de.tsl2.nano.serviceaccess.aas.principal.AbstractPrincipalAction Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of tsl2.nano.serviceaccess Show documentation

TSL2 JEE Service Access (Generic Services for Entity Access, JEE File-System-Connector, Generic Featuring, Job-Scheduling, BeanContainer, Batch, Comfortable Bean Query Definitions, JAAS, Authentification, Authorization, )

The newest version!

/*
 * Copyright © 2002-2008 Thomas Schneider
 * Alle Rechte vorbehalten.
 * Weiterverbreitung, Benutzung, Vervielfältigung oder Offenlegung,
 * auch auszugsweise, nur mit Genehmigung.
 */
package de.tsl2.nano.serviceaccess.aas.principal;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;

import javax.security.auth.Subject;
import javax.security.auth.SubjectDomainCombiner;

import org.apache.commons.logging.Log;

import de.tsl2.nano.action.CommonAction;
import de.tsl2.nano.action.IActivable;
import de.tsl2.nano.core.log.LogFactory;
import de.tsl2.nano.serviceaccess.ServiceFactory;

/**
 * base class to define security managed actions.
 * 
 * @author TS
 * 
 */
public abstract class AbstractPrincipalAction extends CommonAction {
    /** serialVersionUID */
    private static final long serialVersionUID = 2906676372188531019L;
    private static final Log LOG = LogFactory.getLog(AbstractPrincipalAction.class);

    public AbstractPrincipalAction() {
        super();
    }

    /**
     * {@inheritDoc}
     */
    public AbstractPrincipalAction(String id,
            String shortDescription,
            String longDescription,
            IActivable enabler,
            Collection receiverIDs) {
        super(id, shortDescription, longDescription, enabler, receiverIDs, null);
    }

    /**
     * {@inheritDoc}
     */
    public AbstractPrincipalAction(String id, String shortDescription, String longDescription, IActivable actionEnabler) {
        super(id, shortDescription, longDescription, actionEnabler, null);
    }

    /**
     * {@inheritDoc}
     */
    public AbstractPrincipalAction(String id, String shortDescription, String longDescription) {
        super(id, shortDescription, longDescription);
    }

    /**
     * {@inheritDoc}
     */
    @Override
    public RETURNTYPE activate() {
        // the static permission check is done by the subject.doAs()
        if (!isPermitted()) {
            throw new SecurityException("the current user is not allowed to start the action " + getId());
        }
        final CommonAction _thisAction = this;
        final Subject subject = ServiceFactory.instance().getSubject();
        // needs security policy entry "doAs"
        return Subject.doAs(subject, new PrivilegedAction() {
            @Override
            public RETURNTYPE run() {
                _thisAction.run();
                return _thisAction.getLastResult();
            }
        });
    }

    /**
     * @return true, if security managers permission check was ok.
     */
    public boolean isPermitted() {
        try {
            // needs security policy entry "createAccessControlContext"
            final AccessControlContext accessControlContext = new AccessControlContext(AccessController.getContext(),
                new SubjectDomainCombiner(ServiceFactory.instance().getSubject()));
            accessControlContext.checkPermission(new APermission(getId(), null));
            // System.getSecurityManager().checkPermission(new
            // ActionPermission(getId()));
            return true;
        } catch (final SecurityException e) {
            LOG.error("", e);
            return false;
        }
    }
}