geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject cvs commit: incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util ContextManager.java
Date Wed, 12 Nov 2003 04:29:04 GMT
adc         2003/11/11 20:29:04

  Modified:    modules/core/src/java/org/apache/geronimo/security/util
                        ContextManager.java
  Log:
  Include both the Subject and the AccessControlContext in the context.
  
  Revision  Changes    Path
  1.2       +74 -11    incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ContextManager.java
  
  Index: ContextManager.java
  ===================================================================
  RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ContextManager.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- ContextManager.java	8 Nov 2003 22:40:28 -0000	1.1
  +++ ContextManager.java	12 Nov 2003 04:29:04 -0000	1.2
  @@ -56,9 +56,17 @@
   package org.apache.geronimo.security.util;
   
   import org.apache.geronimo.security.GeronimoSecurityPermission;
  +import org.apache.geronimo.security.RealmPrincipal;
   
  +import javax.security.jacc.EJBRoleRefPermission;
  +import javax.security.auth.Subject;
   import java.util.Stack;
  +import java.util.Hashtable;
  +import java.util.Map;
  +import java.util.Iterator;
   import java.security.AccessControlContext;
  +import java.security.AccessControlException;
  +import java.security.Principal;
   
   
   /**
  @@ -68,6 +76,8 @@
   
   public class ContextManager {
       private static ContextThreadLocalStack contexts = new ContextThreadLocalStack();
  +    private static Map subjectContexts = new Hashtable();
  +    private static ThreadLocal methodIndexes = new ThreadLocal();
   
       public static final GeronimoSecurityPermission GET_CONTEXT = new GeronimoSecurityPermission("getContext");
       public static final GeronimoSecurityPermission SET_CONTEXT = new GeronimoSecurityPermission("setContext");
  @@ -76,41 +86,94 @@
           SecurityManager sm = System.getSecurityManager();
           if (sm != null) sm.checkPermission(GET_CONTEXT);
   
  -        return contexts.peek();
  +        return contexts.peek().context;
       }
   
  -    public static AccessControlContext popContext() {
  +    public static Subject popSubject() {
           SecurityManager sm = System.getSecurityManager();
           if (sm != null) sm.checkPermission(SET_CONTEXT);
   
  -        return contexts.pop();
  +        return contexts.pop().subject;
       }
   
  -    public static void pushContext(AccessControlContext context) {
  +    public static void pushSubject(Subject subject) {
           SecurityManager sm = System.getSecurityManager();
           if (sm != null) sm.checkPermission(SET_CONTEXT);
   
  +        Context context = new Context();
  +        context.subject = subject;
  +        context.context = (AccessControlContext)subjectContexts.get(subject);
  +
  +        assert context.context != null;
  +
           contexts.push(context);
       }
   
  +    public static void registerContext(Subject subject, AccessControlContext context) {
  +        SecurityManager sm = System.getSecurityManager();
  +        if (sm != null) sm.checkPermission(SET_CONTEXT);
  +
  +        subjectContexts.put(subject, context);
  +    }
  +
  +    public static void unregisterContext(Subject subject) {
  +        SecurityManager sm = System.getSecurityManager();
  +        if (sm != null) sm.checkPermission(SET_CONTEXT);
  +
  +        subjectContexts.remove(subject);
  +    }
  +
  +    public static void setMethodIndex(int index) {
  +        SecurityManager sm = System.getSecurityManager();
  +        if (sm != null) sm.checkPermission(SET_CONTEXT);
  +
  +        methodIndexes.set(new Integer(index));
  +    }
  +
  +    public static int getMethodIndex() {
  +        return ((Integer)methodIndexes.get()).intValue();
  +    }
  +
  +    public static Principal getCallerPrincipal() {
  +        Iterator iter = contexts.peek().subject.getPrincipals(RealmPrincipal.class).iterator();
  +        
  +        assert iter.hasNext();
  +
  +        return (RealmPrincipal)iter.next();
  +    }
  +
  +    public static boolean isCallerInRole(String EJBName, String role) {
  +        try {
  +            contexts.peek().context.checkPermission(new EJBRoleRefPermission(EJBName, role));
  +        } catch (AccessControlException e) {
  +            return false;
  +        }
  +        return true;
  +    }
  +
  +    public static class Context {
  +        AccessControlContext context;
  +        Subject subject;
  +    }
  +
       private static class ContextThreadLocalStack extends ThreadLocal {
           protected Object initialValue() {
               return new Stack();
           }
   
  -        void push(AccessControlContext runAs) {
  +        void push(Context context) {
               Stack stack = (Stack) super.get();
  -            stack.push(runAs);
  +            stack.push(context);
           }
   
  -        AccessControlContext pop() {
  +        Context pop() {
               Stack stack = (Stack) super.get();
  -            return (AccessControlContext) stack.pop();
  +            return (Context) stack.pop();
           }
   
  -        AccessControlContext peek() {
  +        Context peek() {
               Stack stack = (Stack) super.get();
  -            return (AccessControlContext) stack.peek();
  +            return (Context) stack.peek();
           }
       }
   }
  
  
  

Mime
View raw message