All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jboss.security.identitytrust.JBossIdentityTrustContext Maven / Gradle / Ivy

There is a newer version: 5.1.0.Final
Show newest version
/*
  * JBoss, Home of Professional Open Source
  * Copyright 2007, JBoss Inc., and individual contributors as indicated
  * by the @authors tag. See the copyright.txt in the distribution for a
  * full listing of individual contributors.
  *
  * This is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
package org.jboss.security.identitytrust;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.Map;

import javax.security.auth.login.LoginException;

import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityContext;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.IdentityTrustInfo;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
import org.jboss.security.plugins.ClassLoaderLocator;
import org.jboss.security.plugins.ClassLoaderLocatorFactory;
 
/**
 *  Implementation of the Identity Trust Context
 *  @author [email protected]
 *  @since  Aug 2, 2007 
 *  @version $Revision$
 */
public class JBossIdentityTrustContext extends IdentityTrustContext
{ 
   public JBossIdentityTrustContext(String secDomain, SecurityContext sc)
   {
      this.securityDomain = secDomain;
      this.securityContext = sc;
   }
   
   @Override
   public TrustDecision isTrusted() throws IdentityTrustException
   { 
      TrustDecision decision = NOTAPPLICABLE;
         
      try
      {
         initializeModules();
      }
      catch (Exception e)
      {
         throw new IdentityTrustException(e);
      }
      //Do a PrivilegedAction
      try
      {
         decision = AccessController.doPrivileged(new PrivilegedExceptionAction() 
         {
            public TrustDecision run() throws IdentityTrustException 
            {
               TrustDecision result = invokeTrusted();
               if(result == PERMIT)
                  invokeCommit();
               if(result == DENY || result == NOTAPPLICABLE)
               {
                  invokeAbort();  
               } 
               return result;
            }
         });
      }
      catch (PrivilegedActionException e)
      {
         Exception exc = e.getException();
         invokeAbort();
         throw ((IdentityTrustException)exc);
      }
      return decision; 
   } 
   
   private void initializeModules() throws Exception
   {
	  ClassLoader moduleCL = null;
      //Clear the modules
      modules.clear();
      //Get the Configuration
      ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy( securityDomain);
      if(aPolicy == null)
         throw PicketBoxMessages.MESSAGES.failedToObtainApplicationPolicy(securityDomain);

      IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo();
      if(iti == null)
         return;
      List jbossModuleNames = iti.getJBossModuleNames();
      if(!jbossModuleNames.isEmpty())
      {
    	  ClassLoaderLocator cll = ClassLoaderLocatorFactory.get();
    	  if(cll != null)
    	  {
    		  moduleCL = cll.get(jbossModuleNames);
    	  }
      }
      IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry();
      for(IdentityTrustModuleEntry itme: itmearr)
      { 
         ControlFlag cf = itme.getControlFlag();
         if(cf == null)
            cf = ControlFlag.REQUIRED;
         
         this.controlFlags.add(cf); 
         IdentityTrustModule module = instantiateModule(moduleCL, itme.getName(), itme.getOptions()); 
         modules.add(module); 
      }
   }
   
   @SuppressWarnings({"unchecked", "rawtypes"})
   private IdentityTrustModule instantiateModule(ClassLoader cl, String name, Map map) throws Exception
   {
      IdentityTrustModule im = null;
      try
      {
         Class clazz = SecurityActions.loadClass(cl, name);
         im = (IdentityTrustModule)clazz.newInstance();
      }
      catch ( Exception e)
      {
          PicketBoxLogger.LOGGER.debugIgnoredException(e);
      }
      if(im == null)
         throw new LoginException(PicketBoxMessages.MESSAGES.failedToInstantiateClassMessage(IdentityTrustModule.class));
      im.initialize(this.securityContext, this.callbackHandler, this.sharedState,map);
      return im;
   }
   
   private TrustDecision invokeTrusted() throws IdentityTrustException
   { 
      //Control Flag behavior
      boolean encounteredRequiredDeny = false; 
      boolean encounteredRequiredNotApplicable = false;
      boolean encounteredOptionalError = false; 
      IdentityTrustException moduleException = null;
      TrustDecision overallDecision = TrustDecision.NotApplicable;
      boolean encounteredRequiredPermit = false;
      
      TrustDecision decision = NOTAPPLICABLE;
      int length = modules.size();
     
      if(length == 0)
         return decision;
      
      for(int i = 0; i < length; i++)
      {
         IdentityTrustModule module = modules.get(i);
         ControlFlag flag = this.controlFlags.get(i);
         try
         {
            decision = module.isTrusted();
         }
         catch(Exception ae)
         {
            decision = NOTAPPLICABLE;
            if(moduleException == null)
               moduleException = new IdentityTrustException(ae);
         }
         
         if(decision == PERMIT)
         { 
            overallDecision =  PERMIT;
            if(flag == ControlFlag.REQUIRED)
               encounteredRequiredPermit = true;
            //SUFFICIENT case
            if(flag == ControlFlag.SUFFICIENT && encounteredRequiredDeny == false)
               return PERMIT;
            continue; //Continue with the other modules
         }
         
         if(decision == NOTAPPLICABLE && flag == ControlFlag.REQUIRED)
         {  
            encounteredRequiredNotApplicable = true;
            continue; //Continue with the other modules
         }
         //Go through the failure cases 
         //REQUISITE case
         if(flag == ControlFlag.REQUISITE)
         {
            PicketBoxLogger.LOGGER.debugRequisiteModuleFailure(module.getClass().getName());
            if(moduleException == null)
               moduleException = new IdentityTrustException(PicketBoxMessages.MESSAGES.identityTrustValidationFailedMessage());
            else
               throw moduleException;
         }
         //REQUIRED Case
         if(flag == ControlFlag.REQUIRED)
         {
             PicketBoxLogger.LOGGER.debugRequiredModuleFailure(module.getClass().getName());
             encounteredRequiredDeny = true;
         }
         if(flag == ControlFlag.OPTIONAL)
            encounteredOptionalError = true; 
      }
      
      //All the identity trust modules have been visited.
      if(encounteredRequiredDeny)
         return DENY;
      if(overallDecision == DENY && encounteredOptionalError)
         return DENY;
      if(overallDecision == DENY)
         return DENY;
      
      if(encounteredRequiredNotApplicable && !encounteredRequiredPermit)
         return NOTAPPLICABLE;
      return PERMIT;
   }
   
   private void invokeCommit() throws IdentityTrustException
   {
      int length = modules.size();
      for(int i = 0; i < length; i++)
      {
         IdentityTrustModule module = modules.get(i);
         boolean bool = module.commit();
         if(!bool)
            throw new IdentityTrustException(PicketBoxMessages.MESSAGES.moduleCommitFailedMessage());
      }
   }
   
   private void invokeAbort() throws IdentityTrustException
   {
      int length = modules.size();
      for(int i = 0; i < length; i++)
      {
         IdentityTrustModule module = modules.get(i);
         boolean bool = module.abort(); 
         if(!bool)
            throw new IdentityTrustException(PicketBoxMessages.MESSAGES.moduleAbortFailedMessage());
      }
   }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy