[jboss-cvs] Picketbox SVN: r289 - in trunk: security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Nov 16 10:28:04 EST 2011
Author: anil.saldhana at jboss.com
Date: 2011-11-16 10:28:04 -0500 (Wed, 16 Nov 2011)
New Revision: 289
Added:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocatorFactory.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java
Modified:
trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java
trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/SubjectActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/SecurityActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/SecurityActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/SecurityActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/SecurityActions.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
Log:
SECURITY-634: support for jboss module
Modified: trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java
===================================================================
--- trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -46,7 +46,12 @@
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.auth.callback.JBossCallbackHandler;
+import org.jboss.security.auth.login.BaseAuthenticationInfo;
import org.jboss.security.authentication.JBossCachedAuthenticationManager.DomainInfo;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.plugins.ClassLoaderLocator;
+import org.jboss.security.plugins.ClassLoaderLocatorFactory;
/**
* {@link AuthenticationManager} implementation that uses {@link Cache} as the cache provider.
@@ -335,46 +340,78 @@
* @return false on failure, true on success.
*/
private boolean authenticate(Principal principal, Object credential, Subject theSubject)
+ {
+ ApplicationPolicy theAppPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
+ if(theAppPolicy != null)
+ {
+ BaseAuthenticationInfo authInfo = theAppPolicy.getAuthenticationInfo();
+ String jbossModuleName = authInfo.getJBossModuleName();
+ if(jbossModuleName != null)
+ {
+ ClassLoader currentTccl = SubjectActions.getContextClassLoader();
+ ClassLoaderLocator theCLL = ClassLoaderLocatorFactory.get();
+ if(theCLL != null)
+ {
+ ClassLoader newTCCL = theCLL.get(jbossModuleName);
+ if(newTCCL != null)
+ {
+ try
+ {
+ SubjectActions.setContextClassLoader(newTCCL);
+ return proceedWithJaasLogin(principal, credential, theSubject);
+ }
+ finally
+ {
+ SubjectActions.setContextClassLoader(currentTccl);
+ }
+ }
+ }
+ }
+ }
+ return proceedWithJaasLogin(principal, credential, theSubject);
+ }
+
+
+ private boolean proceedWithJaasLogin(Principal principal, Object credential, Subject theSubject)
{
- Subject subject = null;
- boolean authenticated = false;
- LoginException authException = null;
+ Subject subject = null;
+ boolean authenticated = false;
+ LoginException authException = null;
+ try
+ {
+ // Validate the principal using the login configuration for this domain
+ LoginContext lc = defaultLogin(principal, credential);
+ subject = lc.getSubject();
- try
- {
- // Validate the principal using the login configuration for this domain
- LoginContext lc = defaultLogin(principal, credential);
- subject = lc.getSubject();
+ // Set the current subject if login was successful
+ if (subject != null)
+ {
+ // Copy the current subject into theSubject
+ if (theSubject != null)
+ {
+ SubjectActions.copySubject(subject, theSubject, false, this.deepCopySubjectOption);
+ }
+ else
+ {
+ theSubject = subject;
+ }
- // Set the current subject if login was successful
- if (subject != null)
- {
- // Copy the current subject into theSubject
- if (theSubject != null)
- {
- SubjectActions.copySubject(subject, theSubject, false, this.deepCopySubjectOption);
- }
- else
- {
- theSubject = subject;
- }
+ authenticated = true;
+ // Build the Subject based DomainInfo cache value
+ updateCache(lc, subject, principal, credential);
+ }
+ }
+ catch (LoginException e)
+ {
+ // Don't log anonymous user failures unless trace level logging is on
+ if (principal != null && principal.getName() != null || trace)
+ log.error("Login failure", e);
+ authException = e;
+ }
+ // Set the security association thread context info exception
+ SubjectActions.setContextInfo("org.jboss.security.exception", authException);
- authenticated = true;
- // Build the Subject based DomainInfo cache value
- updateCache(lc, subject, principal, credential);
- }
- }
- catch (LoginException e)
- {
- // Don't log anonymous user failures unless trace level logging is on
- if (principal != null && principal.getName() != null || trace)
- log.error("Login failure", e);
- authException = e;
- }
- // Set the security association thread context info exception
- SubjectActions.setContextInfo("org.jboss.security.exception", authException);
-
- return authenticated;
+ return authenticated;
}
/**
@@ -520,5 +557,4 @@
}
}
}
-
-}
+}
\ No newline at end of file
Modified: trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/SubjectActions.java
===================================================================
--- trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/SubjectActions.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/picketbox-infinispan/src/main/java/org/jboss/security/authentication/SubjectActions.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -348,6 +348,18 @@
return loader;
}
+ static void setContextClassLoader(final ClassLoader cl)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ Thread.currentThread().setContextClassLoader(cl);
+ return null;
+ }
+ });
+ }
+
static Object setContextInfo(String key, Object value)
{
SetContextInfoAction action = new SetContextInfoAction(key, value);
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -26,8 +26,6 @@
import javax.security.auth.AuthPermission;
-// $Id$
-
/**
* Base Class of the security info
*
@@ -45,6 +43,12 @@
protected String name;
protected ArrayList<T> moduleEntries = new ArrayList<T>();
+
+ /**
+ * Name of the JBoss Module that can be optionally configured for
+ * custom login modules etc
+ */
+ protected String jbossModuleName;
public BaseSecurityInfo()
{
@@ -83,9 +87,27 @@
public void setName(String name)
{
- this.name = name;
+ this.name = name;
}
+ /**
+ * Get the name of the JBoss Module
+ * @return
+ */
+ public String getJBossModuleName()
+ {
+ return jbossModuleName;
+ }
+
+ /**
+ * Set the name of the JBoss Module
+ * @param jbossModuleName
+ */
+ public void setJBossModuleName(String jbossModuleName)
+ {
+ this.jbossModuleName = jbossModuleName;
+ }
+
protected abstract BaseSecurityInfo<T> create(String name);
public BaseSecurityInfo<T> merge(BaseSecurityInfo<T> bi)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -35,6 +35,8 @@
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
+import org.jboss.security.plugins.ClassLoaderLocator;
+import org.jboss.security.plugins.ClassLoaderLocatorFactory;
/**
* Implementation of the Identity Trust Context
@@ -97,6 +99,7 @@
private void initializeModules() throws Exception
{
+ ClassLoader moduleCL = null;
//Clear the modules
modules.clear();
//Get the Configuration
@@ -107,6 +110,15 @@
IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo();
if(iti == null)
return;
+ String jbossModuleName = iti.getJBossModuleName();
+ if(jbossModuleName != null)
+ {
+ ClassLoaderLocator cll = ClassLoaderLocatorFactory.get();
+ if(cll != null)
+ {
+ moduleCL = cll.get(jbossModuleName);
+ }
+ }
IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry();
for(IdentityTrustModuleEntry itme: itmearr)
{
@@ -115,18 +127,18 @@
cf = ControlFlag.REQUIRED;
this.controlFlags.add(cf);
- modules.add(instantiateModule(itme.getName(), itme.getOptions()));
+ IdentityTrustModule module = instantiateModule(moduleCL, itme.getName(), itme.getOptions());
+ modules.add(module);
}
}
@SuppressWarnings({"unchecked", "rawtypes"})
- private IdentityTrustModule instantiateModule(String name, Map map) throws Exception
+ private IdentityTrustModule instantiateModule(ClassLoader cl, String name, Map map) throws Exception
{
IdentityTrustModule im = null;
- ClassLoader tcl = SecurityActions.getContextClassLoader();
try
{
- Class clazz = tcl.loadClass(name);
+ Class clazz = SecurityActions.loadClass(cl, name);
im = (IdentityTrustModule)clazz.newInstance();
}
catch ( Exception e)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/SecurityActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/SecurityActions.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/SecurityActions.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -61,4 +61,29 @@
}
}
});
- }}
\ No newline at end of file
+ }
+
+
+
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ if(cl == null)
+ {
+ return loadClass(name);
+ }
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception ignore)
+ {
+ return loadClass(name);
+ }
+ }
+ });
+ }
+}
\ No newline at end of file
Added: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java (rev 0)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins;
+
+/**
+ * An interface to locate a {@code ClassLoader}}
+ * The primary use of this interface is in the JBoss Application Server,
+ * which needs to inject a module class loader for custom login modules etc
+ * @author Anil Saldhana
+ * @since Nov 14, 2011
+ */
+public interface ClassLoaderLocator
+{
+ /**
+ * Given a key, return a {@code ClassLoader}
+ * @param key
+ * @return
+ */
+ ClassLoader get(String key);
+}
\ No newline at end of file
Added: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocatorFactory.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocatorFactory.java (rev 0)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocatorFactory.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -0,0 +1,46 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins;
+
+/**
+ * Simple factory for {@code ClassLoaderLocator}
+ * @author Anil Saldhana
+ * @since Nov 14, 2011
+ */
+public class ClassLoaderLocatorFactory
+{
+ private static ClassLoaderLocator theLocator = null;
+
+ /**
+ * Set the {@code ClassLoaderLocator}
+ * @param cl
+ */
+ public static void set(ClassLoaderLocator cl)
+ {
+ theLocator = cl;
+ }
+
+ public static ClassLoaderLocator get()
+ {
+ return theLocator;
+ }
+}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -24,6 +24,8 @@
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuditInfo;
import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.plugins.ClassLoaderLocator;
+import org.jboss.security.plugins.ClassLoaderLocatorFactory;
/**
* Manages a set of AuditContext
@@ -54,42 +56,31 @@
this.securityDomain = SecurityUtil.unprefixSecurityDomain(secDomain);
}
- @SuppressWarnings("unused")
public AuditContext getAuditContext() throws PrivilegedActionException
{
+ ClassLoader moduleCL = null;
AuditContext ac = (AuditContext)contexts.get(securityDomain);
if(ac == null)
{
- ac = new JBossAuditContext(securityDomain);
- ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy(securityDomain);
- if(ap != null)
- {
- AuditInfo ai = ap.getAuditInfo();
- if(ai != null)
- {
- AuditProviderEntry[] apeArr = ai.getAuditProviderEntry();
- List<AuditProviderEntry> list = Arrays.asList(apeArr);
- for(AuditProviderEntry ape:list)
- {
- String pname = ape.getName();
- try
- {
- Class<?> clazz = clazzMap.get(pname);
- if( clazz == null )
- {
- clazz = SecurityActions.loadClass(pname);
- clazzMap.put(pname, clazz);
- }
-
- ac.addProvider((AuditProvider) clazz.newInstance());
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
- }
- }
+ ac = new JBossAuditContext(securityDomain);
+ ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy(securityDomain);
+ if(ap != null)
+ {
+ AuditInfo ai = ap.getAuditInfo();
+ if(ai != null)
+ {
+ String jbossModuleName = ai.getJBossModuleName();
+ if(jbossModuleName != null)
+ {
+ ClassLoaderLocator cll = ClassLoaderLocatorFactory.get();
+ if(cll != null)
+ {
+ moduleCL = cll.get(jbossModuleName);
+ }
+ }
+ ac = instantiate(moduleCL, ai);
+ }
+ }
}
if(ac == null)
{
@@ -136,5 +127,32 @@
public String getSecurityDomain()
{
return this.securityDomain;
+ }
+
+ private AuditContext instantiate(ClassLoader cl, AuditInfo ai)
+ {
+ AuditContext ac = new JBossAuditContext(securityDomain);
+ AuditProviderEntry[] apeArr = ai.getAuditProviderEntry();
+ List<AuditProviderEntry> list = Arrays.asList(apeArr);
+ for(AuditProviderEntry ape:list)
+ {
+ String pname = ape.getName();
+ try
+ {
+ Class<?> clazz = clazzMap.get(pname);
+ if( clazz == null )
+ {
+ clazz = SecurityActions.loadClass(cl, pname);
+ clazzMap.put(pname, clazz);
+ }
+
+ ac.addProvider((AuditProvider) clazz.newInstance());
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ return ac;
}
-}
+}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/SecurityActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/SecurityActions.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/SecurityActions.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -33,6 +33,18 @@
*/
class SecurityActions
{
+ static void setContextClassLoader(final ClassLoader tccl) throws PrivilegedActionException
+ {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ Thread.currentThread().setContextClassLoader(tccl);
+ return null;
+ }
+ });
+ }
+
static ClassLoader getContextClassLoader() throws PrivilegedActionException
{
return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
@@ -68,4 +80,26 @@
}
});
}
+
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ if(cl == null)
+ {
+ return loadClass(name);
+ }
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception ignore)
+ {
+ return loadClass(name);
+ }
+ }
+ });
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -43,6 +43,11 @@
import org.jboss.security.SecurityUtil;
import org.jboss.security.SubjectSecurityManager;
import org.jboss.security.auth.callback.JBossCallbackHandler;
+import org.jboss.security.auth.login.BaseAuthenticationInfo;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.plugins.ClassLoaderLocator;
+import org.jboss.security.plugins.ClassLoaderLocatorFactory;
/** The JaasSecurityManager is responsible both for authenticating credentials
associated with principals and for role mapping. This implementation relies
@@ -294,43 +299,72 @@
private boolean authenticate(Principal principal, Object credential,
Subject theSubject)
{
- Subject subject = null;
- boolean authenticated = false;
- LoginException authException = null;
+ ApplicationPolicy theAppPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
+ if(theAppPolicy != null)
+ {
+ BaseAuthenticationInfo authInfo = theAppPolicy.getAuthenticationInfo();
+ String jbossModuleName = authInfo.getJBossModuleName();
+ if(jbossModuleName != null)
+ {
+ ClassLoader currentTccl = SubjectActions.getContextClassLoader();
+ ClassLoaderLocator theCLL = ClassLoaderLocatorFactory.get();
+ if(theCLL != null)
+ {
+ ClassLoader newTCCL = theCLL.get(jbossModuleName);
+ if(newTCCL != null)
+ {
+ try
+ {
+ SubjectActions.setContextClassLoader(newTCCL);
+ return proceedWithJaasLogin(principal, credential, theSubject);
+ }
+ finally
+ {
+ SubjectActions.setContextClassLoader(currentTccl);
+ }
+ }
+ }
+ }
+ }
+ return proceedWithJaasLogin(principal, credential, theSubject);
+ }
+
+ private boolean proceedWithJaasLogin(Principal principal, Object credential, Subject theSubject)
+ {
+ Subject subject = null;
+ boolean authenticated = false;
+ LoginException authException = null;
+ try {
- try
- {
- // Validate the principal using the login configuration for this domain
- LoginContext lc = defaultLogin(principal, credential);
- subject = lc.getSubject();
+ // Validate the principal using the login configuration for this
+ // domain
+ LoginContext lc = defaultLogin(principal, credential);
+ subject = lc.getSubject();
- // Set the current subject if login was successful
- if( subject != null )
- {
- // Copy the current subject into theSubject
- if( theSubject != null )
- {
- SubjectActions.copySubject(subject, theSubject, false,this.deepCopySubjectOption);
- }
- else
- {
- theSubject = subject;
- }
+ // Set the current subject if login was successful
+ if (subject != null) {
+ // Copy the current subject into theSubject
+ if (theSubject != null) {
+ SubjectActions.copySubject(subject, theSubject, false,
+ this.deepCopySubjectOption);
+ } else {
+ theSubject = subject;
+ }
- authenticated = true;
- }
- }
- catch(LoginException e)
- {
- // Don't log anonymous user failures unless trace level logging is on
- if( principal != null && principal.getName() != null || trace )
- log.trace("Login failure", e);
- authException = e;
- }
- // Set the security association thread context info exception
- SubjectActions.setContextInfo("org.jboss.security.exception", authException);
+ authenticated = true;
+ }
+ } catch (LoginException e) {
+ // Don't log anonymous user failures unless trace level logging is
+ // on
+ if (principal != null && principal.getName() != null || trace)
+ log.trace("Login failure", e);
+ authException = e;
+ }
+ // Set the security association thread context info exception
+ SubjectActions.setContextInfo("org.jboss.security.exception",
+ authException);
- return authenticated;
+ return authenticated;
}
/** Pass the security info to the login modules configured for
@@ -370,5 +404,4 @@
log.trace("defaultLogin, lc="+lc+", subject="+SubjectActions.toString(subject));
return lc;
}
-
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/SubjectActions.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -333,6 +333,18 @@
}
}
+ static void setContextClassLoader(final ClassLoader cl)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ Thread.currentThread().setContextClassLoader(cl);
+ return null;
+ }
+ });
+ }
+
static ClassLoader getContextClassLoader()
{
ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -49,6 +49,8 @@
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.plugins.ClassLoaderLocator;
+import org.jboss.security.plugins.ClassLoaderLocatorFactory;
//$Id: JBossAuthorizationContext.java 62954 2007-05-10 04:12:18Z anil.saldhana at jboss.com $
@@ -189,23 +191,35 @@
AuthorizationInfo authzInfo = getAuthorizationInfo(securityDomainName, resource);
if (authzInfo == null)
throw new IllegalStateException(ErrorCodes.NULL_VALUE + "Authorization Info is null");
+
+ ClassLoader moduleCL = null;
+ String jbossModuleName = authzInfo.getJBossModuleName();
+ if(jbossModuleName != null)
+ {
+ ClassLoaderLocator cll = ClassLoaderLocatorFactory.get();
+ if( cll != null)
+ {
+ moduleCL = cll.get(jbossModuleName);
+ }
+ }
AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry();
int len = entries != null ? entries.length : 0;
for (int i = 0; i < len; i++)
{
- AuthorizationModuleEntry entry = entries[i];
- ControlFlag flag = entry.getControlFlag();
- if (flag == null)
- {
- if (trace)
- log.trace("Null Control flag for entry:" + entry + ". Defaults to REQUIRED!");
- flag = ControlFlag.REQUIRED;
- }
- else if (trace)
- log.trace("Control flag for entry:" + entry + "is:[" + flag + "]");
+ AuthorizationModuleEntry entry = entries[i];
+ ControlFlag flag = entry.getControlFlag();
+ if (flag == null)
+ {
+ if (trace)
+ log.trace("Null Control flag for entry:" + entry + ". Defaults to REQUIRED!");
+ flag = ControlFlag.REQUIRED;
+ }
+ else if (trace)
+ log.trace("Control flag for entry:" + entry + "is:[" + flag + "]");
- controlFlags.add(flag);
- modules.add(instantiateModule(entry.getPolicyModuleName(), entry.getOptions(), role));
+ controlFlags.add(flag);
+ AuthorizationModule module = instantiateModule(moduleCL, entry.getPolicyModuleName(), entry.getOptions(), role);
+ modules.add(module);
}
}
@@ -303,7 +317,7 @@
}
}
- private AuthorizationModule instantiateModule(String name, Map<String, Object> map, RoleGroup subjectRoles)
+ private AuthorizationModule instantiateModule(ClassLoader cl, String name, Map<String, Object> map, RoleGroup subjectRoles)
throws PrivilegedActionException
{
AuthorizationModule am = null;
@@ -314,7 +328,11 @@
{
try
{
- clazz = getClass().getClassLoader().loadClass(name);
+ if(cl == null)
+ {
+ cl = getClass().getClassLoader();
+ }
+ clazz = cl.loadClass(name);
}
catch (Exception ignore)
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/SecurityActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/SecurityActions.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/SecurityActions.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -35,6 +35,18 @@
*/
class SecurityActions
{
+ static void setContextClassLoader(final ClassLoader tccl) throws PrivilegedActionException
+ {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ Thread.currentThread().setContextClassLoader(tccl);
+ return null;
+ }
+ });
+ }
+
static ClassLoader getContextClassLoader() throws PrivilegedActionException
{
return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -32,11 +32,13 @@
import org.jboss.security.SecurityUtil;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.MappingInfo;
-import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.mapping.MappingProvider;
import org.jboss.security.mapping.config.MappingModuleEntry;
+import org.jboss.security.plugins.ClassLoaderLocator;
+import org.jboss.security.plugins.ClassLoaderLocatorFactory;
/**
@@ -57,9 +59,8 @@
public JBossMappingManager(String domain)
{
this.securityDomain = SecurityUtil.unprefixSecurityDomain(domain);
- }
+ }
-
public <T> MappingContext<T> getMappingContext(String mappingType)
{
//Apply Mapping Logic
@@ -119,25 +120,37 @@
private <T> MappingContext<T> generateMappingContext(MappingContext<T> mc, MappingInfo rmi)
{
- MappingModuleEntry[] mpe = rmi.getMappingModuleEntry();
- ArrayList<MappingProvider<T>> al = new ArrayList<MappingProvider<T>>();
+ ClassLoader moduleCL = null;
+ String jbossModuleName = rmi.getJBossModuleName();
+ if(jbossModuleName != null)
+ {
+ ClassLoaderLocator cll = ClassLoaderLocatorFactory.get();
+ if(cll != null)
+ {
+ moduleCL = cll.get(jbossModuleName);
+ }
+ }
+ MappingModuleEntry[] mpe = rmi.getMappingModuleEntry();
+ ArrayList<MappingProvider<T>> al = new ArrayList<MappingProvider<T>>();
- for(int i = 0 ; i < mpe.length; i++)
- {
- MappingProvider<T> mp = getMappingProvider(mpe[i]);
- if(mp != null)
- al.add(mp);
- }
- return new MappingContext<T>(al);
- }
-
+ for(int i = 0 ; i < mpe.length; i++)
+ {
+ MappingProvider<T> mp = getMappingProvider(moduleCL, mpe[i]);
+ if(mp != null)
+ {
+ al.add(mp);
+ }
+ }
+ return new MappingContext<T>(al);
+ }
+
public String getSecurityDomain()
{
return this.securityDomain;
}
@SuppressWarnings("unchecked")
- private <T> MappingProvider<T> getMappingProvider(MappingModuleEntry mme)
+ private <T> MappingProvider<T> getMappingProvider(ClassLoader cl, MappingModuleEntry mme)
{
MappingProvider<T> mp = null;
try
@@ -146,15 +159,7 @@
Class<?> clazz = clazzMap.get(fqn);
if( clazz == null )
{
- try
- {
- clazz = getClass().getClassLoader().loadClass(fqn);
- }
- catch (Exception e)
- {
- ClassLoader tcl = SecurityActions.getContextClassLoader();
- clazz = tcl.loadClass(fqn);
- }
+ clazz = SecurityActions.loadClass(cl, fqn);
clazzMap.put(fqn, clazz);
}
mp = (MappingProvider<T>) clazz.newInstance();
@@ -163,7 +168,7 @@
catch(Exception e)
{
if(trace)
- log.trace("Error in getting Mapping Provider",e);
+ log.trace("Error in getting Mapping Provider:",e);
}
return mp;
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/SecurityActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/SecurityActions.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/SecurityActions.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -23,6 +23,8 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
* Privileged Blocks
@@ -32,6 +34,19 @@
*/
class SecurityActions
{
+
+ static void setContextClassLoader(final ClassLoader tccl) throws PrivilegedActionException
+ {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ Thread.currentThread().setContextClassLoader(tccl);
+ return null;
+ }
+ });
+ }
+
static ClassLoader getContextClassLoader()
{
return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
@@ -41,5 +56,52 @@
return Thread.currentThread().getContextClassLoader();
}
});
- }
+ }
+
+ static Class<?> loadClass(final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return getClass().getClassLoader().loadClass(name);
+ }
+ catch (Exception ignore)
+ {
+ try
+ {
+ return getContextClassLoader().loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ if(cl == null)
+ {
+ return loadClass(name);
+ }
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception ignore)
+ {
+ return loadClass(name);
+ }
+ }
+ });
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java 2011-11-14 03:36:48 UTC (rev 288)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -101,7 +101,7 @@
new SubjectPolicyContextHandler(), true);
}
- private void setSecurityConfiguration() throws Exception
+ protected void setSecurityConfiguration() throws Exception
{
String name = "org.jboss.security.authorization.modules.web.WebAuthorizationModule";
ApplicationPolicy ap = new ApplicationPolicy("other");
Added: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java (rev 0)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java 2011-11-16 15:28:04 UTC (rev 289)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization;
+
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.plugins.ClassLoaderLocator;
+import org.jboss.security.plugins.ClassLoaderLocatorFactory;
+
+/**
+ * Use of module attribute
+ * @author Anil Saldhana
+ * @since Nov 16, 2011
+ */
+public class JBossAuthorizationManagerWithModuleUnitTestCase extends
+ JBossAuthorizationManagerUnitTestCase
+{
+ @Override
+ protected void setSecurityConfiguration() throws Exception
+ {
+ super.setSecurityConfiguration();
+ ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy("other");
+ AuthorizationInfo ai = ap.getAuthorizationInfo();
+ ai.setJBossModuleName("org.picketbox");
+ ap.setAuthorizationInfo(ai);
+ SecurityConfiguration.addApplicationPolicy(ap);
+
+ ClassLoaderLocatorFactory.set(new ClassLoaderLocator() {
+
+ public ClassLoader get(String key) {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list