[jboss-cvs] JBoss Messaging SVN: r8548 - branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sun Jul 15 22:44:24 EDT 2012
Author: gaohoward
Date: 2012-07-15 22:44:22 -0400 (Sun, 15 Jul 2012)
New Revision: 8548
Modified:
branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityActions.java
branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityAspect.java
Log:
JBMESSAGING-1930
Modified: branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityActions.java
===================================================================
--- branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityActions.java 2012-07-12 15:49:06 UTC (rev 8547)
+++ branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityActions.java 2012-07-16 02:44:22 UTC (rev 8548)
@@ -24,14 +24,23 @@
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
+import java.util.Set;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
+import org.jboss.jms.server.SecurityStore;
+import org.jboss.jms.server.security.SecurityMetadata;
+import org.jboss.jms.server.security.CheckType;
+import java.security.Principal;
+import javax.jms.JMSSecurityException;
+
/** A collection of privileged actions for this package
* @author Scott.Stark at jboss.org
* @author <a href="mailto:alex at jboss.org">Alexey Loubyansky</a>
@@ -64,4 +73,53 @@
}});
}
+ static SecurityMetadata getSecurityMetadata( final SecurityStore sm,
+ final boolean isQueue,
+ final String name )
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityMetadata>() {
+ public SecurityMetadata run() {
+ return sm.getSecurityMetadata(isQueue, name);
+ }
+ });
+ }
+
+ static void authenticate( final SecurityStore sm,
+ final String username,
+ final String password ) throws JMSSecurityException
+ {
+ try
+ {
+ AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception {
+ sm.authenticate(username, password);
+ return null;
+ }
+ });
+ }
+ catch( PrivilegedActionException pae )
+ {
+ throw new JMSSecurityException(pae.toString());
+ }
+ }
+
+ static public boolean authorize( final SecurityStore sm,
+ final String username,
+ final Set principals,
+ final CheckType checkType ) throws JMSSecurityException
+ {
+ try
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() {
+ public Boolean run() throws Exception {
+ return sm.authorize(username, principals, checkType);
+ }
+ });
+ }
+ catch( PrivilegedActionException pae )
+ {
+ throw new JMSSecurityException(pae.toString());
+ }
+ }
}
Modified: branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityAspect.java
===================================================================
--- branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityAspect.java 2012-07-12 15:49:06 UTC (rev 8547)
+++ branches/Branch_1_4/integration/EAP5/src/main/org/jboss/jms/server/container/SecurityAspect.java 2012-07-16 02:44:22 UTC (rev 8548)
@@ -29,6 +29,10 @@
import javax.jms.JMSSecurityException;
import javax.jms.Message;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aop.joinpoint.MethodInvocation;
import org.jboss.jms.destination.JBossDestination;
@@ -278,12 +282,13 @@
return;
}
- boolean isQueue = jbd.isQueue();
- String name = jbd.getName();
+ final boolean isQueue = jbd.isQueue();
+ final String name = jbd.getName();
- SecurityStore sm = conn.getSecurityManager();
- SecurityMetadata securityMetadata = sm.getSecurityMetadata(isQueue, name);
+ final SecurityStore sm = conn.getSecurityManager();
+ SecurityMetadata securityMetadata = SecurityActions.getSecurityMetadata(sm, isQueue, name);
+
if (securityMetadata == null)
{
throw new JMSSecurityException("No security configuration avaliable for " + name);
@@ -292,15 +297,20 @@
// Authenticate. Need to save current SecurityContext
SecurityContext previousSCtx = SecurityActions.getSecurityContext();
- sm.authenticate(conn.getUsername(), conn.getPassword());
+ final String username = conn.getUsername();
+ final String password = conn.getPassword();
+ SecurityActions.authenticate(sm, username, password);
+
// Authorize
- Set principals = checkType == CheckType.READ ? securityMetadata.getReadPrincipals() :
+ final Set principals = checkType == CheckType.READ ? securityMetadata.getReadPrincipals() :
checkType == CheckType.WRITE ? securityMetadata.getWritePrincipals() :
securityMetadata.getCreatePrincipals();
try
{
- if (!sm.authorize(conn.getUsername(), principals, checkType))
+ final CheckType tmpCheckType = checkType;
+
+ if (!SecurityActions.authorize(sm, conn.getUsername(), principals, checkType))
{
String msg = "User: " + conn.getUsername() +
" is not authorized to " +
More information about the jboss-cvs-commits
mailing list