KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > jmx > interceptors > JNDISecurity


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.test.jmx.interceptors;
23
24 import java.security.Principal JavaDoc;
25 import java.lang.reflect.Method JavaDoc;
26 import java.util.HashSet JavaDoc;
27 import java.util.Map JavaDoc;
28 import javax.naming.InitialContext JavaDoc;
29 import javax.security.auth.Subject JavaDoc;
30
31 import org.jboss.mx.interceptor.AbstractInterceptor;
32 import org.jboss.mx.server.Invocation;
33 import org.jboss.mx.server.MBeanInvoker;
34 import org.jboss.logging.Logger;
35 import org.jboss.security.RealmMapping;
36 import org.jboss.security.SubjectSecurityManager;
37 import org.jboss.security.SimplePrincipal;
38 import org.jboss.security.SecurityAssociation;
39 import org.jboss.invocation.MarshalledInvocation;
40
41 /** A role based security interceptor that requries the caller of
42  * any write operations to have a JNDIWriter role and the caller of any
43  * read operations to have a JNDIReader role.
44  *
45  * @author Scott.Stark@jboss.org
46  * @version $Revision: 37406 $
47  */
48 public final class JNDISecurity
49    extends AbstractInterceptor
50 {
51    private static Logger log = Logger.getLogger(JNDISecurity.class);
52    private static final Principal JavaDoc READER_ROLE = new SimplePrincipal("JNDIReader");
53    private static final Principal JavaDoc WRITER_ROLE = new SimplePrincipal("JNDIWriter");
54
55    private String JavaDoc securityDomain;
56    private SubjectSecurityManager authMgr;
57    private RealmMapping roleMgr;
58    private Map JavaDoc methodMap;
59
60    public String JavaDoc getSecurityDomain()
61    {
62       return securityDomain;
63    }
64    public void setSecurityDomain(String JavaDoc securityDomain) throws Exception JavaDoc
65    {
66       log.info("setSecurityDomain: "+securityDomain);
67       this.securityDomain = securityDomain;
68       InitialContext JavaDoc ctx = new InitialContext JavaDoc();
69       this.authMgr = (SubjectSecurityManager) ctx.lookup(securityDomain);
70       this.roleMgr = (RealmMapping) ctx.lookup(securityDomain);
71    }
72
73    // Interceptor overrides -----------------------------------------
74 public Object JavaDoc invoke(Invocation invocation) throws Throwable JavaDoc
75    {
76       String JavaDoc opName = invocation.getName();
77       log.info("invoke, opName="+opName);
78
79       // If this is not the invoke(Invocation) op just pass it along
80 if( opName == null || opName.equals("invoke") == false )
81          return invocation.nextInterceptor().invoke(invocation);
82
83       Object JavaDoc[] args = invocation.getArgs();
84       org.jboss.invocation.Invocation invokeInfo =
85          (org.jboss.invocation.Invocation) args[0];
86       // There must be a valid security manager
87 if( authMgr == null || roleMgr == null )
88       {
89          String JavaDoc msg = "No security mgr configured, check securityDomain: "+securityDomain;
90          throw new SecurityException JavaDoc(msg);
91       }
92
93       // Get the security context passed from the client
94 Principal JavaDoc principal = invokeInfo.getPrincipal();
95       Object JavaDoc credential = invokeInfo.getCredential();
96       Subject JavaDoc subject = new Subject JavaDoc();
97       if( authMgr.isValid(principal, credential, subject) == false )
98       {
99          String JavaDoc msg = "Failed to authenticate principal: "+principal;
100          throw new SecurityException JavaDoc(msg);
101       }
102       SecurityAssociation.pushSubjectContext(subject, principal, credential);
103
104       try
105       {
106          // See what operation is being attempted
107 if( methodMap == null )
108             initMethodMap(invocation);
109          HashSet JavaDoc methodRoles = new HashSet JavaDoc();
110          if( invokeInfo instanceof MarshalledInvocation )
111          {
112             MarshalledInvocation mi = (MarshalledInvocation) invokeInfo;
113             mi.setMethodMap(methodMap);
114          }
115          Method JavaDoc method = invokeInfo.getMethod();
116          boolean isRead = isReadMethod(method);
117          if( isRead == true )
118             methodRoles.add(READER_ROLE);
119          else
120             methodRoles.add(WRITER_ROLE);
121          if( roleMgr.doesUserHaveRole(principal, methodRoles) == false )
122          {
123             String JavaDoc msg = "Failed to authorize subject: "+authMgr.getActiveSubject()
124                + " principal: " + principal
125                + " for access roles:" + methodRoles;
126             throw new SecurityException JavaDoc(msg);
127          }
128    
129          // Let the invocation go
130 return invocation.nextInterceptor().invoke(invocation);
131       }
132       finally
133       {
134          SecurityAssociation.popSubjectContext();
135       }
136    }
137
138    private boolean isReadMethod(Method JavaDoc method)
139    {
140       boolean isRead = true;
141       String JavaDoc name = method.getName();
142       isRead = name.equals("lookup") || name.equals("list")
143          || name.equals("listBindings");
144       return isRead;
145    }
146
147    /**
148     *
149     */
150    private void initMethodMap(Invocation invocation) throws Throwable JavaDoc
151    {
152       MBeanInvoker invoker = invocation.getInvoker();
153       methodMap = (Map JavaDoc) invoker.getAttribute("MethodMap");
154    }
155 }
156
Popular Tags