org.apache.openejb.core.security.JaccProvider Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of openejb-core Show documentation
There is a newer version: 4.7.5
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.openejb.core.security;

import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;

/**
 * @version $Rev: 1153797 $ $Date: 2011-08-04 02:09:44 -0700 (Thu, 04 Aug 2011) $
 */
public abstract class JaccProvider {

    private static final String FACTORY_NAME = JaccProvider.class.getName();
    private static JaccProvider jaccProvider;

    public static JaccProvider get() {
        return jaccProvider;
    }

    public static void set(JaccProvider provider) {
        // todo add a security check
        jaccProvider = provider;
    }

    /**
     * This static method uses a system property to find and instantiate (via a
     * public constructor) a provider specific factory implementation class.
     * The name of the provider specific factory implementation class is
     * obtained from the value of the system property,
     * org.apache.openejb.security.JaccProvider.
     * PolicyConfigurationFactory implementation class.
     *
     * @throws ClassNotFoundException when the class named by the system
     *                                property could not be found including because the value of the system
     *                                property has not be set.
     * @throws PolicyContextException if the implementation throws a checked
     *                                exception that has not been accounted for by the
     *                                getPolicyConfigurationFactory method signature. The exception thrown by
     *                                the implementation class will be encapsulated (during construction) in
     *                                the thrown PolicyContextException
     */
    public static void install() throws ClassNotFoundException, PolicyContextException {
        if (jaccProvider != null) return;

        final String[] factoryClassName = {null};
        try {
            jaccProvider = (JaccProvider) AccessController.doPrivileged(new PrivilegedExceptionAction() {
                public Object run() throws Exception {
                    factoryClassName[0] = System.getProperty(FACTORY_NAME);

                    if (factoryClassName[0] == null)
                        throw new ClassNotFoundException("Property " + FACTORY_NAME + " not set");
                    Thread currentThread = Thread.currentThread();
                    ClassLoader tccl = currentThread.getContextClassLoader();
                    return Class.forName(factoryClassName[0], true, tccl).newInstance();
                }
            });
        } catch (PrivilegedActionException pae) {
            if (pae.getException() instanceof ClassNotFoundException) {
                throw (ClassNotFoundException) pae.getException();
            } else if (pae.getException() instanceof InstantiationException) {
                throw new ClassNotFoundException(factoryClassName[0] + " could not be instantiated");
            } else if (pae.getException() instanceof IllegalAccessException) {
                throw new ClassNotFoundException("Illegal access to " + factoryClassName);
            }
            throw new PolicyContextException(pae.getException());
        }
    }


    public static class Factory extends PolicyConfigurationFactory {
        public Factory() throws PolicyContextException, ClassNotFoundException {
            install();
        }

        public PolicyConfiguration getPolicyConfiguration(String contextID, boolean remove) throws PolicyContextException {
            return get().getPolicyConfiguration(contextID, remove);
        }

        public boolean inService(String contextID) throws PolicyContextException {
            return get().inService(contextID);
        }
    }

    public static class Policy extends java.security.Policy {

        public Policy() throws PolicyContextException, ClassNotFoundException {
            install();
        }

        public PermissionCollection getPermissions(CodeSource codesource) {
            return get().getPermissions(codesource);
        }

        public void refresh() {
            get().refresh();
        }

        public boolean implies(ProtectionDomain domain, Permission permission) {
            return get().implies(domain, permission);
        }
    }

    public abstract PolicyConfiguration getPolicyConfiguration(String contextID, boolean remove) throws PolicyContextException;

    public abstract boolean inService(String contextID) throws PolicyContextException;

    public abstract PermissionCollection getPermissions(CodeSource codesource);

    public abstract void refresh();

    public abstract boolean implies(ProtectionDomain domain, Permission permission);
}