1 7 8 10 package org.jboss.net.axis.server; 11 12 import org.jboss.axis.AxisFault; 13 import org.jboss.axis.MessageContext; 14 import org.jboss.axis.handlers.BasicHandler; 15 import org.jboss.security.AnybodyPrincipal; 16 import org.jboss.security.NobodyPrincipal; 17 import org.jboss.security.RealmMapping; 18 import org.jboss.security.SimplePrincipal; 19 20 import javax.naming.InitialContext ; 21 import javax.naming.NamingException ; 22 import javax.security.auth.Subject ; 23 import java.security.Principal ; 24 import java.util.Collection ; 25 import java.util.Collections ; 26 import java.util.Iterator ; 27 import java.util.Set ; 28 import java.util.StringTokenizer ; 29 30 50 51 public class JBossAuthorizationHandler extends BasicHandler 52 { 53 54 58 59 protected RealmMapping realmMapping; 60 61 final protected Set rolesAllowed = new java.util.HashSet (); 62 63 final protected Set rolesDenied = new java.util.HashSet (); 64 65 protected boolean isInitialised; 66 67 71 public JBossAuthorizationHandler() 72 { 73 } 74 75 79 80 protected void initialise() throws AxisFault 81 { 82 isInitialised = true; 84 realmMapping = null; 85 String securityDomain = (String )getOption(Constants.SECURITY_DOMAIN_OPTION); 86 if (securityDomain != null) 87 { 88 try 89 { 90 realmMapping = 91 (RealmMapping)new InitialContext ().lookup(securityDomain); 92 } 93 catch (NamingException e) 94 { 95 throw new AxisFault("Could not lookup security domain " + securityDomain, e); 96 } 97 } 98 99 String allowedRoles = (String )getOption(Constants.ALLOWED_ROLES_OPTION); 101 102 if (allowedRoles == null) 104 { 105 allowedRoles = "*"; 106 } 107 108 StringTokenizer tokenizer = new StringTokenizer (allowedRoles, ","); 109 while (tokenizer.hasMoreTokens()) 110 { 111 rolesAllowed.add(getPrincipal(tokenizer.nextToken())); 112 } 113 114 String deniedRoles = (String )getOption(Constants.DENIED_ROLES_OPTION); 115 if (deniedRoles != null) 116 { 117 tokenizer = new StringTokenizer (deniedRoles, ","); 118 while (tokenizer.hasMoreTokens()) 119 { 120 rolesDenied.add(getPrincipal(tokenizer.nextToken())); 121 } 122 } 123 } 124 125 129 protected Principal getPrincipal(String userName) 130 { 131 if (userName.equals("*")) 132 { 133 return AnybodyPrincipal.ANYBODY_PRINCIPAL; 134 } 135 else 136 { 137 return new SimplePrincipal(userName); 138 } 139 } 140 141 144 protected Collection getAssociatedPrincipals(MessageContext msgContext) 145 { 146 Subject activeSubject = 148 (Subject )msgContext.getProperty(MessageContext.AUTHUSER); 149 if (activeSubject == null) 150 { 151 return Collections.singleton(NobodyPrincipal.NOBODY_PRINCIPAL); 152 } 153 else 154 { 155 return activeSubject.getPrincipals(); 156 } 157 } 158 159 160 protected boolean doesUserHaveRole(Principal principal, Set roles) 161 { 162 return realmMapping.doesUserHaveRole(principal, roles); 163 } 164 165 169 175 176 public void invoke(MessageContext msgContext) throws AxisFault 177 { 178 179 if (!isInitialised) 181 { 182 synchronized (this) 183 { 184 if (!isInitialised) 185 { 186 initialise(); 187 } 188 } 189 } 190 191 if (realmMapping == null) 193 { 194 throw new AxisFault("No security domain associated."); 195 } 196 197 Iterator allPrincipals = getAssociatedPrincipals(msgContext).iterator(); 198 boolean accessAllowed = false; 199 while (allPrincipals.hasNext()) 200 { 201 Principal nextPrincipal = (Principal)allPrincipals.next(); 202 if (doesUserHaveRole(nextPrincipal, rolesDenied)) 204 { 205 accessAllowed = false; 206 break; 207 } 209 else if (!accessAllowed && doesUserHaveRole(nextPrincipal, rolesAllowed)) 210 { 211 accessAllowed = true; 212 } 213 } 214 215 if (!accessAllowed) 216 { 217 throw new AxisFault("Access denied."); 218 } 219 } 220 } | Popular Tags |