[jbpm-commits] JBoss JBPM SVN: r3345 - in jbpm3/trunk/modules/core/src/main/java/org/jbpm: security and 1 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu Dec 11 11:48:44 EST 2008
Author: camunda
Date: 2008-12-11 11:48:44 -0500 (Thu, 11 Dec 2008)
New Revision: 3345
Added:
jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java
Modified:
jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java
jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java
jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java
Log:
JBPM-1909: added factory for SubjectAuthenticationService, added "setActorId" to AuthenticationService interface, using interface in JbpmContext now
Modified: jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java 2008-12-11 16:47:48 UTC (rev 3344)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/JbpmContext.java 2008-12-11 16:48:44 UTC (rev 3345)
@@ -42,7 +42,7 @@
import org.jbpm.graph.exe.Token;
import org.jbpm.persistence.PersistenceService;
import org.jbpm.persistence.db.DbPersistenceService;
-import org.jbpm.security.authentication.DefaultAuthenticationService;
+import org.jbpm.security.AuthenticationService;
import org.jbpm.svc.ServiceFactory;
import org.jbpm.svc.Services;
import org.jbpm.taskmgmt.exe.TaskInstance;
@@ -660,12 +660,10 @@
/**
* sets the currently authenticated actorId.
- *
- * @throws ClassCastException if another authentication service is configured then the default.
*/
public void setActorId(String actorId)
{
- DefaultAuthenticationService authenticationService = (DefaultAuthenticationService)services.getAuthenticationService();
+ AuthenticationService authenticationService = (AuthenticationService)services.getAuthenticationService();
authenticationService.setActorId(actorId);
}
Modified: jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java 2008-12-11 16:47:48 UTC (rev 3344)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/AuthenticationService.java 2008-12-11 16:48:44 UTC (rev 3345)
@@ -23,7 +23,22 @@
import org.jbpm.svc.Service;
+/**
+ * Responsible for knowing which user is currently logged in.
+ *
+ * @author Original author n.n. (maybe Tom?), bernd.ruecker at camunda.com
+ */
public interface AuthenticationService extends Service {
+ /**
+ * retrieve the currently authenticated actor
+ */
String getActorId();
+
+ /**
+ * set the currently authenticated actor. This method maybe ignored
+ * by some implementations (e.g. when using JAAS it is not a good idea
+ * to change the authenticated actor).
+ */
+ void setActorId(String actorId);
}
Modified: jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java 2008-12-11 16:47:48 UTC (rev 3344)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationService.java 2008-12-11 16:48:44 UTC (rev 3345)
@@ -27,38 +27,70 @@
import javax.security.auth.Subject;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.jbpm.JbpmConfiguration;
+import org.jbpm.JbpmContext;
import org.jbpm.security.AuthenticationService;
import org.jbpm.util.ClassLoaderUtil;
/**
* gets the authenticated actor id from the current Subject.
* This Authenticator requires another configuration parameter
- * 'jbpm.authenticator.principal.classname'. This configuration property
+ * 'jbpm.authenticator.principal.classname'. This configuration property
* specifies the class name of the principal that should be used from
- * the current subject. The name of that principal is used as the
- * currently authenticated actorId.
+ * the current subject. This could be for example org.jboss.security.CallerIdentity
+ * in an JBoss AS.
+ *
+ * If not actorId is set, the name of that principal is used as the
+ * currently authenticated actorId. If an actorId!=null is set (via setActorId)
+ * this one overwrites the principal. This behavior is configurable via
+ * the 'jbpm.authenticator.principal.allow.overwrite' attribute. If this
+ * is set to false, setActorId is simply ignored.
+ *
*/
public class SubjectAuthenticationService implements AuthenticationService {
private static final long serialVersionUID = 1L;
+ private static Log log = LogFactory.getLog(JbpmContext.class);
+
private static final String principalClassName = JbpmConfiguration.Configs.getString("jbpm.authenticator.principal.classname");
private static Class principalClass = ClassLoaderUtil.loadClass(principalClassName);
+
+ private static final boolean allowActorIdOverwrite = JbpmConfiguration.Configs.getBoolean("jbpm.authenticator.principal.allow.overwrite");
+
+ private String actorId;
public String getActorId() {
- String authenticatedActorId = null;
- Subject subject = Subject.getSubject(AccessController.getContext());
- Set principals = subject.getPrincipals(principalClass);
- if ( (principals!=null)
- && (!principals.isEmpty())
- ) {
- Principal principal = (Principal) principals.iterator().next();
- authenticatedActorId = principal.getName();
+ if (actorId==null) {
+
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ if (subject==null) {
+ log.warn("no javax.security.auth.Subject exists! Cannot set jbpm actorId");
+ return null;
+ }
+
+ Set principals = subject.getPrincipals(principalClass);
+ if ( (principals!=null)
+ && (!principals.isEmpty())
+ ) {
+ // always use the first one (so be patient what Principal classes are used)
+ Principal principal = (Principal) principals.iterator().next();
+ actorId = principal.getName();
+ }
}
- return authenticatedActorId;
+ return actorId;
}
+ public void setActorId(String actorId)
+ {
+ if (allowActorIdOverwrite && actorId!=null) {
+ this.actorId = actorId;
+ }
+ }
+
public void close() {
}
+
}
Added: jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java
===================================================================
--- jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java (rev 0)
+++ jbpm3/trunk/modules/core/src/main/java/org/jbpm/security/authentication/SubjectAuthenticationServiceFactory.java 2008-12-11 16:48:44 UTC (rev 3345)
@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jbpm.security.authentication;
+
+import org.jbpm.svc.Service;
+import org.jbpm.svc.ServiceFactory;
+
+/**
+ * Factory to create a {@link SubjectAuthenticationService}.
+ *
+ * @author bernd.ruecker at camunda.com
+ */
+public class SubjectAuthenticationServiceFactory implements ServiceFactory {
+
+ private static final long serialVersionUID = 1L;
+
+ public Service openService() {
+ return new SubjectAuthenticationService();
+ }
+
+ public void close() {
+ }
+}
More information about the jbpm-commits
mailing list