KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > jmx > connector > invoker > AuthenticationInterceptor


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */

22 package org.jboss.jmx.connector.invoker;
23
24 import java.security.Principal JavaDoc;
25 import javax.naming.InitialContext JavaDoc;
26 import javax.security.auth.Subject JavaDoc;
27  
28 import org.jboss.mx.server.Invocation;
29 import org.jboss.mx.interceptor.AbstractInterceptor;
30 import org.jboss.mx.interceptor.Interceptor;
31 import org.jboss.security.SubjectSecurityManager;
32 import org.jboss.security.SecurityContext.SubjectInfo;
33 import org.jboss.security.plugins.JBossSecurityContext;
34
35
36 /** A security interceptor that requires an authorized user for invoke(Invocation)
37  * operation calls when the SecurityDomain and SecurityMgr attributes are
38  * specified. Access to attributes and the MBeanInfo are not intercepted.
39  *
40  * @see Interceptor
41  *
42  * @author <a HREF="mailto:juha@jboss.org">Juha Lindfors</a>.
43  * @author Scott.Stark@jboss.org
44  * @version $Revision: 56659 $
45  *
46  */

47 public final class AuthenticationInterceptor
48    extends AbstractInterceptor
49 {
50    private SubjectSecurityManager securityMgr;
51
52    public void setSecurityDomain(String JavaDoc securityDomain)
53       throws Exception JavaDoc
54    {
55       try
56       {
57          InitialContext JavaDoc ctx = new InitialContext JavaDoc();
58          securityMgr = (SubjectSecurityManager) ctx.lookup(securityDomain);
59       }
60       catch(Exception JavaDoc e)
61       {
62          
63       }
64       
65    }
66
67    /**
68     *
69     * @param invocation
70     * @return
71     * @throws Throwable
72     */

73    public Object JavaDoc invoke(Invocation invocation) throws Throwable JavaDoc
74    {
75       String JavaDoc type = invocation.getType();
76       Subject JavaDoc subject = null;
77       if( type == Invocation.OP_INVOKE && securityMgr != null )
78       {
79          String JavaDoc opName = invocation.getName();
80          if( opName.equals("invoke") )
81          {
82             Object JavaDoc[] args = invocation.getArgs();
83             org.jboss.invocation.Invocation inv = (org.jboss.invocation.Invocation) args[0];
84             // Authenticate the caller based on the security association
85
Principal JavaDoc caller = inv.getPrincipal();
86             Object JavaDoc credential = inv.getCredential();
87             subject = new Subject JavaDoc();
88             boolean isValid = securityMgr.isValid(caller, credential, subject);
89             if( isValid == false )
90             {
91                String JavaDoc msg = "Failed to authenticate principal="+caller
92                   +", securityDomain="+securityMgr.getSecurityDomain();
93                throw new SecurityException JavaDoc(msg);
94             
95             }
96             // Push the caller security context
97
SecurityActions.pushSubjectContext(caller, credential, subject);
98             //Establish the Security Context
99
establishSecurityContext(securityMgr.getSecurityDomain(), caller,
100                   credential, subject);
101          }
102       }
103
104       try
105       {
106          Interceptor i = invocation.nextInterceptor();
107          return i.invoke(invocation);
108       }
109       finally
110       {
111          // Don't leak the security context
112
if( subject != null )
113             SecurityActions.popSubjectContext();
114       }
115    }
116    // Security Context
117
private void establishSecurityContext(String JavaDoc domain, Principal JavaDoc p, Object JavaDoc cred,
118          Subject JavaDoc subject)
119    {
120       JBossSecurityContext jsc = new JBossSecurityContext(domain);
121       SubjectInfo si = jsc.new SubjectInfo();
122       si.setAuthenticatedSubject(subject);
123       si.setAuthenticationCredential(cred);
124       si.setAuthenticationPrincipal(p);
125       jsc.setSubjectInfo(si);
126       SecurityActions.setSecurityContext(jsc, domain);
127    }
128 }
129
Popular Tags