KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > web > tomcat > security > authorization > delegates > WebXACMLPolicyModuleDelegate


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.web.tomcat.security.authorization.delegates;
23
24 import java.util.Map JavaDoc;
25
26 import javax.security.auth.Subject JavaDoc;
27 import javax.security.jacc.PolicyContext JavaDoc;
28
29 import org.apache.catalina.connector.Request;
30 import org.apache.catalina.deploy.SecurityConstraint;
31 import org.jboss.logging.Logger;
32 import org.jboss.security.authorization.AuthorizationContext;
33 import org.jboss.security.authorization.Resource;
34 import org.jboss.security.authorization.PolicyRegistration;
35 import org.jboss.security.authorization.ResourceKeys;
36 import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
37 import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
38
39 import com.sun.xacml.Policy;
40 import com.sun.xacml.ctx.RequestCtx;
41
42 //$Id: WebXACMLPolicyModuleDelegate.java 46543 2006-07-27 20:22:05Z asaldhana $
43
44 /**
45  * XACML based authorization module helper that deals with the web layer
46  * authorization decisions
47  * @author <a HREF="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
48  * @since Jun 13, 2006
49  * @version $Revision: 46543 $
50  */
51 public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate
52 {
53    private Subject JavaDoc callerSubject = null;
54    
55    public WebXACMLPolicyModuleDelegate()
56    {
57       log = Logger.getLogger(getClass());
58       trace = log.isTraceEnabled();
59    }
60  
61    /**
62     * @see AuthorizationModuleDelegate#authorize(Resource)
63     */
64    public int authorize(Resource resource)
65    {
66       //Get the contextual map
67 Map JavaDoc map = resource.getMap();
68       if(map == null)
69          throw new IllegalStateException JavaDoc("Map from the Resource is null");
70     
71       if(map.size() == 0)
72          throw new IllegalStateException JavaDoc("Map from the Resource is size zero");
73       //Get the Catalina Request Object
74 Request request = (Request)map.get(ResourceKeys.WEB_REQUEST);
75       SecurityConstraint[] constraints = (SecurityConstraint[])map.get(ResourceKeys.WEB_SECURITY_CONSTRAINTS);
76       PolicyRegistration pr = (PolicyRegistration)map.get(ResourceKeys.AUTHORIZATION_MANAGER);
77       callerSubject = (Subject JavaDoc)map.get(ResourceKeys.CALLER_SUBJECT);
78       if(pr != null)
79         this.authzManager = pr;
80       Boolean JavaDoc userDataCheck = checkBooleanValue((Boolean JavaDoc)map.get(ResourceKeys.USERDATA_PERM_CHECK));
81       Boolean JavaDoc roleRefCheck = checkBooleanValue((Boolean JavaDoc)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
82       
83       //If it is a userDataCheck or a RoleRefCheck, then the base class (RealmBase) decision holds
84 if(userDataCheck || roleRefCheck)
85          return AuthorizationContext.PERMIT; //Base class decision holds good
86
87       if(request == null)
88          throw new IllegalStateException JavaDoc("Request is null");
89       
90       return process(request, constraints);
91    }
92
93    /**
94     * @see AuthorizationModuleDelegate#setPolicyRegistrationManager(PolicyRegistration)
95     */
96    public void setPolicyRegistrationManager(PolicyRegistration authzM)
97    {
98       this.authzManager = authzM;
99    }
100    
101    /**
102     * Ensure that the bool is a valid value
103     * @param bool
104     * @return bool or Boolean.FALSE (when bool is null)
105     */
106    private Boolean JavaDoc checkBooleanValue(Boolean JavaDoc bool)
107    {
108       if(bool == null)
109          return Boolean.FALSE;
110       return bool;
111    }
112    
113    /**
114     * Process the web request
115     * @param request
116     * @param sc
117     * @return
118     */
119    private int process(Request request, SecurityConstraint[] sc)
120    {
121       int result = AuthorizationContext.DENY;
122       WebXACMLUtil util = new WebXACMLUtil();
123       try
124       {
125          RequestCtx requestCtx = util.createXACMLRequest(request,authzManager, callerSubject);
126          String JavaDoc contextID = PolicyContext.getContextID();
127          Policy policy = (Policy)authzManager.getPolicy(contextID,null);
128          if(policy == null)
129             throw new IllegalStateException JavaDoc("Missing xacml policy for contextid:"+contextID);
130          result = JBossXACMLUtil.checkXACMLAuthorization(requestCtx,policy);
131       }
132       catch(Exception JavaDoc e)
133       {
134          if(trace)
135             log.trace("Exception in processing:",e);
136          result = AuthorizationContext.DENY;
137       }
138       return result;
139    }
140  }
141
Popular Tags