All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jboss.security.plugins.JBossSecurityContext Maven / Gradle / Ivy

/*
 * JBoss, the OpenSource J2EE webOS
 *
 * Distributable under LGPL license.
 * See terms of license at gnu.org.
 */ 
package org.jboss.security.plugins;

import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;

import javax.security.auth.callback.CallbackHandler;

import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.RunAs;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SecurityContextUtil;
import org.jboss.security.SecurityManagerLocator;
import org.jboss.security.SubjectInfo;
import org.jboss.security.audit.AuditManager;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.mapping.MappingManager;

/**
 *  Implementation of the Security Context for the JBoss AS
 *  @author Anil Saldhana
 *  @version $Revision$
 *  @since  Aug 30, 2006
 */
public class JBossSecurityContext implements SecurityContext, SecurityManagerLocator
{   
   private static final long serialVersionUID = 1L;
   
   //Define Security Permissions
   
   private static final RuntimePermission getDataPermission
     = new RuntimePermission(JBossSecurityContext.class.getName() + ".getData");
   
   private static final RuntimePermission getSubjectInfoPermission
     = new RuntimePermission(JBossSecurityContext.class.getName() + ".getSubjectInfo");

   private static final RuntimePermission setRolesPermission
     = new RuntimePermission(JBossSecurityContext.class.getName() + ".setRolesPermission");
   
   private static final RuntimePermission setRunAsPermission
     = new RuntimePermission(JBossSecurityContext.class.getName() + ".setRunAsPermission");
   
   private static final RuntimePermission setSubjectInfoPermission
   = new RuntimePermission(JBossSecurityContext.class.getName() + ".setSubjectInfo");
 
   private static final RuntimePermission getSecurityManagementPermission
     = new RuntimePermission(JBossSecurityContext.class.getName() + ".getSecurityManagement");
   
   private static final RuntimePermission setSecurityManagementPermission
     = new RuntimePermission(JBossSecurityContext.class.getName() + ".setSecurityManagement");
   
   private static final RuntimePermission setSecurityDomainPermission
     = new RuntimePermission(JBossSecurityContext.class.getName() + ".setSecurityDomain");

   protected static final Logger log = Logger.getLogger(JBossSecurityContext.class); 
   protected boolean trace = log.isTraceEnabled();  
   
   protected Map contextData = new HashMap();
   
   protected String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;

   protected SubjectInfo subjectInfo = null;
    
   protected RunAs incomingRunAs = null;
   protected RunAs outgoingRunAs = null;
   
   protected ISecurityManagement iSecurityManagement;
   
   protected transient CallbackHandler callbackHandler = new JBossCallbackHandler(); 
   
   protected transient SecurityContextUtil util = null;
   
   public JBossSecurityContext(String securityDomain)
   {
      this.securityDomain = securityDomain;
      if(this.callbackHandler == null)
         this.callbackHandler = new JBossCallbackHandler();
      
      iSecurityManagement = new DefaultSecurityManagement(this.callbackHandler);
      util = getUtil();
      //Create a null subjectinfo as default
      util.createSubjectInfo(null, null, null);
   }
   

   /**
    * @see SecurityContext#getSecurityManagement()
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.getSecurityManagement")
    */
   public ISecurityManagement getSecurityManagement()
   {
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(getSecurityManagementPermission);
      
      return this.iSecurityManagement;
   }

   /**
    * @see SecurityContext#setSecurityManagement(ISecurityManagement)
    * 
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.setSecurityManagement")
    */
   public void setSecurityManagement(ISecurityManagement securityManagement)
   {
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(setSecurityManagementPermission);
      
      if(securityManagement == null)
         throw PicketBoxMessages.MESSAGES.invalidNullArgument("securityManagement");
      this.iSecurityManagement = securityManagement;
   }
  
   /**
    * @see SecurityContext#getData()
    * 
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.getData")
    */ 
   public Map getData()
   { 
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(getDataPermission);
    
      return contextData;
   }
 
   /**
    * Get the security domain name
    */
   public String getSecurityDomain()
   { 
      return securityDomain;
   }
 
   /*
    * (non-Javadoc)
    * @see org.jboss.security.SecurityContext#setSecurityDomain(java.lang.String)
    */
   public void setSecurityDomain(String securityDomain)
   {
      SecurityManager manager = System.getSecurityManager();
      if(manager != null)
         manager.checkPermission(setSecurityDomainPermission);
      
      if (securityDomain == null)
         throw PicketBoxMessages.MESSAGES.invalidNullArgument("securityDomain");
      this.securityDomain = securityDomain;
   }

   /**
    * @see SecurityContext#getSubjectInfo()
    * 
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.getSubjectInfo")
    */
   public SubjectInfo getSubjectInfo()
   { 
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(getSubjectInfoPermission);
      
      return subjectInfo;
   } 
   
   /**
    * @see SecurityContext#getOutgoingRunAs()
    */
   public RunAs getIncomingRunAs()
   { 
      return this.incomingRunAs;
   }

   /**
    * @see SecurityContext#setOutgoingRunAs(RunAs)
    * 
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.setRunAsPermission")
    * 
    */
   public void setIncomingRunAs(RunAs runAs)
   { 
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(setRunAsPermission);
      
      this.incomingRunAs = runAs;
   } 

   /**
    * @see SecurityContext#getOutgoingRunAs()
    */
   public RunAs getOutgoingRunAs()
   { 
      return this.outgoingRunAs;
   }

   /**
    * @see SecurityContext#setOutgoingRunAs(RunAs)
    * 
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.setRunAsPermission")
    */
   public void setOutgoingRunAs(RunAs runAs)
   { 
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(setRunAsPermission);
     
      this.outgoingRunAs = runAs;
   } 
   
   /**
    * @see SecurityContext#getUtil()
    */
   public SecurityContextUtil getUtil()
   {  
      if(util == null)
      {
         try
         {
            util = SecurityContextFactory.createUtil(this);
         }
         catch (Exception e)
         {
            throw new IllegalStateException(e);
         } 
      } 
      return util;
   }
   


   public AuditManager getAuditManager()
   {
      return this.iSecurityManagement.getAuditManager(this.securityDomain);
   }


   public AuthenticationManager getAuthenticationManager()
   {
      return this.iSecurityManagement.getAuthenticationManager(this.securityDomain);
   }


   public AuthorizationManager getAuthorizationManager()
   {
      return this.iSecurityManagement.getAuthorizationManager(this.securityDomain);
   }


   public IdentityTrustManager getIdentityTrustManager()
   {
      return this.iSecurityManagement.getIdentityTrustManager(this.securityDomain);
   }


   public MappingManager getMappingManager()
   {
      return this.iSecurityManagement.getMappingManager(this.securityDomain);
   }     
   
   
   //Value Added Methods
   /**
    * 
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.setSubjectInfo")
    */
   public void setSubjectInfo(SubjectInfo si)
   {
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(setSubjectInfoPermission);
      
      this.subjectInfo = si;
   }
   
   /**
    * 
    * @param roles
    * @param replace
    * 
    * @throws SecurityException  Under a security manager, caller does not have
    *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.setRolesPermission")
    */
   public void setRoles(Group roles, boolean replace)
   {
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
         sm.checkPermission(setRolesPermission);
    
      Group mergedRoles = roles;
      if(!replace)
      {
         mergedRoles = mergeGroups( (Group)contextData.get(ROLES_IDENTIFIER), roles); 
      } 
      contextData.put(ROLES_IDENTIFIER, mergedRoles);
   }
   
   private Group mergeGroups(Group a, Group b)
   {
      Group newGroup = b;
      if(a != null)
      {
         Enumeration en = a.members();
         while(en.hasMoreElements())
         {
            newGroup.addMember(en.nextElement());
         } 
      } 
      return newGroup; 
   } 
   
   
   /**
    * Set the CallbackHandler for the Managers in the SecurityContext
    * @param callbackHandler
    */
   public void setCallbackHandler(CallbackHandler callbackHandler)
   {
      this.callbackHandler = callbackHandler;
   }

   
   @Override
   public String toString()
   {
      StringBuilder builder = new StringBuilder();
      builder.append("[").append(getClass().getCanonicalName()).append("()");
      builder.append(this.securityDomain).append(")]"); 
      return builder.toString();
   }


   @SuppressWarnings("unchecked")
   @Override
   public Object clone() throws CloneNotSupportedException
   { 
      JBossSecurityContext jsc = (JBossSecurityContext) super.clone();
      if(jsc != null)
      {
         HashMap cmap = (HashMap)contextData;
         jsc.contextData = (Map) (cmap).clone();
      }
      return super.clone();
   }
} 




© 2015 - 2025 Weber Informatics LLC | Privacy Policy