc/deploy/security-jboss-beans.xml	2009-05-15 20:26:23 UTC (rev 88956)
@@ -53,14 +53,14 @@
       <property name="defaultLoginConfig"><inject bean="XMLLoginConfig"/></property>
    </bean>
  
+   <!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
+   <bean name="JBossSecurityJNDIContextEstablishment"
+      class="org.jboss.security.integration.JNDIContextEstablishment"/> 
+
    <!-- JNDI Based Security Management -->
    <bean name="JNDIBasedSecurityManagement"
       class="org.jboss.security.integration.JNDIBasedSecurityManagement"/> 
 
-   <!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
-   <bean name="JBossSecurityJNDIContextEstablishment"
-      class="org.jboss.security.integration.JNDIContextEstablishment"/> 
-
    <!-- Instance of JBoss Security Subject Factory -->
    <bean name="JBossSecuritySubjectFactory"
          class="org.jboss.security.integration.JBossSecuritySubjectFactory">

Modified: branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java	2009-05-15 20:05:44 UTC (rev 88955)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java	2009-05-15 20:26:23 UTC (rev 88956)
@@ -82,7 +82,7 @@
    
    protected String mappingMgrClass = "org.jboss.security.plugins.mapping.JBossMappingManager";
    
-   protected transient CallbackHandler callBackHandler = new JBossCallbackHandler(); 
+   protected static transient CallbackHandler callBackHandler = new JBossCallbackHandler(); 
    
    /** Enable the IdentityTrust feature */
    protected boolean enableIdentity = false;
@@ -101,6 +101,7 @@
    public JNDIBasedSecurityManagement()
    {   
       initialize();
+      initializeCallbackHandler();
    } 
    
    @ManagementOperation(description = "Get the audit manager for the specified security domain",
@@ -255,9 +256,10 @@
       this.mappingMgrClass = mappingMgrClass;
    }
 
-   public void setCallBackHandler(CallbackHandler callBackHandler)
+   public void setCallBackHandler(CallbackHandler cbh)
    {
-      this.callBackHandler = callBackHandler;
+      callBackHandler = cbh;
+      securityMgrMap.clear();
    }
 
    public void setEnableAudit(boolean enableAudit)
@@ -546,23 +548,26 @@
          auditMgrMap = new ConcurrentHashMap<String,AuditManager>();
       if(idmMgrMap == null)
          idmMgrMap = new ConcurrentHashMap<String,IdentityTrustManager>();
-      
-      //Look for a system property for a VM wide Callback Handler
-      String cbh = SecurityActions.getSystemProperty(CBH, null);
-      if(cbh != null)
-      {
-         try
-         { 
-            ClassLoader tcl = SecurityActions.getContextClassLoader();
-            Class<?> clazz = tcl.loadClass(cbh);
-            callBackHandler = (CallbackHandler) clazz.newInstance();
-         }
-         catch(Exception e)
-         {
-            throw new RuntimeException("Error initializing JNDIBasedSecurityManagement:",e);
-         }
-      }
-      if(callBackHandler == null)
-         callBackHandler = new JBossCallbackHandler();
    }
-}
\ No newline at end of file
+   
+   private void initializeCallbackHandler()
+   {
+	   //Look for a system property for a VM wide Callback Handler
+	   String cbh = SecurityActions.getSystemProperty(CBH, null);
+	   if(cbh != null)
+	   {
+		   try
+		   { 
+			   ClassLoader tcl = SecurityActions.getContextClassLoader();
+			   Class<?> clazz = tcl.loadClass(cbh);
+			   callBackHandler = (CallbackHandler) clazz.newInstance();
+		   }
+		   catch(Exception e)
+		   {
+			   throw new RuntimeException("Error initializing JNDIBasedSecurityManagement:",e);
+		   }
+	   }
+	   if(callBackHandler == null)
+		   callBackHandler = new JBossCallbackHandler(); 
+   }
+}

Modified: branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java	2009-05-15 20:05:44 UTC (rev 88955)
+++ branches/Branch_5_x/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java	2009-05-15 20:26:23 UTC (rev 88956)
@@ -22,7 +22,6 @@
 package org.jboss.security.plugins;
 
 import java.beans.PropertyEditorManager;
-import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
@@ -45,13 +44,11 @@
 import javax.naming.NameParser;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import javax.naming.OperationNotSupportedException;
 import javax.naming.RefAddr;
 import javax.naming.Reference;
 import javax.naming.StringRefAddr;
 import javax.naming.spi.ObjectFactory;
 import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
 import javax.security.jacc.PolicyContext;
 
 import org.jboss.logging.Logger;
@@ -454,20 +451,9 @@
       Context ctx = new InitialContext();
       parser = ctx.getNameParser("");
 
-      /* Create a mapping from the java:/jaas context to a SecurityDomainObjectFactory
-       so that any lookup against java:/jaas/domain returns an instance of our
-       security manager class.
-      */
-      RefAddr refAddr = new StringRefAddr("nns", "JSM");
-      String factoryName = SecurityDomainObjectFactory.class.getName();
+      RefAddr refAddr = new StringRefAddr("nns", "JSMCachePolicy");
+      String factoryName = DefaultCacheObjectFactory.class.getName();
       Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
-      /*ctx.rebind(SECURITY_MGR_PATH, ref);
-      */
-      log.debug("securityMgrCtxPath="+SECURITY_MGR_PATH);
-
-      refAddr = new StringRefAddr("nns", "JSMCachePolicy");
-      factoryName = DefaultCacheObjectFactory.class.getName();
-      ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
       ctx.rebind(DEFAULT_CACHE_POLICY_PATH, ref);
       log.debug("cachePolicyCtxPath="+cacheJndiName);
 
@@ -652,48 +638,6 @@
       }
       return securityDomainCtx;
    }
-
-   /** Create a new SecurityDomainContext for securityDomain. This is
-    * synchronized to ensure that the creation and setting of the domain
-    * cache are atomic.
-    * @param securityDomain
-    * @return the SecurityDomainContext for securityDomain
-    * @throws NamingException
-    */
-   private synchronized static SecurityDomainContext newSecurityDomainCtx(String securityDomain)
-      throws NamingException
-   {
-      SecurityDomainContext sdc = null;
-      try
-      {
-         // Create instance of securityMgrClass
-         Class[] parameterTypes = {String.class, CallbackHandler.class};
-         Constructor ctor = securityMgrClass.getConstructor(parameterTypes);
-         CallbackHandler handler = (CallbackHandler) callbackHandlerClass.newInstance();
-         Object[] args = {securityDomain, handler};
-         AuthenticationManager securityMgr = (AuthenticationManager) ctor.newInstance(args);
-         log.debug("Created securityMgr="+securityMgr);
-         CachePolicy cachePolicy = lookupCachePolicy(securityDomain); 
-         sdc = new SecurityDomainContext(securityMgr, cachePolicy);
-         // See if the security mgr supports an externalized cache policy
-         setSecurityDomainCache(securityMgr, cachePolicy);
-         if(deepCopySubjectMode)
-            setDeepCopySubjectOption(securityMgr, true); 
-         //Set the Authorization Manager 
-         //AuthorizationManager am = AuthorizationManagerService.newAuthorizationManager(securityDomain);
-         //sdc.setAuthorizationManager(am);  
-      }
-      catch(Exception e2)
-      {
-         String msg = "Failed to create sec mgr('"+securityDomain+"'), securityMgrClass="
-            +securityMgrClass +", callbackHandlerClass="
-            +callbackHandlerClass;
-         NamingException ne = new NamingException(msg);
-         ne.setRootCause(e2);
-         throw ne;
-      }
-      return sdc;
-   } 
    
    /**
     * Get the default unauthenticated principal.
@@ -729,63 +673,10 @@
       {
          sb.append(jsi.getJCAAlgorithms(serviceName));
       }
-      return sb.toString();
-      
+      return sb.toString();  
    }
 
-
-   // java:/jaas context ObjectFactory implementation
-
-   public static class SecurityDomainObjectFactory
-      implements InvocationHandler, ObjectFactory
-   {
-      /** Object factory implementation. This method returns a Context proxy
-       that is only able to handle a lookup operation for an atomic name of
-       a security domain.
-      */
-      public Object getObjectInstance(Object obj, Name name, Context nameCtx,
-         Hashtable environment)
-         throws Exception
-      {
-         ClassLoader loader = SubjectActions.getContextClassLoader();
-         Class[] interfaces = {Context.class};
-         Context ctx = (Context) Proxy.newProxyInstance(loader, interfaces, this);
-         return ctx;
-      }
-
-
-      /** This is the InvocationHandler callback for the Context interface that
-       was created by out getObjectInstance() method. We handle the java:/jaas/domain
-       level operations here.
-       */
-      public Object invoke(Object obj, Method method, Object[] args) throws Throwable
-      {
-         String methodName = method.getName();
-         if( methodName.equals("toString") == true )
-            return SECURITY_MGR_PATH + " Context proxy";
-         if( methodName.equals("list") == true )
-            return new DomainEnumeration(securityDomainCtxMap.keys(), securityDomainCtxMap);
-
-         if( methodName.equals("lookup") == false )
-            throw new OperationNotSupportedException("Only lookup is supported, op="+method);
-         String securityDomain = null;
-         Name name = null;
-         if( args[0] instanceof String )
-            name = parser.parse((String) args[0]);
-         else
-           name = (Name)args[0];
-         securityDomain = name.get(0);
-         SecurityDomainContext securityDomainCtx = lookupSecurityDomain(securityDomain);
-         Object binding = securityDomainCtx.getSecurityManager();
-         // Look for requests against the security domain context
-         if( name.size() == 2 )
-         {
-            String request = name.get(1);
-            binding = securityDomainCtx.lookup(request);
-         }
-         return binding;
-      }
-   }
+    
    static class DomainEnumeration implements NamingEnumeration
    {
       Enumeration domains;

More information about the jboss-cvs-commits mailing list