RunAsSecurityInterceptor


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.ejb.plugins;
23  
24  import org.jboss.ejb.Container;
25  import org.jboss.invocation.Invocation;
26  import org.jboss.metadata.ApplicationMetaData;
27  import org.jboss.metadata.AssemblyDescriptorMetaData;
28  import org.jboss.metadata.BeanMetaData;
29  import org.jboss.metadata.SecurityIdentityMetaData;
30  import org.jboss.security.RunAsIdentity;
31  
32  import java.util.Set  ;
33  
34  /**
35   * An interceptor that enforces the run-as identity declared by a bean.
36   *
37   * @author <a HREF="mailto:Scott.Stark@jboss.org">Scott Stark</a>.
38   * @author <a HREF="mailto:Thomas.Diesler@jboss.org">Thomas Diesler</a>.
39   * @version $Revision: 37459 $
40   */
41  public class RunAsSecurityInterceptor extends AbstractInterceptor
42  {
43     protected RunAsIdentity runAsIdentity;
44  
45     public RunAsSecurityInterceptor()
46     {
47     }
48  
49     /**
50      * Called by the super class to set the container to which this interceptor
51      * belongs. We obtain the security manager and runAs identity to use here.
52      */
53     public void setContainer(Container container)
54     {
55        super.setContainer(container);
56        if (container != null)
57        {
58           BeanMetaData beanMetaData = container.getBeanMetaData();
59           ApplicationMetaData application = beanMetaData.getApplicationMetaData();
60           AssemblyDescriptorMetaData assemblyDescriptor = application.getAssemblyDescriptor();
61  
62           SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData();
63           if (secMetaData != null && secMetaData.getUseCallerIdentity() == false)
64           {
65              String   roleName = secMetaData.getRunAsRoleName();
66              String   principalName = secMetaData.getRunAsPrincipalName();
67              if( principalName == null )
68                 principalName = application.getUnauthenticatedPrincipal();
69              // the run-as principal might have extra roles mapped in the assembly-descriptor
70              Set   extraRoleNames = assemblyDescriptor.getSecurityRoleNamesByPrincipal(principalName);
71              runAsIdentity = new RunAsIdentity(roleName, principalName, extraRoleNames);
72           }
73        }
74     }
75  
76     // Container implementation --------------------------------------
77     public void start() throws Exception  
78     {
79        super.start();
80     }
81  
82     public Object   invokeHome(Invocation mi) throws Exception  
83     {
84        /* If a run-as role was specified, push it so that any calls made
85         by this bean will have the runAsRole available for declarative
86         security checks.
87        */
88        SecurityActions.pushRunAsIdentity(runAsIdentity);
89        try
90        {
91           Object   returnValue = getNext().invokeHome(mi);
92           return returnValue;
93        }
94        finally
95        {
96           SecurityActions.popRunAsIdentity();
97        }
98     }
99  
100    public Object   invoke(Invocation mi) throws Exception  
101    {
102       /* If a run-as role was specified, push it so that any calls made
103        by this bean will have the runAsRole available for declarative
104        security checks.
105       */
106       SecurityActions.pushRunAsIdentity(runAsIdentity);
107       try
108       {
109          Object   returnValue = getNext().invoke(mi);
110          return returnValue;
111       }
112       finally
113       {
114          SecurityActions.popRunAsIdentity();
115       }
116    }
117 
118 }
119
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags