geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject cvs commit: incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util ContextManager.java
Date Sat, 10 Jan 2004 22:34:42 GMT
adc         2004/01/10 14:34:42

  Modified:    modules/core/src/java/org/apache/geronimo/security/util
                        ContextManager.java
  Log:
  Simplified context management
  
  Revision  Changes    Path
  1.5       +73 -72    incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ContextManager.java
  
  Index: ContextManager.java
  ===================================================================
  RCS file: /home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ContextManager.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ContextManager.java	2 Jan 2004 04:31:44 -0000	1.4
  +++ ContextManager.java	10 Jan 2004 22:34:42 -0000	1.5
  @@ -19,7 +19,7 @@
    * 3. The end-user documentation included with the redistribution,
    *    if any, must include the following acknowledgment:
    *       "This product includes software developed by the
  - *        Apache Software Foundation (http:www.apache.org/)."
  + *        Apache Software Foundation (http://www.apache.org/)."
    *    Alternately, this acknowledgment may appear in the software itself,
    *    if and wherever such third-party acknowledgments normally appear.
    *
  @@ -49,24 +49,23 @@
    * This software consists of voluntary contributions made by many
    * individuals on behalf of the Apache Software Foundation.  For more
    * information on the Apache Software Foundation, please see
  - * <http:www.apache.org/>.
  + * <http://www.apache.org/>.
    *
    * ====================================================================
    */
   package org.apache.geronimo.security.util;
   
  +import javax.security.auth.Subject;
  +import javax.security.jacc.EJBRoleRefPermission;
   import java.security.AccessControlContext;
   import java.security.AccessControlException;
  +import java.security.AccessController;
   import java.security.Principal;
  +import java.security.PrivilegedAction;
   import java.util.Hashtable;
  -import java.util.Iterator;
   import java.util.Map;
  -import java.util.Stack;
  -
  -import javax.security.auth.Subject;
  -import javax.security.jacc.EJBRoleRefPermission;
  -import javax.security.jacc.WebRoleRefPermission;
   
  +import org.apache.geronimo.security.PrimaryRealmPrincipal;
   import org.apache.geronimo.security.GeronimoSecurityPermission;
   import org.apache.geronimo.security.RealmPrincipal;
   
  @@ -75,116 +74,118 @@
    *
    * @version $Revision$ $Date$
    */
  -
   public class ContextManager {
  -    private static ContextThreadLocalStack contexts = new ContextThreadLocalStack();
  +    private static ThreadLocal currentCaller = new ThreadLocal();
  +    private static ThreadLocal nextCaller = new ThreadLocal();
       private static Map subjectContexts = new Hashtable();
  -    private static ThreadLocal methodIndexes = new ThreadLocal();
   
       public static final GeronimoSecurityPermission GET_CONTEXT = new GeronimoSecurityPermission("getContext");
       public static final GeronimoSecurityPermission SET_CONTEXT = new GeronimoSecurityPermission("setContext");
   
  -    public static AccessControlContext peekContext() {
  -        SecurityManager sm = System.getSecurityManager();
  -        if (sm != null) sm.checkPermission(GET_CONTEXT);
  -
  -        return contexts.peek().context;
  -    }
   
  -    public static Subject popSubject() {
  +    public static void setNextCaller(Subject subject) {
           SecurityManager sm = System.getSecurityManager();
           if (sm != null) sm.checkPermission(SET_CONTEXT);
   
  -        return contexts.pop().subject;
  +        nextCaller.set(subject);
       }
   
  -    public static void pushSubject(Subject subject) {
  +    public static Subject getNextCaller() {
           SecurityManager sm = System.getSecurityManager();
  -        if (sm != null) sm.checkPermission(SET_CONTEXT);
  -
  -        Context context = new Context();
  -        context.subject = subject;
  -        context.context = (AccessControlContext)subjectContexts.get(subject);
  -
  -        assert context.context != null;
  +        if (sm != null) sm.checkPermission(GET_CONTEXT);
   
  -        contexts.push(context);
  +        return (Subject) nextCaller.get();
       }
   
  -    public static void registerContext(Subject subject, AccessControlContext context) {
  +    public static void setCurrentCaller(Subject subject) {
           SecurityManager sm = System.getSecurityManager();
           if (sm != null) sm.checkPermission(SET_CONTEXT);
   
  -        subjectContexts.put(subject, context);
  +        currentCaller.set(subject);
       }
   
  -    public static void unregisterContext(Subject subject) {
  +    public static Subject getCurrentCaller() {
           SecurityManager sm = System.getSecurityManager();
  -        if (sm != null) sm.checkPermission(SET_CONTEXT);
  +        if (sm != null) sm.checkPermission(GET_CONTEXT);
   
  -        subjectContexts.remove(subject);
  +        return (Subject) currentCaller.get();
       }
   
  -    public static void setMethodIndex(int index) {
  +    public static AccessControlContext getCurrentContext() {
           SecurityManager sm = System.getSecurityManager();
  -        if (sm != null) sm.checkPermission(SET_CONTEXT);
  +        if (sm != null) sm.checkPermission(GET_CONTEXT);
   
  -        methodIndexes.set(new Integer(index));
  -    }
  +        Context context = (Context) subjectContexts.get(currentCaller.get());
   
  -    public static int getMethodIndex() {
  -        return ((Integer)methodIndexes.get()).intValue();
  +        assert context != null : "No registered context";
  +
  +        return context.context;
       }
   
  -    public static Principal getCallerPrincipal() {
  -        Iterator iter = contexts.peek().subject.getPrincipals(RealmPrincipal.class).iterator();
  +    public static Principal getCurrentPrincipal() {
  +        SecurityManager sm = System.getSecurityManager();
  +        if (sm != null) sm.checkPermission(GET_CONTEXT);
  +
  +        Context context = (Context) subjectContexts.get(currentCaller.get());
   
  -        assert iter.hasNext();
  +        assert context != null : "No registered context";
   
  -        return (RealmPrincipal)iter.next();
  +        return context.principal;
       }
   
       public static boolean isCallerInRole(String EJBName, String role) {
  -        try {
  -            contexts.peek().context.checkPermission(new EJBRoleRefPermission(EJBName, role));
  -        } catch (AccessControlException e) {
  -            return false;
  -        }
  -        return true;
  -    }
  +        if (EJBName == null) throw new IllegalArgumentException("EJBName must not be null");
  +        if (role == null) throw new IllegalArgumentException("Role must not be null");
   
  -    public static boolean isUserInRole(String resourceName, String role) {
           try {
  -            contexts.peek().context.checkPermission(new WebRoleRefPermission(resourceName,
role));
  +            Context context = (Context) subjectContexts.get(currentCaller.get());
  +
  +            assert context != null : "No registered context";
  +
  +            context.context.checkPermission(new EJBRoleRefPermission(EJBName, role));
           } catch (AccessControlException e) {
               return false;
           }
           return true;
       }
   
  -    public static class Context {
  -        AccessControlContext context;
  -        Subject subject;
  -    }
  +    public static void registerSubject(Subject subject) {
  +        SecurityManager sm = System.getSecurityManager();
  +        if (sm != null) sm.checkPermission(SET_CONTEXT);
   
  -    private static class ContextThreadLocalStack extends ThreadLocal {
  -        protected Object initialValue() {
  -            return new Stack();
  -        }
  +        if (subject == null) throw new IllegalArgumentException("Subject must not be null");
   
  -        void push(Context context) {
  -            Stack stack = (Stack) super.get();
  -            stack.push(context);
  -        }
  +        AccessControlContext acc = (AccessControlContext) Subject.doAsPrivileged(subject,
new PrivilegedAction() {
  +            public Object run() {
  +                return AccessController.getContext();
  +            }
  +        }, null);
   
  -        Context pop() {
  -            Stack stack = (Stack) super.get();
  -            return (Context) stack.pop();
  +        Context context = new Context();
  +        context.subject = subject;
  +        context.context = acc;
  +        if (!subject.getPrincipals(PrimaryRealmPrincipal.class).isEmpty()) {
  +            context.principal = (PrimaryRealmPrincipal) subject.getPrincipals(PrimaryRealmPrincipal.class).iterator().next();
  +        } else if (!subject.getPrincipals(RealmPrincipal.class).isEmpty()) {
  +            context.principal = (RealmPrincipal) subject.getPrincipals(RealmPrincipal.class).iterator().next();
  +        } else if (!subject.getPrincipals().isEmpty()) {
  +            context.principal = (Principal) subject.getPrincipals().iterator().next();
           }
  +        subjectContexts.put(subject, context);
  +    }
   
  -        Context peek() {
  -            Stack stack = (Stack) super.get();
  -            return (Context) stack.peek();
  -        }
  +    public static void unregisterSubject(Subject subject) {
  +        SecurityManager sm = System.getSecurityManager();
  +        if (sm != null) sm.checkPermission(SET_CONTEXT);
  +
  +        if (subject == null) throw new IllegalArgumentException("Subject must not be null");
  +
  +        subjectContexts.remove(subject);
  +    }
  +
  +    private static class Context {
  +        AccessControlContext context;
  +        Subject subject;
  +        Principal principal;
       }
   }
  
  
  

Mime
View raw message