KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > ext > authorization > policy > classic > SingleAppPolicy


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name: $
5 http://sourceforge.net/projects/jguard
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard
26
27 */
28 package net.sf.jguard.ext.authorization.policy.classic;
29
30 import java.security.AccessController JavaDoc;
31 import java.security.Permission JavaDoc;
32 import java.security.PermissionCollection JavaDoc;
33 import java.security.PrivilegedAction JavaDoc;
34 import java.security.ProtectionDomain JavaDoc;
35 import java.util.Arrays JavaDoc;
36 import java.util.Enumeration JavaDoc;
37 import java.util.HashSet JavaDoc;
38 import java.util.Map JavaDoc;
39 import java.util.logging.Level JavaDoc;
40 import java.util.logging.Logger JavaDoc;
41
42 import net.sf.ehcache.CacheException;
43 import net.sf.jguard.core.CoreConstants;
44 import net.sf.jguard.core.authorization.manager.PermissionProvider;
45 import net.sf.jguard.core.authorization.permissions.PermissionUtils;
46 import net.sf.jguard.core.authorization.policy.JGuardPolicy;
47 import net.sf.jguard.ext.SecurityConstants;
48 import net.sf.jguard.ext.authorization.AuthorizationException;
49 import net.sf.jguard.ext.authorization.AuthorizationHelper;
50 import net.sf.jguard.ext.authorization.AuthorizationManagerFactory;
51
52
53 /**
54  * Single application JGuard Policy implementation. Use SingleAppPolicy if the application
55  * is the only one running in the VM. It mainly concerns standalone applications.<br>
56  * SingleAppPolicy loads a configuration file (JGuardPolicyConfiguration.xml is the default one).<br>
57  * Example of a configuration file :
58  * <pre>
59  * &lt;configuration&gt;
60  * &lt;authorization&gt;
61  * &lt;authorizationManager&gt;net.sf.jguard.ext.authorization.XmlAuthorizationManager&lt;/authorizationManager&gt;
62  * &lt;authorizationManagerOptions&gt;
63  * &lt;option&gt;
64  * &lt;name&gt;applicationName&lt;/name&gt;
65  * &lt;value&gt;.....&lt;/value&gt;
66  * &lt;/option&gt;
67  * &lt;option&gt;
68  * &lt;name&gt;fileLocation&lt;/name&gt;
69  * &lt;value&gt;......&lt;/value&gt;
70  * &lt;/option&gt;
71  * &lt;option&gt;
72  * &lt;name&gt;debug&lt;/name&gt;
73  * &lt;value&gt;true/false&lt;/value&gt;
74  * &lt;/option&gt;
75  * ........
76  * &lt;/authorizationManagerOptions&gt;
77  * &lt;/authorization&gt;
78  * &lt;/configuration&gt;
79  * </pre>
80  * A custom location of the configuration file can be passed :
81  * <ul>
82  * <li>in authorizationManager option "fileLocation" in policy configuration file</li>
83  * <li>trough vm arg : <code>-Dnet.sf.jguard.policy.configuration.file="path_to_policy_configuration_file"</code></li>
84  * </ul>
85  * It also gets the application name. There are several ways to pass it. The following list shows them ordered from
86  * the first way handled by the policy to the last one.
87  * <ul>
88  * <li>in authorizationManager option "applicationName" in policy configuration file</li>
89  * <li>trough vm arg : <code>net.sf.jguard.application.name</code> VM arg</li>
90  * <li>trough vm arg : <code>com.sun.management.jmxremote.login.config</code>
91  * if you have already defined this property because you use JMX.
92  * Do not set application name through this property if you are not using JMX !</li>
93  * </ul>
94  * If no applicationName is passed to the application, default application name "other" is used.
95  * @see net.sf.jguard.core.authorization.policy.JGuardPolicy
96  * @see net.sf.jguard.core.authorization.policy.MultipleAppPolicy
97  * @author <a HREF="mailto:vberetti@users.sourceforge.net">Vincent Beretti</a>
98  */
99 public final class SingleAppPolicy extends JGuardPolicy {
100
101     private static Logger JavaDoc logger = Logger.getLogger(SingleAppPolicy.class.getName());
102     private static final String JavaDoc DEFAULT_POLICY_CONFIGURATION_FILE = "JGuardPolicyConfiguration.xml";
103
104     private PermissionProvider permissionProvider;
105
106
107     /**
108      *
109      * @throws AuthorizationException
110      */
111     public SingleAppPolicy() throws AuthorizationException {
112         logger.log(Level.INFO, "####### loading SingleAppPolicy "+JGuardPolicy.version+" ###########");
113
114         // call run() method under extended privileges
115 AccessController.doPrivileged(new PrivilegedAction JavaDoc() {
116                 public Object JavaDoc run() {
117                     String JavaDoc configurationLocation = System.getProperty(SecurityConstants.POLICY_CONFIGURATION_FILE);
118
119                     if (configurationLocation == null) {
120                         logger.log(Level.INFO, "No configuration file in " + SecurityConstants.POLICY_CONFIGURATION_FILE + ", using default " + DEFAULT_POLICY_CONFIGURATION_FILE + " location");
121                         configurationLocation = DEFAULT_POLICY_CONFIGURATION_FILE;
122                     }
123
124                     String JavaDoc appHomePath = System.getProperty("user.dir");
125                     Map JavaDoc authorizationOptions = AuthorizationHelper.loadConfiguration(configurationLocation, appHomePath);
126
127                     if (authorizationOptions.get(CoreConstants.APPLICATION_NAME) == null) {
128                         String JavaDoc appNameProp = System.getProperty("net.sf.jguard.application.name");
129
130                         if (appNameProp != null) {
131                             authorizationOptions.put(CoreConstants.APPLICATION_NAME, appNameProp);
132                         } else {
133                             String JavaDoc appNameJMXProp = System.getProperty("com.sun.management.jmxremote.login.config");
134
135                             if (appNameJMXProp != null) {
136                                 authorizationOptions.put(CoreConstants.APPLICATION_NAME, appNameJMXProp);
137                             } else {
138                                 // use default application name.
139 authorizationOptions.put(CoreConstants.APPLICATION_NAME, CoreConstants.DEFAULT_APPLICATION_NAME);
140                             }
141                         }
142                     }
143
144                     if ("false".equals(authorizationOptions.get(SecurityConstants.AUTHORIZATION_PERMISSION_RESOLUTION_CACHING))){
145                         PermissionUtils.setCachesEnabled(false);
146                     }else{
147                         // by default, permission resolution caching is activated
148 try {
149                             PermissionUtils.createCaches();
150                             PermissionUtils.setCachesEnabled(true);
151                         } catch (CacheException e) {
152                             logger.warning("Failed to activate permission resolution caching : " + e.getMessage());
153                             PermissionUtils.setCachesEnabled(false);
154                         }
155                     }
156
157                     try {
158                         AuthorizationManagerFactory.createAuthorizationManager(authorizationOptions);
159                         permissionProvider = AuthorizationManagerFactory.getAuthorizationManager();
160                     } catch (AuthorizationException e) {
161                         logger.log(Level.SEVERE, "AuthorizationException", e);
162                     }
163
164                     return permissionProvider;
165                 }
166             });
167
168         loadDefaultPolicy();
169     }
170
171     public PermissionCollection JavaDoc getPermissions(ProtectionDomain JavaDoc protectionDomain) {
172         final ProtectionDomain JavaDoc fProtectionDomain = protectionDomain;
173
174         // execute these instruction under extended privileges
175 PermissionCollection JavaDoc pc = (PermissionCollection JavaDoc) AccessController.doPrivileged(new PrivilegedAction JavaDoc() {
176                 public Object JavaDoc run() {
177                     PermissionCollection JavaDoc permColl = null;
178
179                     if (System.getSecurityManager() != null) {
180                         permColl = defaultPolicy.getPermissions(fProtectionDomain);
181                     }
182
183                     //if this protection domain is protected by jGuard
184 if (permissionProvider != null) {
185                         PermissionCollection JavaDoc pc2 = permissionProvider.getPermissionCollection(new HashSet JavaDoc(Arrays.asList(fProtectionDomain.getPrincipals())),fProtectionDomain);
186
187                         //the SecurityManager is set,we merge the default permissionCollection and the permissionCollcetion returned by jGuard
188 if (System.getSecurityManager() != null) {
189                             Enumeration JavaDoc enumeration = pc2.elements();
190
191                             while (enumeration.hasMoreElements()) {
192                                 permColl.add((Permission JavaDoc) enumeration.nextElement());
193                             }
194                         } else {
195                             //there is no Securitymanager set
196 //we return only the permissionCollection obtained by jGuard
197 permColl = pc2;
198                         }
199                     }
200
201                     return permColl;
202                 }
203             });
204
205         return pc;
206     }
207
208     public void refresh() {
209         if (permissionProvider != null) {
210             // Refresh the permission configuration
211 permissionProvider.refresh();
212         }
213     }
214
215     public boolean implies(ProtectionDomain JavaDoc domain, Permission JavaDoc permission) {
216         return super.implies(domain, permission);
217     }
218 }
219
Popular Tags