1 22 package org.jboss.web.tomcat.security.authorization.delegates; 23 24 import java.util.Map ; 25 26 import javax.security.auth.Subject ; 27 import javax.security.jacc.PolicyContext ; 28 29 import org.apache.catalina.connector.Request; 30 import org.apache.catalina.deploy.SecurityConstraint; 31 import org.jboss.logging.Logger; 32 import org.jboss.security.authorization.AuthorizationContext; 33 import org.jboss.security.authorization.Resource; 34 import org.jboss.security.authorization.PolicyRegistration; 35 import org.jboss.security.authorization.ResourceKeys; 36 import org.jboss.security.authorization.modules.AuthorizationModuleDelegate; 37 import org.jboss.security.authorization.sunxacml.JBossXACMLUtil; 38 39 import com.sun.xacml.Policy; 40 import com.sun.xacml.ctx.RequestCtx; 41 42 44 51 public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate 52 { 53 private Subject callerSubject = null; 54 55 public WebXACMLPolicyModuleDelegate() 56 { 57 log = Logger.getLogger(getClass()); 58 trace = log.isTraceEnabled(); 59 } 60 61 64 public int authorize(Resource resource) 65 { 66 Map map = resource.getMap(); 68 if(map == null) 69 throw new IllegalStateException ("Map from the Resource is null"); 70 71 if(map.size() == 0) 72 throw new IllegalStateException ("Map from the Resource is size zero"); 73 Request request = (Request)map.get(ResourceKeys.WEB_REQUEST); 75 SecurityConstraint[] constraints = (SecurityConstraint[])map.get(ResourceKeys.WEB_SECURITY_CONSTRAINTS); 76 PolicyRegistration pr = (PolicyRegistration)map.get(ResourceKeys.AUTHORIZATION_MANAGER); 77 callerSubject = (Subject )map.get(ResourceKeys.CALLER_SUBJECT); 78 if(pr != null) 79 this.authzManager = pr; 80 Boolean userDataCheck = checkBooleanValue((Boolean )map.get(ResourceKeys.USERDATA_PERM_CHECK)); 81 Boolean roleRefCheck = checkBooleanValue((Boolean )map.get(ResourceKeys.ROLEREF_PERM_CHECK)); 82 83 if(userDataCheck || roleRefCheck) 85 return AuthorizationContext.PERMIT; 87 if(request == null) 88 throw new IllegalStateException ("Request is null"); 89 90 return process(request, constraints); 91 } 92 93 96 public void setPolicyRegistrationManager(PolicyRegistration authzM) 97 { 98 this.authzManager = authzM; 99 } 100 101 106 private Boolean checkBooleanValue(Boolean bool) 107 { 108 if(bool == null) 109 return Boolean.FALSE; 110 return bool; 111 } 112 113 119 private int process(Request request, SecurityConstraint[] sc) 120 { 121 int result = AuthorizationContext.DENY; 122 WebXACMLUtil util = new WebXACMLUtil(); 123 try 124 { 125 RequestCtx requestCtx = util.createXACMLRequest(request,authzManager, callerSubject); 126 String contextID = PolicyContext.getContextID(); 127 Policy policy = (Policy)authzManager.getPolicy(contextID,null); 128 if(policy == null) 129 throw new IllegalStateException ("Missing xacml policy for contextid:"+contextID); 130 result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy); 131 } 132 catch(Exception e) 133 { 134 if(trace) 135 log.trace("Exception in processing:",e); 136 result = AuthorizationContext.DENY; 137 } 138 return result; 139 } 140 } 141 | Popular Tags |