1 25 26 package org.objectweb.easybeans.security.propagation.context; 27 28 import java.io.Serializable ; 29 import java.security.Principal ; 30 import java.security.acl.Group ; 31 import java.util.ArrayList ; 32 import java.util.Collections ; 33 import java.util.List ; 34 35 import javax.security.auth.Subject ; 36 37 import org.objectweb.easybeans.log.JLog; 38 import org.objectweb.easybeans.log.JLogFactory; 39 import org.objectweb.easybeans.security.api.EZBSecurityContext; 40 import org.objectweb.easybeans.security.struct.JGroup; 41 import org.objectweb.easybeans.security.struct.JPrincipal; 42 43 51 public final class SecurityContext implements EZBSecurityContext, Serializable { 52 53 56 private static final long serialVersionUID = 6612085599241360430L; 57 58 61 private static JLog logger = JLogFactory.getLog(SecurityContext.class); 62 63 66 private static final String ANONYMOUS_USER = "EasyBeans/Anonymous"; 67 68 71 private static final String ANONYMOUS_ROLE = "anonymous"; 72 73 76 private static final Subject ANONYMOUS_SUBJECT = buildAnonymousSubject(); 77 78 82 private Subject subject = ANONYMOUS_SUBJECT; 83 84 90 private Subject callerInRunAsModeSubject = null; 91 92 95 public SecurityContext() { 96 97 } 98 99 103 public SecurityContext(final Subject subject) { 104 this.subject = subject; 105 } 106 107 114 public Subject enterRunAs(final Subject runAsSubject) { 115 this.callerInRunAsModeSubject = subject; 117 118 this.subject = runAsSubject; 120 121 return callerInRunAsModeSubject; 123 } 124 125 129 public void endsRunAs(final Subject oldSubject) { 130 this.subject = oldSubject; 131 132 this.callerInRunAsModeSubject = null; 134 } 135 136 141 public Principal getCallerPrincipal(final boolean runAsBean) { 142 Subject subject = null; 143 144 if (runAsBean && callerInRunAsModeSubject != null) { 146 subject = this.callerInRunAsModeSubject; 147 } else { 148 subject = this.subject; 149 } 150 151 for (Principal principal : subject.getPrincipals(Principal .class)) { 153 if (!(principal instanceof Group )) { 154 return principal; 155 } 156 } 157 158 logger.error("No principal found in the current subject. Authentication should have failed when populating subject"); 161 throw new IllegalStateException ( 162 "No principal found in the current subject. Authentication should have failed when populating subject"); 163 } 164 165 170 public List <? extends Principal > getCallerRolesList(final boolean runAsBean) { 171 Subject subject = null; 172 173 if (runAsBean && callerInRunAsModeSubject != null) { 175 subject = this.callerInRunAsModeSubject; 176 } else { 177 subject = this.subject; 178 } 179 180 for (Principal principal : subject.getPrincipals(Principal .class)) { 182 if (principal instanceof Group ) { 183 return Collections.list(((Group ) principal).members()); 184 } 185 } 186 187 logger.error("No role found in the current subject. Authentication should have failed when populating subject"); 190 throw new IllegalStateException ( 191 "No role found in the current subject. Authentication should have failed when populating subject"); 192 } 193 194 199 public Principal [] getCallerRoles(final boolean runAsBean) { 200 List <? extends Principal > callerRoles = getCallerRolesList(runAsBean); 201 return callerRoles.toArray(new Principal [callerRoles.size()]); 202 } 203 204 209 private static Subject buildAnonymousSubject() { 210 return buildSubject(ANONYMOUS_USER, new String [] {ANONYMOUS_ROLE}); 211 } 212 213 214 220 public static Subject buildSubject(final String userName, final String [] roleArray) { 221 List <String > roles = new ArrayList <String >(); 222 if (roleArray != null) { 223 for (String role : roleArray) { 224 roles.add(role); 225 } 226 } 227 return buildSubject(userName, roles); 228 } 229 230 236 public static Subject buildSubject(final String userName, final List <String > roleList) { 237 Subject subject = new Subject (); 238 239 Principal principalName = new JPrincipal(userName); 241 subject.getPrincipals().add(principalName); 242 243 Group roles = new JGroup("roles"); 245 if (roleList != null) { 246 for (String role : roleList) { 247 roles.addMember(new JPrincipal(role)); 248 } 249 } 250 subject.getPrincipals().add(roles); 251 252 return subject; 253 } 254 255 } 256 | Popular Tags |