001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.web.tomcat.security;
023:
024: import java.security.PrivilegedAction;
025: import java.security.Principal;
026: import java.security.AccessController;
027:
028: import javax.security.auth.Subject;
029:
030: import org.jboss.security.SecurityAssociation;
031: import org.jboss.security.RunAsIdentity;
032:
033: /** A PrivilegedAction implementation for setting the SecurityAssociation
034: * principal and credential
035: *
036: * @author Scott.Stark@jboss.org
037: * @version $Revison:$
038: */
039: class SecurityAssociationActions {
040: public static final String AUTH_EXCEPTION_KEY = "org.jboss.security.exception";
041:
042: private static class SetPrincipalInfoAction implements
043: PrivilegedAction {
044: Principal principal;
045: Object credential;
046: Subject subject;
047:
048: SetPrincipalInfoAction(Principal principal, Object credential,
049: Subject subject) {
050: this .principal = principal;
051: this .credential = credential;
052: this .subject = subject;
053: }
054:
055: public Object run() {
056: SecurityAssociation.pushSubjectContext(subject, principal,
057: credential);
058: credential = null;
059: principal = null;
060: subject = null;
061: return null;
062: }
063: }
064:
065: private static class SetServerAction implements PrivilegedAction {
066: static PrivilegedAction ACTION = new SetServerAction();
067:
068: public Object run() {
069: SecurityAssociation.setServer();
070: return null;
071: }
072: }
073:
074: private static class ClearAction implements PrivilegedAction {
075: static PrivilegedAction ACTION = new ClearAction();
076:
077: public Object run() {
078: SecurityAssociation.clear();
079: return null;
080: }
081: }
082:
083: private static class GetSubjectAction implements PrivilegedAction {
084: static PrivilegedAction ACTION = new GetSubjectAction();
085:
086: public Object run() {
087: Subject subject = SecurityAssociation.getSubject();
088: return subject;
089: }
090: }
091:
092: private static class GetPrincipalAction implements PrivilegedAction {
093: static PrivilegedAction ACTION = new GetPrincipalAction();
094:
095: public Object run() {
096: Principal principal = SecurityAssociation.getPrincipal();
097: return principal;
098: }
099: }
100:
101: private static class GetCredentialAction implements
102: PrivilegedAction {
103: static PrivilegedAction ACTION = new GetCredentialAction();
104:
105: public Object run() {
106: Object credential = SecurityAssociation.getCredential();
107: return credential;
108: }
109: }
110:
111: private static class PushRunAsRoleAction implements
112: PrivilegedAction {
113: RunAsIdentity principal;
114:
115: PushRunAsRoleAction(RunAsIdentity principal) {
116: this .principal = principal;
117: }
118:
119: public Object run() {
120: SecurityAssociation.pushRunAsIdentity(principal);
121: return null;
122: }
123: }
124:
125: private static class PopRunAsRoleAction implements PrivilegedAction {
126: static PrivilegedAction ACTION = new PopRunAsRoleAction();
127:
128: public Object run() {
129: RunAsIdentity principal = SecurityAssociation
130: .popRunAsIdentity();
131: return principal;
132: }
133: }
134:
135: private static class GetAuthExceptionAction implements
136: PrivilegedAction {
137: static PrivilegedAction ACTION = new GetAuthExceptionAction();
138:
139: public Object run() {
140: Object exception = SecurityAssociation
141: .getContextInfo(AUTH_EXCEPTION_KEY);
142: return exception;
143: }
144: }
145:
146: private static class ClearAuthExceptionAction implements
147: PrivilegedAction {
148: static PrivilegedAction ACTION = new ClearAuthExceptionAction();
149:
150: public Object run() {
151: Object exception = SecurityAssociation.setContextInfo(
152: AUTH_EXCEPTION_KEY, null);
153: return exception;
154: }
155: }
156:
157: static void setPrincipalInfo(Principal principal,
158: Object credential, Subject subject) {
159: SetPrincipalInfoAction action = new SetPrincipalInfoAction(
160: principal, credential, subject);
161: AccessController.doPrivileged(action);
162: }
163:
164: static void setServer() {
165: AccessController.doPrivileged(SetServerAction.ACTION);
166: }
167:
168: static void clear() {
169: AccessController.doPrivileged(ClearAction.ACTION);
170: }
171:
172: static Subject getSubject() {
173: Subject subject = (Subject) AccessController
174: .doPrivileged(GetSubjectAction.ACTION);
175: return subject;
176: }
177:
178: static Principal getPrincipal() {
179: Principal principal = (Principal) AccessController
180: .doPrivileged(GetPrincipalAction.ACTION);
181: return principal;
182: }
183:
184: static Object getCredential() {
185: Object credential = AccessController
186: .doPrivileged(GetCredentialAction.ACTION);
187: return credential;
188: }
189:
190: static void pushRunAsIdentity(RunAsIdentity principal) {
191: PushRunAsRoleAction action = new PushRunAsRoleAction(principal);
192: AccessController.doPrivileged(action);
193: }
194:
195: static RunAsIdentity popRunAsIdentity() {
196: RunAsIdentity principal = (RunAsIdentity) AccessController
197: .doPrivileged(PopRunAsRoleAction.ACTION);
198: return principal;
199: }
200:
201: static RunAsIdentity getCallerRunAsIdentity() {
202: return (RunAsIdentity) AccessController
203: .doPrivileged(new PrivilegedAction() {
204:
205: public Object run() {
206: return SecurityAssociation.peekRunAsIdentity(1);
207: }
208: });
209: }
210:
211: static Throwable getAuthException() {
212: Throwable ex = (Throwable) AccessController
213: .doPrivileged(GetAuthExceptionAction.ACTION);
214: return ex;
215: }
216:
217: static void clearAuthException() {
218: AccessController.doPrivileged(ClearAuthExceptionAction.ACTION);
219: }
220: }
|