KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > security > ejb > SubjectSessionBean


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.test.security.ejb;
23
24 import java.util.Set JavaDoc;
25 import java.util.Iterator JavaDoc;
26 import java.security.GeneralSecurityException JavaDoc;
27 import java.security.Principal JavaDoc;
28 import java.security.acl.Group JavaDoc;
29 import javax.security.auth.Subject JavaDoc;
30 import javax.security.jacc.PolicyContext JavaDoc;
31 import javax.security.jacc.PolicyContextException JavaDoc;
32 import javax.ejb.SessionContext JavaDoc;
33 import javax.ejb.SessionBean JavaDoc;
34 import javax.ejb.FinderException JavaDoc;
35 import javax.naming.InitialContext JavaDoc;
36
37 import org.jboss.security.SecurityAssociation;
38 import org.jboss.test.security.interfaces.StatelessSessionHome;
39 import org.jboss.test.security.interfaces.StatelessSession;
40 import org.jboss.test.security.interfaces.StatefulSessionHome;
41 import org.jboss.test.security.interfaces.EntityHome;
42 import org.jboss.test.security.interfaces.Entity;
43 import org.jboss.test.security.interfaces.StatefulSession;
44
45 /**
46  * A session facade that tests that the security context reflected by the
47  * SecurityAssociation.getSubject and PolicyContext. This will not run under
48  * the security manager tests as ejbs are not granted access to these security
49  * apis.
50  *
51  * @author Scott.Stark@jboss.org
52  * @version $Revision: 37406 $
53  */
54 public class SubjectSessionBean implements SessionBean JavaDoc
55 {
56    /** The JACC PolicyContext key for the current Subject */
57    private static final String JavaDoc SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
58
59    private SessionContext JavaDoc context;
60
61    public void ejbCreate()
62    {
63    }
64    public void ejbActivate()
65    {
66    }
67    public void ejbPassivate()
68    {
69    }
70    public void ejbRemove()
71    {
72    }
73    public void setSessionContext(SessionContext JavaDoc context)
74    {
75       this.context = context;
76    }
77
78    /**
79     *
80     * @param callerName
81     * @param callerPrincipals
82     * @throws GeneralSecurityException
83     */
84    public void validateCallerContext(String JavaDoc callerName, Set JavaDoc callerPrincipals)
85       throws GeneralSecurityException JavaDoc
86    {
87       Principal JavaDoc caller = context.getCallerPrincipal();
88       String JavaDoc name = caller.getName();
89       if( name.equals(callerName) == false )
90          throw new GeneralSecurityException JavaDoc("CallerPrincipal.name("+name+") != "+callerName);
91
92       validatePolicyContextSubject("enter", callerPrincipals);
93       validateSecurityAssociationSubject("enter", callerPrincipals);
94
95       InitialContext JavaDoc ctx = null;
96       try
97       {
98          ctx = new InitialContext JavaDoc();
99          StatelessSessionHome home = (StatelessSessionHome)
100             ctx.lookup("java:comp/env/ejb/StatelessSession");
101          StatelessSession bean = home.create();
102          bean.echo("validateCallerContext");
103          validatePolicyContextSubject("post stateless", callerPrincipals);
104          validateSecurityAssociationSubject("post stateless", callerPrincipals);
105
106          StatefulSessionHome home2 = (StatefulSessionHome)
107             ctx.lookup("java:comp/env/ejb/StatefulSession");
108          StatefulSession bean2 = home2.create("validateCallerContext");
109          bean2.echo("validateCallerContext");
110          validatePolicyContextSubject("post stateful", callerPrincipals);
111          validateSecurityAssociationSubject("post stateful", callerPrincipals);
112
113          EntityHome home3 = (EntityHome)
114             ctx.lookup("java:comp/env/ejb/Entity");
115          Entity bean3 = null;
116          try
117          {
118             bean3 = home3.findByPrimaryKey("validateCallerContext");
119          }
120          catch(FinderException JavaDoc e)
121          {
122             bean3 = home3.create("validateCallerContext");
123          }
124          bean3.echo("validateCallerContext");
125       }
126       catch(Exception JavaDoc e)
127       {
128          GeneralSecurityException JavaDoc ex = new GeneralSecurityException JavaDoc("Unexpected exception");
129          ex.initCause(e);
130          throw ex;
131       }
132       validatePolicyContextSubject("exit", callerPrincipals);
133       validateSecurityAssociationSubject("exit", callerPrincipals);
134    }
135
136    /**
137     * Get the active subject as seen by the JACC policy context handler.
138     * @throws GeneralSecurityException
139     */
140    protected void validatePolicyContextSubject(String JavaDoc ctx, Set JavaDoc callerPrincipals)
141       throws GeneralSecurityException JavaDoc
142    {
143       try
144       {
145          Subject JavaDoc caller = caller = (Subject JavaDoc) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
146          if( contains(caller, callerPrincipals) == false )
147          {
148             String JavaDoc msg = ctx+", PolicyContext subject: "+caller
149                +" does not contain expected principals: "+callerPrincipals;
150             throw new GeneralSecurityException JavaDoc(msg);
151          }
152       }
153       catch(PolicyContextException JavaDoc e)
154       {
155          
156       }
157    }
158    /**
159     * Get the active subject as seen by the jboss SecurityAssociation
160     * @throws GeneralSecurityException
161     */
162    protected void validateSecurityAssociationSubject(String JavaDoc ctx, Set JavaDoc callerPrincipals)
163       throws GeneralSecurityException JavaDoc
164    {
165       Subject JavaDoc caller = SecurityAssociation.getSubject();
166       if( contains(caller, callerPrincipals) == false )
167       {
168          String JavaDoc msg = ctx+", SecurityAssociation subject: "+caller
169             +" does not contain expected principals: "+callerPrincipals;
170          throw new GeneralSecurityException JavaDoc(msg);
171       }
172    }
173    protected boolean contains(Subject JavaDoc s, Set JavaDoc callerPrincipals)
174    {
175       Set JavaDoc gs = s.getPrincipals(Group JavaDoc.class);
176       Iterator JavaDoc iter = gs.iterator();
177       while( iter.hasNext() )
178       {
179          Group JavaDoc g = (Group JavaDoc) iter.next();
180          if( g.getName().equals("Roles") )
181          {
182             Iterator JavaDoc citer = callerPrincipals.iterator();
183             while( citer.hasNext() )
184             {
185                Principal JavaDoc p = (Principal JavaDoc) citer.next();
186                if( g.isMember(p) == false )
187                   return false;
188             }
189          }
190       }
191       return true;
192    }
193 }
194
Popular Tags