RunAsSecurityInterceptor


1   /*
2     * JBoss, Home of Professional Open Source
3     * Copyright 2005, JBoss Inc., and individual contributors as indicated
4     * by the @authors tag. See the copyright.txt in the distribution for a
5     * full listing of individual contributors.
6     *
7     * This is free software; you can redistribute it and/or modify it
8     * under the terms of the GNU Lesser General Public License as
9     * published by the Free Software Foundation; either version 2.1 of
10    * the License, or (at your option) any later version.
11    *
12    * This software is distributed in the hope that it will be useful,
13    * but WITHOUT ANY WARRANTY; without even the implied warranty of
14    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    * Lesser General Public License for more details.
16    *
17    * You should have received a copy of the GNU Lesser General Public
18    * License along with this software; if not, write to the Free
19    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21    */
22  package org.jboss.aspects.security;
23  
24  import org.jboss.aop.joinpoint.Invocation;
25  import org.jboss.logging.Logger;
26  import org.jboss.security.AuthenticationManager;
27  import org.jboss.security.RealmMapping;
28  import org.jboss.security.RunAsIdentity;
29  
30  /** 
31   * An interceptor that enforces the run-as identity declared by a bean.
32   *
33   * @author <a HREF="mailto:Scott.Stark@jboss.org">Scott Stark</a>.
34   * @author <a HREF="mailto:dain@daingroup.com">Dain Sundstrom</a>.
35   * @version $Revision: 37406 $
36   */
37  public class RunAsSecurityInterceptor implements org.jboss.aop.advice.Interceptor
38  {
39     private static final Logger log = Logger.getLogger(RunAsSecurityInterceptor.class);
40     
41     protected AuthenticationManager securityManager;
42     protected RealmMapping realmMapping;
43  
44     public RunAsSecurityInterceptor(AuthenticationManager manager, RealmMapping realmMapping)
45     {
46        this.securityManager = manager;
47        this.realmMapping = realmMapping;
48     }
49     
50     public String   getName() { return "RunAsSecurityInterceptor"; }
51  
52     protected RunAsIdentity getRunAsIdentity(Invocation invocation)
53     {
54        RunAsIdentity identity = (RunAsIdentity)invocation.getMetaData("security", "run-as");
55        if (identity == null) identity = getAnnotationRunAsIdentity(invocation);
56        return identity;
57     }
58  
59     protected RunAsIdentity getAnnotationRunAsIdentity(Invocation invocation)
60     {
61        RunAs runAs = (RunAs) invocation.resolveAnnotation(RunAs.class);
62        if (runAs == null) return null;
63        RunAsIdentity runAsRole = new RunAsIdentity(runAs.value(), null);
64        return runAsRole;
65     }
66     public Object   invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable  
67     {
68        RunAsIdentity runAsRole = getRunAsIdentity(invocation);
69        // If a run-as role was specified, push it so that any calls made
70        // by this bean will have the runAsRole available for declarative
71        // security checks.
72        if(runAsRole != null)
73        {
74           SecurityActions.pushRunAsIdentity(runAsRole);
75        }
76       
77        try
78        {
79           return invocation.invokeNext();
80        }
81        finally
82        {
83           if(runAsRole != null)
84           {
85              SecurityActions.popRunAsIdentity();
86           }
87        }
88     }
89  }
90
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags