All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.ow2.easybeans.security.propagation.jonas.JOnASSecurityContext Maven / Gradle / Ivy

/**
 * EasyBeans
 * Copyright (C) 2006 Bull S.A.S.
 * Contact: [email protected]
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 * USA
 *
 * --------------------------------------------------------------------------
 * $Id: JOnASSecurityContext.java 5602 2010-10-01 15:49:31Z sauthieg $
 * --------------------------------------------------------------------------
 */

package org.ow2.easybeans.security.propagation.jonas;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.security.acl.Group;

import javax.security.auth.Subject;

import org.ow2.easybeans.security.api.EZBSecurityContext;
import org.ow2.easybeans.security.struct.JPrincipal;

/**
 * Wrapper class for the JOnAS security.
* It will propagate and read JOnAS security context. * @author Florent Benoit */ public class JOnASSecurityContext implements EZBSecurityContext { /** * Wrapped security context of JOnAS. */ private Object jonasSecurityContext = null; /** * Builds a security context around JOnAS security context. * @param jonasSecurityContext the JOnAS context */ public JOnASSecurityContext(final Object jonasSecurityContext) { this.jonasSecurityContext = jonasSecurityContext; } /** * Gets the caller's principal. * @param runAsBean if true, the bean is a run-as bean. * @return principal of the caller. */ public Principal getCallerPrincipal(final boolean runAsBean) { Method m = null; try { m = jonasSecurityContext.getClass().getMethod("getCallerPrincipal", new Class[] {boolean.class}); } catch (SecurityException e) { throw new IllegalStateException("Cannot get the method getCallerPrincipal on the JOnAS security context", e); } catch (NoSuchMethodException e) { throw new IllegalStateException("Cannot get the method getCallerPrincipal on the JOnAS security context", e); } try { return (Principal) m.invoke(jonasSecurityContext, Boolean.valueOf(runAsBean)); } catch (IllegalArgumentException e) { throw new IllegalStateException("Cannot call getCallerPrincipal method on the JOnAS security context", e); } catch (IllegalAccessException e) { throw new IllegalStateException("Cannot call getCallerPrincipal method on the JOnAS security context", e); } catch (InvocationTargetException e) { throw new IllegalStateException("Cannot call getCallerPrincipal method on the JOnAS security context", e); } } /** * Gets the caller's roles. * @param runAsBean if true, the bean is a run-as bean. * @return array of roles of the caller. */ public Principal[] getCallerRoles(final boolean runAsBean) { Method m = null; try { m = jonasSecurityContext.getClass().getMethod("getCallerPrincipalRoles", new Class[] {boolean.class}); } catch (SecurityException e) { throw new IllegalStateException("Cannot get the method getCallerPrincipalRoles on the JOnAS security context", e); } catch (NoSuchMethodException e) { throw new IllegalStateException("Cannot get the method getCallerPrincipalRoles on the JOnAS security context", e); } String[] roles = null; try { roles = (String[]) m.invoke(jonasSecurityContext, Boolean.valueOf(runAsBean)); } catch (IllegalArgumentException e) { throw new IllegalStateException("Cannot call getCallerPrincipalRoles method on the JOnAS security context", e); } catch (IllegalAccessException e) { throw new IllegalStateException("Cannot call getCallerPrincipalRoles method on the JOnAS security context", e); } catch (InvocationTargetException e) { throw new IllegalStateException("Cannot call getCallerPrincipalRoles method on the JOnAS security context", e); } if (roles == null) { throw new IllegalStateException("No roles found on the JOnAS security context"); } Principal[] principals = new Principal[roles.length]; int i = 0; for (String role : roles) { principals[i++] = new JPrincipal(role); } return principals; } /** * Enters in run-as mode with the given subject.
* The previous subject is stored and will be restored when run-as mode will * be ended. * @param runAsSubject the subject to used in run-as mode. * @return the previous subject. */ public Subject enterRunAs(final Subject runAsSubject) { Method m = null; try { m = jonasSecurityContext.getClass().getMethod("pushRunAs", new Class[] {String.class, String.class, String[].class}); } catch (SecurityException e) { throw new IllegalStateException("Cannot get the method pushRunAs on the JOnAS security context", e); } catch (NoSuchMethodException e) { throw new IllegalStateException("Cannot get the method pushRunAs on the JOnAS security context", e); } // Get principal name from subject String principalName = null; for (Principal principal : runAsSubject.getPrincipals(Principal.class)) { if (!(principal instanceof Group)) { principalName = principal.getName(); break; } } // Get role from subject String role = null; for (Principal principal : runAsSubject.getPrincipals(Principal.class)) { if (principal instanceof Group) { role = ((Group) principal).members().nextElement().getName(); } } try { m.invoke(jonasSecurityContext, role, principalName, new String[] {role}); } catch (IllegalArgumentException e) { throw new IllegalStateException("Cannot call pushRunAs method on the JOnAS security context", e); } catch (IllegalAccessException e) { throw new IllegalStateException("Cannot call pushRunAs method on the JOnAS security context", e); } catch (InvocationTargetException e) { throw new IllegalStateException("Cannot call pushRunAs method on the JOnAS security context", e); } // Not used with JOnAS security context return null; } /** * Ends the run-as mode and then restore the context stored by container. * @param oldSubject subject kept by container and restored. */ public void endsRunAs(final Subject oldSubject) { Method m = null; try { m = jonasSecurityContext.getClass().getMethod("popRunAs"); } catch (SecurityException e) { throw new IllegalStateException("Cannot get the method popRunAs on the JOnAS security context", e); } catch (NoSuchMethodException e) { throw new IllegalStateException("Cannot get the method popRunAs on the JOnAS security context", e); } try { m.invoke(jonasSecurityContext); } catch (IllegalArgumentException e) { throw new IllegalStateException("Cannot call popRunAs method on the JOnAS security context", e); } catch (IllegalAccessException e) { throw new IllegalStateException("Cannot call popRunAs method on the JOnAS security context", e); } catch (InvocationTargetException e) { throw new IllegalStateException("Cannot call popRunAs method on the JOnAS security context", e); } } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy