AuthConfig


1   /*
2    * The contents of this file are subject to the terms 
3    * of the Common Development and Distribution License 
4    * (the License).  You may not use this file except in
5    * compliance with the License.
6    * 
7    * You can obtain a copy of the license at 
8    * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9    * glassfish/bootstrap/legal/CDDLv1.0.txt.
10   * See the License for the specific language governing 
11   * permissions and limitations under the License.
12   * 
13   * When distributing Covered Code, include this CDDL 
14   * Header Notice in each file and include the License file 
15   * at glassfish/bootstrap/legal/CDDLv1.0.txt.  
16   * If applicable, add the following below the CDDL Header, 
17   * with the fields enclosed by brackets [] replaced by
18   * you own identifying information: 
19   * "Portions Copyrighted [year] [name of copyright owner]"
20   * 
21   * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22   */
23  
24  package com.sun.enterprise.security.jauth;
25  
26  import javax.security.auth.Subject  ;
27  import javax.security.auth.callback.CallbackHandler  ;
28  
29  /**
30   * This class manages the configuration AuthModules.
31   * 
32   * <p> An AuthModule represents a pluggable component for
33   * performing security-related request and response processing,
34   * and can be configured for a particular interception point
35   * and provider ID.  The provider ID is an administrator-defined value.
36   * The standard interception points include:
37   *
38   * <ul>
39   * <li> HTTP
40   * <li> EJB
41   * <li> SOAP
42   * </ul>
43   *
44   * <p> Information may be associated with a configured module,
45   * including its fully qualified class name (so it can be instantiated),
46   * and module options (which help tune the behavior of the module).
47   * It is the responsibility of the AuthConfig implementation to
48   * load any required module information.
49   *
50   * <p> Callers do not operate on AuthModules directly.
51   * Instead they rely on a ClientAuthContext or ServerAuthContext
52   * to manage the invocation of modules.  A caller obtains an instance
53   * of ClientAuthContext or ServerAuthContext by calling the
54   * <code>getClientAuthContext</code> or <code>getServerAuthContext</code>
55   * method, respectively.   Each method takes as arguments
56   * an <i>intercept</i>, an <i>id</i>, a <i>requestPolicy</i>,
57   * and a <i>responsePolicy</i>.
58   *
59   * <p> An AuthConfig implementation determines the modules
60   * to be invoked via the <i>intercept</i> and <i>id</i> values.
61   * It then encapsulates those modules in a ClientAuthContext
62   * or ServerAuthContext instance, and returns that instance.
63   * The returned object is responsible for instantiating, initializing,
64   * and invoking the configured modules (when called upon).
65   *
66   * <p> The module initializion step involves calling each configured
67   * module's <code>AuthModule.initialize</code> method.  The received
68   * <i>requestPolicy</i> and <i>responsePolicy</i> are passed
69   * to this method.  It is then the modules' responsibility, when invoked,
70   * to enforce these policies.
71   *
72   * <p> A system-wide AuthConfig instance can be retrieved
73   * by invoking <code>getConfig</code>.  A default implementation
74   * is provided, and can be replaced by setting the
75   * value of the "authconfig.provider" security property (in the Java
76   * security properties file) to the fully qualified name of
77   * the desired implementation class.
78   * The Java security properties file is located in the file named
79   * &lt;JAVA_HOME&gt;/lib/security/java.security, where &lt;JAVA_HOME&gt;
80   * refers to the directory where the JDK was installed.
81   *
82   * @version %I%, %G%
83   * @see ClientAuthContext
84   * @see ServerAuthContext
85   */
86  public abstract class AuthConfig {
87  
88      /**
89       * HTTP interception point.
90       */
91      public static final String   HTTP = "HTTP";
92  
93      /**
94       * EJB interception point.
95       */
96      public static final String   EJB = "EJB";
97  
98      /**
99       * SOAP interception point.
100      */
101     public static final String   SOAP = "SOAP";
102 
103     // security property to replace default AuthConfig implementation
104     private static final String   AUTHCONFIG_PROPERTY = "authconfig.provider";
105 
106     // class name of default AuthConfig implementation
107     private static final String   DEFAULT_CLASS =
108         "com.sun.enterprise.security.jauth.ConfigFile";
109 
110     private static AuthConfig config;
111 
112     // package private for ConfigFile
113     static ClassLoader   getClassLoader() {
114 
115     final ClassLoader   rvalue;
116 
117     rvalue = (ClassLoader  ) java.security.AccessController.doPrivileged
118         (new java.security.PrivilegedAction  () {
119         public Object   run() {
120             return Thread.currentThread().getContextClassLoader();
121         }
122         });
123 
124     return rvalue;
125     };
126 
127     /**
128      * Sole constructor.  (For invocation by subclass constructors, typically
129      * implicit.)
130      */
131     protected AuthConfig() { }
132 
133     /**
134      * Get a system-wide module configuration.
135      *
136      * <p> If an AuthConfig object was set via the
137      * <code>setAuthConfig</code> method, then that object is returned.
138      * Otherwise, an instance of the AuthConfig object configured in the
139      * <i>authconfig.provider</i> security property is returned.
140      * If that property is not set, a default implementation is returned.
141      *
142      * @return a system-wide AuthConfig instance.
143      *
144      * @exception SecurityException if the caller does not have permission
145      *      to retrieve the configuration.
146      */
147     public static synchronized AuthConfig getAuthConfig() {
148     /**
149     XXX security check?
150     SecurityManager sm = System.getSecurityManager();
151     if (sm != null)
152         sm.checkPermission(new AuthPermission("getAuthConfig"));
153     */
154 
155     if (config == null) {
156         String   config_class = null;
157         config_class = (String  )
158         java.security.AccessController.doPrivileged
159         (new java.security.PrivilegedAction  () {
160         public Object   run() {
161             return java.security.Security.getProperty
162                         (AUTHCONFIG_PROPERTY);
163         }
164         });
165         if (config_class == null) {
166         config_class = DEFAULT_CLASS;
167         }
168 
169         try {
170         final String   finalClass = config_class;
171         config = (AuthConfig)
172             java.security.AccessController.doPrivileged
173             (new java.security.PrivilegedExceptionAction  () {
174             public Object   run() throws ClassNotFoundException  ,
175                     InstantiationException  ,
176                     IllegalAccessException   {
177             return Class.forName
178                 (finalClass,
179                 true,
180                 getClassLoader()).newInstance();
181             }
182         });
183         } catch (java.security.PrivilegedActionException   e) {
184         throw (SecurityException  )
185             new SecurityException  ().initCause(e.getException());
186         }
187     }
188     return config;
189     }
190 
191     /**
192      * Set a system-wide module configuration.
193      *
194      * @param config the new configuration.
195      *
196      * @exception SecurityException if the caller does not have
197      *      permission to set the configuration.
198      */
199     public static void setAuthConfig(AuthConfig config) {
200     /**
201     XXX security check?
202     SecurityManager sm = System.getSecurityManager();
203     if (sm != null) {
204         sm.checkPermission(new AuthPermission("setAuthConfig"));
205     }
206     */
207 
208     AuthConfig.config = config;
209     }
210 
211     /**
212      * Get a ClientAuthContext.
213      *
214      * <p> The modules configured for the returned ClientAuthContext
215      * are determined by the <i>intercept</i> and provider <i>id</i>
216      * input parameters.  The returned ClientAuthContext may be null,
217      * which signifies that there are no modules configured.
218      *
219      * <p> The returned ClientAuthContext encapsulates both the
220      * configured modules, as well as the module invocation semantics
221      * (for example the order modules are to be invoked,
222      * and whether certain modules must succeed).
223      * Individual ClientAuthContext implementations may enforce
224      * custom module invocation semantics.
225      *
226      * @param intercept the interception point used to determine the modules
227      *      configured for the returned ClientAuthContext.
228      *      Standard values include:
229      *      <ul>
230      *      <li> HTTP
231      *      <li> EJB
232      *      <li> SOAP
233      *      </ul>
234      *
235      * @param id the provider id used to determine the modules
236      *      configured for the returned ClientAuthContext, or null.
237      *      If null, a default ID may be used.
238      *
239      * @param requestPolicy the application request policy
240      *      to be enfored by the modules, or null.
241      *      If null, a default request policy may be used.
242      *
243      * @param responsePolicy the application response policy
244      *      to be enfored by the modules, or null.
245      *      If null, a default response policy may be used.
246      *
247      * @param handler the CallbackHandler to associate with the
248      *      returned ClientAuthContext for use
249      *      by configured modules to request information
250      *      from the caller, or null.
251      *      If null, a default handler may be used.
252      *
253      * @return a ClientAuthContext, or null.
254      */
255     public abstract ClientAuthContext getClientAuthContext(String   intercept,
256                         String   id,
257                         AuthPolicy requestPolicy,
258                         AuthPolicy responsePolicy,
259                         CallbackHandler   handler)
260         throws AuthException;
261 
262     /**
263      * Get a ServerAuthContext.
264      *
265      * <p> The modules configured for the returned ServerAuthContext
266      * are determined by the <i>intercept</i> and provider <i>id</i>,
267      * input parameters.  The returned ServerAuthContext may be null,
268      * which signifies that there are no modules configured.
269      *
270      * <p> The returned ServerAuthContext encapsulates both the
271      * configured modules, as well as the module invocation semantics
272      * (for example the order modules are to be invoked,
273      * and whether certain modules must succeed).
274      * Individual ServerAuthContext implementations may enforce
275      * custom module invocation semantics.
276      *
277      * @param intercept the interception point used to determine the modules
278      *      configured for the returned ServerAuthContext.
279      *      Standard values include:
280      *      <ul>
281      *      <li> HTTP
282      *      <li> EJB
283      *      <li> SOAP
284      *      </ul>
285      *
286      * @param id the provider id used to determine the modules
287      *      configured for the returned ClientAuthContext, or null.
288      *      If null, a default id may be used.
289      *
290      * @param requestPolicy the application request policy
291      *      to be enfored by the modules, or null.
292      *      If null, a default request policy may be used.
293      *
294      * @param responsePolicy the application response policy
295      *      to be enfored by the modules, or null.
296      *      If null, a default response policy may be used.
297      *
298      * @param handler the CallbackHandler to associate with the
299      *      returned ClientAuthContext, which can be used
300      *      by configured modules to request information
301      *      from the caller, or null.
302      *      If null, a default handler may be used.
303      *
304      * @return a ServerAuthContext, or null.
305      */
306     public abstract ServerAuthContext getServerAuthContext(String   intercept,
307                         String   id,
308                         AuthPolicy requestPolicy,
309                         AuthPolicy responsePolicy,
310                         CallbackHandler   handler)
311         throws AuthException;
312 
313     /**
314      * Refresh the internal representation of the active configuration
315      * by re-reading the provider configs.
316      */
317     public abstract void refresh() throws AuthException;
318 }
319
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags