KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > enterprise > security > ClientSecurityContext


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23 package com.sun.enterprise.security;
24
25 import java.security.Principal JavaDoc;
26 import java.security.AccessController JavaDoc;
27 import java.security.PrivilegedAction JavaDoc;
28 import javax.security.auth.Subject JavaDoc;
29
30 import com.sun.enterprise.security.auth.login.PasswordCredential;
31 import com.sun.enterprise.deployment.PrincipalImpl;
32 import com.sun.enterprise.ServerConfiguration;
33
34 import java.util.logging.*;
35 import com.sun.logging.*;
36
37
38 /**
39  * This class represents the security context on the client side.
40  * @author Harpreet Singh
41  *
42  */
43 public final class ClientSecurityContext extends AbstractSecurityContext {
44     
45     private static Logger _logger =
46         LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
47
48     // Bug Id: 4787940
49 private static final boolean isPerThreadAuth =
50             Boolean.getBoolean("com.sun.appserv.iiopclient.perthreadauth");
51
52     private static Object JavaDoc csc = isPerThreadAuth ? new ThreadLocal JavaDoc() : null;
53
54     /**
55      * This creates a new ClientSecurityContext object.
56      * @param The name of the user.
57      * @param The Credentials of the user.
58      */
59     public ClientSecurityContext(String JavaDoc userName,
60                  Subject JavaDoc s) {
61
62     this.initiator = new PrincipalImpl(userName);
63     this.subject = s ;
64     }
65
66     /**
67      * Initialize the SecurityContext & handle the unauthenticated
68      * principal case
69      */
70     public static ClientSecurityContext init() {
71     ClientSecurityContext sc = getCurrent();
72     if (sc == null) { // there is no current security context
73 // create a default one if
74 sc = generateDefaultSecurityContext();
75         }
76     return sc;
77     }
78     
79     private static ClientSecurityContext generateDefaultSecurityContext() {
80     final String JavaDoc PRINCIPAL_NAME = "auth.default.principal.name";
81     final String JavaDoc PRINCIPAL_PASS = "auth.default.principal.password";
82     
83     ServerConfiguration config = ServerConfiguration.getConfiguration();
84     String JavaDoc username = config.getProperty(PRINCIPAL_NAME, "guest");
85     String JavaDoc password = config.getProperty(PRINCIPAL_PASS, "guest123");
86     
87     synchronized (ClientSecurityContext.class) {
88         // login & all that stuff..
89 try {
90         final Subject JavaDoc subject = new Subject JavaDoc();
91         final PasswordCredential pc = new PasswordCredential(username,
92                 password, "default");
93         AccessController.doPrivileged(new PrivilegedAction JavaDoc() {
94             public java.lang.Object JavaDoc run() {
95             subject.getPrivateCredentials().add(pc);
96             return null;
97             }
98         });
99         // we do not need to generate any credential as authorization
100 // decisions are not being done on the appclient side.
101 ClientSecurityContext defaultCSC =
102                     new ClientSecurityContext(username, subject);
103         setCurrent(defaultCSC);
104                 return defaultCSC;
105         } catch(Exception JavaDoc e) {
106         _logger.log(Level.SEVERE,
107                             "java_security.gen_security_context", e);
108                 return null;
109         }
110     }
111     }
112
113     public static void reset(ClientSecurityContext sc) {
114         if (isPerThreadAuth) {
115             ((ThreadLocal JavaDoc)csc).set(sc);
116         } else {
117         csc = sc;
118         }
119     }
120     
121     /**
122      * This method gets the SecurityContext stored here. If using a
123      * per-thread authentication model, it gets the context from
124      * Thread Local Store (TLS) of the current thread. If not using a
125      * per-thread authentication model, it gets the singleton context.
126      *
127      * @return The current Security Context stored here. It returns
128      * null if SecurityContext could not be found.
129      */
130     public static ClientSecurityContext getCurrent() {
131         if (isPerThreadAuth) {
132             return (ClientSecurityContext)((ThreadLocal JavaDoc)csc).get();
133         } else {
134         return (ClientSecurityContext)csc;
135         }
136     }
137
138     /**
139      * This method sets the SecurityContext to be stored here.
140      *
141      * @param The Security Context that should be stored.
142      */
143     public static void setCurrent(ClientSecurityContext sc) {
144         if (isPerThreadAuth) {
145             ((ThreadLocal JavaDoc)csc).set(sc);
146         } else {
147         csc = sc;
148         }
149     }
150
151     /**
152      * This method returns the caller principal.
153      * This information may be redundant since the same information
154      * can be inferred by inspecting the Credentials of the caller.
155      *
156      * @return The caller Principal.
157      */
158     public Principal JavaDoc getCallerPrincipal() {
159     return initiator;
160     }
161
162     
163     public Subject JavaDoc getSubject() {
164     return subject;
165     }
166
167     public String JavaDoc toString() {
168     return "ClientSecurityContext[ " + "Initiator: " + initiator +
169         "Subject " + subject + " ]";
170     }
171
172 }
173
174
175
176
177
178
179
180
Popular Tags