SecurityActions


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.ejb;
23  
24  import java.lang.reflect.InvocationHandler  ;
25  import java.lang.reflect.Method  ;
26  import java.lang.reflect.Proxy  ;
27  import java.lang.reflect.UndeclaredThrowableException  ;
28  import java.security.AccessController  ;
29  import java.security.Principal  ;
30  import java.security.PrivilegedAction  ;
31  import java.security.PrivilegedActionException  ;
32  import java.security.PrivilegedExceptionAction  ;
33  
34  import javax.management.MBeanServer  ;
35  import javax.management.ObjectName  ;
36  import javax.security.auth.Subject  ;
37  import javax.security.jacc.PolicyContext  ;
38  import javax.security.jacc.PolicyContextException  ;
39  
40  import org.jboss.mx.util.MBeanProxy; 
41  import org.jboss.security.RunAsIdentity;
42  import org.jboss.security.SecurityAssociation;
43  
44  /** A collection of privileged actions for this package
45   * 
46   * @author Scott.Stark@jboss.org
47   * @author Anil.Saldhana@jboss.org
48   * @version $Revison:$
49   */
50  class SecurityActions
51  {
52     private static class SetContextID implements PrivilegedAction  
53     {
54        String   contextID;
55        SetContextID(String   contextID)
56        {
57           this.contextID = contextID;
58        }
59        public Object   run()
60        {
61           String   previousID = PolicyContext.getContextID();
62           PolicyContext.setContextID(contextID);
63           return previousID;
64        }
65     }
66  
67     private static class PeekRunAsRoleAction implements PrivilegedAction  
68     {
69        int depth;
70        PeekRunAsRoleAction(int depth)
71        {
72           this.depth = depth;
73        }
74        public Object   run()
75        {
76           RunAsIdentity principal = SecurityAssociation.peekRunAsIdentity(depth);
77           return principal;
78        }
79     }
80  
81     /**
82      * Wrap the MBeanProxy proxy in a priviledged action so that method
83      * dispatch is done from a PrivilegedExceptionAction
84      */
85     private static class MBeanProxyAction implements PrivilegedExceptionAction  
86     {
87        Class   iface;
88        ObjectName   name;
89        MBeanServer   server;
90  
91        MBeanProxyAction(Class   iface, ObjectName   name, MBeanServer   server)
92        {
93           this.iface = iface;
94           this.name = name;
95           this.server = server;
96        }
97        public Object   run() throws Exception  
98        {
99           Object   proxy = MBeanProxy.get(iface, name, server);
100          Class  [] ifaces = {iface};
101          InvocationHandler   secureHandler = new InvocationHandlerAction(proxy);
102          Object   secureProxy = Proxy.newProxyInstance(iface.getClassLoader(), ifaces, secureHandler);
103          return secureProxy;
104       }
105    }
106 
107    private static class InvocationHandlerAction
108       implements InvocationHandler  , PrivilegedExceptionAction  
109    {
110       private Method   method;
111       private Object  [] args;
112       private Object   mbean;
113       private InvocationHandlerAction(Object   mbean)
114       {
115          this.mbean = mbean;
116       }
117       public Object   invoke(Object   proxy, Method   method, Object  [] args)
118          throws Throwable  
119       {
120          this.method = method;
121          this.args = args;
122          Object   value;
123          try
124          {
125             value = AccessController.doPrivileged(this);
126          }
127          catch(PrivilegedActionException   e)
128          {
129             throw e.getException();
130          }
131          return value;
132       }
133       public Object   run() throws Exception  
134       {
135          Object   value = method.invoke(mbean, args);
136          return value;
137       }
138    }
139 
140    static Object   getMBeanProxy(Class   iface, ObjectName   name, MBeanServer   server)
141       throws Exception  
142    {
143       Object   proxy;
144       if( System.getSecurityManager() == null )
145       {
146          proxy = MBeanProxy.get(iface, name, server);
147       }
148       else
149       {
150          MBeanProxyAction action = new MBeanProxyAction(iface, name, server);
151          proxy = AccessController.doPrivileged(action);
152       }
153       return proxy;
154    }
155    static ClassLoader   getContextClassLoader()
156    {
157       return TCLAction.UTIL.getContextClassLoader();
158    }
159 
160    static ClassLoader   getContextClassLoader(Thread   thread)
161    {
162       return TCLAction.UTIL.getContextClassLoader(thread);
163    }
164 
165    static void setContextClassLoader(ClassLoader   loader)
166    {
167       TCLAction.UTIL.setContextClassLoader(loader);
168    }
169 
170    static void setContextClassLoader(Thread   thread, ClassLoader   loader)
171    {
172       TCLAction.UTIL.setContextClassLoader(thread, loader);
173    }
174 
175    static String   setContextID(String   contextID)
176    {
177       PrivilegedAction   action = new SetContextID(contextID);
178       String   previousID = (String  ) AccessController.doPrivileged(action);
179       return previousID;
180    }
181    static RunAsIdentity peekRunAsIdentity(int depth)
182    {
183       PrivilegedAction   action = new PeekRunAsRoleAction(depth);
184       RunAsIdentity principal = (RunAsIdentity) AccessController.doPrivileged(action);
185       return principal;
186    }
187 
188    static Principal   getCallerPrincipal()
189    {
190       return IdentityAction.UTIL.getIdentityAction().getCallerPrincipal();
191    }
192 
193    interface IdentityAction
194    {
195       class UTIL
196       {
197          static IdentityAction getIdentityAction()
198          {
199             return System.getSecurityManager() == null ? NON_PRIVILEGED : PRIVILEGED;
200          }
201       }
202       IdentityAction NON_PRIVILEGED = new IdentityAction()
203       {
204          public Principal   getCallerPrincipal()
205          {
206             return SecurityAssociation.getCallerPrincipal();
207          }
208       };
209       IdentityAction PRIVILEGED = new IdentityAction()
210       {
211          private final PrivilegedAction   getCallerPrincipalAction = new PrivilegedAction  ()
212          {
213             public Object   run()
214             {
215                return SecurityAssociation.getCallerPrincipal();
216             }
217          };
218          public Principal   getCallerPrincipal()
219          {
220             return (Principal  )AccessController.doPrivileged(getCallerPrincipalAction);
221          }
222       };
223 
224       Principal   getCallerPrincipal();
225    }
226 
227    interface TCLAction
228    {
229       class UTIL
230       {
231          static TCLAction getTCLAction()
232          {
233             return System.getSecurityManager() == null ? NON_PRIVILEGED : PRIVILEGED;
234          }
235 
236          static ClassLoader   getContextClassLoader()
237          {
238             return getTCLAction().getContextClassLoader();
239          }
240 
241          static ClassLoader   getContextClassLoader(Thread   thread)
242          {
243             return getTCLAction().getContextClassLoader(thread);
244          }
245 
246          static void setContextClassLoader(ClassLoader   cl)
247          {
248             getTCLAction().setContextClassLoader(cl);
249          }
250 
251          static void setContextClassLoader(Thread   thread, ClassLoader   cl)
252          {
253             getTCLAction().setContextClassLoader(thread, cl);
254          }
255       }
256 
257       TCLAction NON_PRIVILEGED = new TCLAction()
258       {
259          public ClassLoader   getContextClassLoader()
260          {
261             return Thread.currentThread().getContextClassLoader();
262          }
263 
264          public ClassLoader   getContextClassLoader(Thread   thread)
265          {
266             return thread.getContextClassLoader();
267          }
268 
269          public void setContextClassLoader(ClassLoader   cl)
270          {
271             Thread.currentThread().setContextClassLoader(cl);
272          }
273 
274          public void setContextClassLoader(Thread   thread, ClassLoader   cl)
275          {
276             thread.setContextClassLoader(cl);
277          }
278       };
279 
280       TCLAction PRIVILEGED = new TCLAction()
281       {
282          private final PrivilegedAction   getTCLPrivilegedAction = new PrivilegedAction  ()
283          {
284             public Object   run()
285             {
286                return Thread.currentThread().getContextClassLoader();
287             }
288          };
289 
290          public ClassLoader   getContextClassLoader()
291          {
292             return (ClassLoader  )AccessController.doPrivileged(getTCLPrivilegedAction);
293          }
294 
295          public ClassLoader   getContextClassLoader(final Thread   thread)
296          {
297             return (ClassLoader  )AccessController.doPrivileged(new PrivilegedAction  ()
298             {
299                public Object   run()
300                {
301                   return thread.getContextClassLoader();
302                }
303             });
304          }
305 
306          public void setContextClassLoader(final ClassLoader   cl)
307          {
308             AccessController.doPrivileged(
309                new PrivilegedAction  ()
310                {
311                   public Object   run()
312                   {
313                      Thread.currentThread().setContextClassLoader(cl);
314                      return null;
315                   }
316                }
317             );
318          }
319 
320          public void setContextClassLoader(final Thread   thread, final ClassLoader   cl)
321          {
322             AccessController.doPrivileged(
323                new PrivilegedAction  ()
324                {
325                   public Object   run()
326                   {
327                      thread.setContextClassLoader(cl);
328                      return null;
329                   }
330                }
331             );
332          }
333       };
334 
335       ClassLoader   getContextClassLoader();
336 
337       ClassLoader   getContextClassLoader(Thread   thread);
338 
339       void setContextClassLoader(ClassLoader   cl);
340 
341       void setContextClassLoader(Thread   thread, ClassLoader   cl);
342    }
343    
344    interface PolicyContextActions 
345    { 
346       /** The JACC PolicyContext key for the current Subject */ 
347       static final String   SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container"; 
348       PolicyContextActions PRIVILEGED = new PolicyContextActions() 
349       { 
350          private final PrivilegedExceptionAction   exAction = new PrivilegedExceptionAction  () 
351          { 
352             public Object   run() throws Exception   
353             { 
354                return (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY); 
355             } 
356          }; 
357          public Subject   getContextSubject() 
358          throws PolicyContextException   
359          { 
360             try 
361             { 
362                return (Subject  ) AccessController.doPrivileged(exAction); 
363             } 
364             catch(PrivilegedActionException   e) 
365             { 
366                Exception   ex = e.getException(); 
367                if( ex instanceof PolicyContextException   ) 
368                   throw (PolicyContextException  ) ex; 
369                else 
370                   throw new UndeclaredThrowableException  (ex); 
371             } 
372          } 
373       }; 
374 
375       PolicyContextActions NON_PRIVILEGED = new PolicyContextActions() 
376       { 
377          public Subject   getContextSubject() 
378          throws PolicyContextException   
379          { 
380             return (Subject  ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY); 
381          } 
382       }; 
383 
384       Subject   getContextSubject() 
385       throws PolicyContextException  ; 
386    } 
387 
388    static Subject   getContextSubject() 
389    
390    throws PolicyContextException   
391    { 
392       if(System.getSecurityManager() == null) 
393       { 
394          return PolicyContextActions.NON_PRIVILEGED.getContextSubject(); 
395       } 
396       else 
397       { 
398          return PolicyContextActions.PRIVILEGED.getContextSubject(); 
399       }    
400    } 
401 }
402
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags