Java > Open Source Codes > org > jboss > aspects > security > SecurityActions


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.aspects.security;
23
24 import java.security.PrivilegedAction ;
25 import java.security.PrivilegedExceptionAction ;
26 import java.security.Principal ;
27 import java.security.AccessController ;
28 import java.security.PrivilegedActionException ;
29 import java.util.HashMap ;
30 import java.lang.reflect.UndeclaredThrowableException ;
31
32 import javax.security.auth.Subject ;
33 import javax.security.jacc.PolicyContext ;
34 import javax.security.jacc.PolicyContextException ;
35  
36 import org.jboss.logging.Logger;
37 import org.jboss.security.SecurityAssociation;
38 import org.jboss.security.RunAsIdentity;
39 import org.jboss.security.SecurityConstants;
40 import org.jboss.security.SecurityContext;
41 import org.jboss.security.SecurityContext.SubjectInfo;
42 import org.jboss.security.plugins.JBossSecurityContext;
43
44 /** A collection of privileged actions for this package
45  * @author Scott.Stark@jboss.org
46  * @author <a HREF="mailto:alex@jboss.org">Alexey Loubyansky</a>
47  * @version $Revison: $
48  */
49 class SecurityActions
50 {
51    private static final Logger log = Logger.getLogger(SecurityActions.class);
52    
53    interface PrincipalInfoAction
54    {
55       PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
56       {
57          public void push(final Principal principal, final Object credential,
58             final Subject subject)
59          {
60             AccessController.doPrivileged(
61                new PrivilegedAction ()
62                {
63                   public Object run()
64                   {
65                      SecurityAssociation.pushSubjectContext(subject, principal, credential);
66                      return null;
67                   }
68                }
69             );
70          }
71          public void pop()
72          {
73             AccessController.doPrivileged(
74                new PrivilegedAction ()
75                {
76                   public Object run()
77                   {
78                      SecurityAssociation.popSubjectContext();
79                      return null;
80                   }
81                }
82             );
83          }
84
85          public Principal getPrincipal()
86          {
87             return (Principal )AccessController.doPrivileged(
88                new PrivilegedAction ()
89                {
90                   public Object run()
91                   {
92                      return SecurityAssociation.getPrincipal();
93                   }
94                }
95             );
96          }
97
98          public void setPrincipal(final Principal principal)
99          {
100             AccessController.doPrivileged(
101                new PrivilegedAction ()
102                {
103                   public Object run()
104                   {
105                      SecurityAssociation.setPrincipal(principal);
106                      return null;
107                   }
108                }
109             );
110          }
111
112          public Principal getCallerPrincipal()
113          {
114             return (Principal )AccessController.doPrivileged(
115                new PrivilegedAction ()
116                {
117                   public Object run()
118                   {
119                      return SecurityAssociation.getCallerPrincipal();
120                   }
121                }
122             );
123          }
124
125          public Object getCredential()
126          {
127             return AccessController.doPrivileged(
128                new PrivilegedAction ()
129                {
130                   public Object run()
131                   {
132                      return SecurityAssociation.getCredential();
133                   }
134                }
135             );
136          }
137
138          public void setCredential(final Object credential)
139          {
140             AccessController.doPrivileged(
141                new PrivilegedAction ()
142                {
143                   public Object run()
144                   {
145                      SecurityAssociation.setCredential(credential);
146                      return null;
147                   }
148                }
149             );
150          }
151       };
152
153       PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
154       {
155          public void push(Principal principal, Object credential, Subject subject)
156          {
157             SecurityAssociation.pushSubjectContext(subject, principal, credential);
158          }
159          public void pop()
160          {
161             SecurityAssociation.popSubjectContext();
162          }
163          public Principal getPrincipal()
164          {
165             return SecurityAssociation.getPrincipal();
166          }
167          public void setPrincipal(Principal principal)
168          {
169             SecurityAssociation.setPrincipal(principal);
170          }
171          public Principal getCallerPrincipal()
172          {
173             return SecurityAssociation.getPrincipal();
174          }
175          public Object getCredential()
176          {
177             return SecurityAssociation.getCredential();
178          }
179          public void setCredential(Object credential)
180          {
181             SecurityAssociation.setCredential(credential);
182          }
183       };
184
185       void push(Principal principal, Object credential, Subject subject);
186       void pop();
187       Principal getPrincipal();
188       void setPrincipal(Principal principal);
189       Principal getCallerPrincipal();
190       Object getCredential();
191       void setCredential(Object credential);
192    }
193
194
195    interface RunAsIdentityActions
196    {
197       RunAsIdentityActions PRIVILEGED = new RunAsIdentityActions()
198       {
199          private final PrivilegedAction peekAction = new PrivilegedAction ()
200          {
201             public Object run()
202             {
203                return SecurityAssociation.peekRunAsIdentity();
204             }
205          };
206
207          private final PrivilegedAction popAction = new PrivilegedAction ()
208          {
209             public Object run()
210             {
211                return SecurityAssociation.popRunAsIdentity();
212             }
213          };
214
215          public RunAsIdentity peek()
216          {
217             return (RunAsIdentity)AccessController.doPrivileged(peekAction);
218          }
219
220          public void push(final RunAsIdentity id)
221          {
222             AccessController.doPrivileged(
223                new PrivilegedAction ()
224                {
225                   public Object run()
226                   {
227                      SecurityAssociation.pushRunAsIdentity(id);
228                      return null;
229                   }
230                }
231             );
232          }
233
234          public RunAsIdentity pop()
235          {
236             return (RunAsIdentity)AccessController.doPrivileged(popAction);
237          }
238       };
239
240       RunAsIdentityActions NON_PRIVILEGED = new RunAsIdentityActions()
241       {
242          public RunAsIdentity peek()
243          {
244             return SecurityAssociation.peekRunAsIdentity();
245          }
246
247          public void push(RunAsIdentity id)
248          {
249             SecurityAssociation.pushRunAsIdentity(id);
250          }
251
252          public RunAsIdentity pop()
253          {
254             return SecurityAssociation.popRunAsIdentity();
255          }
256       };
257
258       RunAsIdentity peek();
259
260       void push(RunAsIdentity id);
261
262       RunAsIdentity pop();
263    }
264
265    interface ContextInfoActions
266    {
267       static final String EX_KEY = "org.jboss.security.exception";
268       ContextInfoActions PRIVILEGED = new ContextInfoActions()
269       {
270          private final PrivilegedAction exAction = new PrivilegedAction ()
271          {
272             public Object run()
273             {
274                return SecurityAssociation.getContextInfo(EX_KEY);
275             }
276          };
277          public Exception getContextException()
278          {
279             return (Exception )AccessController.doPrivileged(exAction);
280          }
281       };
282
283       ContextInfoActions NON_PRIVILEGED = new ContextInfoActions()
284       {
285          public Exception getContextException()
286          {
287             return (Exception )SecurityAssociation.getContextInfo(EX_KEY);
288          }
289       };
290
291       Exception getContextException();
292    }
293
294    interface PolicyContextActions
295    {
296       /** The JACC PolicyContext key for the current Subject */
297       static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
298       PolicyContextActions PRIVILEGED = new PolicyContextActions()
299       {
300          private final PrivilegedExceptionAction exAction = new PrivilegedExceptionAction ()
301          {
302             public Object run() throws Exception
303             {
304                return (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
305             }
306          };
307          public Subject getContextSubject()
308             throws PolicyContextException
309          {
310             try
311             {
312                return (Subject ) AccessController.doPrivileged(exAction);
313             }
314             catch(PrivilegedActionException e)
315             {
316                Exception ex = e.getException();
317                if( ex instanceof PolicyContextException )
318                   throw (PolicyContextException ) ex;
319                else
320                   throw new UndeclaredThrowableException (ex);
321             }
322          }
323       };
324
325       PolicyContextActions NON_PRIVILEGED = new PolicyContextActions()
326       {
327          public Subject getContextSubject()
328             throws PolicyContextException
329          {
330             return (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
331          }
332       };
333
334       Subject getContextSubject()
335          throws PolicyContextException ;
336    }
337    
338    static ClassLoader getContextClassLoader()
339    {
340       return TCLAction.UTIL.getContextClassLoader();
341    }
342
343    static void setContextClassLoader(ClassLoader loader)
344    {
345       TCLAction.UTIL.setContextClassLoader(loader);
346    }
347
348    static Principal getCallerPrincipal()
349    {
350       if (System.getSecurityManager() == null)
351       {
352          return PrincipalInfoAction.NON_PRIVILEGED.getCallerPrincipal();
353       }
354       else
355       {
356          return PrincipalInfoAction.PRIVILEGED.getCallerPrincipal();
357       }
358    }
359
360    static Principal getPrincipal()
361    {
362       if (System.getSecurityManager() == null)
363       {
364          return PrincipalInfoAction.NON_PRIVILEGED.getPrincipal();
365       }
366       else
367       {
368          return PrincipalInfoAction.PRIVILEGED.getPrincipal();
369       }
370    }
371
372    static void setPrincipal(Principal principal)
373    {
374       if (System.getSecurityManager() == null)
375       {
376          PrincipalInfoAction.NON_PRIVILEGED.setPrincipal(principal);
377       }
378       else
379       {
380          PrincipalInfoAction.PRIVILEGED.setPrincipal(principal);
381       }
382    }
383
384    static Object getCredential()
385    {
386       if (System.getSecurityManager() == null)
387       {
388          return PrincipalInfoAction.NON_PRIVILEGED.getCredential();
389       }
390       else
391       {
392          return PrincipalInfoAction.PRIVILEGED.getCredential();
393       }
394    }
395    
396    static void setCredential(Object credential)
397    {
398       if (System.getSecurityManager() == null)
399       {
400          PrincipalInfoAction.NON_PRIVILEGED.setCredential(credential);
401       }
402       else
403       {
404          PrincipalInfoAction.PRIVILEGED.setCredential(credential);
405       }
406    }
407
408    static void pushSubjectContext(Principal principal, Object credential,
409       Subject subject)
410    {
411       if(System.getSecurityManager() == null)
412       {
413          PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject);
414       }
415       else
416       {
417          PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject);
418       }
419    }
420    static void popSubjectContext()
421    {
422       if(System.getSecurityManager() == null)
423       {
424          PrincipalInfoAction.NON_PRIVILEGED.pop();
425       }
426       else
427       {
428          PrincipalInfoAction.PRIVILEGED.pop();
429       }
430    }
431
432    static RunAsIdentity peekRunAsIdentity()
433    {
434       if(System.getSecurityManager() == null)
435       {
436          return RunAsIdentityActions.NON_PRIVILEGED.peek();
437       }
438       else
439       {
440          return RunAsIdentityActions.PRIVILEGED.peek();
441       }
442    }
443
444    static void pushRunAsIdentity(RunAsIdentity principal)
445    {
446       if(System.getSecurityManager() == null)
447       {
448          RunAsIdentityActions.NON_PRIVILEGED.push(principal);
449       }
450       else
451       {
452          RunAsIdentityActions.PRIVILEGED.push(principal);
453       }
454    }
455
456    static RunAsIdentity popRunAsIdentity()
457    {
458       if(System.getSecurityManager() == null)
459       {
460          return RunAsIdentityActions.NON_PRIVILEGED.pop();
461       }
462       else
463       {
464          return RunAsIdentityActions.PRIVILEGED.pop();
465       }
466    }
467
468    static Exception getContextException()
469    {
470       if(System.getSecurityManager() == null)
471       {
472          return ContextInfoActions.NON_PRIVILEGED.getContextException();
473       }
474       else
475       {
476          return ContextInfoActions.PRIVILEGED.getContextException();
477       }
478    }
479
480    static Subject getContextSubject()
481       throws PolicyContextException
482    {
483       if(System.getSecurityManager() == null)
484       {
485          return PolicyContextActions.NON_PRIVILEGED.getContextSubject();
486       }
487       else
488       {
489          return PolicyContextActions.PRIVILEGED.getContextSubject();
490       }
491    }
492
493    
494    
495    
496    
497    
498    interface TCLAction
499    {
500       class UTIL
501       {
502          static TCLAction getTCLAction()
503          {
504             return System.getSecurityManager() == null ? NON_PRIVILEGED : PRIVILEGED;
505          }
506
507          static ClassLoader getContextClassLoader()
508          {
509             return getTCLAction().getContextClassLoader();
510          }
511
512          static ClassLoader getContextClassLoader(Thread thread)
513          {
514             return getTCLAction().getContextClassLoader(thread);
515          }
516
517          static void setContextClassLoader(ClassLoader cl)
518          {
519             getTCLAction().setContextClassLoader(cl);
520          }
521
522          static void setContextClassLoader(Thread thread, ClassLoader cl)
523          {
524             getTCLAction().setContextClassLoader(thread, cl);
525          }
526       }
527
528       TCLAction NON_PRIVILEGED = new TCLAction()
529       {
530          public ClassLoader getContextClassLoader()
531          {
532             return Thread.currentThread().getContextClassLoader();
533          }
534
535          public ClassLoader getContextClassLoader(Thread thread)
536          {
537             return thread.getContextClassLoader();
538          }
539
540          public void setContextClassLoader(ClassLoader cl)
541          {
542             Thread.currentThread().setContextClassLoader(cl);
543          }
544
545          public void setContextClassLoader(Thread thread, ClassLoader cl)
546          {
547             thread.setContextClassLoader(cl);
548          }
549       };
550
551       TCLAction PRIVILEGED = new TCLAction()
552       {
553          private final PrivilegedAction getTCLPrivilegedAction = new PrivilegedAction ()
554          {
555             public Object run()
556             {
557                return Thread.currentThread().getContextClassLoader();
558             }
559          };
560
561          public ClassLoader getContextClassLoader()
562          {
563             return (ClassLoader )AccessController.doPrivileged(getTCLPrivilegedAction);
564          }
565
566          public ClassLoader getContextClassLoader(final Thread thread)
567          {
568             return (ClassLoader )AccessController.doPrivileged(new PrivilegedAction ()
569             {
570                public Object run()
571                {
572                   return thread.getContextClassLoader();
573                }
574             });
575          }
576
577          public void setContextClassLoader(final ClassLoader cl)
578          {
579             AccessController.doPrivileged(
580                new PrivilegedAction ()
581                {
582                   public Object run()
583                   {
584                      Thread.currentThread().setContextClassLoader(cl);
585                      return null;
586                   }
587                }
588             );
589          }
590
591          public void setContextClassLoader(final Thread thread, final ClassLoader cl)
592          {
593             AccessController.doPrivileged(
594                new PrivilegedAction ()
595                {
596                   public Object run()
597                   {
598                      thread.setContextClassLoader(cl);
599                      return null;
600                   }
601                }
602             );
603          }
604       };
605
606       ClassLoader getContextClassLoader();
607
608       ClassLoader getContextClassLoader(Thread thread);
609
610       void setContextClassLoader(ClassLoader cl);
611
612       void setContextClassLoader(Thread thread, ClassLoader cl);
613    }
614    
615    
616    private static class GetSecurityContextAction implements PrivilegedAction
617    {
618       private String securityDomain;
619       GetSecurityContextAction(String sd)
620       {
621          this.securityDomain = sd;
622       }
623       public Object run()
624       {
625          String sc = SecurityConstants.SECURITY_CONTEXT;
626          HashMap map = (HashMap )SecurityAssociation.getContextInfo(sc);
627          if(map == null)
628          {
629             map = new HashMap ();
630             SecurityAssociation.setContextInfo(sc, map);
631          }
632          SecurityAssociation.setContextInfo(sc, map);
633          return map.get(this.securityDomain);
634       }
635    }
636    
637    private static class SetSecurityContextAction implements PrivilegedAction
638    {
639       private SecurityContext securityContext;
640       private String securityDomain;
641       SetSecurityContextAction(SecurityContext sc, String sd)
642       {
643          this.securityContext = sc;
644          this.securityDomain = sd;
645       }
646       
647       public Object run()
648       {
649          String sc = SecurityConstants.SECURITY_CONTEXT;
650          HashMap map = (HashMap )SecurityAssociation.getContextInfo(sc);
651          if(map == null)
652          {
653             map = new HashMap ();
654             SecurityAssociation.setContextInfo(sc, map);
655          }
656          map.put(securityDomain, securityContext);
657          SecurityAssociation.setContextInfo(sc, map);
658          return null;
659       }
660    }
661    
662    private static class ClearSecurityContextAction implements PrivilegedAction
663    {
664       private String securityDomain;
665       ClearSecurityContextAction(String sd)
666       {
667          this.securityDomain = sd;
668       }
669       public Object run()
670       {
671          String sc = SecurityConstants.SECURITY_CONTEXT;
672          HashMap map = (HashMap )SecurityAssociation.getContextInfo(sc);
673          if(map == null)
674          {
675             map = new HashMap ();
676             SecurityAssociation.setContextInfo(sc, map);
677          }
678          if(map.containsKey(securityDomain))
679             map.remove(securityDomain);
680          
681          SecurityAssociation.setContextInfo(sc, map);
682          return null;
683       }
684    }
685
686    static void clearSecurityContext(String securityDomain)
687    {
688       ClearSecurityContextAction action = new ClearSecurityContextAction(securityDomain);
689       AccessController.doPrivileged(action);
690    }
691    
692    static SecurityContext getSecurityContext(String securityDomain)
693    {
694       GetSecurityContextAction action = new GetSecurityContextAction(securityDomain);
695       return (SecurityContext)AccessController.doPrivileged(action);
696    }
697    
698    static void setSecurityContext(SecurityContext sc, String securityDomain)
699    {
700       SetSecurityContextAction action = new SetSecurityContextAction(sc,securityDomain);
701       AccessController.doPrivileged(action);
702    }
703    
704    static void establishSecurityContext(String domain, Principal p, Object cred,
705          Subject subject)
706    {
707       JBossSecurityContext jsc = new JBossSecurityContext(domain);
708       SubjectInfo si = jsc.new SubjectInfo();
709       si.setAuthenticatedSubject(subject);
710       si.setAuthenticationCredential(cred);
711       si.setAuthenticationPrincipal(p);
712       jsc.setSubjectInfo(si);
713       SecurityActions.setSecurityContext(jsc, domain);
714    }
715    
716 }
717

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags