[jbpm-commits] JBoss JBPM SVN: r3345 - in jbpm3/trunk/modules/core/src/main/java/org/jbpm: security and 1 other directories.

do-not-reply at jboss.org do-not-reply at jboss.org
Thu Dec 11 11:48:44 EST 2008


Author: camunda
Date: 2008-12-11 11:48:44 -0500 (Thu, 11 Dec 2008)
New Revision: 3345

Added:
   jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java
Modified:
   jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java
   jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java
   jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java
Log:
JBPM-1909: added factory for SubjectAuthenticationService, added "setActorId" to AuthenticationService interface, using interface in JbpmContext now

Modified: jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java	2008-12-11 16:47:48 UTC (rev 3344)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java	2008-12-11 16:48:44 UTC (rev 3345)
@@ -42,7 +42,7 @@
 import org.jbpm.graph.exe.Token;
 import org.jbpm.persistence.PersistenceService;
 import org.jbpm.persistence.db.DbPersistenceService;
-import org.jbpm.security.authentication.DefaultAuthenticationService;
+import org.jbpm.security.AuthenticationService;
 import org.jbpm.svc.ServiceFactory;
 import org.jbpm.svc.Services;
 import org.jbpm.taskmgmt.exe.TaskInstance;
@@ -660,12 +660,10 @@
 
   /**
    * sets the currently authenticated actorId.
-   * 
-   * @throws ClassCastException if another authentication service is configured then the default.
    */
   public void setActorId(String actorId)
   {
-    DefaultAuthenticationService authenticationService = (DefaultAuthenticationService)services.getAuthenticationService();
+    AuthenticationService authenticationService = (AuthenticationService)services.getAuthenticationService();
     authenticationService.setActorId(actorId);
   }
 

Modified: jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java	2008-12-11 16:47:48 UTC (rev 3344)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java	2008-12-11 16:48:44 UTC (rev 3345)
@@ -23,7 +23,22 @@
 
 import org.jbpm.svc.Service;
 
+/**
+ * Responsible for knowing which user is currently logged in.
+ * 
+ * @author Original author n.n. (maybe Tom?), bernd.ruecker at camunda.com
+ */
 public interface AuthenticationService extends Service {
 
+  /**
+   * retrieve the currently authenticated actor
+   */
   String getActorId();
+
+  /**
+   * set the currently authenticated actor. This method maybe ignored
+   * by some implementations (e.g. when using JAAS it is not a good idea
+   * to change the authenticated actor).
+   */
+  void setActorId(String actorId);
 }

Modified: jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java	2008-12-11 16:47:48 UTC (rev 3344)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java	2008-12-11 16:48:44 UTC (rev 3345)
@@ -27,38 +27,70 @@
 
 import javax.security.auth.Subject;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.jbpm.JbpmConfiguration;
+import org.jbpm.JbpmContext;
 import org.jbpm.security.AuthenticationService;
 import org.jbpm.util.ClassLoaderUtil;
 
 /**
  * gets the authenticated actor id from the current Subject.
  * This Authenticator requires another configuration parameter 
- * 'jbpm.authenticator.principal.classname'.  This configuration property 
+ * 'jbpm.authenticator.principal.classname'. This configuration property 
  * specifies the class name of the principal that should be used from 
- * the current subject.  The name of that principal is used as the 
- * currently authenticated actorId. 
+ * the current subject. This could be for example org.jboss.security.CallerIdentity
+ * in an JBoss AS. 
+ * 
+ * If not actorId is set, the name of that principal is used as the 
+ * currently authenticated actorId. If an actorId!=null is set (via setActorId)
+ * this one overwrites the principal. This behavior is configurable via
+ * the 'jbpm.authenticator.principal.allow.overwrite' attribute. If this
+ * is set to false, setActorId is simply ignored.
+ * 
  */
 public class SubjectAuthenticationService implements AuthenticationService {
   
   private static final long serialVersionUID = 1L;
   
+  private static Log log = LogFactory.getLog(JbpmContext.class);
+  
   private static final String principalClassName = JbpmConfiguration.Configs.getString("jbpm.authenticator.principal.classname");
   private static Class principalClass = ClassLoaderUtil.loadClass(principalClassName);
+  
+  private static final boolean allowActorIdOverwrite = JbpmConfiguration.Configs.getBoolean("jbpm.authenticator.principal.allow.overwrite");
+  
+  private String actorId;
 
   public String getActorId() {
-    String authenticatedActorId = null;
-    Subject subject = Subject.getSubject(AccessController.getContext());
-    Set principals = subject.getPrincipals(principalClass);
-    if ( (principals!=null)
-         && (!principals.isEmpty()) 
-       ) {
-      Principal principal = (Principal) principals.iterator().next();
-      authenticatedActorId = principal.getName();
+    if (actorId==null) {
+
+      Subject subject = Subject.getSubject(AccessController.getContext());
+      if (subject==null) {
+        log.warn("no javax.security.auth.Subject exists! Cannot set jbpm actorId");
+        return null;
+      }
+      
+      Set principals = subject.getPrincipals(principalClass);
+      if ( (principals!=null)
+           && (!principals.isEmpty()) 
+         ) {
+        // always use the first one (so be patient what Principal classes are used)
+        Principal principal = (Principal) principals.iterator().next();
+        actorId = principal.getName();
+      }
     }
-    return authenticatedActorId;
+    return actorId;
   }
 
+  public void setActorId(String actorId)
+  {
+    if (allowActorIdOverwrite && actorId!=null) {
+      this.actorId = actorId;
+    }
+  }
+  
   public void close() {
   }
+  
 }

Added: jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java	                        (rev 0)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java	2008-12-11 16:48:44 UTC (rev 3345)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jbpm.security.authentication;
+
+import org.jbpm.svc.Service;
+import org.jbpm.svc.ServiceFactory;
+
+/**
+ * Factory to create a {@link SubjectAuthenticationService}.
+ * 
+ * @author bernd.ruecker at camunda.com
+ */
+public class SubjectAuthenticationServiceFactory implements ServiceFactory {
+
+  private static final long serialVersionUID = 1L;
+
+  public Service openService() {
+    return new SubjectAuthenticationService();
+  }
+
+  public void close() {
+  }
+}




More information about the jbpm-commits mailing list