[jboss-cvs] JBossAS SVN: r103769 - in projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins: authorization and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Apr 9 17:44:45 EDT 2010
Author: mmoyses
Date: 2010-04-09 17:44:44 -0400 (Fri, 09 Apr 2010)
New Revision: 103769
Modified:
projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/JBossAuthorizationManager.java
projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
Log:
JBPAPP-4086: removing lock
Modified: projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/JBossAuthorizationManager.java
===================================================================
--- projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/JBossAuthorizationManager.java 2010-04-09 21:23:50 UTC (rev 103768)
+++ projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/JBossAuthorizationManager.java 2010-04-09 21:44:44 UTC (rev 103769)
@@ -278,13 +278,15 @@
{
if(ac == null)
throw new IllegalArgumentException("AuthorizationContext is null");
+
+ String sc = ac.getSecurityDomain();
+ if(this.securityDomain.equals(sc) == false)
+ throw new IllegalArgumentException("The Security Domain "+ sc
+ + " does not match with " + this.securityDomain);
+
lock.lock();
try
{
- String sc = ac.getSecurityDomain();
- if(this.securityDomain.equals(sc) == false)
- throw new IllegalArgumentException("The Security Domain "+ sc
- + " does not match with " + this.securityDomain);
this.authorizationContext = ac;
}
finally
@@ -467,17 +469,9 @@
RoleGroup role)
throws AuthorizationException
{
- lock.lock();
- try
- {
- if(this.authorizationContext == null)
- this.authorizationContext = new JBossAuthorizationContext(this.securityDomain);
- return this.authorizationContext.authorize(resource, subject, role);
- }
- finally
- {
- lock.unlock();
- }
+ if(this.authorizationContext == null)
+ this.setAuthorizationContext( new JBossAuthorizationContext(this.securityDomain) );
+ return this.authorizationContext.authorize(resource, subject, role);
}
/**
@@ -528,4 +522,4 @@
{
return new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
}
-}
\ No newline at end of file
+}
Modified: projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
===================================================================
--- projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2010-04-09 21:23:50 UTC (rev 103768)
+++ projects/security/security-jboss-sx/branches/2.0.4.SP3_SECURITY-490/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2010-04-09 21:44:44 UTC (rev 103769)
@@ -24,7 +24,10 @@
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Map;
+import java.util.WeakHashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
@@ -78,6 +81,9 @@
//Application Policy can be injected
private ApplicationPolicy applicationPolicy = null;
+ //Clazz instance cache map to minimize load class synchronization
+ private static Map< String,Class<?> > clazzMap = new WeakHashMap<String, Class<?>>();
+
public JBossAuthorizationContext(String name)
{
this.securityDomainName = name;
@@ -132,56 +138,52 @@
public int authorize(final Resource resource, final Subject subject, final RoleGroup callerRoles)
throws AuthorizationException
{
+ final List<AuthorizationModule> modules = new ArrayList<AuthorizationModule>();
+ final List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
+
try
{
- try
+ this.authenticatedSubject = subject;
+
+ initializeModules(resource, callerRoles, modules, controlFlags);
+
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
{
- this.authenticatedSubject = subject;
- initializeModules(resource, callerRoles);
- }
- catch (PrivilegedActionException e1)
- {
- throw new RuntimeException(e1);
- }
- //Do a PrivilegedAction
- try
- {
- AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+ public Object run() throws AuthorizationException
{
- public Object run() throws AuthorizationException
+ int result = invokeAuthorize(resource, modules, controlFlags);
+ if (result == PERMIT)
+ invokeCommit( modules, controlFlags );
+ if (result == DENY)
{
- int result = invokeAuthorize(resource);
- if (result == PERMIT)
- invokeCommit();
- if (result == DENY)
- {
- invokeAbort();
- throw new AuthorizationException("Denied");
- }
- return null;
+ invokeAbort( modules, controlFlags );
+ throw new AuthorizationException("Denied");
}
- });
- }
- catch (PrivilegedActionException e)
- {
- Exception exc = e.getException();
- if (trace)
- log.trace("Error in authorize:", exc);
- invokeAbort();
- throw ((AuthorizationException) exc);
- }
- return PERMIT;
+ return null;
+ }
+ });
}
+ catch (PrivilegedActionException e)
+ {
+ Exception exc = e.getException();
+ if (trace)
+ log.trace("Error in authorize:", exc);
+ invokeAbort( modules, controlFlags );
+ throw ((AuthorizationException) exc);
+ }
finally
{
- // clear the modules and control flags lists.
- super.modules.clear();
- super.controlFlags.clear();
+ if(modules != null)
+ modules.clear();
+ if(controlFlags != null )
+ controlFlags.clear();
}
+ return PERMIT;
}
//Private Methods
- private void initializeModules(Resource resource, RoleGroup role) throws PrivilegedActionException
+ private void initializeModules(Resource resource, RoleGroup role, List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags) throws PrivilegedActionException
{
AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
if (authzInfo == null)
@@ -201,12 +203,13 @@
else if (trace)
log.trace("Control flag for entry:" + entry + "is:[" + flag + "]");
- super.controlFlags.add(flag);
- super.modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
+ controlFlags.add(flag);
+ modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
}
}
- private int invokeAuthorize(Resource resource) throws AuthorizationException
+ private int invokeAuthorize(Resource resource, List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags) throws AuthorizationException
{
//Control Flag behavior
boolean encounteredRequiredError = false;
@@ -214,11 +217,11 @@
AuthorizationException moduleException = null;
int overallDecision = DENY;
- int length = super.modules.size();
+ int length = modules.size();
for (int i = 0; i < length; i++)
{
- AuthorizationModule module = (AuthorizationModule) super.modules.get(i);
- ControlFlag flag = (ControlFlag) super.controlFlags.get(i);
+ AuthorizationModule module = (AuthorizationModule) modules.get(i);
+ ControlFlag flag = (ControlFlag) controlFlags.get(i);
int decision = DENY;
try
{
@@ -273,24 +276,26 @@
return PERMIT;
}
- private void invokeCommit() throws AuthorizationException
+ private void invokeCommit( List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags ) throws AuthorizationException
{
- int length = super.modules.size();
+ int length = modules.size();
for (int i = 0; i < length; i++)
{
- AuthorizationModule module = (AuthorizationModule) super.modules.get(i);
+ AuthorizationModule module = (AuthorizationModule) modules.get(i);
boolean bool = module.commit();
if (!bool)
throw new AuthorizationException("commit on modules failed:" + module.getClass());
}
}
- private void invokeAbort() throws AuthorizationException
+ private void invokeAbort( List<AuthorizationModule> modules,
+ List<ControlFlag> controlFlags ) throws AuthorizationException
{
- int length = super.modules.size();
+ int length = modules.size();
for (int i = 0; i < length; i++)
{
- AuthorizationModule module = (AuthorizationModule) super.modules.get(i);
+ AuthorizationModule module = (AuthorizationModule) modules.get(i);
boolean bool = module.abort();
if (!bool)
throw new AuthorizationException("abort on modules failed:" + module.getClass());
@@ -304,7 +309,13 @@
ClassLoader tcl = SecurityActions.getContextClassLoader();
try
{
- Class<?> clazz = tcl.loadClass(name);
+ Class<?> clazz = clazzMap.get(name);
+ if(clazz == null)
+ {
+ clazz = tcl.loadClass(name);
+ clazzMap.put(name, clazz);
+ }
+
am = (AuthorizationModule) clazz.newInstance();
}
catch (Exception e)
@@ -373,4 +384,4 @@
msg.append(e.getLocalizedMessage());
return msg.toString();
}
-}
\ No newline at end of file
+}
More information about the jboss-cvs-commits
mailing list