1 25 26 package org.objectweb.easybeans.security.jacc.provider; 27 28 import java.net.SocketPermission ; 29 import java.security.CodeSource ; 30 import java.security.Permission ; 31 import java.security.PermissionCollection ; 32 import java.security.Policy ; 33 import java.security.Principal ; 34 import java.security.ProtectionDomain ; 35 36 import javax.security.jacc.EJBMethodPermission ; 37 import javax.security.jacc.EJBRoleRefPermission ; 38 import javax.security.jacc.PolicyConfiguration ; 39 import javax.security.jacc.PolicyConfigurationFactory ; 40 import javax.security.jacc.PolicyContext ; 41 import javax.security.jacc.PolicyContextException ; 42 import javax.security.jacc.WebResourcePermission ; 43 import javax.security.jacc.WebRoleRefPermission ; 44 import javax.security.jacc.WebUserDataPermission ; 45 46 import org.objectweb.easybeans.log.JLog; 47 import org.objectweb.easybeans.log.JLogFactory; 48 49 61 public class JPolicy extends Policy { 62 63 66 private static JLog logger = JLogFactory.getLog(JPolicy.class); 67 68 71 private static JPolicy unique = null; 72 73 76 private static Policy initialPolicy = null; 77 78 83 private static PolicyConfigurationFactory policyConfigurationFactory = null; 84 85 89 public JPolicy() { 90 initialPolicy = Policy.getPolicy(); 92 93 } 94 95 100 private void initPolicyConfigurationFactory() throws JPolicyException { 101 try { 103 policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory(); 104 } catch (ClassNotFoundException cnfe) { 105 throw new JPolicyException("PolicyConfigurationFactory class implementation was not found", cnfe); 106 } catch (PolicyContextException pce) { 107 throw new JPolicyException("PolicyContextException in PolicyConfigurationFactory", pce); 108 } 109 110 } 111 112 116 public static JPolicy getInstance() { 117 if (unique == null) { 118 unique = new JPolicy(); 119 } 120 return unique; 121 } 122 123 130 138 @Override 139 public boolean implies(final ProtectionDomain domain, final Permission permission) { 140 144 if (permission instanceof RuntimePermission || permission instanceof SocketPermission ) { 145 return initialPolicy.implies(domain, permission); 146 } 147 148 String contextID = PolicyContext.getContextID(); 150 if (contextID == null) { 152 return initialPolicy.implies(domain, permission); 153 } 154 155 if (!(permission instanceof EJBMethodPermission || permission instanceof EJBRoleRefPermission 156 || permission instanceof WebUserDataPermission || permission instanceof WebRoleRefPermission 157 || permission instanceof WebResourcePermission )) { 158 return initialPolicy.implies(domain, permission); 159 } 160 161 logger.debug("Permission being checked = ''{0}''", permission); 162 163 try { 165 if (policyConfigurationFactory == null) { 166 initPolicyConfigurationFactory(); 167 } 168 169 if (!policyConfigurationFactory.inService(contextID)) { 170 logger.debug("Policy configuration factory not in service, return false"); 171 return false; 172 } 173 } catch (JPolicyException jpe) { 174 logger.error("JPolicy.implies.canNotCheck", jpe); 175 return false; 176 } catch (PolicyContextException pce) { 177 logger.error("JPolicy.implies.canNotCheck", pce); 178 return false; 179 } 180 181 JPolicyConfiguration jPolicyConfiguration = null; 182 try { 183 PolicyConfiguration pc = policyConfigurationFactory.getPolicyConfiguration(contextID, false); 184 if (pc instanceof JPolicyConfiguration) { 185 jPolicyConfiguration = (JPolicyConfiguration) pc; 186 } else { 187 jPolicyConfiguration = JPolicyConfigurationKeeper.getConfiguration(contextID); 190 if (jPolicyConfiguration == null) { 191 throw new RuntimeException ("This policy provider can only manage JPolicyConfiguration objects"); 192 } 193 } 194 } catch (PolicyContextException pce) { 195 logger.error("JPolicy.implies.canNotRetrieve", contextID, pce); 196 return false; 197 } 198 199 205 PermissionCollection excludedPermissions = jPolicyConfiguration.getExcludedPermissions(); 206 PermissionCollection uncheckedPermissions = jPolicyConfiguration.getUncheckedPermissions(); 207 208 if (logger.isDebugEnabled()) { 210 logger.debug("Check permission"); 211 logger.debug("Excluded permissions = " + excludedPermissions); 212 logger.debug("unchecked permissions = " + uncheckedPermissions); 213 } 214 215 if (excludedPermissions.implies(permission)) { 217 logger.debug("Permission ''{0}'' is excluded, return false", permission); 218 return false; 219 } else if (uncheckedPermissions.implies(permission)) { logger.debug("Permission ''{0}'' is unchecked, return true", permission); 221 return true; 222 } else { 223 if (domain.getPrincipals().length > 0) { 225 logger.debug("There are principals, checking principals..."); 226 return isImpliedPermissionForPrincipals(jPolicyConfiguration, permission, domain.getPrincipals()); 228 } 229 logger.debug("Principals length = 0, there is no principal on this domain"); 231 logger.debug("Permission ''{0}'' not found, return false", permission); 232 return false; 233 } 234 } 235 236 245 @Override 246 public PermissionCollection getPermissions(final ProtectionDomain domain) { 247 248 return initialPolicy.getPermissions(domain); 250 } 251 252 264 @Override 265 public PermissionCollection getPermissions(final CodeSource codeSource) { 266 267 return initialPolicy.getPermissions(codeSource); 269 } 270 271 274 @Override 275 public void refresh() { 276 initialPolicy.refresh(); 277 } 278 279 287 private boolean isImpliedPermissionForPrincipals(final JPolicyConfiguration jPolicyConfiguration, 288 final Permission permission, final Principal [] principals) { 289 PermissionCollection permissions = null; 293 int i = 0; 294 boolean implied = false; 295 while (i < principals.length && !implied) { 298 if (logger.isDebugEnabled()) { 299 logger.debug("Checking permission ''{0}'' with permissions of Principal ''{1}''.", permission, principals[i] 300 .getName()); 301 } 302 permissions = jPolicyConfiguration.getPermissionsForPrincipal(principals[i]); 303 304 if (permissions.implies(permission)) { 305 if (logger.isDebugEnabled()) { 306 logger.debug("Permission implied with principal ''{0}''.", principals[i].getName()); 307 } 308 implied = true; 309 } 310 i++; 311 } 312 if (!implied) { 313 logger.debug("Permission ''{0}'' was not found in each permissions of the given roles, return false", permission); 314 } 315 return implied; 316 } 317 318 } 319 | Popular Tags |