1 28 package net.sf.jguard.ext.authorization.policy.classic; 29 30 import java.security.AccessController ; 31 import java.security.Permission ; 32 import java.security.PermissionCollection ; 33 import java.security.PrivilegedAction ; 34 import java.security.ProtectionDomain ; 35 import java.util.Arrays ; 36 import java.util.Enumeration ; 37 import java.util.HashSet ; 38 import java.util.Map ; 39 import java.util.logging.Level ; 40 import java.util.logging.Logger ; 41 42 import net.sf.ehcache.CacheException; 43 import net.sf.jguard.core.CoreConstants; 44 import net.sf.jguard.core.authorization.manager.PermissionProvider; 45 import net.sf.jguard.core.authorization.permissions.PermissionUtils; 46 import net.sf.jguard.core.authorization.policy.JGuardPolicy; 47 import net.sf.jguard.ext.SecurityConstants; 48 import net.sf.jguard.ext.authorization.AuthorizationException; 49 import net.sf.jguard.ext.authorization.AuthorizationHelper; 50 import net.sf.jguard.ext.authorization.AuthorizationManagerFactory; 51 52 53 99 public final class SingleAppPolicy extends JGuardPolicy { 100 101 private static Logger logger = Logger.getLogger(SingleAppPolicy.class.getName()); 102 private static final String DEFAULT_POLICY_CONFIGURATION_FILE = "JGuardPolicyConfiguration.xml"; 103 104 private PermissionProvider permissionProvider; 105 106 107 111 public SingleAppPolicy() throws AuthorizationException { 112 logger.log(Level.INFO, "####### loading SingleAppPolicy "+JGuardPolicy.version+" ###########"); 113 114 AccessController.doPrivileged(new PrivilegedAction () { 116 public Object run() { 117 String configurationLocation = System.getProperty(SecurityConstants.POLICY_CONFIGURATION_FILE); 118 119 if (configurationLocation == null) { 120 logger.log(Level.INFO, "No configuration file in " + SecurityConstants.POLICY_CONFIGURATION_FILE + ", using default " + DEFAULT_POLICY_CONFIGURATION_FILE + " location"); 121 configurationLocation = DEFAULT_POLICY_CONFIGURATION_FILE; 122 } 123 124 String appHomePath = System.getProperty("user.dir"); 125 Map authorizationOptions = AuthorizationHelper.loadConfiguration(configurationLocation, appHomePath); 126 127 if (authorizationOptions.get(CoreConstants.APPLICATION_NAME) == null) { 128 String appNameProp = System.getProperty("net.sf.jguard.application.name"); 129 130 if (appNameProp != null) { 131 authorizationOptions.put(CoreConstants.APPLICATION_NAME, appNameProp); 132 } else { 133 String appNameJMXProp = System.getProperty("com.sun.management.jmxremote.login.config"); 134 135 if (appNameJMXProp != null) { 136 authorizationOptions.put(CoreConstants.APPLICATION_NAME, appNameJMXProp); 137 } else { 138 authorizationOptions.put(CoreConstants.APPLICATION_NAME, CoreConstants.DEFAULT_APPLICATION_NAME); 140 } 141 } 142 } 143 144 if ("false".equals(authorizationOptions.get(SecurityConstants.AUTHORIZATION_PERMISSION_RESOLUTION_CACHING))){ 145 PermissionUtils.setCachesEnabled(false); 146 }else{ 147 try { 149 PermissionUtils.createCaches(); 150 PermissionUtils.setCachesEnabled(true); 151 } catch (CacheException e) { 152 logger.warning("Failed to activate permission resolution caching : " + e.getMessage()); 153 PermissionUtils.setCachesEnabled(false); 154 } 155 } 156 157 try { 158 AuthorizationManagerFactory.createAuthorizationManager(authorizationOptions); 159 permissionProvider = AuthorizationManagerFactory.getAuthorizationManager(); 160 } catch (AuthorizationException e) { 161 logger.log(Level.SEVERE, "AuthorizationException", e); 162 } 163 164 return permissionProvider; 165 } 166 }); 167 168 loadDefaultPolicy(); 169 } 170 171 public PermissionCollection getPermissions(ProtectionDomain protectionDomain) { 172 final ProtectionDomain fProtectionDomain = protectionDomain; 173 174 PermissionCollection pc = (PermissionCollection ) AccessController.doPrivileged(new PrivilegedAction () { 176 public Object run() { 177 PermissionCollection permColl = null; 178 179 if (System.getSecurityManager() != null) { 180 permColl = defaultPolicy.getPermissions(fProtectionDomain); 181 } 182 183 if (permissionProvider != null) { 185 PermissionCollection pc2 = permissionProvider.getPermissionCollection(new HashSet (Arrays.asList(fProtectionDomain.getPrincipals())),fProtectionDomain); 186 187 if (System.getSecurityManager() != null) { 189 Enumeration enumeration = pc2.elements(); 190 191 while (enumeration.hasMoreElements()) { 192 permColl.add((Permission ) enumeration.nextElement()); 193 } 194 } else { 195 permColl = pc2; 198 } 199 } 200 201 return permColl; 202 } 203 }); 204 205 return pc; 206 } 207 208 public void refresh() { 209 if (permissionProvider != null) { 210 permissionProvider.refresh(); 212 } 213 } 214 215 public boolean implies(ProtectionDomain domain, Permission permission) { 216 return super.implies(domain, permission); 217 } 218 } 219 | Popular Tags |