User: stark
Date: 01/02/12 01:24:54
Added: security/src/main/org/jboss/security AppPolicy.java
AuthenticationInfo.java AuthorizationInfo.java
IAppPolicyStore.java SecurityPolicy.java
SecurityPolicyParser.java
Log:
Additions to the security framework to support JAAS based security
proxy layers
Revision Changes Path
1.1 contrib/security/src/main/org/jboss/security/AppPolicy.java
Index: AppPolicy.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.IOException;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.AuthPermission;
import javax.security.auth.Policy;
import javax.security.auth.Refreshable;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
/** A combination of keystore, authentication and authorization entries.
@author [EMAIL PROTECTED]
@version $Revision: 1.1 $
*/
public class AppPolicy
{
/** A PermissionCollection that allows no permissions */
public static final PermissionCollection NO_PERMISSIONS = new Permissions();
/** A PermissionCollection that allows all permissions */
private static PermissionCollection ALL_PERMISSIONS;
/**
* @label defaultAppPolicy
*/
private static AppPolicy defaultAppPolicy;
// Setup the class statics
static
{
// A PermissionCollection that allows all permissions
AllPermission all = new AllPermission();
ALL_PERMISSIONS = all.newPermissionCollection();
ALL_PERMISSIONS.add(all);
// A default policy with no authentication and NO_PERMISSIONS
defaultAppPolicy = new AppPolicy("other");
}
private String appName;
private KeyStore keyStore;
/**
* @label permissions
*/
private AuthorizationInfo permissionInfo;
/**
* @label login
*/
private AuthenticationInfo loginInfo;
public KeyStore getKeyStore()
{
return keyStore;
}
public void setKeyStore(KeyStore keyStore)
{
this.keyStore = keyStore;
}
public static void setDefaultAppPolicy(AppPolicy policy)
{
if( policy == null )
throw new IllegalArgumentException("The policy argument cannot be null");
defaultAppPolicy = policy;
}
public static AppPolicy getDefaultAppPolicy()
{
return defaultAppPolicy;
}
public AppPolicy(String appName)
{
this.appName = appName;
}
public AuthenticationInfo getLoginInfo()
{
AccessController.checkPermission(AuthenticationInfo.GET_CONFIG_ENTRY_PERM);
return loginInfo;
}
public void setLoginInfo(AuthenticationInfo loginInfo)
{
AccessController.checkPermission(AuthenticationInfo.SET_CONFIG_ENTRY_PERM);
this.loginInfo = loginInfo;
}
public AuthorizationInfo getPermissionInfo()
{
return permissionInfo;
}
public void setPermissionInfo(AuthorizationInfo permissionInfo)
{
this.permissionInfo = permissionInfo;
}
public AppConfigurationEntry[] getAppConfigurationEntry()
{
AppConfigurationEntry[] appConfig = null;
if( loginInfo != null )
appConfig = loginInfo.getAppConfigurationEntry();
if( appConfig == null )
appConfig = defaultAppPolicy.getAppConfigurationEntry();
return appConfig;
}
public PermissionCollection getPermissions(Subject subject, CodeSource
codesource)
{
PermissionCollection perms = NO_PERMISSIONS;
AuthorizationInfo info = getPermissionInfo();
if( info == null )
info = defaultAppPolicy.getPermissionInfo();
if( info != null )
{
perms = info.getPermissions(subject, codesource);
}
return perms;
}
public String toString()
{
StringBuffer buffer = new StringBuffer(appName);
buffer.append('\n');
buffer.append("AuthenticationInfo:\n");
if( loginInfo != null )
buffer.append(loginInfo);
buffer.append("AuthorizationInfo:\n");
if( permissionInfo != null )
buffer.append(permissionInfo);
return buffer.toString();
}
}
1.1
contrib/security/src/main/org/jboss/security/AuthenticationInfo.java
Index: AuthenticationInfo.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.security.AccessController;
import javax.security.auth.AuthPermission;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry;
/**
@author [EMAIL PROTECTED]
@version $Revision: 1.1 $
*/
public class AuthenticationInfo
{
public static final AuthPermission GET_CONFIG_ENTRY_PERM = new
AuthPermission("getLoginConfiguration");
public static final AuthPermission SET_CONFIG_ENTRY_PERM = new
AuthPermission("setLoginConfiguration");
private AppConfigurationEntry[] loginModules;
private CallbackHandler callbackHandler;
/** Get an application authentication configuration. This requires an
AuthPermission("getLoginConfiguration") access.
*/
public AppConfigurationEntry[] getAppConfigurationEntry()
{
AccessController.checkPermission(GET_CONFIG_ENTRY_PERM);
return loginModules;
}
/** Set an application authentication configuration. This requires an
AuthPermission("setLoginConfiguration") access.
*/
public void setAppConfigurationEntry(AppConfigurationEntry[] loginModules)
{
AccessController.checkPermission(SET_CONFIG_ENTRY_PERM);
this.loginModules = loginModules;
}
/**
*/
public CallbackHandler getAppCallbackHandler()
{
return callbackHandler;
}
public void setAppCallbackHandler(CallbackHandler handler)
{
this.callbackHandler = handler;
}
}
1.1
contrib/security/src/main/org/jboss/security/AuthorizationInfo.java
Index: AuthorizationInfo.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.IOException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
/**
@author [EMAIL PROTECTED]
@version $Revision: 1.1 $
*/
public class AuthorizationInfo
{
private static Set emptySet = new HashSet();
private ArrayList policyMap = new ArrayList();
private PolicyEntry[] policyEntries;
/** An inner class that represents a grant entry in policyMap. It is composed
*of a CodeSource and an array of Prinicpals along with the granted
*permissions.
*/
static class PolicyEntry
{
private CodeSource cs;
private Principal[] principals;
private ArrayList permissions;
PolicyEntry(CodeSource cs, Principal[] principals, ArrayList permissions)
{
this.cs = cs;
this.principals = principals;
this.permissions = permissions;
}
public void getPermissions(PermissionCollection perms)
{
int length = permissions == null ? 0 : permissions.size();
for(int n = 0; n < length; n ++)
{
Permission permission = (Permission) permissions.get(n);
perms.add(permission);
}
}
public boolean implies(CodeSource codesrc, Set subjectPrincipals)
{
boolean implies = false;
// Check codesources
if( this.cs == codesrc )
{ // Both null or the same object
implies = true;
}
else if( this.cs != null && codesrc != null && this.cs.implies(codesrc) )
{
implies = true;
}
// Check Principals
if( implies == true )
{
if( this.principals != null )
{ // Every one of our principals must be in subjectPrincipals
for(int p = 0; p < this.principals.length; p ++)
{
if( subjectPrincipals.contains(this.principals[p]) == false )
{
implies = false;
break;
}
}
}
}
return implies;
}
public boolean equals(Object obj)
{
PolicyEntry key = (PolicyEntry) obj;
boolean equals = this.cs == key.cs;
if( equals == false )
{
if( this.cs != null && key.cs != null )
equals = this.cs.equals(key.cs);
if( equals == true )
{ // Every principal in this must equal
if( this.principals != null && key.principals != null &&
this.principals.length == key.principals.length )
{
for(int p = 0; p < this.principals.length; p ++)
{
if( this.principals[p].equals(key.principals[p]) ==
false )
{
equals = false;
break;
}
}
}
else if( this.principals != null || key.principals != null )
{
equals = false;
}
}
}
return equals;
}
public int hashCode()
{
int hashCode = 0;
if( cs != null )
hashCode = cs.hashCode();
int length = (this.principals == null ? 0 : this.principals.length);
for(int p = 0; p < length; p ++)
{
hashCode += this.principals[p].hashCode();
}
return hashCode;
}
public String toString()
{
StringBuffer buffer = new StringBuffer();
buffer.append("cs=");
buffer.append(cs);
buffer.append("; principals=");
for(int p = 0; principals != null && p < principals.length; p ++)
buffer.append(principals[p]);
buffer.append("; permissions=");
buffer.append(permissions);
return buffer.toString();
}
}
public AuthorizationInfo()
{
}
public PermissionCollection getPermissions(Subject subject, CodeSource
codesource)
{
PermissionCollection perms = new Permissions();
Set subjectPrincipals = emptySet;
if( subject != null )
subjectPrincipals = subject.getPrincipals();
for(int n = 0; n < policyMap.size(); n ++)
{
PolicyEntry entry = (PolicyEntry) policyMap.get(n);
if( entry.implies(codesource, subjectPrincipals) == true )
entry.getPermissions(perms);
}
return perms;
}
public String toString()
{
StringBuffer buffer = new StringBuffer("permissions:");
return buffer.toString();
}
public void grant(CodeSource cs, ArrayList permissions)
{
grant(cs, permissions, null);
}
public void grant(CodeSource cs, ArrayList permissions, Principal[] principals)
{
PolicyEntry entry = new PolicyEntry(cs, principals, permissions);
System.out.println("grant, "+entry);
policyMap.add(entry);
}
}
1.1
contrib/security/src/main/org/jboss/security/IAppPolicyStore.java
Index: IAppPolicyStore.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.security.CodeSource;
import java.security.Principal;
import java.util.ArrayList;
/** An interface describing an AppPolicy security store. It is used by
the SecurityPolicy class to isolate the source of security information
from the SecurityPolicy.
@author [EMAIL PROTECTED]
@version $Revision: 1.1 $
*/
public interface IAppPolicyStore
{
public AppPolicy getAppPolicy(String appName);
public void refresh();
/** @link aggregation
* @supplierCardinality 1..*
* @clientCardinality 1*/
/*#AppPolicy lnkAppPolicy;*/
}
1.1 contrib/security/src/main/org/jboss/security/SecurityPolicy.java
Index: SecurityPolicy.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.AuthPermission;
import javax.security.auth.Policy;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry;
import org.jboss.security.SimplePrincipal;
/** An concrete implementation of the javax.security.auth.Policy class that
categorizes authorization info by application.
@see javax.security.auth.Policy
@author [EMAIL PROTECTED]
@version $Revision: 1.1 $
*/
public class SecurityPolicy extends Policy
{
private static final AuthPermission REFRESH_PERM = new
AuthPermission("refreshPolicy");
private static final Set emptySet = new HashSet();
private static final ThreadLocal activeApp = new ThreadLocal();
/**
* @clientCardinality 1
* @supplierCardinality 1
* @clientRole Policy/Configuration Impl
* @supplierRole Policy/Configuration data
*/
private IAppPolicyStore policyStore;
private LoginConfiguration loginConfig = new LoginConfiguration();
public class LoginConfiguration extends Configuration
{
public AppConfigurationEntry[] getAppConfigurationEntry(String appName)
{
AppConfigurationEntry[] entry = null;
AppPolicy appPolicy = policyStore.getAppPolicy(appName);
if( appPolicy != null )
{
AuthenticationInfo loginInfo = appPolicy.getLoginInfo();
if( loginInfo != null )
entry = loginInfo.getAppConfigurationEntry();
}
return entry;
}
public void refresh()
{
SecurityPolicy.this.refresh();
}
}
public static void setActiveApp(String appName)
{
activeApp.set(appName);
}
public static void unsetActiveApp()
{
activeApp.set(null);
}
public SecurityPolicy(IAppPolicyStore policyStore)
{
this.policyStore = policyStore;
}
public Configuration getLoginConfiguration()
{
return loginConfig;
}
public PermissionCollection getPermissions(Subject subject, CodeSource
codesource)
{
String appName = (String) activeApp.get();
if( appName == null )
appName = "other";
PermissionCollection perms = getPermissions(subject, codesource,
appName);
return perms;
}
public PermissionCollection getPermissions(Subject subject, CodeSource
codesource, String appName)
{
AppPolicy policy = policyStore.getAppPolicy(appName);
PermissionCollection perms = AppPolicy.NO_PERMISSIONS;
if( policy != null )
perms = policy.getPermissions(subject, codesource);
System.out.println("getPermissions(cs="+codesource+", "+appName+") -> "+perms);
return perms;
}
public AppPolicy getAppPolicy(String appName)
{
AppPolicy appPolicy = policyStore.getAppPolicy(appName);
return appPolicy;
}
public void refresh()
{
AccessController.checkPermission(REFRESH_PERM);
policyStore.refresh();
}
}
1.1
contrib/security/src/main/org/jboss/security/SecurityPolicyParser.java
Index: SecurityPolicyParser.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.InputStream;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.GeneralSecurityException;
import java.security.Permission;
import java.security.Principal;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.StringTokenizer;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import org.w3c.dom.Document;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.NamedNodeMap;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.EntityResolver;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
import org.jboss.logging.Log;
/** A class that parses a XML document that conforms to the security-policy.dtd
DTD that implements IAppPolicyStore for use with the SecurityPolicy class.
@author [EMAIL PROTECTED]
@version $Revision: 1.1 $
*/
public class SecurityPolicyParser implements IAppPolicyStore
{
private static String DEFAULT_APP_POLICY_NAME = "other";
private URL policyURL;
private HashMap policyMap = new HashMap();
/** Creates new SecurityPolicyParser */
public SecurityPolicyParser(URL policyURL)
{
this.policyURL = policyURL;
}
public AppPolicy getAppPolicy(String appName)
{
AppPolicy appPolicy = (AppPolicy) policyMap.get(appName);
if( appPolicy == null )
appPolicy = AppPolicy.getDefaultAppPolicy();
return appPolicy;
}
/** Load/reload the security policy
*/
public void refresh()
{
Document doc = null;
try
{
doc = loadURL();
}
catch(Exception e)
{
e.printStackTrace();
return;
}
Element root = doc.getDocumentElement();
NodeList apps = root.getElementsByTagName("application-policy");
for(int n = 0; n < apps.getLength(); n ++)
{
Element app = (Element) apps.item(n);
String name = app.getAttribute("name");
AppPolicy appPolicy = new AppPolicy(name);
try
{
parse(app, appPolicy);
if( name.equals(DEFAULT_APP_POLICY_NAME) )
AppPolicy.setDefaultAppPolicy(appPolicy);
else
policyMap.put(name, appPolicy);
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
private Document loadURL() throws Exception
{
InputStream is = policyURL.openStream();
DocumentBuilderFactory docBuilderFactory =
DocumentBuilderFactory.newInstance();
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
EntityResolver resolver = new LocalResolver();
docBuilder.setEntityResolver(resolver);
Document doc = docBuilder.parse(is);
return doc;
}
private void parse(Element policy, AppPolicy appPolicy) throws Exception
{
parseKeyStore(policy, appPolicy);
parseAuthentication(policy, appPolicy);
parseAuthorization(policy, appPolicy);
}
/** Parse the application-policy/keystore element
@param policy, the application-policy element
*/
private void parseKeyStore(Element policy, AppPolicy appPolicy) throws Exception
{
// Load the keystore
NodeList keystore = policy.getElementsByTagName("keystore");
String keystoreHref = ".keystore";
String keystoreType = "JKS";
if( keystore.getLength() > 0 )
{ // Load the cert KeyStore. This needs more work to be complete...
Element e = (Element) keystore.item(0);
keystoreHref = e.getAttribute("href");
keystoreType = e.getAttribute("type");
InputStream keystoreStream = null;
try
{
URL keystoreURL = new URL(keystoreHref);
keystoreStream = keystoreURL.openStream();
}
catch(MalformedURLException ex)
{ // Assume this is just a resource name and look for in
ClassLoader loader = Thread.currentThread().getContextClassLoader();
keystoreStream = loader.getResourceAsStream(keystoreHref);
}
KeyStore keyStore = KeyStore.getInstance(keystoreType);
// Where to get the password from...
char[] password = {};
keyStore.load(keystoreStream, password);
appPolicy.setKeyStore(keyStore);
}
}
/** Parse the application-policy/authentication element
@param policy, the application-policy element
*/
private void parseAuthentication(Element policy, AppPolicy appPolicy) throws
Exception
{
// Parse the permissions
NodeList authentication = policy.getElementsByTagName("authentication");
if( authentication.getLength() == 0 )
return;
Element auth = (Element) authentication.item(0);
NodeList modules = auth.getElementsByTagName("login-module");
ArrayList tmp = new ArrayList();
for(int n = 0; n < modules.getLength(); n ++)
{
Element grant = (Element) modules.item(n);
parseModule(grant, tmp);
}
AppConfigurationEntry[] entries = new AppConfigurationEntry[tmp.size()];
tmp.toArray(entries);
AuthenticationInfo info = new AuthenticationInfo();
info.setAppConfigurationEntry(entries);
appPolicy.setLoginInfo(info);
}
private void parseModule(Element module, ArrayList entries) throws Exception
{
LoginModuleControlFlag controlFlag = LoginModuleControlFlag.OPTIONAL;
String className = module.getAttribute("code");
String flag = module.getAttribute("flag");
if( flag != null )
{
if( flag.equals(LoginModuleControlFlag.REQUIRED.toString()) )
controlFlag = LoginModuleControlFlag.REQUIRED;
else if( flag.equals(LoginModuleControlFlag.REQUISITE.toString()) )
controlFlag = LoginModuleControlFlag.REQUISITE;
else if( flag.equals(LoginModuleControlFlag.SUFFICIENT.toString()) )
controlFlag = LoginModuleControlFlag.SUFFICIENT;
else if( flag.equals(LoginModuleControlFlag.OPTIONAL.toString()) )
controlFlag = LoginModuleControlFlag.OPTIONAL;
}
NodeList opts = module.getElementsByTagName("module-option");
HashMap options = new HashMap();
for(int n = 0; n < opts.getLength(); n ++)
{
Element opt = (Element) opts.item(n);
String name = opt.getAttribute("name");
String value = getContent(opt, "");
options.put(name, value);
System.out.println("Added module-option name="+name+", value="+value);
}
AppConfigurationEntry entry = new AppConfigurationEntry(className,
controlFlag, options);
entries.add(entry);
}
/** Parse the application-policy/authorization element
@param policy, the application-policy element
*/
private void parseAuthorization(Element policy, AppPolicy appPolicy) throws
Exception
{
// Parse the permissions
NodeList authorization = policy.getElementsByTagName("authorization");
if( authorization.getLength() == 0 )
return;
Element auth = (Element) authorization.item(0);
NodeList grants = auth.getElementsByTagName("grant");
for(int n = 0; n < grants.getLength(); n ++)
{
Element grant = (Element) grants.item(n);
parseGrant(grant, appPolicy);
}
}
private void parseGrant(Element grant, AppPolicy appPolicy) throws Exception
{
// Look for the codebase
URL codebase = null;
if( grant.getAttribute("codebase") != null )
{
String attr = grant.getAttribute("codebase");
if( attr.length() > 0 )
codebase = new URL(attr);
}
// Look for the code signers
String[] signerAliases = {};
Certificate[] signedBy = null;
if( grant.getAttribute("signedBy") != null )
{
String signers = grant.getAttribute("signedBy");
if( signers.length() > 0 )
signedBy = getCertificates(signers, appPolicy.getKeyStore());
}
CodeSource cs = new CodeSource(codebase, signedBy);
// Look for the principals
ArrayList principals = null;
NodeList tmp = grant.getElementsByTagName("principal");
ClassLoader loader = Thread.currentThread().getContextClassLoader();
for(int n = 0; n < tmp.getLength(); n ++)
{
Element principal = (Element) tmp.item(n);
String code = principal.getAttribute("code");
String name = principal.getAttribute("name");
try
{
Class cls = loader.loadClass(code);
// Assume there exists a constructor(String)
Class[] parameterTypes = {String.class};
Constructor ctor = cls.getConstructor(parameterTypes);
Object[] args = {name};
Principal p = (Principal) ctor.newInstance(args);
if( principals == null )
principals = new ArrayList();
principals.add(p);
}
catch(Exception e)
{
throw new
GeneralSecurityException(e.getClass().getName()+','+e.getMessage());
}
}
// Get the permissions
ArrayList permissions = null;
tmp = grant.getElementsByTagName("permission");
for(int n = 0; n < tmp.getLength(); n ++)
{
Element perm = (Element) tmp.item(n);
String code = perm.getAttribute("code");
String name = perm.getAttribute("name");
String actions = perm.getAttribute("actions");
String signers = perm.getAttribute("signedBy"); // Currently ignored...
name = expandString(name);
try
{
Class cls = null;
// Assume there exists a ctor(String) or a ctor(String, String)
Constructor ctor = null;
Permission p = null;
try
{
cls = loader.loadClass(code);
Class[] parameterTypes2 = {String.class, String.class};
Object[] args2 = {name, actions};
ctor = cls.getConstructor(parameterTypes2);
p = (Permission) ctor.newInstance(args2);
}
catch(ClassNotFoundException e)
{ // Use an UnresolvedPermission
Certificate[] certs = null;
if( signers != null )
certs = getCertificates(signers, appPolicy.getKeyStore());
if( signers == null || certs != null )
p = new UnresolvedPermission(code, name, actions, certs);
}
catch(Exception e)
{ // Try ctor(String)
Class[] parameterTypes = {String.class};
Object[] args = {name};
ctor = cls.getConstructor(parameterTypes);
p = (Permission) ctor.newInstance(args);
}
if( permissions == null )
permissions = new ArrayList();
if( p != null )
permissions.add(p);
}
catch(Exception e)
{
throw new
GeneralSecurityException(e.getClass().getName()+','+e.getMessage());
}
}
Principal[] roles = new Principal[0];
AuthorizationInfo authInfo = appPolicy.getPermissionInfo();
if( authInfo == null )
{
authInfo = new AuthorizationInfo();
appPolicy.setPermissionInfo(authInfo);
}
if( principals == null )
{
authInfo.grant(cs, permissions);
}
else
{
roles = (Principal[]) principals.toArray(roles);
authInfo.grant(cs, permissions, roles);
}
}
private String expandString(String str)
{
int index = str.indexOf("${/}");
if( index >= 0 )
{
int start = 0;
StringBuffer sb = new StringBuffer();
while( index >= 0 )
{
sb.append(str.substring(start, index));
sb.append(java.io.File.separatorChar);
start = index + 4;
index = str.indexOf("${/}", start);
}
if( start <= str.length()-1 )
sb.append(str.substring(start));
str = sb.toString();
}
return str;
}
private Certificate[] getCertificates(String signedBy, KeyStore keyStore)
{
Certificate[] signedByCerts = null;
StringTokenizer tokenizer = new StringTokenizer(signedBy, ",");
ArrayList certs = new ArrayList();
while( tokenizer.hasMoreTokens() )
{
String alias = tokenizer.nextToken();
try
{
Certificate cert = keyStore.getCertificate(alias);
certs.add(cert);
}
catch(GeneralSecurityException e)
{
e.printStackTrace();
}
}
if( certs.size() > 0 )
{
signedByCerts = new Certificate[certs.size()];
certs.toArray(signedByCerts);
}
return signedByCerts;
}
public static String getContent(Element element, String defaultContent)
{
NodeList children = element.getChildNodes();
String content = defaultContent;
if( children.getLength() > 0 )
{
content = "";
for(int n = 0; n < children.getLength(); n ++)
{
if( children.item(n).getNodeType() == Node.TEXT_NODE ||
children.item(n).getNodeType() == Node.CDATA_SECTION_NODE )
content += children.item(n).getNodeValue();
else
content += children.item(n).getFirstChild();
}
return content;
}
return content;
}
/** Local entity resolver to handle the security-policy DTD public id.
*/
private static class LocalResolver implements EntityResolver
{
private static final String SECURITY_POLICY_PUBLIC_ID = "-//JBoss//DTD
JAAS SecurityPolicy//EN";
private static final String SECURITY_POLICY_DTD_NAME =
"security-policy.dtd";
public InputSource resolveEntity(String publicId, String systemId)
{
InputSource is = null;
if( publicId.equals(SECURITY_POLICY_PUBLIC_ID) )
{
try
{
InputStream dtdStream =
getClass().getResourceAsStream(SECURITY_POLICY_DTD_NAME);
is = new InputSource(dtdStream);
}
catch(Exception ex )
{
}
}
return is;
}
}
}
