User: starksm
Date: 02/04/08 21:13:02
Modified: src/main/org/jboss/security/plugins Tag: Branch_2_4
JaasSecurityDomain.java
JaasSecurityDomainMBean.java
JaasSecurityManager.java
JaasSecurityManagerService.java
JaasSecurityManagerServiceMBean.java
SecurityPolicyService.java
SecurityPolicyServiceMBean.java
Log:
Merge the changes from 3.0 into 2.4
Revision Changes Path
No revision
No revision
1.1.2.3 +4 -12
jbosssx/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
Index: JaasSecurityDomain.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/JaasSecurityDomain.java,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- JaasSecurityDomain.java 9 Nov 2001 10:22:34 -0000 1.1.2.2
+++ JaasSecurityDomain.java 9 Apr 2002 04:13:02 -0000 1.1.2.3
@@ -4,6 +4,7 @@
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
+
package org.jboss.security.plugins;
import java.io.IOException;
@@ -23,16 +24,16 @@
import com.sun.net.ssl.TrustManagerFactory;
import org.jboss.security.SecurityDomain;
-import org.jboss.util.ServiceMBean;
/** The JaasSecurityDomain is an extension of JaasSecurityManager that addes
the notion of a KeyStore, and JSSE KeyManagerFactory and TrustManagerFactory
for supporting SSL and other cryptographic use cases.
@author [EMAIL PROTECTED]
- @version $Revision: 1.1.2.2 $
+ @version $Revision: 1.1.2.3 $
*/
-public class JaasSecurityDomain extends JaasSecurityManager
+public class JaasSecurityDomain
+ extends JaasSecurityManager
implements SecurityDomain, JaasSecurityDomainMBean
{
private int state;
@@ -98,15 +99,6 @@
keyMgr = KeyManagerFactory.getInstance(algorithm);
keyMgr.init(keyStore, keyStorePassword);
}
- /* Register with the JaasSecurityManagerServiceMBean. This allows this
- JaasSecurityDomain to function as the security manager for security-domain
- elements that declare java:/jaas/xxx for our security domain name.
- */
- MBeanServer server = (MBeanServer)
MBeanServerFactory.findMBeanServer(null).get(0);
- ObjectName jaasMgr = new
ObjectName(JaasSecurityManagerServiceMBean.OBJECT_NAME);
- Object[] params = {getSecurityDomain(), this};
- String[] signature = new String[] {"java.lang.String",
"org.jboss.security.SecurityDomain"};
- server.invoke(jaasMgr, "registerSecurityDomain", params, signature);
state = STARTED;
log.info("Started");
1.1.2.3 +3 -4
jbosssx/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
Index: JaasSecurityDomainMBean.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- JaasSecurityDomainMBean.java 9 Nov 2001 10:23:12 -0000 1.1.2.2
+++ JaasSecurityDomainMBean.java 9 Apr 2002 04:13:02 -0000 1.1.2.3
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -11,11 +11,10 @@
import org.jboss.util.ServiceMBean;
-/** The JaasSecurityDomainMBean
-
+/** The JaasSecurityDomainMBean adds support for KeyStore management.
@author [EMAIL PROTECTED]
- @version $Revision: 1.1.2.2 $
+ @version $Revision: 1.1.2.3 $
*/
public interface JaasSecurityDomainMBean extends ServiceMBean
{
1.7.2.11 +9 -12
jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManager.java
Index: JaasSecurityManager.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManager.java,v
retrieving revision 1.7.2.10
retrieving revision 1.7.2.11
diff -u -r1.7.2.10 -r1.7.2.11
--- JaasSecurityManager.java 5 Feb 2002 03:11:41 -0000 1.7.2.10
+++ JaasSecurityManager.java 9 Apr 2002 04:13:02 -0000 1.7.2.11
@@ -29,7 +29,7 @@
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
-import org.jboss.logging.Logger;
+import org.jboss.security.Logger;
import org.jboss.security.AppPolicy;
import org.jboss.security.AuthenticationInfo;
import org.jboss.security.RealmMapping;
@@ -53,7 +53,7 @@
@author <a href="[EMAIL PROTECTED]">Oleg Nitz</a>
@author [EMAIL PROTECTED]
- @version $Revision: 1.7.2.10 $
+ @version $Revision: 1.7.2.11 $
*/
public class JaasSecurityManager implements SubjectSecurityManager, RealmMapping
{
@@ -67,9 +67,6 @@
Group roles;
}
- /** The current authenticate()d subject.
- */
- private static ThreadLocal activeSubject = new ThreadLocal();
/** The name of the domain this instance is securing. It is used as
the appName into the SecurityPolicy.
*/
@@ -78,7 +75,7 @@
*/
private CachePolicy domainCache;
/** The custom JAAS policy. This may be null if a custom
- policy is not being used.
+ policy is not being used. Currently this is unused.
*/
private SecurityPolicy securityPolicy;
/** Used in the absence of a SecurityPolicy specific CallbackHandler
@@ -147,8 +144,8 @@
{ // Try to get the SecurityPolicy from the JAAS Policy class
securityPolicy = (SecurityPolicy) Policy.getPolicy();
}
- catch(ClassCastException e)
- { // The installed Policy is not a SecurityPolicy
+ catch(Exception e)
+ { // The installed Policy is not a SecurityPolicy or some other problem
}
}
@@ -190,7 +187,7 @@
*/
public Subject getActiveSubject()
{
- return (Subject) activeSubject.get();
+ return SecurityAssociation.getSubject();
}
/** Validate that the given credential is correct for principal. This first
@@ -355,7 +352,7 @@
try
{
// Clear any current subject
- activeSubject.set(null);
+ SecurityAssociation.setSubject(null);
// Get the AppPolicy login info. Not implemented yet.
AppPolicy policy = null;
subject = defaultLogin(principal, credential);
@@ -363,7 +360,7 @@
// Set the current subject if login was successful
if( subject != null )
{
- activeSubject.set(subject);
+ SecurityAssociation.setSubject(subject);
authenticated = true;
// Build the Subject based DomainInfo cache value
updateCache(subject, principal, credential);
@@ -444,7 +441,7 @@
// If the credentials match set the thread's active Subject
if( isValid )
{
- activeSubject.set(info.subject);
+ SecurityAssociation.setSubject(info.subject);
}
return isValid;
1.2.2.8 +36 -29
jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Index: JaasSecurityManagerService.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java,v
retrieving revision 1.2.2.7
retrieving revision 1.2.2.8
diff -u -r1.2.2.7 -r1.2.2.8
--- JaasSecurityManagerService.java 20 Nov 2001 09:38:58 -0000 1.2.2.7
+++ JaasSecurityManagerService.java 9 Apr 2002 04:13:02 -0000 1.2.2.8
@@ -47,17 +47,19 @@
import org.jboss.util.TimedCachePolicy;
/**
- * This is a JMX service which manages JAAS based SecurityManagers.
- * JAAS SecurityManagers are responsible for validating credentials
- * associated with principals. The service defaults to the
- * org.jboss.security.plugins.JaasSecurityManager implementation but
- * this can be changed via the securityManagerClass property.
+ * This is a JMX service which manages JAAS based SecurityManagers.
+ * JAAS SecurityManagers are responsible for validating credentials
+ * associated with principals. The service defaults to the
+ * org.jboss.security.plugins.JaasSecurityManager implementation but
+ * this can be changed via the securityManagerClass property.
*
- * @see JaasSecurityManager
- * @see SubjectSecurityManager
- * @author <a href="[EMAIL PROTECTED]">Oleg Nitz</a>
- * @author <a href="[EMAIL PROTECTED]">Rickard Oberg</a>
- * @author <a href="mailto:[EMAIL PROTECTED]";>Scott Stark</a>
+ * @see JaasSecurityManager
+ * @see SubjectSecurityManager
+ *
+ * @author <a href="[EMAIL PROTECTED]">Oleg Nitz</a>
+ * @author <a href="[EMAIL PROTECTED]">Rickard Oberg</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Scott Stark</a>
+ * @version $Revision: 1.2.2.8 $
*/
public class JaasSecurityManagerService
extends ServiceMBeanSupport
@@ -92,7 +94,9 @@
{
// use thread-local principal and credential propagation
SecurityAssociation.setServer();
- // Get a log interface
+
+ // Get a log interface, required for some statics below
+ // can not use instance field inherited from ServiceMBeanSupport
log = Logger.getLogger(JaasSecurityManagerService.class);
}
@@ -183,24 +187,27 @@
if( cache != null )
cache.flush();
}
- }
-
- public String getName()
- {
- return "JAAS Security Manager";
+ else
+ {
+ log.error("Failed to find cache policy for securityDomain='" +
securityDomain + "'");
+ }
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws MalformedObjectNameException
{
JaasSecurityManagerService.server = server;
- return super.getObjectName(server, name);
+ return name == null ? new ObjectName(OBJECT_NAME) : name;
}
- protected void startService() throws Exception
- {
- InitialContext ic = new InitialContext();
+ public String getName()
+ {
+ return "JaasSecurityManagerService";
+ }
+ protected void startService() throws Exception
+ {
+ boolean debug = log.isDebugEnabled();
Context ctx = new InitialContext();
parser = ctx.getNameParser("");
@@ -212,35 +219,35 @@
String factoryName = SecurityDomainObjectFactory.class.getName();
Reference ref = new Reference("javax.naming.Context", refAddr, factoryName,
null);
ctx.rebind(SECURITY_MGR_PATH, ref);
- log.info("startService, securityMgrCtxPath="+SECURITY_MGR_PATH);
+ log.debug("securityMgrCtxPath="+SECURITY_MGR_PATH);
refAddr = new StringRefAddr("nns", "JSMCachePolicy");
factoryName = DefaultCacheObjectFactory.class.getName();
ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
ctx.rebind(DEFAULT_CACHE_POLICY_PATH, ref);
- log.info("startService, cachePolicyCtxPath="+cacheJndiName);
+ log.debug("cachePolicyCtxPath="+cacheJndiName);
// Bind the default SecurityProxyFactory instance under
java:/SecurityProxyFactory
SecurityProxyFactory proxyFactory = (SecurityProxyFactory)
securityProxyFactoryClass.newInstance();
ctx.bind("java:/SecurityProxyFactory", proxyFactory);
- log.info("startService, SecurityProxyFactory="+proxyFactory);
+ log.debug("SecurityProxyFactory="+proxyFactory);
}
- protected void stopService()
+ protected void stopService() throws Exception
{
- InitialContext ic;
+ InitialContext ic = new InitialContext();
+
try
{
- ic = new InitialContext();
ic.unbind(SECURITY_MGR_PATH);
}
catch(CommunicationException e)
{
// Do nothing, the naming services is already stopped
}
- catch(Exception e)
+ finally
{
- log.error("stopService", e);
+ ic.close();
}
}
@@ -286,7 +293,7 @@
}
return authCache;
}
-
+
// java:/jaas context ObjectFactory implementation
public static class SecurityDomainObjectFactory implements InvocationHandler,
ObjectFactory
1.1.2.4 +82 -53
jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java
Index: JaasSecurityManagerServiceMBean.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManagerServiceMBean.java,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- JaasSecurityManagerServiceMBean.java 9 Nov 2001 10:25:55 -0000 1.1.2.3
+++ JaasSecurityManagerServiceMBean.java 9 Apr 2002 04:13:02 -0000 1.1.2.4
@@ -6,72 +6,101 @@
*/
package org.jboss.security.plugins;
+import javax.management.ObjectName;
+
import org.jboss.security.SecurityDomain;
+import org.jboss.util.ServiceMBean;
-/** The interface for the JaasSecurityManagerService mbean.
- @author [EMAIL PROTECTED]
- @version $Revision: 1.1.2.3 $
+/**
+ * The interface for the JaasSecurityManagerService mbean.
+ *
+ * @author [EMAIL PROTECTED]
+ * @version $Revision: 1.1.2.4 $
*/
public interface JaasSecurityManagerServiceMBean
-extends org.jboss.util.ServiceMBean
+ extends ServiceMBean
{
- // Constants -----------------------------------------------------
- public static final String OBJECT_NAME = "Security:name=JaasSecurityManager";
-
- // Public --------------------------------------------------------
- /** Get the name of the class that provides the security manager implementation.
+ String OBJECT_NAME = "jboss.security:service=JaasSecurityManager";
+
+ /**
+ * Get the name of the class that provides the security manager implementation.
*/
- public String getSecurityManagerClassName();
- /** Set the name of the class that provides the security manager implementation.
- @exception ClassNotFoundException, thrown if the className cannot be found
- using the thread context class loader.
- @exception ClassCastException, thrown if the className does not implement the
- org.jboss.security.AuthenticationManager interface.
+ String getSecurityManagerClassName();
+
+ /**
+ * Set the name of the class that provides the security manager implementation.
+ *
+ * @exception ClassNotFoundException, thrown if the className cannot be found
+ * using the thread context class loader.
+ * @exception ClassCastException, thrown if the className does not implement the
+ * org.jboss.security.AuthenticationManager interface.
*/
- public void setSecurityManagerClassName(String className)
+ void setSecurityManagerClassName(String className)
throws ClassNotFoundException, ClassCastException;
- /** Get the name of the class that provides the SecurityProxyFactory
implementation.
+
+ /**
+ * Get the name of the class that provides the SecurityProxyFactory
implementation.
*/
- public String getSecurityProxyFactoryClassName();
- /** Set the name of the class that provides the SecurityProxyFactory
implementation.
+ String getSecurityProxyFactoryClassName();
+
+ /**
+ * Set the name of the class that provides the SecurityProxyFactory
implementation.
*/
- public void setSecurityProxyFactoryClassName(String className)
+ void setSecurityProxyFactoryClassName(String className)
throws ClassNotFoundException;
- /** Get the jndi name under which the authentication CachePolicy implenentation
- is found
+
+ /**
+ * Get the jndi name under which the authentication CachePolicy implenentation
+ * is found
*/
- public String getAuthenticationCacheJndiName();
- /** Set the location of the security credential cache policy. This is first
treated
- as a ObjectFactory location that is capable of returning CachePolicy instances
- on a per security domain basis by appending a '/security-domain-name' string
- to this name when looking up the CachePolicy for a domain. If this fails then
- the location is treated as a single CachePolicy for all security domains.
- @param jndiName, the name to the ObjectFactory or CachePolicy binding.
- */
- public void setAuthenticationCacheJndiName(String jndiName);
- /** flush the cache policy for the indicated security domain if the security
manager
- instance supports a flushCache() method.
- */
- /** Get the default timed cache policy timeout.
- @return the default cache timeout in seconds.
- */
- public int getDefaultCacheTimeout();
- /** Set the default timed cache policy timeout. This has no affect if the
- AuthenticationCacheJndiName has been changed from the default value.
- @param timeoutInSecs, the cache timeout in seconds.
- */
- public void setDefaultCacheTimeout(int timeoutInSecs);
- /** Get the default timed cache policy resolution.
- */
- public int getDefaultCacheResolution();
- /** Set the default timed cache policy resolution. This has no affect if the
- AuthenticationCacheJndiName has been changed from the default value.
- @param resInSecs, resolution of timeouts in seconds.
+ String getAuthenticationCacheJndiName();
+
+ /**
+ * Set the location of the security credential cache policy. This is first
treated
+ * as a ObjectFactory location that is capable of returning CachePolicy instances
+ * on a per security domain basis by appending a '/security-domain-name' string
+ * to this name when looking up the CachePolicy for a domain. If this fails then
+ * the location is treated as a single CachePolicy for all security domains.
+ *
+ * @param jndiName, the name to the ObjectFactory or CachePolicy binding.
+ */
+ void setAuthenticationCacheJndiName(String jndiName);
+
+ /**
+ * flush the cache policy for the indicated security domain if the security
manager
+ * instance supports a flushCache() method.
*/
- public void setDefaultCacheResolution(int resInSecs);
+
+ /**
+ * Get the default timed cache policy timeout.
+ * @return the default cache timeout in seconds.
+ */
+ int getDefaultCacheTimeout();
+
+ /**
+ * Set the default timed cache policy timeout. This has no affect if the
+ * AuthenticationCacheJndiName has been changed from the default value.
+ * @param timeoutInSecs, the cache timeout in seconds.
+ */
+ void setDefaultCacheTimeout(int timeoutInSecs);
+
+ /**
+ * Get the default timed cache policy resolution.
+ */
+ int getDefaultCacheResolution();
+
+ /**
+ * Set the default timed cache policy resolution. This has no affect if the
+ * AuthenticationCacheJndiName has been changed from the default value.
+ *
+ * @param resInSecs, resolution of timeouts in seconds.
+ */
+ void setDefaultCacheResolution(int resInSecs);
- public void flushAuthenticationCache(String securityDomain);
- /** Register a SecurityDomain implmentation
+ void flushAuthenticationCache(String securityDomain);
+
+ /**
+ * Register a SecurityDomain implmentation
*/
- public void registerSecurityDomain(String securityDomain, SecurityDomain
instance);
+ void registerSecurityDomain(String securityDomain, SecurityDomain instance);
}
1.1.4.1 +2 -3
jbosssx/src/main/org/jboss/security/plugins/SecurityPolicyService.java
Index: SecurityPolicyService.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/SecurityPolicyService.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SecurityPolicyService.java 5 Mar 2001 09:53:32 -0000 1.1
+++ SecurityPolicyService.java 9 Apr 2002 04:13:02 -0000 1.1.4.1
@@ -12,7 +12,6 @@
import javax.naming.InitialContext;
import javax.naming.Reference;
import javax.naming.StringRefAddr;
-import javax.naming.NamingException;
import javax.security.auth.Policy;
import javax.security.auth.login.Configuration;
@@ -24,8 +23,8 @@
/** The implementation class for the JMX SecurityPolicyServiceMBean. This
service creates a SecurityPolicy instance using a xml based policy store.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class SecurityPolicyService extends ServiceMBeanSupport implements
SecurityPolicyServiceMBean
{
1.1.4.1 +23 -16
jbosssx/src/main/org/jboss/security/plugins/SecurityPolicyServiceMBean.java
Index: SecurityPolicyServiceMBean.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/SecurityPolicyServiceMBean.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SecurityPolicyServiceMBean.java 5 Mar 2001 09:53:33 -0000 1.1
+++ SecurityPolicyServiceMBean.java 9 Apr 2002 04:13:02 -0000 1.1.4.1
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -7,25 +7,32 @@
package org.jboss.security.plugins;
-import javax.naming.NamingException;
+import javax.management.ObjectName;
-/** The JMX mbean interface for the
+import org.jboss.util.ServiceMBean;
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
-*/
-public interface SecurityPolicyServiceMBean extends org.jboss.util.ServiceMBean
+/**
+ * The JMX mbean interface for the SecurityPolicyService prototype.
+ *
+ * @author [EMAIL PROTECTED]
+ *@version $Revision: 1.1.4.1 $
+ */
+public interface SecurityPolicyServiceMBean
+ extends ServiceMBean
{
- // Constants -----------------------------------------------------
- public static final String OBJECT_NAME = ":service=SecurityPolicyService";
-
+ String OBJECT_NAME = ":service=SecurityPolicyService";
- /** Get the jndi name under which the SRPServerInterface proxy should be bound
+ /**
+ * Get the jndi name under which the SRPServerInterface proxy should be bound
*/
- public String getJndiName();
- /** Set the jndi name under which the SRPServerInterface proxy should be bound
+ String getJndiName();
+
+ /**
+ * Set the jndi name under which the SRPServerInterface proxy should be bound
*/
- public void setJndiName(String jndiName);
- public String getPolicyFile();
- public void setPolicyFile(String policyFile);
+ void setJndiName(String jndiName);
+
+ String getPolicyFile();
+
+ void setPolicyFile(String policyFile);
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
