KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > jmx > connector > invoker > AuthorizationInterceptor


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.jmx.connector.invoker;
23
24 import java.lang.reflect.InvocationTargetException JavaDoc;
25 import java.lang.reflect.Method JavaDoc;
26 import java.lang.reflect.UndeclaredThrowableException JavaDoc;
27 import java.security.Principal JavaDoc;
28 import javax.management.ObjectName JavaDoc;
29 import javax.security.auth.Subject JavaDoc;
30
31 import org.jboss.mx.interceptor.AbstractInterceptor;
32 import org.jboss.mx.interceptor.Interceptor;
33 import org.jboss.mx.server.Invocation;
34
35 /**
36  * An Interceptor that aids in providing Authorization to JMX Invocations
37  * at an MBean Operations level. This must be placed after the
38  * AuthenticationInterceptor to ensure a valid caller context exists
39  *
40  * String msg = "Define your own class which has a method authorize with signature";
41          msg += "public void authorize( Principal caller, Subject subject,
42  String objectname,String opname)";
43          msg += ". And replace " + azclassname + " its name";
44  
45  * @see AuthenticationInterceptor
46  *
47  * @author <mailto:Anil.Saldhana@jboss.org>Anil Saldhana
48  * @author Scott.Stark@jboss.org
49  * @version $Revision: 55395 $
50  */
51 public class AuthorizationInterceptor extends AbstractInterceptor
52 {
53    private Object JavaDoc authenticator = null;
54    private Method JavaDoc authorize;
55
56    public AuthorizationInterceptor()
57    {
58       super();
59       // Install the default
60 try
61       {
62          setAuthorizingClass(RolesAuthorization.class);
63       }
64       catch(Exception JavaDoc e)
65       {
66          // Can't happen
67 }
68    }
69
70    /**
71     * The Authorizing class must have a method called
72     * public Boolean authorize( Principal caller, String mbean,String opname )
73     *
74     * @param clazz
75     */
76    public void setAuthorizingClass(Class JavaDoc clazz)
77       throws Exception JavaDoc
78    {
79       authenticator = clazz.newInstance();
80       log.debug("Loaded authenticator: "+authenticator);
81       Class JavaDoc[] sig = {Principal JavaDoc.class, Subject JavaDoc.class, String JavaDoc.class, String JavaDoc.class};
82       authorize = clazz.getMethod("authorize", sig);
83       log.debug("Found authorize(Principal, Subject, String, String)");
84    }
85
86    /**
87     * Intercept the invoke(Invocation) operations
88     * @param invocation
89     * @return
90     * @throws Throwable
91     */
92    public Object JavaDoc invoke(Invocation invocation) throws Throwable JavaDoc
93    {
94       String JavaDoc type = invocation.getType();
95       if (type == Invocation.OP_INVOKE)
96       {
97          String JavaDoc opName = invocation.getName();
98          if (opName.equals("invoke"))
99          {
100             Object JavaDoc[] args = invocation.getArgs();
101             org.jboss.invocation.Invocation inv = (org.jboss.invocation.Invocation) args[0];
102             // Authenticate the caller based on the security association
103 Principal JavaDoc caller = inv.getPrincipal();
104             //Get the Method Name
105 Object JavaDoc[] obj = inv.getArguments();
106             //Ignore calls like MBeanCount or getMBeanInfo
107 if(obj != null && obj.length > 1)
108             {
109                ObjectName JavaDoc objname = (ObjectName JavaDoc) obj[0];
110                String JavaDoc opname = (String JavaDoc) obj[1];
111
112                try
113                {
114                   checkAuthorization(caller, objname.getCanonicalName(), opname);
115                }
116                catch(SecurityException JavaDoc e)
117                {
118                   throw e;
119                }
120                catch(Exception JavaDoc e)
121                {
122                   String JavaDoc msg = "Failed to authorize principal=" + caller
123                      + ",MBean=" + objname + ", Operation=" + opname;
124                   SecurityException JavaDoc ex = new SecurityException JavaDoc(msg);
125                   ex.initCause(e);
126                   throw ex;
127                }
128             }
129          }
130       }
131
132       Interceptor i = invocation.nextInterceptor();
133       return i.invoke(invocation);
134    }
135
136    /**
137     * Method that delegates authorization to the custom class
138     *
139     * @param caller
140     * @param objname
141     * @param opname
142     * @throws Exception - A SecurityException on authorization failure
143     */
144    private void checkAuthorization(Principal JavaDoc caller, String JavaDoc objname, String JavaDoc opname)
145       throws Exception JavaDoc
146    {
147       // Get the active Subject
148 Subject JavaDoc subject = SecurityActions.getActiveSubject();
149       if( subject == null )
150          throw new SecurityException JavaDoc("No active Subject found, add th AuthenticationInterceptor");
151
152       //We will try to use the authorizing class
153 try
154       {
155          Object JavaDoc[] args = {caller, subject, objname, opname};
156          authorize.invoke(authenticator, args);
157       }
158       catch(InvocationTargetException JavaDoc e)
159       {
160          Throwable JavaDoc t = e.getTargetException();
161          if( t instanceof Exception JavaDoc )
162             throw (Exception JavaDoc) t;
163          else
164             throw new UndeclaredThrowableException JavaDoc(t);
165       }
166    }
167 }
168
Popular Tags