KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > jmx > remote > security > SubjectDelegator


1 /*
2  * @(#)SubjectDelegator.java 1.3 04/05/27
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package com.sun.jmx.remote.security;
9
10 import java.security.AccessController JavaDoc;
11 import java.security.AccessControlContext JavaDoc;
12 import java.security.Permission JavaDoc;
13 import java.security.Principal JavaDoc;
14 import java.security.PrivilegedAction JavaDoc;
15 import javax.security.auth.Subject JavaDoc;
16
17 import javax.management.remote.SubjectDelegationPermission JavaDoc;
18
19 import com.sun.jmx.remote.util.CacheMap;
20
21 public class SubjectDelegator {
22     private static final int PRINCIPALS_CACHE_SIZE = 10;
23     private static final int ACC_CACHE_SIZE = 10;
24
25     private CacheMap principalsCache;
26     private CacheMap accCache;
27
28     /* Return the AccessControlContext appropriate to execute an
29        operation on behalf of the delegatedSubject. If the
30        authenticatedAccessControlContext does not have permission to
31        delegate to that subject, throw SecurityException. */
32     public synchronized AccessControlContext JavaDoc
33     delegatedContext(AccessControlContext JavaDoc authenticatedACC,
34              Subject JavaDoc delegatedSubject)
35         throws SecurityException JavaDoc {
36
37     if (principalsCache == null || accCache == null) {
38         principalsCache = new CacheMap(PRINCIPALS_CACHE_SIZE);
39         accCache = new CacheMap(ACC_CACHE_SIZE);
40     }
41
42     // Retrieve the principals for the given
43 // delegated subject from the cache
44 //
45 Principal JavaDoc[] delegatedPrincipals = (Principal JavaDoc[])
46         principalsCache.get(delegatedSubject);
47
48     // Convert the set of principals stored in the
49 // delegated subject into an array of principals
50 // and store it in the cache
51 //
52 if (delegatedPrincipals == null) {
53         delegatedPrincipals = (Principal JavaDoc[])
54         delegatedSubject.getPrincipals().toArray(new Principal JavaDoc[0]);
55         principalsCache.put(delegatedSubject, delegatedPrincipals);
56     }
57
58     // Retrieve the access control context for the
59 // given delegated subject from the cache
60 //
61 AccessControlContext JavaDoc delegatedACC = (AccessControlContext JavaDoc)
62         accCache.get(delegatedSubject);
63
64     // Build the access control context to be used
65 // when executing code as the delegated subject
66 // and store it in the cache
67 //
68 if (delegatedACC == null) {
69         delegatedACC =
70         JMXSubjectDomainCombiner.getContext(delegatedSubject);
71         accCache.put(delegatedSubject, delegatedACC);
72     }
73
74     // Check if the subject delegation permission allows the
75 // authenticated subject to assume the identity of each
76 // principal in the delegated subject
77 //
78 final Principal JavaDoc[] dp = delegatedPrincipals;
79     PrivilegedAction JavaDoc action =
80         new PrivilegedAction JavaDoc() {
81         public Object JavaDoc run() {
82             for (int i = 0 ; i < dp.length ; i++) {
83             final String JavaDoc pname =
84                 dp[i].getClass().getName() + "." + dp[i].getName();
85             Permission JavaDoc sdp =
86                 new SubjectDelegationPermission JavaDoc(pname);
87             AccessController.checkPermission(sdp);
88             }
89             return null;
90         }
91         };
92     AccessController.doPrivileged(action, authenticatedACC);
93
94     return delegatedACC;
95     }
96 }
97
Popular Tags