adc 2003/11/11 20:29:04
Modified: modules/core/src/java/org/apache/geronimo/security/util
ContextManager.java
Log:
Include both the Subject and the AccessControlContext in the context.
Revision Changes Path
1.2 +74 -11
incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ContextManager.java
Index: ContextManager.java
===================================================================
RCS file:
/home/cvs/incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ContextManager.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ContextManager.java 8 Nov 2003 22:40:28 -0000 1.1
+++ ContextManager.java 12 Nov 2003 04:29:04 -0000 1.2
@@ -56,9 +56,17 @@
package org.apache.geronimo.security.util;
import org.apache.geronimo.security.GeronimoSecurityPermission;
+import org.apache.geronimo.security.RealmPrincipal;
+import javax.security.jacc.EJBRoleRefPermission;
+import javax.security.auth.Subject;
import java.util.Stack;
+import java.util.Hashtable;
+import java.util.Map;
+import java.util.Iterator;
import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Principal;
/**
@@ -68,6 +76,8 @@
public class ContextManager {
private static ContextThreadLocalStack contexts = new
ContextThreadLocalStack();
+ private static Map subjectContexts = new Hashtable();
+ private static ThreadLocal methodIndexes = new ThreadLocal();
public static final GeronimoSecurityPermission GET_CONTEXT = new
GeronimoSecurityPermission("getContext");
public static final GeronimoSecurityPermission SET_CONTEXT = new
GeronimoSecurityPermission("setContext");
@@ -76,41 +86,94 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
- return contexts.peek();
+ return contexts.peek().context;
}
- public static AccessControlContext popContext() {
+ public static Subject popSubject() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SET_CONTEXT);
- return contexts.pop();
+ return contexts.pop().subject;
}
- public static void pushContext(AccessControlContext context) {
+ public static void pushSubject(Subject subject) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(SET_CONTEXT);
+ Context context = new Context();
+ context.subject = subject;
+ context.context = (AccessControlContext)subjectContexts.get(subject);
+
+ assert context.context != null;
+
contexts.push(context);
}
+ public static void registerContext(Subject subject, AccessControlContext
context) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(SET_CONTEXT);
+
+ subjectContexts.put(subject, context);
+ }
+
+ public static void unregisterContext(Subject subject) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(SET_CONTEXT);
+
+ subjectContexts.remove(subject);
+ }
+
+ public static void setMethodIndex(int index) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) sm.checkPermission(SET_CONTEXT);
+
+ methodIndexes.set(new Integer(index));
+ }
+
+ public static int getMethodIndex() {
+ return ((Integer)methodIndexes.get()).intValue();
+ }
+
+ public static Principal getCallerPrincipal() {
+ Iterator iter =
contexts.peek().subject.getPrincipals(RealmPrincipal.class).iterator();
+
+ assert iter.hasNext();
+
+ return (RealmPrincipal)iter.next();
+ }
+
+ public static boolean isCallerInRole(String EJBName, String role) {
+ try {
+ contexts.peek().context.checkPermission(new
EJBRoleRefPermission(EJBName, role));
+ } catch (AccessControlException e) {
+ return false;
+ }
+ return true;
+ }
+
+ public static class Context {
+ AccessControlContext context;
+ Subject subject;
+ }
+
private static class ContextThreadLocalStack extends ThreadLocal {
protected Object initialValue() {
return new Stack();
}
- void push(AccessControlContext runAs) {
+ void push(Context context) {
Stack stack = (Stack) super.get();
- stack.push(runAs);
+ stack.push(context);
}
- AccessControlContext pop() {
+ Context pop() {
Stack stack = (Stack) super.get();
- return (AccessControlContext) stack.pop();
+ return (Context) stack.pop();
}
- AccessControlContext peek() {
+ Context peek() {
Stack stack = (Stack) super.get();
- return (AccessControlContext) stack.peek();
+ return (Context) stack.peek();
}
}
}
