|
1
22 package org.jboss.resource.security;
23
24 import java.security.AccessController  ;
25 import java.security.Principal ;
26 import java.security.PrivilegedAction ;
27 import java.security.acl.Group ;
28 import java.util.Iterator ;
29 import java.util.Set ;
30 import javax.resource.spi.ManagedConnectionFactory ;
31 import javax.resource.spi.security.PasswordCredential ;
32 import javax.security.auth.Subject ;
33
34 import org.jboss.security.SimpleGroup;
35
36
41 class SubjectActions
42 {
43 interface AddRolesActions
44 {
45 AddRolesActions PRIVILEGED = new AddRolesActions()
46 {
47 public void addRoles(final Subject subject, final Set roles)
48 {
49 AccessController.doPrivileged(new PrivilegedAction ()
50 {
51 public Object run()
52 {
53 addSubjectRoles(subject, roles);
54 return null;
55 }
56 });
57 }
58 };
59
60 AddRolesActions NON_PRIVILEGED = new AddRolesActions()
61 {
62 public void addRoles(final Subject subject, final Set roles)
63 {
64 addSubjectRoles(subject, roles);
65 }
66 };
67
68 void addRoles(Subject subject, Set roles);
69 }
70
71 static class AddCredentialsAction implements PrivilegedAction
72 {
73 Subject subject;
74 PasswordCredential cred;
75
76 AddCredentialsAction(Subject subject, PasswordCredential cred)
77 {
78 this.subject = subject;
79 this.cred = cred;
80 }
81
82 public Object run()
83 {
84 subject.getPrivateCredentials().add(cred);
85 return null;
86 }
87 }
88
89 static class AddPrincipalsAction implements PrivilegedAction
90 {
91 Subject subject;
92 Principal p;
93
94 AddPrincipalsAction(Subject subject, Principal p)
95 {
96 this.subject = subject;
97 this.p = p;
98 }
99
100 public Object run()
101 {
102 subject.getPrincipals().add(p);
103 return null;
104 }
105 }
106
107 static class RemoveCredentialsAction implements PrivilegedAction
108 {
109 Subject subject;
110 ManagedConnectionFactory mcf;
111
112 RemoveCredentialsAction(Subject subject, ManagedConnectionFactory mcf)
113 {
114 this.subject = subject;
115 this.mcf = mcf;
116 }
117
118 public Object run()
119 {
120 Iterator i = subject.getPrivateCredentials().iterator();
121 while (i.hasNext())
122 {
123 Object o = i.next();
124 if (o instanceof PasswordCredential )
125 {
126 PasswordCredential pc = (PasswordCredential ) o;
127 if (pc.getManagedConnectionFactory() == mcf)
128 i.remove();
129 }
130 }
131 return null;
132 }
133 }
134
135 static void addCredentials(Subject subject, PasswordCredential cred)
136 {
137 AddCredentialsAction action = new AddCredentialsAction(subject, cred);
138 AccessController.doPrivileged(action);
139 }
140
141 static void addPrincipals(Subject subject, Principal p)
142 {
143 AddPrincipalsAction action = new AddPrincipalsAction(subject, p);
144 AccessController.doPrivileged(action);
145 }
146
147 static void removeCredentials(Subject subject, ManagedConnectionFactory mcf)
148 {
149 RemoveCredentialsAction action = new RemoveCredentialsAction(subject, mcf);
150 AccessController.doPrivileged(action);
151 }
152
153 static void addRoles(Subject subject, Set runAsRoles)
154 {
155 if( System.getSecurityManager() != null )
156 {
157 AddRolesActions.PRIVILEGED.addRoles(subject, runAsRoles);
158 }
159 else
160 {
161 AddRolesActions.NON_PRIVILEGED.addRoles(subject, runAsRoles);
162 }
163 }
164
165 private static Group addSubjectRoles(Subject theSubject, Set roles)
166 {
167 Set subjectGroups = theSubject.getPrincipals(Group .class);
168 Iterator iter = subjectGroups.iterator();
169 Group roleGrp = null;
170 while (iter.hasNext())
171 {
172 Group grp = (Group ) iter.next();
173 String name = grp.getName();
174 if (name.equals("Roles"))
175 roleGrp = grp;
176 }
177
178 if (roleGrp == null)
180 {
181 roleGrp = new SimpleGroup("Roles");
182 theSubject.getPrincipals().add(roleGrp);
183 }
184
185 iter = roles.iterator();
186 while (iter.hasNext())
187 {
188 Principal role = (Principal ) iter.next();
189 roleGrp.addMember(role);
190 }
191 return roleGrp;
192 }
193
194 }
195 |
Popular Tags |
Java API By Example, From Geeks To Geeks.