[jboss-cvs] Picketbox SVN: r141 - in trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins: auth and 1 other directory.

Tue Nov 16 11:58:32 EST 2010

Author: mmoyses
Date: 2010-11-16 11:58:31 -0500 (Tue, 16 Nov 2010)
New Revision: 141

Added:
   trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java
Modified:
   trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java
   trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
Log:
SECURITY-539: creating SubjectFactory implementation

Added: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java
===================================================================

--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java	                        (rev 0)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java	2010-11-16 16:58:31 UTC (rev 141)
@@ -0,0 +1,98 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SubjectFactory;
+import org.jboss.security.auth.callback.JBossCallbackHandler;
+
+/**
+ * Create a Subject given the details available
+ * via implementation strategies such as SecurityContextAssociation
+ * to get hold of the Principal, Credentials, etc
+ * 
+ * @author Anil.Saldhana at redhat.com
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class JBossSecuritySubjectFactory implements SubjectFactory
+{
+
+   private static Logger log = Logger.getLogger(JBossSecuritySubjectFactory.class);
+
+   private ISecurityManagement securityManagement;
+
+   /**
+    * @see SubjectFactory#createSubject()
+    */
+   public Subject createSubject()
+   {
+      return createSubject(SecurityConstants.DEFAULT_APPLICATION_POLICY);
+   }
+
+   /**
+    * @see SubjectFactory#createSubject(String)
+    */
+   public Subject createSubject(String securityDomainName)
+   {
+      if (securityManagement == null)
+      {
+         log.warn("SecurityManagement is not set. Creating a default one");
+         securityManagement = new DefaultSecurityManagement(new JBossCallbackHandler());
+      }
+      Subject subject = new Subject();
+      //Validate the caller
+      Principal principal = SubjectActions.getPrincipal();
+      AuthenticationManager authenticationManager = securityManagement.getAuthenticationManager(securityDomainName);
+      if (authenticationManager == null)
+      {
+         String defaultSecurityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+         if (log.isTraceEnabled())
+         {
+            log.trace("AuthenticationManager for " + securityDomainName + " not found. Using " + defaultSecurityDomain);
+         }
+         authenticationManager = securityManagement.getAuthenticationManager(defaultSecurityDomain);
+      }
+      if (authenticationManager.isValid(principal, SubjectActions.getCredential(), subject) == false)
+         throw new SecurityException("Unauthenticated caller:" + principal);
+      return subject;
+   }
+
+   /**
+    * Sets the {@link ISecurityManagement} implementation to be used.
+    * If this is not set, a default implementation will be used. 
+    * 
+    * @param securityManagement the concrete implementation to be used
+    */
+   public void setSecurityManagement(ISecurityManagement securityManagement)
+   {
+      this.securityManagement = securityManagement;
+   }
+
+}

Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java	2010-10-20 13:25:16 UTC (rev 140)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java	2010-11-16 16:58:31 UTC (rev 141)
@@ -446,4 +446,38 @@
          }}
       );
    } 
+   
+   static Principal getPrincipal()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<Principal>()
+      {
+         public Principal run()
+         {
+            Principal principal = null;
+            SecurityContext sc = getSecurityContext();
+            if(sc != null)
+            {
+               principal = sc.getUtil().getUserPrincipal();
+            }
+            return principal;
+         }
+      });
+   }
+
+   static Object getCredential()
+   {
+      return AccessController.doPrivileged(new PrivilegedAction<Object>()
+      {
+         public Object run()
+         {
+            Object credential = null;
+            SecurityContext sc = getSecurityContext();
+            if(sc != null)
+            {
+               credential = sc.getUtil().getCredential();
+            }
+            return credential;
+         }
+      });
+   }
 }

Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java	2010-10-20 13:25:16 UTC (rev 140)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java	2010-11-16 16:58:31 UTC (rev 141)
@@ -222,7 +222,7 @@
     */
    public JaasSecurityManagerBase()
    {
-      this("other", new JBossCallbackHandler());
+      this(SecurityConstants.DEFAULT_APPLICATION_POLICY, new JBossCallbackHandler());
    }
    /** Creates a JaasSecurityManager for with a securityDomain
     name of that given by the 'securityDomain' argument.

