1 17 package org.apache.geronimo.security.jacc; 18 19 import java.security.Permission ; 20 import java.security.PermissionCollection ; 21 import java.security.Policy ; 22 import java.util.Enumeration ; 23 import java.util.HashMap ; 24 import java.util.Iterator ; 25 import java.util.Map ; 26 import javax.security.auth.Subject ; 27 import javax.security.jacc.PolicyConfiguration ; 28 import javax.security.jacc.PolicyConfigurationFactory ; 29 import javax.security.jacc.PolicyContextException ; 30 31 import org.apache.geronimo.gbean.GBeanInfo; 32 import org.apache.geronimo.gbean.GBeanInfoBuilder; 33 import org.apache.geronimo.gbean.GBeanLifecycle; 34 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; 35 import org.apache.geronimo.security.ContextManager; 36 import org.apache.geronimo.security.IdentificationPrincipal; 37 import org.apache.geronimo.security.SubjectId; 38 39 42 public class ApplicationPolicyConfigurationManager implements GBeanLifecycle { 43 44 private final Map contextIdToPolicyConfigurationMap = new HashMap (); 45 private final Map roleDesignates; 46 private final PrincipalRoleMapper principalRoleMapper; 47 48 public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map roleDesignates, ClassLoader cl, PrincipalRoleMapper principalRoleMapper) throws PolicyContextException , ClassNotFoundException { 49 this.principalRoleMapper = principalRoleMapper; 50 Thread currentThread = Thread.currentThread(); 51 ClassLoader oldClassLoader = currentThread.getContextClassLoader(); 52 currentThread.setContextClassLoader(cl); 53 PolicyConfigurationFactory policyConfigurationFactory; 54 try { 55 policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory(); 56 } finally { 57 currentThread.setContextClassLoader(oldClassLoader); 58 } 59 60 for (Iterator iterator = contextIdToPermissionsMap.entrySet().iterator(); iterator.hasNext();) { 61 Map.Entry entry = (Map.Entry ) iterator.next(); 62 String contextID = (String ) entry.getKey(); 63 ComponentPermissions componentPermissions = (ComponentPermissions) entry.getValue(); 64 65 PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID, true); 66 contextIdToPolicyConfigurationMap.put(contextID, policyConfiguration); 67 policyConfiguration.addToExcludedPolicy(componentPermissions.getExcludedPermissions()); 68 policyConfiguration.addToUncheckedPolicy(componentPermissions.getUncheckedPermissions()); 69 for (Iterator roleIterator = componentPermissions.getRolePermissions().entrySet().iterator(); roleIterator.hasNext();) { 70 Map.Entry roleEntry = (Map.Entry ) roleIterator.next(); 71 String roleName = (String ) roleEntry.getKey(); 72 PermissionCollection rolePermissions = (PermissionCollection ) roleEntry.getValue(); 73 for (Enumeration permissions = rolePermissions.elements(); permissions.hasMoreElements();) { 74 Permission permission = (Permission ) permissions.nextElement(); 75 policyConfiguration.addToRole(roleName, permission); 76 77 } 78 } 79 } 80 81 if (principalRoleMapper != null) { 82 principalRoleMapper.install(contextIdToPermissionsMap.keySet()); 83 } 84 85 for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) { 87 PolicyConfiguration policyConfiguration = (PolicyConfiguration ) iterator.next(); 88 for (Iterator iterator2 = contextIdToPolicyConfigurationMap.values().iterator(); iterator2.hasNext();) { 89 PolicyConfiguration policyConfiguration2 = (PolicyConfiguration ) iterator2.next(); 90 if (policyConfiguration != policyConfiguration2) { 91 policyConfiguration.linkConfiguration(policyConfiguration2); 92 } 93 } 94 } 95 96 for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) { 98 PolicyConfiguration policyConfiguration = (PolicyConfiguration ) iterator.next(); 99 policyConfiguration.commit(); 100 } 101 102 Policy policy = Policy.getPolicy(); 104 policy.refresh(); 105 106 for (Iterator iterator = roleDesignates.entrySet().iterator(); iterator.hasNext();) { 107 Map.Entry entry = (Map.Entry ) iterator.next(); 108 Subject roleDesignate = (Subject ) entry.getValue(); 109 ContextManager.registerSubject(roleDesignate); 110 SubjectId id = ContextManager.getSubjectId(roleDesignate); 111 roleDesignate.getPrincipals().add(new IdentificationPrincipal(id)); 112 } 113 this.roleDesignates = roleDesignates; 114 } 115 116 public void doStart() throws Exception { 117 118 } 119 120 public void doStop() throws Exception { 121 for (Iterator iterator = roleDesignates.entrySet().iterator(); iterator.hasNext();) { 122 Map.Entry entry = (Map.Entry ) iterator.next(); 123 Subject roleDesignate = (Subject ) entry.getValue(); 124 ContextManager.unregisterSubject(roleDesignate); 125 } 126 127 if (principalRoleMapper != null) { 128 principalRoleMapper.uninstall(); 129 } 130 131 for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) { 132 PolicyConfiguration policyConfiguration = (PolicyConfiguration ) iterator.next(); 133 policyConfiguration.delete(); 134 } 135 } 136 137 public void doFail() { 138 139 } 140 141 public static final GBeanInfo GBEAN_INFO; 142 143 static { 144 GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ApplicationPolicyConfigurationManager.class, NameFactory.JACC_MANAGER); 145 infoBuilder.addAttribute("contextIdToPermissionsMap", Map .class, true); 146 infoBuilder.addAttribute("roleDesignates", Map .class, true); 147 infoBuilder.addAttribute("classLoader", ClassLoader .class, false); 148 infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER); 149 infoBuilder.setConstructor(new String [] {"contextIdToPermissionsMap", "roleDesignates", "classLoader", "PrincipalRoleMapper"}); 150 GBEAN_INFO = infoBuilder.getBeanInfo(); 151 } 152 153 public static GBeanInfo getGBeanInfo() { 154 return GBEAN_INFO; 155 } 156 } 157 | Popular Tags |