KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > security > jacc > SecurityService


1 /*
2  * JBoss, the OpenSource J2EE webOS
3  *
4  * Distributable under LGPL license.
5  * See terms of license at gnu.org.
6  *
7  */
8 package org.jboss.security.jacc;
9
10 import java.security.Policy JavaDoc;
11 import java.security.PrivilegedAction JavaDoc;
12 import java.security.AccessController JavaDoc;
13 import java.lang.reflect.Constructor JavaDoc;
14
15 import javax.management.MBeanServer JavaDoc;
16 import javax.management.ObjectName JavaDoc;
17 import javax.security.jacc.PolicyContext JavaDoc;
18
19 import org.jboss.logging.Logger;
20
21 /** The SecurityService installs a java.security.Policy implementation that
22  * handles the JACC permission checks. The Policy provider can be done using the
23  * standard javax.security.jacc.policy.provider system property, or by setting
24  * the PolicyName attribute to an mbean which supports a Policy attribute of
25  * type java.security.Policy.
26  *
27  * @author Scott.Stark@jboss.org
28  * @version $Revision: 1.6.4.2 $
29  */
30 public class SecurityService
31 {
32    /** The system property name for the Policy implementation class */
33    private static final String JavaDoc JACC_POLICY_PROVIDER = "javax.security.jacc.policy.provider";
34    private static final Logger log = Logger.getLogger(SecurityService.class);
35
36    /** The startup Policy.getPolicy() value */
37    private Policy JavaDoc oldPolicy;
38    /** The JACC_POLICY_PROVIDER Policy implementation */
39    private Policy JavaDoc jaccPolicy;
40    /** The mbean name to use if we should register the jaccPolicy as an mbean */
41    private ObjectName JavaDoc policyName;
42
43    /** The attribute name on policyName used to obtain the Policy impl */
44    private String JavaDoc policyAttributeName = "Policy";
45    private MBeanServer JavaDoc server;
46
47    public ObjectName JavaDoc getPolicyName()
48    {
49       return policyName;
50    }
51    public void setPolicyName(ObjectName JavaDoc policyName)
52    {
53       this.policyName = policyName;
54    }
55
56    public String JavaDoc getPolicyAttributeName()
57    {
58       return policyAttributeName;
59    }
60    public void setPolicyAttributeName(String JavaDoc policyAttributeName)
61    {
62       this.policyAttributeName = policyAttributeName;
63    }
64
65    public MBeanServer JavaDoc getMBeanServer()
66    {
67       return server;
68    }
69    public void setMBeanServer(MBeanServer JavaDoc server)
70    {
71       this.server = server;
72    }
73
74    /**
75     * The following permissions are required:
76     * java.security.SecurityPermission("getPolicy")
77     * java.security.SecurityPermission("setPolicy")
78     *
79     * @throws Exception
80     */
81    public void start() throws Exception JavaDoc
82    {
83       // Get the current Policy impl
84 oldPolicy = Policy.getPolicy();
85
86       // If the policy is an mbean, first see if it already exists
87 if( server != null && policyName != null && server.isRegistered(policyName) )
88       {
89          // Get the Policy from the mbean
90 try
91          {
92             jaccPolicy = (Policy JavaDoc) server.getAttribute(policyName, policyAttributeName);
93          }
94          catch(Exception JavaDoc e)
95          {
96             log.warn("Failed to get " + policyAttributeName
97                + " attribute from: " + policyName, e);
98          }
99       }
100
101       // Use the provider system property if there is no policy
102 if( jaccPolicy == null )
103       {
104          String JavaDoc provider = getProperty(JACC_POLICY_PROVIDER,
105             "org.jboss.security.jacc.DelegatingPolicy");
106          ClassLoader JavaDoc loader = Thread.currentThread().getContextClassLoader();
107          Class JavaDoc providerClass = loader.loadClass(provider);
108          try
109          {
110             // Look for a ctor(Policy) signature
111 Class JavaDoc[] ctorSig = {Policy JavaDoc.class};
112             Constructor JavaDoc ctor = providerClass.getConstructor(ctorSig);
113             Object JavaDoc[] ctorArgs = {oldPolicy};
114             jaccPolicy = (Policy JavaDoc) ctor.newInstance(ctorArgs);
115          }
116          catch(NoSuchMethodException JavaDoc e)
117          {
118             log.debug("Provider does not support ctor(Policy)");
119             jaccPolicy = (Policy JavaDoc) providerClass.newInstance();
120          }
121       }
122
123       // Install the JACC policy provider
124 Policy.setPolicy(jaccPolicy);
125
126       // Have the policy load/update itself
127 jaccPolicy.refresh();
128
129       // Register the default active Subject PolicyContextHandler
130 SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler();
131       PolicyContext.registerHandler(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY,
132          handler, true);
133    }
134
135    public void stop() throws Exception JavaDoc
136    {
137       // Install the policy provider that existed on startup
138 if( jaccPolicy != null )
139          Policy.setPolicy(oldPolicy);
140    }
141   
142    static class PropertyAccessAction implements PrivilegedAction JavaDoc
143    {
144       private String JavaDoc name;
145       private String JavaDoc defaultValue;
146       PropertyAccessAction(String JavaDoc name, String JavaDoc defaultValue)
147       {
148          this.name = name;
149          this.defaultValue = defaultValue;
150       }
151       public Object JavaDoc run()
152       {
153          return System.getProperty(name, defaultValue);
154       }
155    }
156
157    static String JavaDoc getProperty(String JavaDoc name)
158    {
159       return getProperty(name, null);
160    }
161
162    static String JavaDoc getProperty(String JavaDoc name, String JavaDoc defaultValue)
163    {
164       PrivilegedAction JavaDoc action = new PropertyAccessAction(name, defaultValue);
165       String JavaDoc property = (String JavaDoc) AccessController.doPrivileged(action);
166       return property;
167    }
168 }
169
Popular Tags