1 22 package org.jboss.web.tomcat.security; 23 24 import java.security.Principal ; 25 import java.security.acl.Group ; 26 import java.util.Iterator ; 27 import java.util.List ; 28 import java.util.Set ; 29 30 import javax.management.JMException ; 31 import javax.management.MBeanServer ; 32 import javax.management.ObjectName ; 33 import javax.naming.InitialContext ; 34 import javax.security.auth.Subject ; 35 import javax.security.jacc.PolicyContext ; 36 import javax.servlet.http.HttpSessionEvent ; 37 import javax.servlet.http.HttpSessionListener ; 38 39 import org.jboss.logging.Logger; 40 import org.jboss.mx.util.MBeanServerLocator; 41 import org.jboss.security.SubjectSecurityManager; 42 43 50 public class SecurityFlushSessionListener implements HttpSessionListener 51 { 52 private static Logger log = Logger.getLogger(SecurityFlushSessionListener.class); 53 54 private boolean trace = log.isTraceEnabled(); 55 56 private String securityDomain = null; 57 58 63 public SecurityFlushSessionListener() 64 { 65 } 66 67 public void sessionCreated(HttpSessionEvent httpSessionEvent) 68 { 69 if(trace) 70 log.trace("Session Created with id=" + httpSessionEvent.getSession().getId()); 71 } 72 73 public void sessionDestroyed(HttpSessionEvent httpSessionEvent) 74 { 75 if(trace) 76 log.trace("Session Destroy with id=" + httpSessionEvent.getSession().getId()); 77 try 78 { 79 Subject subject = getSubjectAndSecurityDomain(); 80 if(trace) 81 log.trace("securityDomain="+ securityDomain); 82 if(securityDomain == null) 83 log.debug("Unable to obtain SecurityDomain"); 84 Principal principal = getPrincipal(subject); 85 if(principal != null && securityDomain != null) 86 flushAuthenticationCache(principal); 87 }catch(Exception e) 88 { 89 log.error("Exception in sessionDestroyed:",e); 90 } 91 } 92 93 100 private void flushAuthenticationCache(Principal principal) throws JMException 101 { 102 MBeanServer server = MBeanServerLocator.locateJBoss(); 103 ObjectName on = new ObjectName ("jboss.security:service=JaasSecurityManager"); 104 Object [] obj = new Object [] {securityDomain, principal}; 105 String [] sig = new String []{"java.lang.String", "java.security.Principal"}; 106 if(trace) 107 logAuthenticatedPrincipals(on, true); 108 109 server.invoke(on,"flushAuthenticationCache", obj, sig); 111 if(trace) 112 logAuthenticatedPrincipals(on, false); 113 } 114 115 123 private Principal getPrincipal(Subject subject) 124 { 125 Principal principal = null; 126 if(subject != null) 127 { 128 Set principals = subject.getPrincipals(); 129 if(principals != null || !principals.isEmpty()) 130 { 131 Iterator iter = principals.iterator(); 132 while(iter.hasNext()) 133 { 134 principal = (Principal )iter.next(); 135 if(principal instanceof Group == false) 136 break; 137 } 138 } 139 } 140 if(trace) 141 log.trace("Authenticated Principal=" + principal); 142 return principal; 143 } 144 145 155 private Subject getSubjectAndSecurityDomain() throws Exception 156 { 157 SubjectSecurityManager mgr = null; 158 try 159 { 160 mgr = getSecurityManagerService(); 161 }catch(Exception e) 162 { 163 log.debug("Obtaining SecurityManagerService failed::",e); 164 } 165 String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container"; 167 Subject subject = (Subject ) PolicyContext.getContext(SUBJECT_CONTEXT_KEY); 168 if(trace) 169 log.trace("Jacc Subject = " + subject); 170 if(mgr != null) 171 securityDomain = mgr.getSecurityDomain(); 172 173 if(subject == null && mgr != null) 175 { 176 subject = mgr.getActiveSubject(); 177 if(trace) 178 log.trace("Active Subject from security mgr service = " + subject); 179 } 180 return subject; 181 } 182 183 189 private SubjectSecurityManager getSecurityManagerService() throws Exception 190 { 191 InitialContext ctx = new InitialContext (); 193 return (SubjectSecurityManager) ctx.lookup("java:comp/env/security/securityMgr"); 194 } 195 196 203 private void logAuthenticatedPrincipals(ObjectName on, boolean isBeforeFlush) 204 throws JMException 205 { 206 if(isBeforeFlush) 207 log.trace("Before flush of authentication cache::"); 208 else 209 log.trace("After flush of authentication cache::"); 210 MBeanServer server = MBeanServerLocator.locateJBoss(); 211 212 List list = (List )server.invoke(on,"getAuthenticationCachePrincipals", 213 new Object []{securityDomain}, new String [] {"java.lang.String"} ); 214 215 int len = list != null ? list.size() : 0; 216 log.trace("Number of authenticated principals remaining in cache=" + len); 217 for(int i = 0 ; i < len; i++) 218 log.trace("Authenticated principal in cache=" + list.get(i)); 219 } 220 } 221 | Popular Tags |