geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r109872 - in geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty: . interceptor
Date Sun, 05 Dec 2004 07:37:35 GMT
Author: djencks
Date: Sat Dec  4 23:37:35 2004
New Revision: 109872

URL: http://svn.apache.org/viewcvs?view=rev&rev=109872
Log:
refactoring location of some security methods and using the security interceptor
Removed:
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
Modified:
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
   geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?view=diff&rev=109872&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java&r1=109871&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java&r2=109872
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
Sat Dec  4 23:37:35 2004
@@ -28,6 +28,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
 import org.mortbay.http.HttpRequest;
 import org.mortbay.http.UserRealm;
 
@@ -129,7 +130,7 @@
 
     public Principal pushRole(Principal user, String role) {
         ((JAASJettyPrincipal) user).push(ContextManager.getCurrentCaller());
-        ContextManager.setCurrentCaller(JettyServer.getCurrentWebAppContext().getRoleDesignate(role));
+        ContextManager.setCurrentCaller(SecurityContextBeforeAfter.getCurrentRoleDesignate(role));
         return user;
     }
 

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java?view=diff&rev=109872&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java&r1=109871&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java&r2=109872
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
Sat Dec  4 23:37:35 2004
@@ -30,7 +30,6 @@
  * @version $Rev$ $Date$
  */
 public class JettyServer extends Server {
-    private final static ThreadLocal currentWebAppContext = new ThreadLocal();
     private final Map realmDelegates = new HashMap();
 
     public UserRealm addRealm(UserRealm realm) {
@@ -56,20 +55,6 @@
 
     public void removeRealm(UserRealm realm) {
         realmDelegates.remove(realm.getName());
-    }
-
-    public static void setCurrentWebAppContext(JettyWebAppJACCContext context) {
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) sm.checkPermission(ContextManager.SET_CONTEXT);
-
-        currentWebAppContext.set(context);
-    }
-
-    public static JettyWebAppJACCContext getCurrentWebAppContext() {
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) sm.checkPermission(ContextManager.GET_CONTEXT);
-
-        return (JettyWebAppJACCContext) currentWebAppContext.get();
     }
 
     private class RealmDelegate implements UserRealm {

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?view=diff&rev=109872&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r1=109871&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java&r2=109872
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Sat Dec  4 23:37:35 2004
@@ -63,8 +63,9 @@
     private final WebApplicationHandler handler;
     private String displayName;
 
-    private final BeforeAfter chain;
-    private final int contextLength;
+    //TODO make these private final again!
+    protected  BeforeAfter chain;
+    protected  int contextLength;
 
     /**
      * @deprecated never use this... this is only here because Jetty WebApplicationContext
is externalizable

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java?view=diff&rev=109872&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r1=109871&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java&r2=109872
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppJACCContext.java
Sat Dec  4 23:37:35 2004
@@ -26,8 +26,6 @@
 import java.security.Permission;
 import java.security.Principal;
 import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -37,7 +35,6 @@
 import javax.security.auth.Subject;
 import javax.security.jacc.PolicyConfiguration;
 import javax.security.jacc.PolicyConfigurationFactory;
-import javax.security.jacc.PolicyContext;
 import javax.security.jacc.PolicyContextException;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebRoleRefPermission;
@@ -49,6 +46,7 @@
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.WaitingException;
+import org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter;
 import org.apache.geronimo.kernel.Kernel;
 import org.apache.geronimo.naming.java.ReadOnlyContext;
 import org.apache.geronimo.security.ContextManager;
@@ -58,8 +56,6 @@
 import org.apache.geronimo.security.SubjectId;
 import org.apache.geronimo.security.deploy.AutoMapAssistant;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
-import org.apache.geronimo.security.deploy.Realm;
-import org.apache.geronimo.security.deploy.Role;
 import org.apache.geronimo.security.deploy.Security;
 import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
 import org.apache.geronimo.security.realm.SecurityRealm;
@@ -99,7 +95,6 @@
     private PolicyConfigurationFactory factory;
     private PolicyConfiguration policyConfiguration;
 
-    private final Map roleDesignates = new HashMap();
     private final PathMap constraintMap = new PathMap();
 
     private String formLoginPath;
@@ -109,6 +104,8 @@
     private final Set uncheckedPermissions;
     private final Map rolePermissions;
 
+    private final SecurityContextBeforeAfter securityInterceptor;
+
 
     public JettyWebAppJACCContext() {
         kernel = null;
@@ -120,6 +117,7 @@
         this.excludedPermissions = null;
         this.uncheckedPermissions = null;
         this.rolePermissions = null;
+        securityInterceptor = null;
     }
 
     public JettyWebAppJACCContext(URI uri,
@@ -206,6 +204,11 @@
 
         this.defaultPrincipal = generateDefaultPrincipal(securityConfig, loginDomainName);
 
+        int index = contextLength;
+        this.securityInterceptor = new SecurityContextBeforeAfter(chain, index++, index++,
policyContextID);
+        contextLength = index;
+        chain = securityInterceptor;
+
         //TODO remove
         for (Iterator entries = legacySecurityConstraintMap.entrySet().iterator(); entries.hasNext();)
{
             Map.Entry entry = (Map.Entry) entries.next();
@@ -220,14 +223,6 @@
 
     }
 
-    public Subject getRoleDesignate(String roleName) {
-        return (Subject) roleDesignates.get(roleName);
-    }
-
-    void setRoleDesignate(String roleName, Subject subject) {
-        roleDesignates.put(roleName, subject);
-    }
-
     public void registerServletHolder(ServletHolder servletHolder, String servletName, Set
servletMappings, Map webRoleRefPermissions) throws Exception {
         super.registerServletHolder(servletHolder, servletName, servletMappings, webRoleRefPermissions);
 
@@ -250,25 +245,25 @@
      * @param httpRequest   the request object
      * @param httpResponse  the response object
      */
-    public void handle(String pathInContext,
-                       String pathParams,
-                       HttpRequest httpRequest,
-                       HttpResponse httpResponse)
-            throws HttpException, IOException {
-
-        String savedPolicyContextID = PolicyContext.getContextID();
-        JettyWebAppJACCContext savedContext = JettyServer.getCurrentWebAppContext();
-
-        try {
-            PolicyContext.setContextID(policyContextID);
-            JettyServer.setCurrentWebAppContext(this);
-
-            super.handle(pathInContext, pathParams, httpRequest, httpResponse);
-        } finally {
-            JettyServer.setCurrentWebAppContext(savedContext);
-            PolicyContext.setContextID(savedPolicyContextID);
-        }
-    }
+//    public void handle(String pathInContext,
+//                       String pathParams,
+//                       HttpRequest httpRequest,
+//                       HttpResponse httpResponse)
+//            throws HttpException, IOException {
+//
+//        String savedPolicyContextID = PolicyContext.getContextID();
+//        JettyWebAppJACCContext savedContext = SecurityContextBeforeAfter.getCurrentWebAppContext();
+//
+//        try {
+//            PolicyContext.setContextID(policyContextID);
+//            SecurityContextBeforeAfter.setCurrentWebAppContext(this);
+//
+//            super.handle(pathInContext, pathParams, httpRequest, httpResponse);
+//        } finally {
+//            SecurityContextBeforeAfter.setCurrentWebAppContext(savedContext);
+//            PolicyContext.setContextID(savedPolicyContextID);
+//        }
+//    }
 
     /**
      * Keep our own copy of security constraints.<p/>
@@ -531,7 +526,7 @@
             policyConfiguration = factory.getPolicyConfiguration(policyContextID, true);
             configure();
 //            configure(policyConfiguration);
-            addRoleMappings((RoleMappingConfiguration) policyConfiguration, securityConfig);
+            securityInterceptor.addRoleMappings(securityRoles, loginDomainName, securityConfig,
(RoleMappingConfiguration) policyConfiguration);
             policyConfiguration.commit();
         } catch (ClassNotFoundException e) {
             // do nothing
@@ -541,22 +536,6 @@
             // do nothing
         }
 
-        /**
-         * Register the role designates with the context manager.
-         *
-         * THIS MUST BE RUN AFTER JettyXMLConfiguration.configure()
-         */
-        Iterator iter = roleDesignates.keySet().iterator();
-        while (iter.hasNext()) {
-            String roleName = (String) iter.next();
-            Subject roleDesignate = (Subject) roleDesignates.get(roleName);
-
-            ContextManager.registerSubject(roleDesignate);
-            id = ContextManager.getSubjectId(roleDesignate);
-            roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
-
-            log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy
'" + policyContextID + "' registered.");
-        }
 
         log.info("JettyWebAppJACCContext started with JACC policy '" + policyContextID +
"'");
     }
@@ -571,14 +550,7 @@
 
         ContextManager.unregisterSubject(defaultPrincipal.getSubject());
 
-        Iterator iter = roleDesignates.keySet().iterator();
-        while (iter.hasNext()) {
-            String roleName = (String) iter.next();
-            Subject roleDesignate = (Subject) roleDesignates.get(roleName);
-
-            ContextManager.unregisterSubject(roleDesignate);
-            log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) + "
for role '" + roleName + "' for JACC policy '" + policyContextID + "' unregistered.");
-        }
+        securityInterceptor.stop();
 
         /**
          * Delete the policy configuration for this web application
@@ -631,40 +603,6 @@
         }
     }
 
-    protected void addRoleMappings(RoleMappingConfiguration roleMapper, Security security)
throws PolicyContextException, GeronimoSecurityException {
-
-        Iterator roleMappings = security.getRoleMappings().values().iterator();
-        while (roleMappings.hasNext()) {
-            Role role = (Role) roleMappings.next();
-            String roleName = role.getRoleName();
-            Set principalSet = new HashSet();
-
-            if (!securityRoles.contains(roleName)) throw new GeronimoSecurityException("Role
does not exist in this configuration");
-
-            Subject roleDesignate = new Subject();
-
-            Iterator realms = role.getRealms().values().iterator();
-            while (realms.hasNext()) {
-                Realm realm = (Realm) realms.next();
-
-                Iterator principals = realm.getPrincipals().iterator();
-                while (principals.hasNext()) {
-                    org.apache.geronimo.security.deploy.Principal principal = (org.apache.geronimo.security.deploy.Principal)
principals.next();
-
-                    RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal,
loginDomainName, realm.getRealmName());
-                    if (realmPrincipal == null) throw new GeronimoSecurityException("Unable
to create realm principal");
-
-                    principalSet.add(realmPrincipal);
-                    if (principal.isDesignatedRunAs()) roleDesignate.getPrincipals().add(realmPrincipal);
-                }
-            }
-            roleMapper.addRoleMapping(roleName, principalSet);
-
-            if (roleDesignate.getPrincipals().size() > 0) {
-                setRoleDesignate(roleName, roleDesignate);
-            }
-        }
-    }
 
     //===============================================================================
     public static final GBeanInfo GBEAN_INFO;

Deleted: /geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyXMLConfiguration.java?view=auto&rev=109871
==============================================================================

Modified: geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Url: http://svn.apache.org/viewcvs/geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?view=diff&rev=109872&p1=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r1=109871&p2=geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java&r2=109872
==============================================================================
--- geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
(original)
+++ geronimo/branches/djencks/jetty-deployer1/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Sat Dec  4 23:37:35 2004
@@ -16,12 +16,25 @@
  */
 package org.apache.geronimo.jetty.interceptor;
 
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
 import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
 
-import org.apache.geronimo.naming.java.ReadOnlyContext;
-import org.apache.geronimo.naming.java.RootContext;
-import org.apache.geronimo.jetty.JettyWebAppJACCContext;
-import org.apache.geronimo.jetty.JettyServer;
+import org.apache.geronimo.common.GeronimoSecurityException;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.IdentificationPrincipal;
+import org.apache.geronimo.security.SubjectId;
+import org.apache.geronimo.security.deploy.Realm;
+import org.apache.geronimo.security.deploy.Role;
+import org.apache.geronimo.security.deploy.Security;
+import org.apache.geronimo.security.jacc.RoleMappingConfiguration;
+import org.apache.geronimo.security.util.ConfigurationUtil;
 
 /**
  * @version $Rev:  $ $Date:  $
@@ -32,24 +45,24 @@
     private final int policyContextIDIndex;
     private final int webAppContextIndex;
     private final String policyContextID;
-    private final JettyWebAppJACCContext webAppContext;
+    private final static ThreadLocal currentWebAppContext = new ThreadLocal();
+    private final Map roleDesignates = new HashMap();
 
-    public SecurityContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int webAppContextIndex,
String policyContextID, JettyWebAppJACCContext webAppContext) {
+    public SecurityContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int webAppContextIndex,
String policyContextID) {
         this.next = next;
         this.policyContextIDIndex = policyContextIDIndex;
         this.webAppContextIndex = webAppContextIndex;
         this.policyContextID = policyContextID;
-        this.webAppContext = webAppContext;
     }
 
     public void before(Object[] context) {
         context[policyContextIDIndex] = PolicyContext.getContextID();
-        context[webAppContextIndex] = JettyServer.getCurrentWebAppContext();
+        context[webAppContextIndex] = getCurrentSecurityInterceptor();
 
-            PolicyContext.setContextID(policyContextID);
-            JettyServer.setCurrentWebAppContext(webAppContext);
+        PolicyContext.setContextID(policyContextID);
+        setCurrentSecurityInterceptor(this);
 
-       if (next != null) {
+        if (next != null) {
             next.before(context);
         }
     }
@@ -58,8 +71,98 @@
         if (next != null) {
             next.after(context);
         }
-        JettyServer.setCurrentWebAppContext((JettyWebAppJACCContext) context[webAppContextIndex]);
+        setCurrentSecurityInterceptor((SecurityContextBeforeAfter) context[webAppContextIndex]);
         PolicyContext.setContextID((String) context[policyContextIDIndex]);
     }
 
+    private static void setCurrentSecurityInterceptor(SecurityContextBeforeAfter context)
{
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(ContextManager.SET_CONTEXT);
+
+        currentWebAppContext.set(context);
+    }
+
+    private static SecurityContextBeforeAfter getCurrentSecurityInterceptor() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) sm.checkPermission(ContextManager.GET_CONTEXT);
+
+        return (SecurityContextBeforeAfter) currentWebAppContext.get();
+    }
+
+    public static Subject getCurrentRoleDesignate(String role) {
+        return getCurrentSecurityInterceptor().getRoleDesignate(role);
+    }
+
+    private Subject getRoleDesignate(String roleName) {
+        return (Subject) roleDesignates.get(roleName);
+    }
+
+    private void setRoleDesignate(String roleName, Subject subject) {
+        roleDesignates.put(roleName, subject);
+    }
+
+    public void addRoleMappings(Set securityRoles, String loginDomainName, Security security,
RoleMappingConfiguration roleMapper) throws PolicyContextException, GeronimoSecurityException
{
+
+        for (Iterator roleMappings = security.getRoleMappings().values().iterator(); roleMappings.hasNext();)
{
+            Role role = (Role) roleMappings.next();
+            String roleName = role.getRoleName();
+            Set principalSet = new HashSet();
+
+            if (!securityRoles.contains(roleName)) {
+                throw new GeronimoSecurityException("Role does not exist in this configuration");
+            }
+
+            Subject roleDesignate = new Subject();
+
+            for (Iterator realms = role.getRealms().values().iterator(); realms.hasNext();)
{
+                Realm realm = (Realm) realms.next();
+
+                for (Iterator principals = realm.getPrincipals().iterator(); principals.hasNext();)
{
+                    org.apache.geronimo.security.deploy.Principal principal = (org.apache.geronimo.security.deploy.Principal)
principals.next();
+
+                    RealmPrincipal realmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal,
loginDomainName, realm.getRealmName());
+                    if (realmPrincipal == null) {
+                        throw new GeronimoSecurityException("Unable to create realm principal");
+                    }
+
+                    principalSet.add(realmPrincipal);
+                    if (principal.isDesignatedRunAs()) {
+                        roleDesignate.getPrincipals().add(realmPrincipal);
+                    }
+                }
+            }
+            roleMapper.addRoleMapping(roleName, principalSet);
+
+            if (roleDesignate.getPrincipals().size() > 0) {
+                setRoleDesignate(roleName, roleDesignate);
+            }
+        }
+
+        /**
+         * Register the role designates with the context manager.
+         *
+         * THIS MUST BE RUN AFTER JettyXMLConfiguration.configure()
+         */
+        for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
+            String roleName = (String) iter.next();
+            Subject roleDesignate = (Subject) roleDesignates.get(roleName);
+
+            ContextManager.registerSubject(roleDesignate);
+            SubjectId id = ContextManager.getSubjectId(roleDesignate);
+            roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
+
+//            log.debug("Role designate " + id + " for role '" + roleName + "' for JACC policy
'" + policyContextID + "' registered.");
+        }
+
+    }
+
+    public void stop() {
+        for (Iterator iter = roleDesignates.keySet().iterator(); iter.hasNext();) {
+            String roleName = (String) iter.next();
+            Subject roleDesignate = (Subject) roleDesignates.get(roleName);
+
+            ContextManager.unregisterSubject(roleDesignate);
+//            log.debug("Role designate " + ContextManager.getSubjectId(roleDesignate) +
" for role '" + roleName + "' for JACC policy '" + policyContextID + "' unregistered.");
+        }
+    }
 }

Mime
View raw message