> From: Scott M Stark [mailto:[EMAIL PROTECTED]]
> Subject: Re: [JBoss-user] [non HTML repost] References &
> ObjectFactories
>
Sorry, this is my first time for remoted MBeans, so I'm a little slow.
> 1. Expose the security manager interfaces methods as MBean
> operations on
> the JaasSecurityManagerServiceMBean with an additional argument of the
> security domain name. Now the ops are available over any protocol for
> which there is a JMX connector.
Okay, there are a total of four of them. For example on the
AuthenticationManager exposure:
public boolean isValid(String securityDomain, Principal principal, Object
credential) {
SecurityDomainContext securityDomainCtx = (SecurityDomainContext)
securityDomainCtxMap.get(securityDomain);
if( securityDomainCtx == null ) {
AuthenticationManager am =
securityDomainCtx.getSecurityManager();
return am.isValid(principal, credential);
}
return false;
}
Looks okay?
> 2. Create a ObjectFactory that returns a security manager proxy...
How's this look? I'm concerned that I need to do stuff that is more like
what's found in AbstractSecurityProxy though, maybe even subclass it and
publish that. Which method is correct, AbstractSecurityProxy or what I'm
doing here?
public class AuthenticationManagerFactory implements InvocationHandler,
ObjectFactory {
protected String securityDomain = null;
/** Object factory implementation. This method returns an
AuthenticationManager proxy
that is only able to handle all operations
*/
public Object getObjectInstance(Object obj, Name name, Context
nameCtx, Hashtable environment)
throws Exception {
this.securityDomain = name.toString();
ClassLoader loader =
Thread.currentThread().getContextClassLoader();
Class[] interfaces = {AuthenticationManager.class};
Context ctx = (Context) Proxy.newProxyInstance(loader,
interfaces, this);
return ctx;
}
/** This is the InvocationHandler callback for the
AuthenticationManager interface that
was created by out getObjectInstance() method. This remotes through
to the methods exposed on the
JaasSecurityManagerService (which in turn call into the actual
AuthenticationManager)
*/
public Object invoke(Object obj, Method method, Object[] args) throws
Throwable {
String methodName = method.getName();
if (methodName.equals("isValid") == true) {
SecurityDomainContext securityDomainCtx =
(SecurityDomainContext) securityDomainCtxMap.get(securityDomain);
AuthenticationManager authenticationMgr =
securityDomainCtx.getSecurityManager();
return new Boolean(authenticationMgr.isValid((Principal)
args[0], args[1]));
} else {
throw new OperationNotSupportedException(method + " is not
supported");
}
}
}
> ... bound to a security domain name based on the subcontext name used
during the
> lookup. This delegates to the JaasSecurityManagerServiceMBean
> operations using the JMX connector. Bind this into the client
> JNDI space.
If what I have above is correct, the actual bind is no big deal, but where to
put it so it isn't getting bound every time a new container comes on line
seems to be the best thing to do. I'm guessing there is some point in the
XML config digester (or that it calls) that would be a good place for this.
> 3. For each web app create a JNDI link from the ENC space to the name
> of the ObjectFactory binding + the security domain name.
That's also pretty simple, as a part of the web.xml.
> 90 mins of work.
I'm really looking forward for when this applies to me too :-)
Thanks for your patience with me on this...
-b
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
