KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > jmx > connector > invoker > RolesAuthorization


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */

22 package org.jboss.jmx.connector.invoker;
23
24 import java.util.HashSet JavaDoc;
25 import java.util.Set JavaDoc;
26 import java.util.Iterator JavaDoc;
27 import java.security.Principal JavaDoc;
28 import java.security.acl.Group JavaDoc;
29
30 import javax.security.auth.Subject JavaDoc;
31
32 import org.jboss.security.SimplePrincipal;
33
34 /** A default authorization delegate used by the AuthorizationInterceptor. This
35  * looks for a hard coded JBossAdmin role in the current authenticated Subject.
36  *
37  * @author Scott.Stark@jboss.org
38  * @version $Revision: 37459 $
39  */

40 public class RolesAuthorization
41 {
42    private HashSet JavaDoc requiredRoles = new HashSet JavaDoc();
43
44    public RolesAuthorization()
45    {
46       requiredRoles.add(new SimplePrincipal("JBossAdmin"));
47    }
48    public void setRequiredRoles(HashSet JavaDoc requiredRoles)
49    {
50       this.requiredRoles = requiredRoles;
51    }
52    public void authorize(Principal JavaDoc caller, Subject JavaDoc subject,
53       String JavaDoc objectname, String JavaDoc opname)
54    {
55       Set JavaDoc groups = subject.getPrincipals(Group JavaDoc.class);
56       Group JavaDoc roles = null;
57       Iterator JavaDoc iter = groups.iterator();
58       while( iter.hasNext() )
59       {
60          Group JavaDoc grp = (Group JavaDoc) iter.next();
61          if( grp.getName().equals("Roles") )
62          {
63             roles = grp;
64             break;
65          }
66       }
67       if( roles == null )
68       {
69          throw new SecurityException JavaDoc("Subject has no Roles");
70       }
71
72       iter = requiredRoles.iterator();
73       boolean hasRole = false;
74       while( iter.hasNext() && hasRole == false )
75       {
76          Principal JavaDoc p = (Principal JavaDoc) iter.next();
77          hasRole = roles.isMember(p);
78       }
79       if( hasRole == false )
80       {
81          throw new SecurityException JavaDoc("Authorization failure, requiredRoles="+requiredRoles
82             +", callerRoles="+roles);
83       }
84    }
85 }
86
Popular Tags