weaver 2004/11/30 12:22:21
Modified: portal/src/java/org/apache/jetspeed/security/impl
SecurityValveImpl.java
Added: portal/src/java/org/apache/jetspeed/security/impl
AbstractSecurityValve.java
Log:
Made the SecurityValve more extensible by creating an abstract class that
takes care of invoking doPrivileged while requiring
concrete subclasses to implement logic for retrieving both the principal and
the subject.
Revision Changes Path
1.12 +71 -88
jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
Index: SecurityValveImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- SecurityValveImpl.java 29 Nov 2004 19:14:45 -0000 1.11
+++ SecurityValveImpl.java 30 Nov 2004 20:22:21 -0000 1.12
@@ -16,7 +16,6 @@
package org.apache.jetspeed.security.impl;
import java.security.Principal;
-import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;
@@ -25,10 +24,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.PortalReservedParameters;
-import org.apache.jetspeed.pipeline.PipelineException;
-import org.apache.jetspeed.pipeline.valve.AbstractValve;
-import org.apache.jetspeed.pipeline.valve.ValveContext;
+import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.profiler.Profiler;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.SecurityException;
@@ -41,9 +37,11 @@
* SecurityValve
*
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor </a>
+ * @author <a href="mailto:[EMAIL PROTECTED]">Randy Walter </a>
+ * @author <a href="mailto:[EMAIL PROTECTED]">Scott T. Weaver</a>
* @version $Id$
*/
-public class SecurityValveImpl extends AbstractValve implements
org.apache.jetspeed.pipeline.valve.SecurityValve
+public class SecurityValveImpl extends AbstractSecurityValve implements
SecurityValve
{
private static final Log log =
LogFactory.getLog(SecurityValveImpl.class);
private Profiler profiler;
@@ -55,101 +53,86 @@
this.userMgr = userMgr;
}
+ public String toString()
+ {
+ return "SecurityValve";
+ }
+
/**
- * @see
org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext,
- * org.apache.jetspeed.pipeline.valve.ValveContext)
+ *
+ * <p>
+ * getSubject
+ * </p>
+ * Check for previously established session subject and
+ * invalidate if subject and current user principals do
+ * not match
+ * @param request
+ * @return
*/
-public void invoke(RequestContext request, ValveContext context) throws
PipelineException
+ protected final Subject getSubject(RequestContext request)
{
-
- // initialize/validate security subject
-
- // access request user principal if defined or default
- // to profiler anonymous user
- Principal userPrincipal =
request.getRequest().getUserPrincipal();
- if (userPrincipal == null)
+ HttpSession session = request.getRequest().getSession();
+ Principal userPrincipal = getUserPrincipal(request);
+
+ Subject subject = getSubjectFromSession(request);
+ if (subject != null)
+ {
+ Principal subjectUserPrincipal =
SecurityHelper.getPrincipal(subject, UserPrincipal.class);
+ if ((subjectUserPrincipal == null) ||
!subjectUserPrincipal.getName().equals(getUserPrincipal(request).getName()))
{
- userPrincipal = new
UserPrincipalImpl(userMgr.getAnonymousUser());
+ subject = null;
}
-
- // check for previously established session subject and
- // invalidate if subject and current user principals do
- // not match
- HttpSession session = request.getRequest().getSession();
- Subject subject = (Subject)
session.getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
- if (subject != null)
+ }
+
+ // create new session subject for user principal if required
+ if (subject == null)
+ {
+ // attempt to get complete subject for user principal
+ // from user manager
+ try
{
- Principal subjectUserPrincipal =
SecurityHelper.getPrincipal(subject, UserPrincipal.class);
- if ((subjectUserPrincipal == null) ||
!subjectUserPrincipal.getName().equals(userPrincipal.getName()))
- {
- subject = null;
- }
- }
-
- // create new session subject for user principal if required
- if (subject == null)
- {
- // attempt to get complete subject for user principal
- // from user manager
- try
- {
- User user = userMgr.getUser(userPrincipal.getName());
- if ( user != null )
- {
- subject = user.getSubject();
- }
- }
- catch (SecurityException sex)
+ User user = userMgr.getUser(userPrincipal.getName());
+ if ( user != null )
{
- subject = null;
+ subject = user.getSubject();
}
-
-
- // if subject not available, generate default subject using
- // request or default profiler anonymous user principal
- if (subject == null)
- {
- Set principals = new HashSet();
- principals.add(userPrincipal);
- subject = new Subject(true, principals, new HashSet(),
new HashSet());
- }
-
- // establish session subject
-
session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
}
-
- // set request context subject
- request.setSubject(subject);
-
- // Pass control to the next Valve in the Pipeline and execute
under
- // the current subject
- final ValveContext vc = context;
- final RequestContext rc = request;
- PipelineException pe = (PipelineException)
Subject.doAsPrivileged(subject, new PrivilegedAction()
+ catch (SecurityException sex)
{
- public Object run()
- {
- try
- {
- vc.invokeNext(rc);
- return null;
- }
- catch (PipelineException e)
- {
- return e;
- }
- }
- }, null);
+ subject = null;
+ }
- if(pe != null)
+ // if subject not available, generate default subject using
+ // request or default profiler anonymous user principal
+ if (subject == null)
{
- throw pe;
- }
-
+ Set principals = new HashSet();
+ principals.add(userPrincipal);
+ subject = new Subject(true, principals, new HashSet(), new
HashSet());
+ }
+ }
+
+ return subject;
}
- public String toString()
+
+ /**
+ *
+ * <p>
+ * getUserPrincipal
+ * </p>
+ * Aaccess request user principal if defined or default
+ * to profiler anonymous user
+ * @param request
+ * @return
+ */
+ protected final Principal getUserPrincipal(RequestContext request)
{
- return "SecurityValve";
+ Principal userPrincipal = request.getRequest().getUserPrincipal();
+ if (userPrincipal == null)
+ {
+ userPrincipal = new
UserPrincipalImpl(userMgr.getAnonymousUser());
+ }
+ return userPrincipal;
}
}
1.1
jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
Index: AbstractSecurityValve.java
===================================================================
/*
* Created on Nov 30, 2004
*
* TODO To change the template for this generated file go to
* Window - Preferences - Java - Code Generation - Code and Comments
*/
package org.apache.jetspeed.security.impl;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.pipeline.valve.AbstractValve;
import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.pipeline.valve.ValveContext;
import org.apache.jetspeed.request.RequestContext;
/**
* <p>
* AbstractSecurityValve
* </p>
* <p>
*
* </p>
* @author <a href="mailto:[EMAIL PROTECTED]">Scott T. Weaver</a>
* @version $Id: AbstractSecurityValve.java,v 1.1 2004/11/30 20:22:21 weaver
Exp $
*
*/
public abstract class AbstractSecurityValve extends AbstractValve implements
SecurityValve
{
/**
*
* <p>
* getSubject
* </p>
* Should build and return a <code>javax.security.Subject</code>
* @param request
* @return Subject
*/
protected abstract Subject getSubject(RequestContext request);
/**
*
* <p>
* getUserPrincipal
* </p>
* Should build and return a <code>java.security.Principal</code> that
represents the user name
* the Subject returned from <code>getSubject()</code>
* @param request
* @return Principal
*/
protected abstract Principal getUserPrincipal(RequestContext request);
/**
*
* <p>
* getSubjectFromSession
* </p>
*
* @param request
* @return javax.security.Subject or <code>null</code> if there is no
servlet session attribute defined
* for the key
<code>org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT</code>.
*/
protected final Subject getSubjectFromSession(RequestContext request)
{
return (Subject)
request.getRequest().getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
}
/**
* <p>
* invoke
* </p>
*
* <p>
* Uses <code>getSubject()</code> to call
<code>ValveContext.invokeNext()</code> via
* <code>Subject.doAsPrivileged()</code>. This method also takes care of
setting the value of
* the <code>RequestContext.subject</code> property and the session
attribute
*
<code>org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT</code>
* </p>
*
* @see
org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext,
org.apache.jetspeed.pipeline.valve.ValveContext)
* @param request
* @param context
* @throws PipelineException if the is an error encountered during any
security operations.
*/
public void invoke( RequestContext request, ValveContext context ) throws
PipelineException
{
// initialize/validate security subject
Subject subject = getSubject(request);
request.getRequest().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);
// set request context subject
request.setSubject(subject);
// Pass control to the next Valve in the Pipeline and execute
under
// the current subject
final ValveContext vc = context;
final RequestContext rc = request;
PipelineException pe = (PipelineException)
Subject.doAsPrivileged(subject, new PrivilegedAction()
{
public Object run()
{
try
{
vc.invokeNext(rc);
return null;
}
catch (PipelineException e)
{
return e;
}
}
}, null);
if(pe != null)
{
throw pe;
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
