01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.aspects.security;
23:
24: import org.jboss.aop.joinpoint.Invocation;
25: import org.jboss.logging.Logger;
26: import org.jboss.security.AuthenticationManager;
27: import org.jboss.security.RealmMapping;
28: import org.jboss.security.RunAsIdentity;
29:
30: /**
31: * An interceptor that enforces the run-as identity declared by a bean.
32: *
33: * @author <a href="mailto:Scott.Stark@jboss.org">Scott Stark</a>.
34: * @author <a href="mailto:dain@daingroup.com">Dain Sundstrom</a>.
35: * @version $Revision: 63638 $
36: */
37: public class RunAsSecurityInterceptor implements
38: org.jboss.aop.advice.Interceptor {
39: private static final Logger log = Logger
40: .getLogger(RunAsSecurityInterceptor.class);
41:
42: protected AuthenticationManager securityManager;
43: protected RealmMapping realmMapping;
44:
45: public RunAsSecurityInterceptor(AuthenticationManager manager,
46: RealmMapping realmMapping) {
47: this .securityManager = manager;
48: this .realmMapping = realmMapping;
49: }
50:
51: public String getName() {
52: return "RunAsSecurityInterceptor";
53: }
54:
55: protected RunAsIdentity getRunAsIdentity(Invocation invocation) {
56: RunAsIdentity identity = (RunAsIdentity) invocation
57: .getMetaData("security", "run-as");
58: if (identity == null)
59: identity = getAnnotationRunAsIdentity(invocation);
60: return identity;
61: }
62:
63: protected RunAsIdentity getAnnotationRunAsIdentity(
64: Invocation invocation) {
65: RunAs runAs = (RunAs) invocation.resolveAnnotation(RunAs.class);
66: if (runAs == null)
67: return null;
68: RunAsIdentity runAsRole = new RunAsIdentity(runAs.value(), null);
69: return runAsRole;
70: }
71:
72: public Object invoke(org.jboss.aop.joinpoint.Invocation invocation)
73: throws Throwable {
74: RunAsIdentity runAsRole = getRunAsIdentity(invocation);
75: // If a run-as role was specified, push it so that any calls made
76: // by this bean will have the runAsRole available for declarative
77: // security checks.
78: if (runAsRole != null) {
79: SecurityActions.pushRunAsIdentity(runAsRole);
80: }
81:
82: try {
83: return invocation.invokeNext();
84: } finally {
85: if (runAsRole != null) {
86: SecurityActions.popRunAsIdentity();
87: }
88: }
89: }
90: }
|