[jboss-cvs] Picketbox SVN: r243 - in trunk: security-jboss-sx/jbosssx/src/main/java/org/jboss/security and 12 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Aug 12 13:06:20 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-08-12 13:06:20 -0400 (Fri, 12 Aug 2011)
New Revision: 243
Removed:
trunk/picketbox-infinispan/.classpath
trunk/picketbox-infinispan/.project
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/NestablePrincipal.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/SimpleGroup.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/AuthenticationInfo.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/ConfigUtil.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/LoginModuleStackHolder.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/XMLLoginConfigImpl.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthConfig.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthContext.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/cache/JBossAuthenticationCache.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/ApplicationPolicyParser.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/SecurityActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/AbstractRolesMappingProvider.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/DatabaseRolesMappingProvider.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/PropertiesRolesMappingProvider.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossPolicyRegistration.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SynchronizedJaasSecurityManager.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/JaasSecurityDomainIdentityLoginModule.java
Log:
remove the warnings and change line delimiters to unix
Deleted: trunk/picketbox-infinispan/.classpath
===================================================================
--- trunk/picketbox-infinispan/.classpath 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/picketbox-infinispan/.classpath 2011-08-12 17:06:20 UTC (rev 243)
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry kind="src" output="target/classes" path="src/main/java"/>
- <classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
- <classpathentry kind="src" path="src/test/resources"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
Deleted: trunk/picketbox-infinispan/.project
===================================================================
--- trunk/picketbox-infinispan/.project 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/picketbox-infinispan/.project 2011-08-12 17:06:20 UTC (rev 243)
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
- <name>picketbox-infinispan</name>
- <comment></comment>
- <projects>
- </projects>
- <buildSpec>
- <buildCommand>
- <name>org.eclipse.jdt.core.javabuilder</name>
- <arguments>
- </arguments>
- </buildCommand>
- <buildCommand>
- <name>org.maven.ide.eclipse.maven2Builder</name>
- <arguments>
- </arguments>
- </buildCommand>
- </buildSpec>
- <natures>
- <nature>org.eclipse.jdt.core.javanature</nature>
- <nature>org.maven.ide.eclipse.maven2Nature</nature>
- </natures>
-</projectDescription>
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/JBossJSSESecurityDomain.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -240,8 +240,7 @@
{
this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm;
}
-
- @Override
+
public String getClientAlias()
{
return clientAlias;
@@ -251,8 +250,7 @@
{
this.clientAlias = clientAlias;
}
-
- @Override
+
public String getServerAlias()
{
return serverAlias;
@@ -262,8 +260,7 @@
{
this.serverAlias = serverAlias;
}
-
- @Override
+
public boolean isClientAuth()
{
return clientAuth;
@@ -273,14 +270,12 @@
{
this.clientAuth = clientAuth;
}
-
- @Override
+
public KeyStore getKeyStore()
{
return keyStore;
}
-
- @Override
+
public KeyStore getTrustStore()
{
return trustStore;
@@ -301,25 +296,21 @@
this.serviceAuthToken = Util.loadPassword(serviceAuthToken);
}
- @Override
public KeyManager[] getKeyManagers() throws SecurityException
{
return keyManagers;
}
- @Override
public TrustManager[] getTrustManagers() throws SecurityException
{
return trustManagers;
}
- @Override
public String getSecurityDomain()
{
return name;
}
- @Override
public Key getKey(String alias, String serviceAuthToken) throws Exception
{
log.debug(this + " got request for key with alias '" + alias + "'");
@@ -336,7 +327,6 @@
return key;
}
- @Override
public Certificate getCertificate(String alias) throws Exception
{
log.debug(this + " got request for certifcate with alias '" + alias + "'");
@@ -344,13 +334,11 @@
return trustStore.getCertificate(alias);
}
- @Override
public void reloadKeyAndTrustStore() throws Exception
{
loadKeyAndTrustStore();
}
- @Override
public String[] getCipherSuites()
{
return cipherSuites;
@@ -362,8 +350,7 @@
this.cipherSuites = cs;
}
- @Override
- public String[] getProtocols()
+ public String[] getProtocols()
{
return protocols;
}
@@ -373,8 +360,7 @@
String[] p = protocols.split(",");
this.protocols = p;
}
-
- @Override
+
public Properties getAdditionalProperties()
{
return additionalProperties;
@@ -455,6 +441,7 @@
throw new SecurityException("service authentication token verification failed");
}
+ @SuppressWarnings({"rawtypes", "unchecked"})
private void loadKeyAndTrustStore() throws Exception
{
if (keyStorePassword != null)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/NestablePrincipal.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/NestablePrincipal.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/NestablePrincipal.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -110,8 +110,8 @@
return member.equals(activePrincipal);
}
- @SuppressWarnings("unchecked")
- public synchronized Object clone() throws CloneNotSupportedException
+ @SuppressWarnings({"unchecked", "rawtypes"})
+ public synchronized Object clone() throws CloneNotSupportedException
{
NestablePrincipal clone = (NestablePrincipal) super.clone();
if(clone != null)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/SimpleGroup.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/SimpleGroup.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/SimpleGroup.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -31,8 +31,7 @@
import java.util.HashMap;
import java.util.Iterator;
-
- at SuppressWarnings("unchecked")
+
/** An implementation of Group that manages a collection of Principal
objects based on their hashCode() and equals() methods. This class
is not thread safe.
@@ -40,6 +39,7 @@
@author Scott.Stark at jboss.org
@version $Revision$
*/
+ at SuppressWarnings({"rawtypes","unchecked"})
public class SimpleGroup extends SimplePrincipal implements Group, Cloneable
{
/** The serialVersionUID */
@@ -48,8 +48,8 @@
private HashMap members;
private static final String OVERRIDE_EQUALS_BEHAVIOR = "org.jboss.security.simpleprincipal.equals.override";
-
- public SimpleGroup(String groupName)
+
+ public SimpleGroup(String groupName)
{
super(groupName);
members = new HashMap(3);
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -49,7 +49,7 @@
* @since Jan 9, 2006
* @version $Revision$
*/
- at SuppressWarnings("unchecked")
+ at SuppressWarnings({"rawtypes","unchecked"})
public abstract class AbstractServerAuthModule implements ServerAuthModule
{
/**
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -31,6 +31,7 @@
* Server Auth Module that sends a AuthStatus.FAILURE
* @author Anil.Saldhana at redhat.com
*/
+ at SuppressWarnings({"rawtypes"})
public class AllFailureServerAuthModule extends AbstractServerAuthModule
{
@@ -47,8 +48,7 @@
/**
* @see ServerAuthModule#getSupportedMessageTypes()
- */
- @SuppressWarnings("unchecked")
+ */
@Override
public Class[] getSupportedMessageTypes()
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -31,8 +31,8 @@
* @author Anil.Saldhana at redhat.com
*/
public class AllSuccessServerAuthModule extends AbstractServerAuthModule
-{
- @SuppressWarnings("unchecked")
+{
+ @SuppressWarnings("rawtypes")
@Override
public Class[] getSupportedMessageTypes()
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -1,113 +1,113 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.container.modules;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-
-import org.jboss.logging.Logger;
-
-/**
- * Server Auth Module that delegates work to a login context
- * @author Anil.Saldhana at redhat.com
- * @since Jul 25, 2007
- * @version $Revision$
- */
- at SuppressWarnings("unchecked")
-public class DelegatingServerAuthModule extends AbstractServerAuthModule
-{
- private LoginContext loginContext = null;
- private String loginContextName = null;
-
- public DelegatingServerAuthModule()
- {
- log = Logger.getLogger(DelegatingServerAuthModule.class);
- trace = log.isTraceEnabled();
- this.supportedTypes.add(Object.class);
- }
-
- public DelegatingServerAuthModule(String loginModuleStackHolderName)
- {
- this();
- this.loginContextName = loginModuleStackHolderName;
- }
-
- public Class[] getSupportedMessageTypes()
- {
- Class[] clarr = new Class[this.supportedTypes.size()];
- this.supportedTypes.toArray(clarr);
- return clarr;
- }
-
- public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
- {
- if(loginContext != null)
- try
- {
- loginContext.logout();
- }
- catch (LoginException e)
- {
- throw new AuthException(e.getLocalizedMessage());
- }
- }
-
- public AuthStatus secureResponse(MessageInfo messageInfo, Subject arg1) throws AuthException
- {
- throw new RuntimeException("Not Implemented");
- }
-
- @Override
- protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
- {
- try
- {
- loginContext = SecurityActions.createLoginContext(getSecurityDomainName(), clientSubject, this.callbackHandler);
- loginContext.login();
- return true;
- }
- catch (Exception e)
- {
- if(trace)
- log.trace("Exception in validate:",e);
- throw new AuthException(e.getLocalizedMessage());
- }
- }
-
- private String getSecurityDomainName()
- {
- if(loginContextName != null)
- return loginContextName;
-
- //Check if it is passed in the options
- String domainName = (String) options.get("javax.security.auth.login.LoginContext");
- if(domainName == null)
- {
- domainName = getClass().getName();
- }
- return domainName;
- }
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+
+import org.jboss.logging.Logger;
+
+/**
+ * Server Auth Module that delegates work to a login context
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 25, 2007
+ * @version $Revision$
+ */
+ at SuppressWarnings({"rawtypes"})
+public class DelegatingServerAuthModule extends AbstractServerAuthModule
+{
+ private LoginContext loginContext = null;
+ private String loginContextName = null;
+
+ public DelegatingServerAuthModule()
+ {
+ log = Logger.getLogger(DelegatingServerAuthModule.class);
+ trace = log.isTraceEnabled();
+ this.supportedTypes.add(Object.class);
+ }
+
+ public DelegatingServerAuthModule(String loginModuleStackHolderName)
+ {
+ this();
+ this.loginContextName = loginModuleStackHolderName;
+ }
+
+ public Class[] getSupportedMessageTypes()
+ {
+ Class[] clarr = new Class[this.supportedTypes.size()];
+ this.supportedTypes.toArray(clarr);
+ return clarr;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
+ {
+ if(loginContext != null)
+ try
+ {
+ loginContext.logout();
+ }
+ catch (LoginException e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject arg1) throws AuthException
+ {
+ throw new RuntimeException("Not Implemented");
+ }
+
+ @Override
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
+ {
+ try
+ {
+ loginContext = SecurityActions.createLoginContext(getSecurityDomainName(), clientSubject, this.callbackHandler);
+ loginContext.login();
+ return true;
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Exception in validate:",e);
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+
+ private String getSecurityDomainName()
+ {
+ if(loginContextName != null)
+ return loginContextName;
+
+ //Check if it is passed in the options
+ String domainName = (String) options.get("javax.security.auth.login.LoginContext");
+ if(domainName == null)
+ {
+ domainName = getClass().getName();
+ }
+ return domainName;
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/container/modules/SimpleClientAuthModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -41,7 +41,7 @@
* @author <mailto:Anil.Saldhana at jboss.org>Anil Saldhana
* @since Dec 5, 2005
*/
- at SuppressWarnings("unchecked")
+ at SuppressWarnings({"rawtypes"})
public class SimpleClientAuthModule implements ClientAuthModule
{
private Class[] supportedTypes = null;
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/AuthenticationInfo.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/AuthenticationInfo.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/AuthenticationInfo.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -48,6 +48,7 @@
* @author <a href="mailto:mmoyses at redhat.com">Marcus Moyses</a>
* @version $Revision$
*/
+ at SuppressWarnings("rawtypes")
public class AuthenticationInfo extends BaseAuthenticationInfo
{
public static final AuthPermission GET_CONFIG_ENTRY_PERM = new AuthPermission("getLoginConfiguration");
@@ -105,7 +106,6 @@
}
@Override
- @SuppressWarnings("unchecked")
public String toString()
{
StringBuffer buffer = new StringBuffer("AppConfigurationEntry[]:\n");
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/ConfigUtil.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/ConfigUtil.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/ConfigUtil.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -36,6 +36,7 @@
* @author Scott.Stark at jboss.org
* @version $Revision$
*/
+ at SuppressWarnings("rawtypes")
public class ConfigUtil
{
/** Parse the application-policy/authentication element
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/LoginModuleStackHolder.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/LoginModuleStackHolder.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/LoginModuleStackHolder.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -34,7 +34,7 @@
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Dec 21, 2005
*/
- at SuppressWarnings("unchecked")
+ at SuppressWarnings("rawtypes")
public class LoginModuleStackHolder
{
public static final AuthPermission GET_CONFIG_ENTRY_PERM = new AuthPermission("getLoginConfiguration");
@@ -44,6 +44,7 @@
private ArrayList appEntries;
+ @SuppressWarnings("unchecked")
public LoginModuleStackHolder(String name, List entries)
{
this.name = name;
@@ -59,6 +60,7 @@
return this.name;
}
+ @SuppressWarnings("unchecked")
public void addAppConfigurationEntry(AppConfigurationEntry entry)
{
if(appEntries == null)
@@ -66,6 +68,7 @@
this.appEntries.add(entry);
}
+ @SuppressWarnings("unchecked")
public AppConfigurationEntry[] getAppConfigurationEntry()
{
SecurityManager sm = System.getSecurityManager();
@@ -76,6 +79,7 @@
return entries;
}
+ @SuppressWarnings("unchecked")
public void setAppConfigurationEntry(List entries)
{
if(entries == null)
@@ -85,4 +89,4 @@
this.appEntries.addAll(entries);
}
-}
+}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/XMLLoginConfigImpl.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -1,451 +1,449 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.auth.login;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Serializable;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.util.ArrayList;
-
-import javax.security.auth.AuthPermission;
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.Configuration;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.ApplicationPolicyRegistration;
-import org.jboss.security.config.PolicyConfig;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.config.parser.StaxBasedConfigParser;
-
-/**
- * An concrete implementation of the javax.security.auth.login.Configuration class that parses an xml configuration of
- * the form:
- *
- * <policy> <application-policy name = "test-domain"> <authentication> <login-module code =
- * "org.jboss.security.plugins.samples.IdentityLoginModule" flag = "required"> <module-option name = "principal">starksm</module-option>
- * </login-module> </authentication> </application-policy> </policy>
- *
- * @see javax.security.auth.login.Configuration
- *
- * @author Scott.Stark at jboss.org
- * @author Anil.Saldhana at jboss.org
- * @version $Revision: 57482 $
- */
-public class XMLLoginConfigImpl extends Configuration implements Serializable, ApplicationPolicyRegistration
-{
- /** The serialVersionUID */
- private static final long serialVersionUID = -8965860493224188277L;
-
- private static final String DEFAULT_APP_CONFIG_NAME = "other";
-
- private static final AuthPermission REFRESH_PERM = new AuthPermission("refreshLoginConfiguration");
-
- private static Logger log = Logger.getLogger(XMLLoginConfigImpl.class);
- private boolean trace = log.isTraceEnabled();
-
- transient PolicyConfig appConfigs = new PolicyConfig();
-
- /** The URL to the XML or Sun login configuration */
- protected URL loginConfigURL;
-
- /** The inherited configuration we delegate to */
- protected Configuration parentConfig;
-
- /** A flag indicating if XML configs should be validated */
- private boolean validateDTD = true;
-
- private static final XMLLoginConfigImpl instance = new XMLLoginConfigImpl();
-
- /**
- * <p>
- * Private constructor to implement the singleton pattern.
- * </p>
- */
- private XMLLoginConfigImpl()
- {
- }
-
- /**
- * <p>
- * Obtains a reference to the singleton.
- * </p>
- *
- * @return a reference to the singleton {@code XMLLoginConfigImpl} instance.
- */
- public static XMLLoginConfigImpl getInstance()
- {
- return instance;
- }
-
- // --- Begin Configuration method overrrides
- @Override
- public void refresh()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- if (log.isTraceEnabled())
- log.trace("Begin refresh");
- appConfigs.clear();
- loadConfig();
- if (log.isTraceEnabled())
- log.trace("End refresh");
- }
-
- @Override
- public AppConfigurationEntry[] getAppConfigurationEntry(String appName)
- {
- if (log.isTraceEnabled())
- log.trace("Begin getAppConfigurationEntry(" + appName + "), size=" + appConfigs.size());
-
- // Load the config if PolicyConfig is empty
- if (this.appConfigs.size() == 0)
- this.loadConfig();
-
- AppConfigurationEntry[] entry = null;
- ApplicationPolicy aPolicy = this.getApplicationPolicy(appName);
- BaseAuthenticationInfo authInfo = null;
- if (aPolicy != null)
- authInfo = aPolicy.getAuthenticationInfo();
-
- if (authInfo == null)
- {
- if (log.isTraceEnabled())
- log.trace("getAppConfigurationEntry(" + appName + "), no entry in appConfigs, tyring parentCont: "
- + parentConfig);
- if (parentConfig != null)
- entry = parentConfig.getAppConfigurationEntry(appName);
- if (entry == null)
- {
- if (log.isTraceEnabled())
- log.trace("getAppConfigurationEntry(" + appName + "), no entry in parentConfig, trying: "
- + DEFAULT_APP_CONFIG_NAME);
- }
- ApplicationPolicy defPolicy = appConfigs.get(DEFAULT_APP_CONFIG_NAME);
- authInfo = defPolicy != null ? (AuthenticationInfo) defPolicy.getAuthenticationInfo() : null;
- }
-
- if (authInfo != null)
- {
- if (log.isTraceEnabled())
- log.trace("End getAppConfigurationEntry(" + appName + "), authInfo=" + authInfo);
- // Make a copy of the authInfo object
- final BaseAuthenticationInfo theAuthInfo = authInfo;
- PrivilegedAction<AppConfigurationEntry[]> action = new PrivilegedAction<AppConfigurationEntry[]>()
- {
- public AppConfigurationEntry[] run()
- {
- return theAuthInfo.copyAppConfigurationEntry();
- }
- };
- entry = AccessController.doPrivileged(action);
- }
- else
- {
- if (log.isTraceEnabled())
- log.trace("End getAppConfigurationEntry(" + appName + "), failed to find entry");
- }
-
- return entry;
- }
-
- // --- End Configuration method overrrides
-
- /**
- * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
- */
- public URL getConfigURL()
- {
- return loginConfigURL;
- }
-
- /**
- * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
- */
- public void setConfigURL(URL loginConfigURL)
- {
- this.loginConfigURL = loginConfigURL;
- }
-
- public void setConfigResource(String resourceName) throws IOException
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- loginConfigURL = tcl.getResource(resourceName);
- if (loginConfigURL == null)
- throw new IOException("Failed to find resource: " + resourceName);
- }
-
- public void setParentConfig(Configuration parentConfig)
- {
- this.parentConfig = parentConfig;
- }
-
- /**
- * Get whether the login config xml document is validated againsts its DTD
- */
- public boolean getValidateDTD()
- {
- return this.validateDTD;
- }
-
- /**
- * Set whether the login config xml document is validated againsts its DTD
- */
- public void setValidateDTD(boolean flag)
- {
- this.validateDTD = flag;
- }
-
- /**
- * @see ApplicationPolicyRegistration#addApplicationPolicy(String, ApplicationPolicy)
- */
- public void addApplicationPolicy(String appName, ApplicationPolicy aPolicy)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- appConfigs.add(aPolicy);
- handleJASPIDelegation(aPolicy);
- SecurityConfiguration.addApplicationPolicy(aPolicy);
- }
-
- /**
- * Add an application configuration
- */
- public void addAppConfig(String appName, AppConfigurationEntry[] entries)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- AuthenticationInfo authInfo = new AuthenticationInfo(appName);
- authInfo.setAppConfigurationEntry(entries);
- if (log.isTraceEnabled())
- log.trace("addAppConfig(" + appName + "), authInfo=" + authInfo);
- ApplicationPolicy aPolicy = new ApplicationPolicy(appName, authInfo);
- appConfigs.add(aPolicy);
- SecurityConfiguration.addApplicationPolicy(aPolicy);
- }
-
- public void copy(PolicyConfig policyConfig)
- {
- this.appConfigs.copy(policyConfig);
- }
-
- /**
- * @deprecated
- * @see #removeApplicationPolicy(String)
- * @param appName
- */
- @Deprecated
- public void removeAppConfig(String appName)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- if (log.isTraceEnabled())
- log.trace("removeAppConfig, appName=" + appName);
- appConfigs.remove(appName);
- SecurityConfiguration.removeApplicationPolicy(appName);
- }
-
- /**
- * @see ApplicationPolicyRegistration#getApplicationPolicy(String)
- */
- public ApplicationPolicy getApplicationPolicy(String domainName)
- {
- if (appConfigs == null || appConfigs.size() == 0)
- loadConfig();
- ApplicationPolicy aPolicy = null;
- if(appConfigs != null )
- aPolicy = appConfigs.get(domainName);
- if (aPolicy != null)
- SecurityConfiguration.addApplicationPolicy(aPolicy);
- return aPolicy;
- }
-
- /**
- * @see ApplicationPolicyRegistration#removeApplicationPolicy(String)
- */
- public boolean removeApplicationPolicy(String appName)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
- if (log.isTraceEnabled())
- log.trace("removeAppConfig, appName=" + appName);
- appConfigs.remove(appName);
- SecurityConfiguration.removeApplicationPolicy(appName);
- return true;
- }
-
- /**
- * Method that returns the parsed AuthenticationInfo needed by the JASPI framework until a seperate Configuration
- * mechanism for JASPI is established
- *
- * @return the parsed AuthenticationInfo object
- */
- public BaseAuthenticationInfo getAuthenticationInfo(String domainName)
- {
- ApplicationPolicy aPolicy = getApplicationPolicy(domainName);
- return aPolicy != null ? aPolicy.getAuthenticationInfo() : null;
- }
-
- public void clear()
- {
-
- }
-
- /**
- * Called to try to load the config from the java.security.auth.login.config property value when there is no
- * loginConfigURL.
- */
- @SuppressWarnings("deprecation")
- public void loadConfig()
- {
- // Try to load the java.security.auth.login.config property
- String loginConfig = System.getProperty("java.security.auth.login.config");
- if (loginConfig == null)
- loginConfig = "login-config.xml";
-
- // If there is no loginConfigURL build it from the loginConfig
- if (loginConfigURL == null)
- {
- try
- {
- // Try as a URL
- loginConfigURL = new URL(loginConfig);
- }
- catch (MalformedURLException e)
- {
- // Try as a resource
- try
- {
- setConfigResource(loginConfig);
- }
- catch (IOException ignore)
- {
- // Try as a file
- File configFile = new File(loginConfig);
- try
- {
- setConfigURL(configFile.toURL());
- }
- catch (MalformedURLException ignore2)
- {
- }
- }
- }
- }
-
- if (loginConfigURL == null)
- {
- log.warn("Failed to find config: " + loginConfig);
- return;
- }
-
- if (log.isTraceEnabled())
- log.trace("Begin loadConfig, loginConfigURL=" + loginConfigURL);
- // Try to load the config if found
- try
- {
- loadConfig(loginConfigURL);
- if (log.isTraceEnabled())
- log.trace("End loadConfig, loginConfigURL=" + loginConfigURL);
- }
- catch (Exception e)
- {
- log.warn("End loadConfig, failed to load config: " + loginConfigURL, e);
- }
- }
-
- @SuppressWarnings("unchecked")
- protected String[] loadConfig(URL config) throws Exception
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(REFRESH_PERM);
-
- ArrayList configNames = new ArrayList();
- log.debug("Try loading config as XML, url=" + config);
- try
- {
- loadXMLConfig(config, configNames);
- }
- catch (Throwable e)
- {
- if(trace)
- {
- log.debug("Failed to load config as XML", e);
- log.debug("Try loading config as Sun format, url=" + config);
- }
- loadSunConfig(config, configNames);
- }
- String[] names = new String[configNames.size()];
- configNames.toArray(names);
- return names;
- }
-
- /**
- * Handle the case when JASPI Info may have login module stack holder which delegates to a login module stack
- *
- * @param aPolicy
- */
- private void handleJASPIDelegation(ApplicationPolicy aPolicy)
- {
- BaseAuthenticationInfo bai = aPolicy.getAuthenticationInfo();
- if (bai instanceof JASPIAuthenticationInfo)
- {
- JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
- LoginModuleStackHolder[] lmsharr = jai.getLoginModuleStackHolder();
- for (LoginModuleStackHolder lmsh : lmsharr)
- {
- this.addAppConfig(lmsh.getName(), lmsh.getAppConfigurationEntry());
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private void loadSunConfig(URL sunConfig, ArrayList configNames) throws Exception
- {
- InputStream is = sunConfig.openStream();
- if (is == null)
- throw new IOException("InputStream is null for: " + sunConfig);
-
- InputStreamReader configFile = new InputStreamReader(is);
- boolean trace = log.isTraceEnabled();
- SunConfigParser.doParse(configFile, this, trace);
- }
-
- @SuppressWarnings("unchecked")
- private void loadXMLConfig(URL loginConfigURL, ArrayList configNames) throws Exception
- {
- StaxBasedConfigParser parser = new StaxBasedConfigParser();
- parser.parse(loginConfigURL.openStream());
- }
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.login;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Serializable;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
+
+import javax.security.auth.AuthPermission;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ApplicationPolicyRegistration;
+import org.jboss.security.config.PolicyConfig;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.config.parser.StaxBasedConfigParser;
+
+/**
+ * An concrete implementation of the javax.security.auth.login.Configuration class that parses an xml configuration of
+ * the form:
+ *
+ * <policy> <application-policy name = "test-domain"> <authentication> <login-module code =
+ * "org.jboss.security.plugins.samples.IdentityLoginModule" flag = "required"> <module-option name = "principal">starksm</module-option>
+ * </login-module> </authentication> </application-policy> </policy>
+ *
+ * @see javax.security.auth.login.Configuration
+ *
+ * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at jboss.org
+ * @version $Revision: 57482 $
+ */
+ at SuppressWarnings({"rawtypes","unchecked"})
+public class XMLLoginConfigImpl extends Configuration implements Serializable, ApplicationPolicyRegistration
+{
+ /** The serialVersionUID */
+ private static final long serialVersionUID = -8965860493224188277L;
+
+ private static final String DEFAULT_APP_CONFIG_NAME = "other";
+
+ private static final AuthPermission REFRESH_PERM = new AuthPermission("refreshLoginConfiguration");
+
+ private static Logger log = Logger.getLogger(XMLLoginConfigImpl.class);
+ private boolean trace = log.isTraceEnabled();
+
+ transient PolicyConfig appConfigs = new PolicyConfig();
+
+ /** The URL to the XML or Sun login configuration */
+ protected URL loginConfigURL;
+
+ /** The inherited configuration we delegate to */
+ protected Configuration parentConfig;
+
+ /** A flag indicating if XML configs should be validated */
+ private boolean validateDTD = true;
+
+ private static final XMLLoginConfigImpl instance = new XMLLoginConfigImpl();
+
+ /**
+ * <p>
+ * Private constructor to implement the singleton pattern.
+ * </p>
+ */
+ private XMLLoginConfigImpl()
+ {
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the singleton.
+ * </p>
+ *
+ * @return a reference to the singleton {@code XMLLoginConfigImpl} instance.
+ */
+ public static XMLLoginConfigImpl getInstance()
+ {
+ return instance;
+ }
+
+ // --- Begin Configuration method overrrides
+ @Override
+ public void refresh()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ if (log.isTraceEnabled())
+ log.trace("Begin refresh");
+ appConfigs.clear();
+ loadConfig();
+ if (log.isTraceEnabled())
+ log.trace("End refresh");
+ }
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String appName)
+ {
+ if (log.isTraceEnabled())
+ log.trace("Begin getAppConfigurationEntry(" + appName + "), size=" + appConfigs.size());
+
+ // Load the config if PolicyConfig is empty
+ if (this.appConfigs.size() == 0)
+ this.loadConfig();
+
+ AppConfigurationEntry[] entry = null;
+ ApplicationPolicy aPolicy = this.getApplicationPolicy(appName);
+ BaseAuthenticationInfo authInfo = null;
+ if (aPolicy != null)
+ authInfo = aPolicy.getAuthenticationInfo();
+
+ if (authInfo == null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("getAppConfigurationEntry(" + appName + "), no entry in appConfigs, tyring parentCont: "
+ + parentConfig);
+ if (parentConfig != null)
+ entry = parentConfig.getAppConfigurationEntry(appName);
+ if (entry == null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("getAppConfigurationEntry(" + appName + "), no entry in parentConfig, trying: "
+ + DEFAULT_APP_CONFIG_NAME);
+ }
+ ApplicationPolicy defPolicy = appConfigs.get(DEFAULT_APP_CONFIG_NAME);
+ authInfo = defPolicy != null ? (AuthenticationInfo) defPolicy.getAuthenticationInfo() : null;
+ }
+
+ if (authInfo != null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("End getAppConfigurationEntry(" + appName + "), authInfo=" + authInfo);
+ // Make a copy of the authInfo object
+ final BaseAuthenticationInfo theAuthInfo = authInfo;
+ PrivilegedAction<AppConfigurationEntry[]> action = new PrivilegedAction<AppConfigurationEntry[]>()
+ {
+ public AppConfigurationEntry[] run()
+ {
+ return theAuthInfo.copyAppConfigurationEntry();
+ }
+ };
+ entry = AccessController.doPrivileged(action);
+ }
+ else
+ {
+ if (log.isTraceEnabled())
+ log.trace("End getAppConfigurationEntry(" + appName + "), failed to find entry");
+ }
+
+ return entry;
+ }
+
+ // --- End Configuration method overrrides
+
+ /**
+ * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
+ */
+ public URL getConfigURL()
+ {
+ return loginConfigURL;
+ }
+
+ /**
+ * Set the URL of the XML login configuration file that should be loaded by this mbean on startup.
+ */
+ public void setConfigURL(URL loginConfigURL)
+ {
+ this.loginConfigURL = loginConfigURL;
+ }
+
+ public void setConfigResource(String resourceName) throws IOException
+ {
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ loginConfigURL = tcl.getResource(resourceName);
+ if (loginConfigURL == null)
+ throw new IOException("Failed to find resource: " + resourceName);
+ }
+
+ public void setParentConfig(Configuration parentConfig)
+ {
+ this.parentConfig = parentConfig;
+ }
+
+ /**
+ * Get whether the login config xml document is validated againsts its DTD
+ */
+ public boolean getValidateDTD()
+ {
+ return this.validateDTD;
+ }
+
+ /**
+ * Set whether the login config xml document is validated againsts its DTD
+ */
+ public void setValidateDTD(boolean flag)
+ {
+ this.validateDTD = flag;
+ }
+
+ /**
+ * @see ApplicationPolicyRegistration#addApplicationPolicy(String, ApplicationPolicy)
+ */
+ public void addApplicationPolicy(String appName, ApplicationPolicy aPolicy)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ appConfigs.add(aPolicy);
+ handleJASPIDelegation(aPolicy);
+ SecurityConfiguration.addApplicationPolicy(aPolicy);
+ }
+
+ /**
+ * Add an application configuration
+ */
+ public void addAppConfig(String appName, AppConfigurationEntry[] entries)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ AuthenticationInfo authInfo = new AuthenticationInfo(appName);
+ authInfo.setAppConfigurationEntry(entries);
+ if (log.isTraceEnabled())
+ log.trace("addAppConfig(" + appName + "), authInfo=" + authInfo);
+ ApplicationPolicy aPolicy = new ApplicationPolicy(appName, authInfo);
+ appConfigs.add(aPolicy);
+ SecurityConfiguration.addApplicationPolicy(aPolicy);
+ }
+
+ public void copy(PolicyConfig policyConfig)
+ {
+ this.appConfigs.copy(policyConfig);
+ }
+
+ /**
+ * @deprecated
+ * @see #removeApplicationPolicy(String)
+ * @param appName
+ */
+ @Deprecated
+ public void removeAppConfig(String appName)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ if (log.isTraceEnabled())
+ log.trace("removeAppConfig, appName=" + appName);
+ appConfigs.remove(appName);
+ SecurityConfiguration.removeApplicationPolicy(appName);
+ }
+
+ /**
+ * @see ApplicationPolicyRegistration#getApplicationPolicy(String)
+ */
+ public ApplicationPolicy getApplicationPolicy(String domainName)
+ {
+ if (appConfigs == null || appConfigs.size() == 0)
+ loadConfig();
+ ApplicationPolicy aPolicy = null;
+ if(appConfigs != null )
+ aPolicy = appConfigs.get(domainName);
+ if (aPolicy != null)
+ SecurityConfiguration.addApplicationPolicy(aPolicy);
+ return aPolicy;
+ }
+
+ /**
+ * @see ApplicationPolicyRegistration#removeApplicationPolicy(String)
+ */
+ public boolean removeApplicationPolicy(String appName)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+ if (log.isTraceEnabled())
+ log.trace("removeAppConfig, appName=" + appName);
+ appConfigs.remove(appName);
+ SecurityConfiguration.removeApplicationPolicy(appName);
+ return true;
+ }
+
+ /**
+ * Method that returns the parsed AuthenticationInfo needed by the JASPI framework until a seperate Configuration
+ * mechanism for JASPI is established
+ *
+ * @return the parsed AuthenticationInfo object
+ */
+ public BaseAuthenticationInfo getAuthenticationInfo(String domainName)
+ {
+ ApplicationPolicy aPolicy = getApplicationPolicy(domainName);
+ return aPolicy != null ? aPolicy.getAuthenticationInfo() : null;
+ }
+
+ public void clear()
+ {
+
+ }
+
+ /**
+ * Called to try to load the config from the java.security.auth.login.config property value when there is no
+ * loginConfigURL.
+ */
+ @SuppressWarnings("deprecation")
+ public void loadConfig()
+ {
+ // Try to load the java.security.auth.login.config property
+ String loginConfig = System.getProperty("java.security.auth.login.config");
+ if (loginConfig == null)
+ loginConfig = "login-config.xml";
+
+ // If there is no loginConfigURL build it from the loginConfig
+ if (loginConfigURL == null)
+ {
+ try
+ {
+ // Try as a URL
+ loginConfigURL = new URL(loginConfig);
+ }
+ catch (MalformedURLException e)
+ {
+ // Try as a resource
+ try
+ {
+ setConfigResource(loginConfig);
+ }
+ catch (IOException ignore)
+ {
+ // Try as a file
+ File configFile = new File(loginConfig);
+ try
+ {
+ setConfigURL(configFile.toURL());
+ }
+ catch (MalformedURLException ignore2)
+ {
+ }
+ }
+ }
+ }
+
+ if (loginConfigURL == null)
+ {
+ log.warn("Failed to find config: " + loginConfig);
+ return;
+ }
+
+ if (log.isTraceEnabled())
+ log.trace("Begin loadConfig, loginConfigURL=" + loginConfigURL);
+ // Try to load the config if found
+ try
+ {
+ loadConfig(loginConfigURL);
+ if (log.isTraceEnabled())
+ log.trace("End loadConfig, loginConfigURL=" + loginConfigURL);
+ }
+ catch (Exception e)
+ {
+ log.warn("End loadConfig, failed to load config: " + loginConfigURL, e);
+ }
+ }
+
+ protected String[] loadConfig(URL config) throws Exception
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(REFRESH_PERM);
+
+ ArrayList configNames = new ArrayList();
+ log.debug("Try loading config as XML, url=" + config);
+ try
+ {
+ loadXMLConfig(config, configNames);
+ }
+ catch (Throwable e)
+ {
+ if(trace)
+ {
+ log.debug("Failed to load config as XML", e);
+ log.debug("Try loading config as Sun format, url=" + config);
+ }
+ loadSunConfig(config, configNames);
+ }
+ String[] names = new String[configNames.size()];
+ configNames.toArray(names);
+ return names;
+ }
+
+ /**
+ * Handle the case when JASPI Info may have login module stack holder which delegates to a login module stack
+ *
+ * @param aPolicy
+ */
+ private void handleJASPIDelegation(ApplicationPolicy aPolicy)
+ {
+ BaseAuthenticationInfo bai = aPolicy.getAuthenticationInfo();
+ if (bai instanceof JASPIAuthenticationInfo)
+ {
+ JASPIAuthenticationInfo jai = (JASPIAuthenticationInfo) bai;
+ LoginModuleStackHolder[] lmsharr = jai.getLoginModuleStackHolder();
+ for (LoginModuleStackHolder lmsh : lmsharr)
+ {
+ this.addAppConfig(lmsh.getName(), lmsh.getAppConfigurationEntry());
+ }
+ }
+ }
+
+ private void loadSunConfig(URL sunConfig, ArrayList configNames) throws Exception
+ {
+ InputStream is = sunConfig.openStream();
+ if (is == null)
+ throw new IOException("InputStream is null for: " + sunConfig);
+
+ InputStreamReader configFile = new InputStreamReader(is);
+ boolean trace = log.isTraceEnabled();
+ SunConfigParser.doParse(configFile, this, trace);
+ }
+
+ private void loadXMLConfig(URL loginConfigURL, ArrayList configNames) throws Exception
+ {
+ StaxBasedConfigParser parser = new StaxBasedConfigParser();
+ parser.parse(loginConfigURL.openStream());
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/AuthProviderRegistrationDelegate.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -86,7 +86,7 @@
/**
* @see AuthConfigFactory#detachListener(RegistrationListener, String, String)
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
public String[] detachListener(RegistrationListener listener, String layer,
String appContext)
{
@@ -195,7 +195,7 @@
/**
* @see AuthConfigFactory#getRegistrationIDs(AuthConfigProvider)
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
public String[] getRegistrationIDs(AuthConfigProvider provider)
{
List al = new ArrayList();
@@ -217,7 +217,7 @@
/**
* @see AuthConfigFactory#registerConfigProvider(String, Map, String, String, String)
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
public String registerConfigProvider(String className, Map properties,
String layer, String appContext, String description)
throws AuthException, SecurityException
@@ -242,7 +242,7 @@
return this.registerConfigProvider(acp, layer, appContext, description);
}
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
public String registerConfigProvider(AuthConfigProvider provider,
String layer, String appContext, String description)
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -94,8 +94,8 @@
/**
* @see AuthConfigFactory#registerConfigProvider(String, Map, String, String, String)
- */
- @SuppressWarnings("unchecked")
+ */
+ @SuppressWarnings("rawtypes")
public String registerConfigProvider(String className, Map properties,
String layer, String appContext, String description)
throws AuthException, SecurityException
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthConfig.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthConfig.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthConfig.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -47,9 +47,9 @@
private String contextId = null;
@SuppressWarnings("unused")
private CallbackHandler callbackHandler = null;
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({ "rawtypes"})
private List modules = new ArrayList();
- @SuppressWarnings({"unchecked", "unused"})
+ @SuppressWarnings({ "unused", "rawtypes"})
private Map contextProperties;
/**
@@ -59,8 +59,8 @@
* @param appContext Application Context
* @param handler Callback Handler to be passed to auth modules
* @param properties Contextual properties
- */
- @SuppressWarnings("unchecked")
+ */
+ @SuppressWarnings("rawtypes")
public JBossClientAuthConfig(String layer, String appContext,
CallbackHandler handler, Map properties)
{
@@ -72,8 +72,8 @@
/**
* @see ClientAuthConfig#getAuthContext(String, Map)
- */
- @SuppressWarnings("unchecked")
+ */
+ @SuppressWarnings("rawtypes")
public ClientAuthContext getAuthContext(String authContextID,
Subject clientSubject, Map properties)
throws AuthException
@@ -105,7 +105,7 @@
}
//Custom Methods
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"rawtypes"})
public List getClientAuthModules()
{
return modules ;
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthContext.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthContext.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossClientAuthContext.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -59,7 +59,7 @@
/**
* @see ClientAuth#cleanSubject(Subject, Map)
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"rawtypes"})
public void cleanSubject(MessageInfo messageInfo, Subject subject)
throws AuthException
{
@@ -72,8 +72,8 @@
/**
* @see ClientAuth#secureRequest(AuthParam, Subject, Map)
- */
- @SuppressWarnings("unchecked")
+ */
+ @SuppressWarnings("rawtypes")
public AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject) throws AuthException
{
Iterator iter = config.getClientAuthModules().iterator();
@@ -89,8 +89,8 @@
/**
* @see ClientAuth#validateResponse(AuthParam, Subject, Subject, Map)
- */
- @SuppressWarnings("unchecked")
+ */
+ @SuppressWarnings("rawtypes")
public AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject,
Subject serviceSubject) throws AuthException
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -60,10 +60,10 @@
{
private String layer;
private String contextId;
- private CallbackHandler callbackHandler = new JBossCallbackHandler();
- @SuppressWarnings("unchecked")
+ private CallbackHandler callbackHandler = new JBossCallbackHandler();
+ @SuppressWarnings("rawtypes")
private List modules = new ArrayList();
- @SuppressWarnings({"unused", "unchecked"})
+ @SuppressWarnings({"unused", "rawtypes"})
private Map contextProperties;
/**
@@ -73,8 +73,8 @@
* @param appContext Application Context
* @param handler Callback Handler that will be passed to the modules
* @param properties Context Properties
- */
- @SuppressWarnings("unchecked")
+ */
+ @SuppressWarnings("rawtypes")
public JBossServerAuthConfig(String layer, String appContext,
CallbackHandler handler, Map properties)
{
@@ -87,7 +87,7 @@
/**
* @see ServerAuthConfig#getAuthContext(String, Map)
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"rawtypes", "unchecked"})
public ServerAuthContext getAuthContext(String authContextID,
Subject serviceSubject, Map properties)
throws AuthException
@@ -198,7 +198,7 @@
}
//Custom Methods
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({ "rawtypes"})
public List getServerAuthModules()
{
return this.modules ;
@@ -213,8 +213,8 @@
{
throw new RuntimeException("Not Implemented");
}
-
- @SuppressWarnings("unchecked")
+
+ @SuppressWarnings({"rawtypes", "unchecked"})
private ServerAuthModule createSAM(String name )
throws Exception
{
@@ -223,7 +223,7 @@
return (ServerAuthModule) ctr.newInstance(new Object[0]);
}
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
private ServerAuthModule createSAM(String name, String lmshName )
throws Exception
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -47,6 +47,7 @@
* @since May 17, 2006
* @version $Revision$
*/
+ at SuppressWarnings("rawtypes")
public class JBossServerAuthContext implements ServerAuthContext
{
protected static Logger log = Logger.getLogger(JBossServerAuthContext.class);
@@ -54,16 +55,14 @@
protected boolean trace = log.isTraceEnabled();
private List<ServerAuthModule> modules = new ArrayList<ServerAuthModule>();
-
- @SuppressWarnings("unchecked")
+
private Map<String,Map> moduleOptionsByName = new HashMap<String,Map>();
/**
* Control Flags for the individual modules
*/
protected List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
-
- @SuppressWarnings("unchecked")
+
public JBossServerAuthContext(List<ServerAuthModule> modules,
Map<String,Map> moduleNameToOptions, CallbackHandler cbh) throws AuthException
{
@@ -108,8 +107,7 @@
/**
* @see ServerAuth#validateRequest(AuthParam, Subject, Subject, Map)
- */
- @SuppressWarnings("unchecked")
+ */
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
Subject serviceSubject) throws AuthException
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -44,15 +44,13 @@
private static Logger log = Logger.getLogger(DisabledLoginModule.class);
protected String securityDomain;
-
- @Override
+
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options)
{
securityDomain = (String) options.get(SecurityConstants.SECURITY_DOMAIN_OPTION);
}
-
- @Override
+
public boolean login() throws LoginException
{
StringBuffer sb = new StringBuffer();
@@ -69,23 +67,19 @@
log.error(sb.toString());
return false;
}
-
- @Override
+
public boolean commit() throws LoginException
{
return false;
}
-
- @Override
+
public boolean abort() throws LoginException
{
return false;
}
-
- @Override
+
public boolean logout() throws LoginException
{
return false;
}
-
-}
+}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -241,6 +241,7 @@
return true;
}
+ @SuppressWarnings("rawtypes")
private InitialLdapContext constructInitialLdapContext(String dn, Object credential) throws NamingException
{
Properties env = new Properties();
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -28,7 +28,6 @@
import javax.security.auth.spi.LoginModule;
import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
/** A login module that establishes a run-as role for the duration of the login
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/cache/JBossAuthenticationCache.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/cache/JBossAuthenticationCache.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/cache/JBossAuthenticationCache.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -1,198 +1,198 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.cache;
-
-import java.security.Principal;
-import java.util.Arrays;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityConstants;
-
-
-/**
- * Authentication Cache keyed in by Principal
- * @author Anil.Saldhana at redhat.com
- * @since May 13, 2007
- * @version $Revision$
- */
-public class JBossAuthenticationCache implements SecurityCache<Principal>
-{
- /** Initial Capacity for the Hash Map **/
- private int initialCapacity = 16;
-
- /** Load Factor for the HashMap **/
- private float loadFactor = (float) 0.75;
-
- /** Concurrency Level hint to the concurrent hashmap **/
- private int concurrencyLevel = 16;
-
- private ConcurrentHashMap<Principal,AuthCacheObject> cacheMap = null;
-
- public JBossAuthenticationCache()
- {
- constructCache();
- }
-
- public JBossAuthenticationCache(int initCapacity, float loadFactor,int level)
- {
- this.concurrencyLevel = level;
- this.loadFactor = loadFactor;
- this.initialCapacity = initCapacity;
- constructCache();
- }
-
- /**
- * @see SecurityCache#addCacheEntry(Object, Map)
- */
- public void addCacheEntry(Principal principal, Map<String, Object> map)
- throws SecurityCacheException
- {
- try
- {
- AuthCacheObject ao = new AuthCacheObject(map.get(SecurityConstants.CREDENTIAL),
- (Subject) map.get(SecurityConstants.SUBJECT));
- cacheMap.put(principal, ao);
- }
- catch(Exception e)
- {
- throw new SecurityCacheException(e);
- }
- }
-
- /**
- * @see SecurityCache#cacheHit(Object)
- */
- public boolean cacheHit(Principal principal)
- {
- return cacheMap.containsKey(principal);
- }
-
- /**
- * @see SecurityCache#cacheOperation(Object, Map)
- */
- @SuppressWarnings("unchecked")
- public void cacheOperation(Principal principal, Map<String,Object> map)
- throws SecurityCacheException
- {
- boolean isValid = false;
- if(!cacheHit(principal))
- throw new SecurityCacheException("Cache Miss");
- Object cred = map.get(SecurityConstants.CREDENTIAL);
- AuthCacheObject ao = cacheMap.get(principal);
- Object cacheCred = ao.credential;
-
- //Anonymous login
- if(cred == null || cacheCred == null)
- {
- if(cred == null && cacheCred == null)
- isValid = true;
- }
- // See if the credential is assignable to the cache value
- else if( cacheCred.getClass().isAssignableFrom(cred.getClass()) )
- {
- /* Validate the credential by trying Comparable, char[], byte[],
- Object[], and finally Object.equals()
- */
- if( cacheCred instanceof Comparable )
- {
- Comparable c = (Comparable) cacheCred;
- isValid = c.compareTo(cred) == 0;
- }
- else if( cacheCred instanceof char[] )
- {
- char[] a1 = (char[]) cacheCred;
- char[] a2 = (char[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
- else if( cacheCred instanceof byte[] )
- {
- byte[] a1 = (byte[]) cacheCred;
- byte[] a2 = (byte[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
- else if( cacheCred.getClass().isArray() )
- {
- Object[] a1 = (Object[]) cacheCred;
- Object[] a2 = (Object[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
- else
- {
- isValid = cacheCred.equals(cred);
- }
- }
- else if( cacheCred instanceof char[] && cred instanceof String )
- {
- char[] a1 = (char[]) cacheCred;
- char[] a2 = ((String) cred).toCharArray();
- isValid = Arrays.equals(a1, a2);
- }
- else if( cacheCred instanceof String && cred instanceof char[] )
- {
- char[] a1 = ((String) cacheCred).toCharArray();
- char[] a2 = (char[]) cred;
- isValid = Arrays.equals(a1, a2);
- }
-
- if(!isValid)
- throw new SecurityCacheException("Cache Validation Failed");
- }
-
- /**
- * @see SecurityCache#get(Object)
- */
- @SuppressWarnings("unchecked")
- public <Y> Y get(Principal key) throws SecurityCacheException
- {
- Subject subj = null;
- if(cacheHit(key))
- {
- AuthCacheObject aco = cacheMap.get(key);
- subj = aco.subject;
- }
- return (Y) subj;
- }
-
- private void constructCache()
- {
- cacheMap =
- new ConcurrentHashMap<Principal,AuthCacheObject>(initialCapacity,
- loadFactor, concurrencyLevel);
- }
-
- private class AuthCacheObject
- {
- private Object credential;
- private Subject subject;
-
- public AuthCacheObject(Object credential, Subject subject)
- {
- super();
- this.credential = credential;
- this.subject = subject;
- }
- }
-
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.cache;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityConstants;
+
+
+/**
+ * Authentication Cache keyed in by Principal
+ * @author Anil.Saldhana at redhat.com
+ * @since May 13, 2007
+ * @version $Revision$
+ */
+public class JBossAuthenticationCache implements SecurityCache<Principal>
+{
+ /** Initial Capacity for the Hash Map **/
+ private int initialCapacity = 16;
+
+ /** Load Factor for the HashMap **/
+ private float loadFactor = (float) 0.75;
+
+ /** Concurrency Level hint to the concurrent hashmap **/
+ private int concurrencyLevel = 16;
+
+ private ConcurrentHashMap<Principal,AuthCacheObject> cacheMap = null;
+
+ public JBossAuthenticationCache()
+ {
+ constructCache();
+ }
+
+ public JBossAuthenticationCache(int initCapacity, float loadFactor,int level)
+ {
+ this.concurrencyLevel = level;
+ this.loadFactor = loadFactor;
+ this.initialCapacity = initCapacity;
+ constructCache();
+ }
+
+ /**
+ * @see SecurityCache#addCacheEntry(Object, Map)
+ */
+ public void addCacheEntry(Principal principal, Map<String, Object> map)
+ throws SecurityCacheException
+ {
+ try
+ {
+ AuthCacheObject ao = new AuthCacheObject(map.get(SecurityConstants.CREDENTIAL),
+ (Subject) map.get(SecurityConstants.SUBJECT));
+ cacheMap.put(principal, ao);
+ }
+ catch(Exception e)
+ {
+ throw new SecurityCacheException(e);
+ }
+ }
+
+ /**
+ * @see SecurityCache#cacheHit(Object)
+ */
+ public boolean cacheHit(Principal principal)
+ {
+ return cacheMap.containsKey(principal);
+ }
+
+ /**
+ * @see SecurityCache#cacheOperation(Object, Map)
+ */
+ @SuppressWarnings({"unchecked", "rawtypes"})
+ public void cacheOperation(Principal principal, Map<String,Object> map)
+ throws SecurityCacheException
+ {
+ boolean isValid = false;
+ if(!cacheHit(principal))
+ throw new SecurityCacheException("Cache Miss");
+ Object cred = map.get(SecurityConstants.CREDENTIAL);
+ AuthCacheObject ao = cacheMap.get(principal);
+ Object cacheCred = ao.credential;
+
+ //Anonymous login
+ if(cred == null || cacheCred == null)
+ {
+ if(cred == null && cacheCred == null)
+ isValid = true;
+ }
+ // See if the credential is assignable to the cache value
+ else if( cacheCred.getClass().isAssignableFrom(cred.getClass()) )
+ {
+ /* Validate the credential by trying Comparable, char[], byte[],
+ Object[], and finally Object.equals()
+ */
+ if( cacheCred instanceof Comparable )
+ {
+ Comparable c = (Comparable) cacheCred;
+ isValid = c.compareTo(cred) == 0;
+ }
+ else if( cacheCred instanceof char[] )
+ {
+ char[] a1 = (char[]) cacheCred;
+ char[] a2 = (char[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( cacheCred instanceof byte[] )
+ {
+ byte[] a1 = (byte[]) cacheCred;
+ byte[] a2 = (byte[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( cacheCred.getClass().isArray() )
+ {
+ Object[] a1 = (Object[]) cacheCred;
+ Object[] a2 = (Object[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+ else
+ {
+ isValid = cacheCred.equals(cred);
+ }
+ }
+ else if( cacheCred instanceof char[] && cred instanceof String )
+ {
+ char[] a1 = (char[]) cacheCred;
+ char[] a2 = ((String) cred).toCharArray();
+ isValid = Arrays.equals(a1, a2);
+ }
+ else if( cacheCred instanceof String && cred instanceof char[] )
+ {
+ char[] a1 = ((String) cacheCred).toCharArray();
+ char[] a2 = (char[]) cred;
+ isValid = Arrays.equals(a1, a2);
+ }
+
+ if(!isValid)
+ throw new SecurityCacheException("Cache Validation Failed");
+ }
+
+ /**
+ * @see SecurityCache#get(Object)
+ */
+ @SuppressWarnings("unchecked")
+ public <Y> Y get(Principal key) throws SecurityCacheException
+ {
+ Subject subj = null;
+ if(cacheHit(key))
+ {
+ AuthCacheObject aco = cacheMap.get(key);
+ subj = aco.subject;
+ }
+ return (Y) subj;
+ }
+
+ private void constructCache()
+ {
+ cacheMap =
+ new ConcurrentHashMap<Principal,AuthCacheObject>(initialCapacity,
+ loadFactor, concurrencyLevel);
+ }
+
+ private class AuthCacheObject
+ {
+ private Object credential;
+ private Subject subject;
+
+ public AuthCacheObject(Object credential, Subject subject)
+ {
+ super();
+ this.credential = credential;
+ this.subject = subject;
+ }
+ }
+
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/ApplicationPolicyParser.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/ApplicationPolicyParser.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/ApplicationPolicyParser.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -105,7 +105,7 @@
return policies;
}
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
private void route(XMLEventReader xmlEventReader, ApplicationPolicy appPolicy) throws XMLStreamException
{
while(true)
@@ -246,7 +246,7 @@
return policies;
}
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
private void route(XMLStreamReader reader, ApplicationPolicy appPolicy) throws XMLStreamException
{
while (reader.hasNext() && reader.nextTag() != END_ELEMENT)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/SecurityActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/SecurityActions.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/SecurityActions.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -33,13 +33,11 @@
*/
class SecurityActions
{
-
- @SuppressWarnings("unchecked")
static ClassLoader getContextClassLoader() throws PrivilegedActionException
{
- return (ClassLoader) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
{
- public Object run() throws Exception
+ public ClassLoader run() throws Exception
{
return Thread.currentThread().getContextClassLoader();
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -1,251 +1,251 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.identitytrust;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Map;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.ControlFlag;
-import org.jboss.security.config.IdentityTrustInfo;
-import org.jboss.security.config.SecurityConfiguration;
-import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
-import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
-
-/**
- * Implementation of the Identity Trust Context
- * @author Anil.Saldhana at redhat.com
- * @since Aug 2, 2007
- * @version $Revision$
- */
-public class JBossIdentityTrustContext extends IdentityTrustContext
-{
- protected Logger log = Logger.getLogger(JBossIdentityTrustContext.class);
- protected boolean trace = log.isTraceEnabled();
-
- public JBossIdentityTrustContext(String secDomain, SecurityContext sc)
- {
- this.securityDomain = secDomain;
- this.securityContext = sc;
- }
-
- @Override
- public TrustDecision isTrusted() throws IdentityTrustException
- {
- TrustDecision decision = NOTAPPLICABLE;
-
- try
- {
- initializeModules();
- }
- catch (Exception e)
- {
- throw new IdentityTrustException(e);
- }
- //Do a PrivilegedAction
- try
- {
- decision = AccessController.doPrivileged(new PrivilegedExceptionAction<TrustDecision>()
- {
- public TrustDecision run() throws IdentityTrustException
- {
- TrustDecision result = invokeTrusted();
- if(result == PERMIT)
- invokeCommit();
- if(result == DENY || result == NOTAPPLICABLE)
- {
- invokeAbort();
- }
- return result;
- }
- });
- }
- catch (PrivilegedActionException e)
- {
- Exception exc = e.getException();
- if(trace)
- log.trace("Error in isAuthorize:", exc);
- invokeAbort();
- throw ((IdentityTrustException)exc);
- }
- return decision;
- }
-
- private void initializeModules() throws Exception
- {
- //Clear the modules
- modules.clear();
- //Get the Configuration
- ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy( securityDomain);
- if(aPolicy == null)
- throw new IllegalStateException("ApplicationPolicy not found for "+ securityDomain);
-
- IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo();
- if(iti == null)
- return;
- IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry();
- for(IdentityTrustModuleEntry itme: itmearr)
- {
- ControlFlag cf = itme.getControlFlag();
- if(cf == null)
- cf = ControlFlag.REQUIRED;
-
- this.controlFlags.add(cf);
- modules.add(instantiateModule(itme.getName(), itme.getOptions()));
- }
- }
-
- @SuppressWarnings("unchecked")
- private IdentityTrustModule instantiateModule(String name, Map map) throws Exception
- {
- IdentityTrustModule im = null;
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- try
- {
- Class clazz = tcl.loadClass(name);
- im = (IdentityTrustModule)clazz.newInstance();
- }
- catch ( Exception e)
- {
- if(trace)
- log.debug("Error instantiating IdentityTrustModule:",e);
- }
- if(im == null)
- throw new IllegalStateException("IdentityTrustModule has not " +
- "been instantiated");
- im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map);
- return im;
- }
-
- private TrustDecision invokeTrusted()
- throws IdentityTrustException
- {
- //Control Flag behavior
- boolean encounteredRequiredDeny = false;
- boolean encounteredRequiredNotApplicable = false;
- boolean encounteredOptionalError = false;
- IdentityTrustException moduleException = null;
- TrustDecision overallDecision = TrustDecision.NotApplicable;
- boolean encounteredRequiredPermit = false;
-
- TrustDecision decision = NOTAPPLICABLE;
- int length = modules.size();
-
- if(length == 0)
- return decision;
-
- for(int i = 0; i < length; i++)
- {
- IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
- ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
- try
- {
- decision = module.isTrusted();
- }
- catch(Exception ae)
- {
- decision = NOTAPPLICABLE;
- if(moduleException == null)
- moduleException = new IdentityTrustException(ae);
- }
-
- if(decision == PERMIT)
- {
- overallDecision = PERMIT;
- if(flag == ControlFlag.REQUIRED)
- encounteredRequiredPermit = true;
- //SUFFICIENT case
- if(flag == ControlFlag.SUFFICIENT && encounteredRequiredDeny == false)
- return PERMIT;
- continue; //Continue with the other modules
- }
-
- if(decision == NOTAPPLICABLE && flag == ControlFlag.REQUIRED)
- {
- encounteredRequiredNotApplicable = true;
- continue; //Continue with the other modules
- }
- //Go through the failure cases
- //REQUISITE case
- if(flag == ControlFlag.REQUISITE)
- {
- if(trace)
- log.trace("REQUISITE failed for " + module);
- if(moduleException == null)
- moduleException = new IdentityTrustException("Identity Trust Validation failed");
- else
- throw moduleException;
- }
- //REQUIRED Case
- if(flag == ControlFlag.REQUIRED)
- {
- if(trace)
- log.trace("REQUIRED failed for " + module);
- encounteredRequiredDeny = true;
- }
- if(flag == ControlFlag.OPTIONAL)
- encounteredOptionalError = true;
- }
-
- //All the identity trust modules have been visited.
- if(encounteredRequiredDeny)
- return DENY;
- if(overallDecision == DENY && encounteredOptionalError)
- return DENY;
- if(overallDecision == DENY)
- return DENY;
-
- if(encounteredRequiredNotApplicable && !encounteredRequiredPermit)
- return NOTAPPLICABLE;
- return PERMIT;
- }
-
- private void invokeCommit()
- throws IdentityTrustException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
- boolean bool = module.commit();
- if(!bool)
- throw new IdentityTrustException("commit on modules failed");
- }
- }
-
- private void invokeAbort()
- throws IdentityTrustException
- {
- int length = modules.size();
- for(int i = 0; i < length; i++)
- {
- IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
- boolean bool = module.abort();
- if(!bool)
- throw new IdentityTrustException("abort on modules failed");
- }
- }
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.Map;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ControlFlag;
+import org.jboss.security.config.IdentityTrustInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
+
+/**
+ * Implementation of the Identity Trust Context
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public class JBossIdentityTrustContext extends IdentityTrustContext
+{
+ protected Logger log = Logger.getLogger(JBossIdentityTrustContext.class);
+ protected boolean trace = log.isTraceEnabled();
+
+ public JBossIdentityTrustContext(String secDomain, SecurityContext sc)
+ {
+ this.securityDomain = secDomain;
+ this.securityContext = sc;
+ }
+
+ @Override
+ public TrustDecision isTrusted() throws IdentityTrustException
+ {
+ TrustDecision decision = NOTAPPLICABLE;
+
+ try
+ {
+ initializeModules();
+ }
+ catch (Exception e)
+ {
+ throw new IdentityTrustException(e);
+ }
+ //Do a PrivilegedAction
+ try
+ {
+ decision = AccessController.doPrivileged(new PrivilegedExceptionAction<TrustDecision>()
+ {
+ public TrustDecision run() throws IdentityTrustException
+ {
+ TrustDecision result = invokeTrusted();
+ if(result == PERMIT)
+ invokeCommit();
+ if(result == DENY || result == NOTAPPLICABLE)
+ {
+ invokeAbort();
+ }
+ return result;
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ Exception exc = e.getException();
+ if(trace)
+ log.trace("Error in isAuthorize:", exc);
+ invokeAbort();
+ throw ((IdentityTrustException)exc);
+ }
+ return decision;
+ }
+
+ private void initializeModules() throws Exception
+ {
+ //Clear the modules
+ modules.clear();
+ //Get the Configuration
+ ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy( securityDomain);
+ if(aPolicy == null)
+ throw new IllegalStateException("ApplicationPolicy not found for "+ securityDomain);
+
+ IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo();
+ if(iti == null)
+ return;
+ IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry();
+ for(IdentityTrustModuleEntry itme: itmearr)
+ {
+ ControlFlag cf = itme.getControlFlag();
+ if(cf == null)
+ cf = ControlFlag.REQUIRED;
+
+ this.controlFlags.add(cf);
+ modules.add(instantiateModule(itme.getName(), itme.getOptions()));
+ }
+ }
+
+ @SuppressWarnings({"unchecked", "rawtypes"})
+ private IdentityTrustModule instantiateModule(String name, Map map) throws Exception
+ {
+ IdentityTrustModule im = null;
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ try
+ {
+ Class clazz = tcl.loadClass(name);
+ im = (IdentityTrustModule)clazz.newInstance();
+ }
+ catch ( Exception e)
+ {
+ if(trace)
+ log.debug("Error instantiating IdentityTrustModule:",e);
+ }
+ if(im == null)
+ throw new IllegalStateException("IdentityTrustModule has not " +
+ "been instantiated");
+ im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map);
+ return im;
+ }
+
+ private TrustDecision invokeTrusted()
+ throws IdentityTrustException
+ {
+ //Control Flag behavior
+ boolean encounteredRequiredDeny = false;
+ boolean encounteredRequiredNotApplicable = false;
+ boolean encounteredOptionalError = false;
+ IdentityTrustException moduleException = null;
+ TrustDecision overallDecision = TrustDecision.NotApplicable;
+ boolean encounteredRequiredPermit = false;
+
+ TrustDecision decision = NOTAPPLICABLE;
+ int length = modules.size();
+
+ if(length == 0)
+ return decision;
+
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
+ try
+ {
+ decision = module.isTrusted();
+ }
+ catch(Exception ae)
+ {
+ decision = NOTAPPLICABLE;
+ if(moduleException == null)
+ moduleException = new IdentityTrustException(ae);
+ }
+
+ if(decision == PERMIT)
+ {
+ overallDecision = PERMIT;
+ if(flag == ControlFlag.REQUIRED)
+ encounteredRequiredPermit = true;
+ //SUFFICIENT case
+ if(flag == ControlFlag.SUFFICIENT && encounteredRequiredDeny == false)
+ return PERMIT;
+ continue; //Continue with the other modules
+ }
+
+ if(decision == NOTAPPLICABLE && flag == ControlFlag.REQUIRED)
+ {
+ encounteredRequiredNotApplicable = true;
+ continue; //Continue with the other modules
+ }
+ //Go through the failure cases
+ //REQUISITE case
+ if(flag == ControlFlag.REQUISITE)
+ {
+ if(trace)
+ log.trace("REQUISITE failed for " + module);
+ if(moduleException == null)
+ moduleException = new IdentityTrustException("Identity Trust Validation failed");
+ else
+ throw moduleException;
+ }
+ //REQUIRED Case
+ if(flag == ControlFlag.REQUIRED)
+ {
+ if(trace)
+ log.trace("REQUIRED failed for " + module);
+ encounteredRequiredDeny = true;
+ }
+ if(flag == ControlFlag.OPTIONAL)
+ encounteredOptionalError = true;
+ }
+
+ //All the identity trust modules have been visited.
+ if(encounteredRequiredDeny)
+ return DENY;
+ if(overallDecision == DENY && encounteredOptionalError)
+ return DENY;
+ if(overallDecision == DENY)
+ return DENY;
+
+ if(encounteredRequiredNotApplicable && !encounteredRequiredPermit)
+ return NOTAPPLICABLE;
+ return PERMIT;
+ }
+
+ private void invokeCommit()
+ throws IdentityTrustException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ boolean bool = module.commit();
+ if(!bool)
+ throw new IdentityTrustException("commit on modules failed");
+ }
+ }
+
+ private void invokeAbort()
+ throws IdentityTrustException
+ {
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ IdentityTrustModule module = (IdentityTrustModule)modules.get(i);
+ boolean bool = module.abort();
+ if(!bool)
+ throw new IdentityTrustException("abort on modules failed");
+ }
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/AbstractRolesMappingProvider.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/AbstractRolesMappingProvider.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/AbstractRolesMappingProvider.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -42,8 +42,7 @@
protected Logger log;
protected MappingResult<RoleGroup> result;
-
- @Override
+
public boolean supports(Class<?> p)
{
if (RoleGroup.class.isAssignableFrom(p))
@@ -51,8 +50,7 @@
return false;
}
-
- @Override
+
public void setMappingResult(MappingResult<RoleGroup> result)
{
this.result = result;
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/DatabaseRolesMappingProvider.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/DatabaseRolesMappingProvider.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/DatabaseRolesMappingProvider.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -51,8 +51,7 @@
protected String TX_MGR_JNDI_NAME = "java:/TransactionManager";
protected TransactionManager tm = null;
-
- @Override
+
public void init(Map<String, Object> options)
{
log = Logger.getLogger(getClass());
@@ -84,8 +83,7 @@
}
}
}
-
- @Override
+
public void performMapping(Map<String, Object> map, RoleGroup mappedObject)
{
if (map == null || map.isEmpty())
@@ -109,4 +107,4 @@
return tml.getTM(this.TX_MGR_JNDI_NAME);
}
-}
+}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/LdapRolesMappingProvider.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -98,8 +98,7 @@
protected Map<String, Object> options;
protected boolean trace;
-
- @Override
+
public void init(Map<String, Object> options)
{
log = Logger.getLogger(getClass());
@@ -171,8 +170,7 @@
searchScope = SearchControls.SUBTREE_SCOPE;
}
}
-
- @Override
+
public void performMapping(Map<String, Object> map, RoleGroup mappedObject)
{
if (map == null || map.isEmpty())
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/PropertiesRolesMappingProvider.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/PropertiesRolesMappingProvider.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/role/PropertiesRolesMappingProvider.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -47,8 +47,7 @@
protected String rolesRsrcName = "roles.properties";
protected Properties roles;
-
- @Override
+
public void init(Map<String, Object> options)
{
log = Logger.getLogger(getClass());
@@ -70,8 +69,7 @@
}
}
}
-
- @Override
+
public void performMapping(Map<String, Object> map, RoleGroup mappedObject)
{
if (map == null || map.isEmpty())
@@ -93,4 +91,4 @@
return Util.loadProperties(rolesRsrcName, log);
}
-}
+}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossPolicyRegistration.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossPolicyRegistration.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossPolicyRegistration.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -133,8 +133,7 @@
/**
* @see PolicyRegistration#registerPolicyConfig(String, String, Object)
- */
- @SuppressWarnings("unchecked")
+ */
public <P> void registerPolicyConfig(String contextId, String type, P objectModel)
{
if (PolicyRegistration.XACML.equalsIgnoreCase(type))
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -30,7 +30,7 @@
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @version $Revision$
* @since Aug 22, 2006
- */
+ */
public class JBossAuditManager implements AuditManager
{
private static Logger log = Logger.getLogger(JBossAuditManager.class);
@@ -54,6 +54,7 @@
this.securityDomain = SecurityUtil.unprefixSecurityDomain(secDomain);
}
+ @SuppressWarnings("unused")
public AuditContext getAuditContext() throws PrivilegedActionException
{
AuditContext ac = (AuditContext)contexts.get(securityDomain);
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -56,7 +56,7 @@
/**
* @see AuthenticationManager#isValid(MessageInfo, Subject, String, CallbackHandler)
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"rawtypes"})
public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer,
CallbackHandler handler)
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -558,7 +558,7 @@
/** Validate the cache credential value against the provided credential
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
private boolean validateCache(DomainInfo info, Object credential,
Subject theSubject)
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -1,355 +1,355 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.plugins.auth;
-
-import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Iterator;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
-
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
-
-/** Common PrivilegedAction used by classes in this package.
- *
- * @author Scott.Stark at jboss.org
- * @author Anil.Saldhana at redhat.com
- * @version $Revision: 65313 $
- */
-class SubjectActions
-{
- private static class ToStringSubjectAction implements PrivilegedAction<String>
- {
- Subject subject;
- ToStringSubjectAction(Subject subject)
- {
- this.subject = subject;
- }
- public String run()
- {
- StringBuffer tmp = new StringBuffer();
- tmp.append("Subject(");
- tmp.append(System.identityHashCode(subject));
- tmp.append(").principals=");
- Iterator<Principal> principals = subject.getPrincipals().iterator();
- while( principals.hasNext() )
- {
- Object p = principals.next();
- Class<?> c = p.getClass();
- tmp.append(c.getName());
- tmp.append('@');
- tmp.append(System.identityHashCode(c));
- tmp.append('(');
- tmp.append(p);
- tmp.append(')');
- }
- return tmp.toString();
- }
- }
-
- private static class GetSubjectAction implements PrivilegedExceptionAction<Subject>
- {
- static PrivilegedExceptionAction<Subject> ACTION = new GetSubjectAction();
- public Subject run() throws PolicyContextException
- {
- return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
- }
- }
-
- private static class CopySubjectAction implements PrivilegedAction<Object>
- {
- Subject fromSubject;
- Subject toSubject;
- boolean setReadOnly;
- boolean deepCopy;
-
- CopySubjectAction(Subject fromSubject, Subject toSubject, boolean setReadOnly)
- {
- this.fromSubject = fromSubject;
- this.toSubject = toSubject;
- this.setReadOnly = setReadOnly;
- }
- public void setDeepCopy(boolean flag)
- {
- this.deepCopy = flag;
- }
-
- @SuppressWarnings("unchecked")
- public Object run()
- {
- Set principals = fromSubject.getPrincipals();
- Set principals2 = toSubject.getPrincipals();
- Iterator<Principal> iter = principals.iterator();
- while( iter.hasNext() )
- principals2.add(getCloneIfNeeded(iter.next()));
- Set privateCreds = fromSubject.getPrivateCredentials();
- Set privateCreds2 = toSubject.getPrivateCredentials();
- iter = privateCreds.iterator();
- while( iter.hasNext() )
- privateCreds2.add(getCloneIfNeeded(iter.next()));
- Set publicCreds = fromSubject.getPublicCredentials();
- Set publicCreds2 = toSubject.getPublicCredentials();
- iter = publicCreds.iterator();
- while( iter.hasNext() )
- publicCreds2.add(getCloneIfNeeded(iter.next()));
- if( setReadOnly == true )
- toSubject.setReadOnly();
- return null;
- }
-
- /** Check if the deepCopy flag is ON &&
- * Object implements Cloneable and return cloned object */
- private Object getCloneIfNeeded(Object obj)
- {
- Object clonedObject = null;
- if(this.deepCopy && obj instanceof Cloneable)
- {
- Class<?> clazz = obj.getClass();
- try
- {
- Method cloneMethod = clazz.getMethod("clone", (Class[])null);
- clonedObject = cloneMethod.invoke(obj, (Object[])null);
- }
- catch (Exception e)
- {//Ignore non-cloneable issues
- }
- }
- if(clonedObject == null)
- clonedObject = obj;
- return clonedObject;
- }
- }
-
- private static class LoginContextAction implements PrivilegedExceptionAction<LoginContext>
- {
- String securityDomain;
- Subject subject;
- CallbackHandler handler;
- LoginContextAction(String securityDomain, Subject subject,
- CallbackHandler handler)
- {
- this.securityDomain = securityDomain;
- this.subject = subject;
- this.handler = handler;
- }
- public LoginContext run() throws Exception
- {
- LoginContext lc = new LoginContext(securityDomain, subject, handler);
- return lc;
- }
- }
-
- private static class GetTCLAction implements PrivilegedAction<ClassLoader>
- {
- static PrivilegedAction<ClassLoader> ACTION = new GetTCLAction();
- public ClassLoader run()
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- return loader;
- }
- }
-
- private static class SetContextInfoAction implements PrivilegedAction<Object>
- {
- String key;
- Object value;
- SetContextInfoAction(String key, Object value)
- {
- this.key = key;
- this.value = value;
- }
- public Object run()
- {
- //Set it on the current security context also
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc != null)
- {
- sc.getData().put(key, value);
- }
- return SecurityContextAssociation.setContextInfo(key, value);
- }
- }
-
- interface PrincipalInfoAction
- {
- PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
- {
- public void push(final Principal principal, final Object credential,
- final Subject subject, final String securityDomain)
- {
- AccessController.doPrivileged(
- new PrivilegedAction<Object>()
- {
- public Object run()
- {
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- {
- try
- {
- sc = SecurityContextFactory.createSecurityContext(principal, credential,
- subject, securityDomain);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- SecurityContextAssociation.setSecurityContext(sc);
- return null;
- }
- }
- );
- }
- public void pop()
- {
- AccessController.doPrivileged(
- new PrivilegedAction<Object>()
- {
- public Object run()
- {
- //SecurityAssociation.popSubjectContext();
- SecurityContextAssociation.clearSecurityContext();
- return null;
- }
- }
- );
- }
- };
-
- PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
- {
- public void push(Principal principal, Object credential, Subject subject,
- String securityDomain)
- {
- //SecurityAssociation.pushSubjectContext(subject, principal, credential);
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- {
- try
- {
- sc = SecurityContextFactory.createSecurityContext(principal, credential,
- subject, securityDomain);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- else
- {
- sc.getUtil().createSubjectInfo(principal, credential, subject);
- }
- SecurityContextAssociation.setSecurityContext(sc);
- }
- public void pop()
- {
- SecurityContextAssociation.clearSecurityContext();
- }
- };
-
- void push(Principal principal, Object credential, Subject subject, String securityDomain);
- void pop();
- }
-
- static Subject getActiveSubject() throws PrivilegedActionException
- {
- Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
- return subject;
- }
- static void copySubject(Subject fromSubject, Subject toSubject)
- {
- copySubject(fromSubject, toSubject, false);
- }
- static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly)
- {
- CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
- if( System.getSecurityManager() != null )
- AccessController.doPrivileged(action);
- else
- action.run();
- }
-
- static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly,
- boolean deepCopy)
- {
- CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
- action.setDeepCopy(deepCopy);
- if( System.getSecurityManager() != null )
- AccessController.doPrivileged(action);
- else
- action.run();
- }
-
- static LoginContext createLoginContext(String securityDomain, Subject subject,
- CallbackHandler handler)
- throws LoginException
- {
- LoginContextAction action = new LoginContextAction(securityDomain, subject, handler);
- try
- {
- LoginContext lc = (LoginContext) AccessController.doPrivileged(action);
- return lc;
- }
- catch(PrivilegedActionException e)
- {
- Exception ex = e.getException();
- if( ex instanceof LoginException )
- throw (LoginException) ex;
- else
- throw new LoginException(ex.getMessage());
- }
- }
-
- static ClassLoader getContextClassLoader()
- {
- ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
- return loader;
- }
-
- static Object setContextInfo(String key, Object value)
- {
- SetContextInfoAction action = new SetContextInfoAction(key, value);
- Object prevInfo = AccessController.doPrivileged(action);
- return prevInfo;
- }
-
- static String toString(Subject subject)
- {
- ToStringSubjectAction action = new ToStringSubjectAction(subject);
- String info = (String) AccessController.doPrivileged(action);
- return info;
- }
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.plugins.auth;
+
+import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/** Common PrivilegedAction used by classes in this package.
+ *
+ * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at redhat.com
+ * @version $Revision: 65313 $
+ */
+class SubjectActions
+{
+ private static class ToStringSubjectAction implements PrivilegedAction<String>
+ {
+ Subject subject;
+ ToStringSubjectAction(Subject subject)
+ {
+ this.subject = subject;
+ }
+ public String run()
+ {
+ StringBuffer tmp = new StringBuffer();
+ tmp.append("Subject(");
+ tmp.append(System.identityHashCode(subject));
+ tmp.append(").principals=");
+ Iterator<Principal> principals = subject.getPrincipals().iterator();
+ while( principals.hasNext() )
+ {
+ Object p = principals.next();
+ Class<?> c = p.getClass();
+ tmp.append(c.getName());
+ tmp.append('@');
+ tmp.append(System.identityHashCode(c));
+ tmp.append('(');
+ tmp.append(p);
+ tmp.append(')');
+ }
+ return tmp.toString();
+ }
+ }
+
+ private static class GetSubjectAction implements PrivilegedExceptionAction<Subject>
+ {
+ static PrivilegedExceptionAction<Subject> ACTION = new GetSubjectAction();
+ public Subject run() throws PolicyContextException
+ {
+ return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
+ }
+ }
+
+ private static class CopySubjectAction implements PrivilegedAction<Object>
+ {
+ Subject fromSubject;
+ Subject toSubject;
+ boolean setReadOnly;
+ boolean deepCopy;
+
+ CopySubjectAction(Subject fromSubject, Subject toSubject, boolean setReadOnly)
+ {
+ this.fromSubject = fromSubject;
+ this.toSubject = toSubject;
+ this.setReadOnly = setReadOnly;
+ }
+ public void setDeepCopy(boolean flag)
+ {
+ this.deepCopy = flag;
+ }
+
+ @SuppressWarnings({"unchecked", "rawtypes"})
+ public Object run()
+ {
+ Set principals = fromSubject.getPrincipals();
+ Set principals2 = toSubject.getPrincipals();
+ Iterator<Principal> iter = principals.iterator();
+ while( iter.hasNext() )
+ principals2.add(getCloneIfNeeded(iter.next()));
+ Set privateCreds = fromSubject.getPrivateCredentials();
+ Set privateCreds2 = toSubject.getPrivateCredentials();
+ iter = privateCreds.iterator();
+ while( iter.hasNext() )
+ privateCreds2.add(getCloneIfNeeded(iter.next()));
+ Set publicCreds = fromSubject.getPublicCredentials();
+ Set publicCreds2 = toSubject.getPublicCredentials();
+ iter = publicCreds.iterator();
+ while( iter.hasNext() )
+ publicCreds2.add(getCloneIfNeeded(iter.next()));
+ if( setReadOnly == true )
+ toSubject.setReadOnly();
+ return null;
+ }
+
+ /** Check if the deepCopy flag is ON &&
+ * Object implements Cloneable and return cloned object */
+ private Object getCloneIfNeeded(Object obj)
+ {
+ Object clonedObject = null;
+ if(this.deepCopy && obj instanceof Cloneable)
+ {
+ Class<?> clazz = obj.getClass();
+ try
+ {
+ Method cloneMethod = clazz.getMethod("clone", (Class[])null);
+ clonedObject = cloneMethod.invoke(obj, (Object[])null);
+ }
+ catch (Exception e)
+ {//Ignore non-cloneable issues
+ }
+ }
+ if(clonedObject == null)
+ clonedObject = obj;
+ return clonedObject;
+ }
+ }
+
+ private static class LoginContextAction implements PrivilegedExceptionAction<LoginContext>
+ {
+ String securityDomain;
+ Subject subject;
+ CallbackHandler handler;
+ LoginContextAction(String securityDomain, Subject subject,
+ CallbackHandler handler)
+ {
+ this.securityDomain = securityDomain;
+ this.subject = subject;
+ this.handler = handler;
+ }
+ public LoginContext run() throws Exception
+ {
+ LoginContext lc = new LoginContext(securityDomain, subject, handler);
+ return lc;
+ }
+ }
+
+ private static class GetTCLAction implements PrivilegedAction<ClassLoader>
+ {
+ static PrivilegedAction<ClassLoader> ACTION = new GetTCLAction();
+ public ClassLoader run()
+ {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ return loader;
+ }
+ }
+
+ private static class SetContextInfoAction implements PrivilegedAction<Object>
+ {
+ String key;
+ Object value;
+ SetContextInfoAction(String key, Object value)
+ {
+ this.key = key;
+ this.value = value;
+ }
+ public Object run()
+ {
+ //Set it on the current security context also
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc != null)
+ {
+ sc.getData().put(key, value);
+ }
+ return SecurityContextAssociation.setContextInfo(key, value);
+ }
+ }
+
+ interface PrincipalInfoAction
+ {
+ PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(final Principal principal, final Object credential,
+ final Subject subject, final String securityDomain)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal, credential,
+ subject, securityDomain);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ }
+ );
+ }
+ public void pop()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ //SecurityAssociation.popSubjectContext();
+ SecurityContextAssociation.clearSecurityContext();
+ return null;
+ }
+ }
+ );
+ }
+ };
+
+ PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(Principal principal, Object credential, Subject subject,
+ String securityDomain)
+ {
+ //SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ if(sc == null)
+ {
+ try
+ {
+ sc = SecurityContextFactory.createSecurityContext(principal, credential,
+ subject, securityDomain);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ else
+ {
+ sc.getUtil().createSubjectInfo(principal, credential, subject);
+ }
+ SecurityContextAssociation.setSecurityContext(sc);
+ }
+ public void pop()
+ {
+ SecurityContextAssociation.clearSecurityContext();
+ }
+ };
+
+ void push(Principal principal, Object credential, Subject subject, String securityDomain);
+ void pop();
+ }
+
+ static Subject getActiveSubject() throws PrivilegedActionException
+ {
+ Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
+ return subject;
+ }
+ static void copySubject(Subject fromSubject, Subject toSubject)
+ {
+ copySubject(fromSubject, toSubject, false);
+ }
+ static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly)
+ {
+ CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
+ if( System.getSecurityManager() != null )
+ AccessController.doPrivileged(action);
+ else
+ action.run();
+ }
+
+ static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly,
+ boolean deepCopy)
+ {
+ CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
+ action.setDeepCopy(deepCopy);
+ if( System.getSecurityManager() != null )
+ AccessController.doPrivileged(action);
+ else
+ action.run();
+ }
+
+ static LoginContext createLoginContext(String securityDomain, Subject subject,
+ CallbackHandler handler)
+ throws LoginException
+ {
+ LoginContextAction action = new LoginContextAction(securityDomain, subject, handler);
+ try
+ {
+ LoginContext lc = (LoginContext) AccessController.doPrivileged(action);
+ return lc;
+ }
+ catch(PrivilegedActionException e)
+ {
+ Exception ex = e.getException();
+ if( ex instanceof LoginException )
+ throw (LoginException) ex;
+ else
+ throw new LoginException(ex.getMessage());
+ }
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
+ return loader;
+ }
+
+ static Object setContextInfo(String key, Object value)
+ {
+ SetContextInfoAction action = new SetContextInfoAction(key, value);
+ Object prevInfo = AccessController.doPrivileged(action);
+ return prevInfo;
+ }
+
+ static String toString(Subject subject)
+ {
+ ToStringSubjectAction action = new ToStringSubjectAction(subject);
+ String info = (String) AccessController.doPrivileged(action);
+ return info;
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SynchronizedJaasSecurityManager.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SynchronizedJaasSecurityManager.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SynchronizedJaasSecurityManager.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -419,7 +419,7 @@
/** Validate the cache credential value against the provided credential
*/
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"unchecked", "rawtypes"})
private boolean validateCache(DomainInfo info, Object credential, Subject theSubject)
{
if (trace)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/JaasSecurityDomainIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/JaasSecurityDomainIdentityLoginModule.java 2011-08-10 22:39:39 UTC (rev 242)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/JaasSecurityDomainIdentityLoginModule.java 2011-08-12 17:06:20 UTC (rev 243)
@@ -30,7 +30,6 @@
import javax.management.MBeanServer;
import javax.management.ObjectName;
-import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
@@ -88,8 +87,10 @@
private String username;
private String password;
+ @SuppressWarnings("unused")
private ObjectName jaasSecurityDomain;
+ @SuppressWarnings("rawtypes")
public void initialize(Subject subject, CallbackHandler handler,
Map sharedState, Map options)
{
@@ -183,6 +184,7 @@
return empty;
}
+ @SuppressWarnings({"rawtypes", "unused"})
private static class DecodeAction implements PrivilegedExceptionAction
{
String password;
More information about the jboss-cvs-commits
mailing list