All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jboss.security.plugins.SubjectActions Maven / Gradle / Ivy

There is a newer version: 5.1.0.Final
Show newest version
/*
* JBoss, Home of Professional Open Source
* Copyright 2005, JBoss Inc., and individual contributors as indicated
* by the @authors tag. See the copyright.txt in the distribution for a
* full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.security.plugins;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;

import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory;

/** Common PrivilegedAction used by classes in this package.
 * 
 * @author [email protected]
 * @author [email protected]
 * @version $Revision$
 */
class SubjectActions
{
   private static class ToStringSubjectAction implements PrivilegedAction
   {
      Subject subject;
      ToStringSubjectAction(Subject subject)
      {
         this.subject = subject;
      }
      public String run()
      {
         StringBuffer tmp = new StringBuffer();
         tmp.append("Subject(");
         tmp.append(System.identityHashCode(subject));
         tmp.append(").principals=");
         Iterator principals = subject.getPrincipals().iterator();
         while( principals.hasNext() )
         {
            Object p = principals.next();
            Class c = p.getClass();
            tmp.append(c.getName());
            tmp.append('@');
            tmp.append(System.identityHashCode(c));
            tmp.append('(');
            tmp.append(p);
            tmp.append(')');
         }
         return tmp.toString();
      }
   }

   private static class GetSubjectAction implements PrivilegedAction
   {
      static PrivilegedAction ACTION = new GetSubjectAction();
      public Subject run()
      {
         Subject subject = null;
         try
         {
            subject = (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
         }
         catch(PolicyContextException pce)
         {
            SecurityContext sc = getSecurityContext();
            subject = sc.getUtil().getSubject();
         }
         return subject;
      }
   }

   private static class CopySubjectAction implements PrivilegedAction
   {
      Subject fromSubject;
      Subject toSubject;
      boolean setReadOnly;
      boolean deepCopy;
      
      CopySubjectAction(Subject fromSubject, Subject toSubject, boolean setReadOnly)
      {
         this.fromSubject = fromSubject;
         this.toSubject = toSubject;
         this.setReadOnly = setReadOnly;
      }
      public void setDeepCopy(boolean flag)
      {
         this.deepCopy = flag;
      }
      
      public Object run()
      {
         Set principals = fromSubject.getPrincipals();
         Set principals2 = toSubject.getPrincipals();
         Iterator iter = principals.iterator();
         while( iter.hasNext() )
            principals2.add((Principal) getCloneIfNeeded(iter.next()));  
         Set privateCreds = fromSubject.getPrivateCredentials();
         Set privateCreds2 = toSubject.getPrivateCredentials();
         Iterator iterCred = privateCreds.iterator();
         while( iterCred.hasNext() )
            privateCreds2.add(getCloneIfNeeded(iter.next()));
         Set publicCreds = fromSubject.getPublicCredentials();
         Set publicCreds2 = toSubject.getPublicCredentials();
         iterCred = publicCreds.iterator();
         while( iterCred.hasNext() )
            publicCreds2.add(getCloneIfNeeded(iter.next()));
         if( setReadOnly == true )
            toSubject.setReadOnly();
         return null;
      }
      
      /** Check if the deepCopy flag is ON &&
       *  Object implements Cloneable and return cloned object */
      private Object getCloneIfNeeded(Object obj)
      {
         Object clonedObject = null;
         if(this.deepCopy && obj instanceof Cloneable)
         {
            Class clazz = obj.getClass();
            try
            {
               Method cloneMethod = clazz.getMethod("clone", (Class[])null);
               clonedObject = cloneMethod.invoke(obj, (Object[])null);
   }
            catch (Exception e)
            {//Ignore non-cloneable issues 
            } 
         }
         if(clonedObject == null)
            clonedObject = obj;
         return clonedObject;
      }
   }

   private static class LoginContextAction implements PrivilegedExceptionAction
   {
      String securityDomain;
      Subject subject;
      CallbackHandler handler;
      LoginContextAction(String securityDomain, Subject subject,
         CallbackHandler handler)
      {
         this.securityDomain = securityDomain;
         this.subject = subject;
         this.handler = handler;
      }
      public LoginContext run() throws Exception
      {
         LoginContext lc = new LoginContext(securityDomain, subject, handler);
         return lc;
      }
   }

   private static class GetTCLAction implements PrivilegedAction
   {
      static PrivilegedAction ACTION = new GetTCLAction();
      public ClassLoader run()
      {
         ClassLoader loader = Thread.currentThread().getContextClassLoader();
         return loader;
      }
   }
   
   private static class SetTCLAction implements PrivilegedAction
   {
      ClassLoader cl;
      
      SetTCLAction(ClassLoader cl)
      {
         this.cl = cl;
      }
      
      public Void run()
      {
         Thread.currentThread().setContextClassLoader(cl);
         return null;
      }
   }

   private static class SetContextInfoAction implements PrivilegedAction
   {
      String key;
      Object value;
      SetContextInfoAction(String key, Object value)
      {
         this.key = key;
         this.value = value;
      }
      public Object run()
      {
         //Set it on the current security context also
         SecurityContext sc = SecurityContextAssociation.getSecurityContext();
         if(sc != null)
         {
            sc.getData().put(key, value);
         }
         return SecurityContextAssociation.setContextInfo(key, value);
      }
   }

   interface PrincipalInfoAction
   {
      PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
      {
         public void push(final Principal principal, final Object credential,
            final Subject subject, final String securityDomain) 
         {
            AccessController.doPrivileged(
               new PrivilegedAction()
               {
                  public Object run()
                  {
                     //SecurityAssociation.pushSubjectContext(subject, principal, credential);
                     SecurityContext sc = SecurityContextAssociation.getSecurityContext();
                     if(sc == null)
                     {
                        try
                        {
                           sc = SecurityContextFactory.createSecurityContext(principal, credential,
                                 subject, securityDomain);
                        }
                        catch (Exception e)
                        {
                           throw new RuntimeException(e);
                        }
                     }
                     SecurityContextAssociation.setSecurityContext(sc);
                     return null;
                  }
               }
            );
         }
         public void pop()
         {
            AccessController.doPrivileged(
               new PrivilegedAction()
               {
                  public Object run()
                  {
                     //SecurityAssociation.popSubjectContext();
                     SecurityContextAssociation.clearSecurityContext();
                     return null;
                  }
               }
            );
         }
      };

      PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
      {
         public void push(Principal principal, Object credential, Subject subject,
               String securityDomain)
         {
            //SecurityAssociation.pushSubjectContext(subject, principal, credential);
            SecurityContext sc = SecurityContextAssociation.getSecurityContext();
            if(sc == null)
            {
               try
               {
                  sc = SecurityContextFactory.createSecurityContext(principal, credential,
                        subject, securityDomain);
               }
               catch (Exception e)
               {
                  throw new RuntimeException(e);
               }
            }
            else
            {
               sc.getUtil().createSubjectInfo(principal, credential, subject); 
            }
            SecurityContextAssociation.setSecurityContext(sc); 
         }
         public void pop()
         {
            //SecurityAssociation.popSubjectContext();
            SecurityContextAssociation.clearSecurityContext();
         }
      };

      void push(Principal principal, Object credential, Subject subject, String securityDomain);
      void pop();
   }

   static Subject getActiveSubject()
   {
      Subject subject = AccessController.doPrivileged(GetSubjectAction.ACTION);
      return subject;
   }
   static void copySubject(Subject fromSubject, Subject toSubject)
   {
      copySubject(fromSubject, toSubject, false);
   }
   static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly)
   {
      CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
      if( System.getSecurityManager() != null )
         AccessController.doPrivileged(action);
      else
         action.run();
   }

   static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly,
         boolean deepCopy)
   {
      CopySubjectAction action = new CopySubjectAction(fromSubject, toSubject, setReadOnly);
      action.setDeepCopy(deepCopy);
      if( System.getSecurityManager() != null )
         AccessController.doPrivileged(action);
      else
         action.run();
   }

   static LoginContext createLoginContext(String securityDomain, Subject subject,
      CallbackHandler handler)
      throws LoginException
   {
      LoginContextAction action = new LoginContextAction(securityDomain, subject, handler);
      try
      {
         LoginContext lc = AccessController.doPrivileged(action);
         return lc;
      }
      catch(PrivilegedActionException e)
      {
         Exception ex = e.getException();
         if( ex instanceof LoginException )
            throw (LoginException) ex;
         else
            throw new LoginException(ex.getLocalizedMessage());
      }
   } 
   
   static ClassLoader getContextClassLoader()
   {
      ClassLoader loader = AccessController.doPrivileged(GetTCLAction.ACTION);
      return loader;
   }
   
   static void setContextClassLoader(ClassLoader cl)
   {
      AccessController.doPrivileged(new SetTCLAction(cl));
   }

   static Object setContextInfo(String key, Object value)
   {
      SetContextInfoAction action = new SetContextInfoAction(key, value);
      Object prevInfo = AccessController.doPrivileged(action);
      return prevInfo;
   }

   static void pushSubjectContext(Principal principal, Object credential,
      Subject subject, String securityDomain)
   {
      if(System.getSecurityManager() == null)
      {
         PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject, securityDomain);
      }
      else
      {
         PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject, securityDomain);
      }
   }
   static void popSubjectContext()
   {
      if(System.getSecurityManager() == null)
      {
         PrincipalInfoAction.NON_PRIVILEGED.pop();
      }
      else
      {
         PrincipalInfoAction.PRIVILEGED.pop();
      }
   }

   
   static String toString(Subject subject)
   {
      ToStringSubjectAction action = new ToStringSubjectAction(subject);
      String info = (String) AccessController.doPrivileged(action);
      return info;
   }
   
   static SecurityContext getSecurityContext()
   { 
      return AccessController.doPrivileged(new PrivilegedAction(){

         public SecurityContext run()
         {   
            return SecurityContextAssociation.getSecurityContext();
         }});
   }
   
   static void setSecurityContext(final SecurityContext sc)
   { 
      AccessController.doPrivileged(new PrivilegedAction(){

         public SecurityContext run()
         { 
            SecurityContextAssociation.setSecurityContext(sc);
            return null;
         }});
   }
   
   /**
    * Indicates whether the user has requested a refresh of the security context roles
    * via a system property ("jbosssx.context.roles.refresh") which is either "true"
    * or "false". default is "false"
    * TODO: Externalize this system property setting such that it is passed as a map of
    * options on the AuthorizationManagerService to be passed to AuthorizationManagers via
    * the optional setOptions(Properties props) method
    * @return
    */
   static String getRefreshSecurityContextRoles()
   {
      return  AccessController.doPrivileged(new PrivilegedAction()
      { 
         public String run()
         {
            return System.getProperty("jbosssx.context.roles.refresh","false"); 
         }}
      );
   }
   
   static String getSystemProperty(final String key, final String defaultValue)
   {
      return AccessController.doPrivileged(new PrivilegedAction()
      { 
         public String run()
         {
            return System.getProperty(key,defaultValue); 
         }}
      );
   } 
   
   static Principal getPrincipal()
   {
      return AccessController.doPrivileged(new PrivilegedAction()
      {
         public Principal run()
         {
            Principal principal = null;
            SecurityContext sc = getSecurityContext();
            if(sc != null)
            {
               principal = sc.getUtil().getUserPrincipal();
            }
            return principal;
         }
      });
   }

   static Object getCredential()
   {
      return AccessController.doPrivileged(new PrivilegedAction()
      {
         public Object run()
         {
            Object credential = null;
            SecurityContext sc = getSecurityContext();
            if(sc != null)
            {
               credential = sc.getUtil().getCredential();
            }
            return credential;
         }
      });
   }
}