1 22 package org.jboss.jmx.connector.invoker; 23 24 import java.lang.reflect.InvocationTargetException ; 25 import java.lang.reflect.Method ; 26 import java.lang.reflect.UndeclaredThrowableException ; 27 import java.security.Principal ; 28 import javax.management.ObjectName ; 29 import javax.security.auth.Subject ; 30 31 import org.jboss.mx.interceptor.AbstractInterceptor; 32 import org.jboss.mx.interceptor.Interceptor; 33 import org.jboss.mx.server.Invocation; 34 35 51 public class AuthorizationInterceptor extends AbstractInterceptor 52 { 53 private Object authenticator = null; 54 private Method authorize; 55 56 public AuthorizationInterceptor() 57 { 58 super(); 59 try 61 { 62 setAuthorizingClass(RolesAuthorization.class); 63 } 64 catch(Exception e) 65 { 66 } 68 } 69 70 76 public void setAuthorizingClass(Class clazz) 77 throws Exception 78 { 79 authenticator = clazz.newInstance(); 80 log.debug("Loaded authenticator: "+authenticator); 81 Class [] sig = {Principal .class, Subject .class, String .class, String .class}; 82 authorize = clazz.getMethod("authorize", sig); 83 log.debug("Found authorize(Principal, Subject, String, String)"); 84 } 85 86 92 public Object invoke(Invocation invocation) throws Throwable 93 { 94 String type = invocation.getType(); 95 if (type == Invocation.OP_INVOKE) 96 { 97 String opName = invocation.getName(); 98 if (opName.equals("invoke")) 99 { 100 Object [] args = invocation.getArgs(); 101 org.jboss.invocation.Invocation inv = (org.jboss.invocation.Invocation) args[0]; 102 Principal caller = inv.getPrincipal(); 104 Object [] obj = inv.getArguments(); 106 if(obj != null && obj.length > 1) 108 { 109 ObjectName objname = (ObjectName ) obj[0]; 110 String opname = (String ) obj[1]; 111 112 try 113 { 114 checkAuthorization(caller, objname.getCanonicalName(), opname); 115 } 116 catch(SecurityException e) 117 { 118 throw e; 119 } 120 catch(Exception e) 121 { 122 String msg = "Failed to authorize principal=" + caller 123 + ",MBean=" + objname + ", Operation=" + opname; 124 SecurityException ex = new SecurityException (msg); 125 ex.initCause(e); 126 throw ex; 127 } 128 } 129 } 130 } 131 132 Interceptor i = invocation.nextInterceptor(); 133 return i.invoke(invocation); 134 } 135 136 144 private void checkAuthorization(Principal caller, String objname, String opname) 145 throws Exception 146 { 147 Subject subject = SecurityActions.getActiveSubject(); 149 if( subject == null ) 150 throw new SecurityException ("No active Subject found, add th AuthenticationInterceptor"); 151 152 try 154 { 155 Object [] args = {caller, subject, objname, opname}; 156 authorize.invoke(authenticator, args); 157 } 158 catch(InvocationTargetException e) 159 { 160 Throwable t = e.getTargetException(); 161 if( t instanceof Exception ) 162 throw (Exception ) t; 163 else 164 throw new UndeclaredThrowableException (t); 165 } 166 } 167 } 168 | Popular Tags |