From: Scott M S. <st...@us...> - 2004-03-07 17:14:56
|
User: starksm Date: 04/03/07 08:51:19 Added: src/main/org/jboss/security/jacc DelegatingPolicy.java JBossPolicyConfiguration.java JBossPolicyConfigurationFactory.java SecurityService.java jacc-policy-config-states.xml Log: The initial jacc provider implementation Revision Changes Path 1.1 jbosssx/src/main/org/jboss/security/jacc/DelegatingPolicy.java Index: DelegatingPolicy.java =================================================================== package org.jboss.security.jacc; import java.security.Policy; import java.security.PermissionCollection; import java.security.CodeSource; import java.security.Permission; import java.security.Principal; import java.security.ProtectionDomain; import javax.security.jacc.EJBMethodPermission; import javax.security.jacc.EJBRoleRefPermission; import javax.security.jacc.WebResourcePermission; import javax.security.jacc.WebRoleRefPermission; import javax.security.jacc.WebUserDataPermission; import javax.security.jacc.PolicyContext; import org.jboss.logging.Logger; /** * @author Sco...@jb... * @version $Revision: 1.1 $ */ public class DelegatingPolicy extends Policy { private static Logger log = Logger.getLogger(DelegatingPolicy.class); private Policy delegate; public DelegatingPolicy(Policy delegate) { this.delegate = delegate; } public boolean implies(ProtectionDomain domain, Permission permission) { boolean isJaccPermission = permission instanceof EJBMethodPermission || permission instanceof EJBRoleRefPermission || permission instanceof WebResourcePermission || permission instanceof WebRoleRefPermission || permission instanceof WebUserDataPermission; boolean implied = false; if( isJaccPermission == false ) { // Let the delegate policy handle the check implied = delegate.implies(domain, permission); } else { String contextID = PolicyContext.getContextID(); Principal[] principals = domain.getPrincipals(); } return implied; } public PermissionCollection getPermissions(CodeSource cs) { PermissionCollection pc = null; String contextID = PolicyContext.getContextID(); if( contextID == null ) { pc = delegate.getPermissions(cs); } else { } return pc; } /** * */ public void refresh() { } } 1.1 jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfiguration.java Index: JBossPolicyConfiguration.java =================================================================== package org.jboss.security.jacc; import java.security.Permission; import java.security.PermissionCollection; import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.PolicyContextException; import org.jboss.util.state.StateMachine; import org.jboss.util.state.IllegalTransitionException; import org.jboss.logging.Logger; /** org.jboss.security.jacc * * @author Sco...@jb... * @version $Revision: 1.1 $ */ public class JBossPolicyConfiguration implements PolicyConfiguration { private static Logger log = Logger.getLogger(JBossPolicyConfiguration.class); private String contextID; private StateMachine configStateMachine; protected JBossPolicyConfiguration(String contextID, StateMachine configStateMachine) throws PolicyContextException { this.contextID = contextID; this.configStateMachine = configStateMachine; validateState("getPolicyConfiguration"); log.debug("ctor, contextID="+contextID); } public void addToExcludedPolicy(Permission permission) throws PolicyContextException { log.debug("addToExcludedPolicy, p="+permission); validateState("addToExcludedPolicy"); } public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException { log.debug("addToExcludedPolicy, pc="+permissions); validateState("addToExcludedPolicy"); } public void addToRole(String roleName, Permission permission) throws PolicyContextException { log.debug("addToRole, roleName="+roleName+", p="+permission); validateState("addToRole"); } public void addToRole(String roleName, PermissionCollection permissions) throws PolicyContextException { log.debug("addToRole, roleName="+roleName+", pc="+permissions); validateState("addToRole"); } public void addToUncheckedPolicy(Permission permission) throws PolicyContextException { log.debug("addToUncheckedPolicy, p="+permission); validateState("addToUncheckedPolicy"); } public void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException { log.debug("addToUncheckedPolicy, pc="+permissions); validateState("addToUncheckedPolicy"); } public void commit() throws PolicyContextException { log.debug("commit"); validateState("commit"); } public void delete() throws PolicyContextException { log.debug("delete"); validateState("delete"); } public String getContextID() throws PolicyContextException { validateState("getContextID"); return contextID; } public boolean inService() throws PolicyContextException { validateState("inService"); return false; } public void linkConfiguration(PolicyConfiguration link) throws PolicyContextException { log.debug("linkConfiguration"); validateState("linkConfiguration"); } public void removeExcludedPolicy() throws PolicyContextException { log.debug("removeExcludedPolicy"); validateState("removeExcludedPolicy"); } public void removeRole(String roleName) throws PolicyContextException { log.debug("removeRole: "+roleName); validateState("removeRole"); } public void removeUncheckedPolicy() throws PolicyContextException { log.debug("removeUncheckedPolicy"); validateState("removeUncheckedPolicy"); } protected void validateState(String action) throws PolicyContextException { try { configStateMachine.nextState(action); } catch(IllegalTransitionException e) { log.debug("validateState failure", e); throw new PolicyContextException("Operation not allowed", e); } } } 1.1 jbosssx/src/main/org/jboss/security/jacc/JBossPolicyConfigurationFactory.java Index: JBossPolicyConfigurationFactory.java =================================================================== package org.jboss.security.jacc; import java.net.URL; import javax.security.jacc.PolicyConfigurationFactory; import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.PolicyContextException; import EDU.oswego.cs.dl.util.concurrent.ConcurrentReaderHashMap; import org.jboss.util.state.StateMachine; import org.jboss.util.state.xml.StateMachineParser; /** org.jboss.security.provider * * @author Sco...@jb... * @version $Revision: 1.1 $ */ public class JBossPolicyConfigurationFactory extends PolicyConfigurationFactory { private StateMachine configStateMachine; private ConcurrentReaderHashMap policyConfigMap = new ConcurrentReaderHashMap(); /** Build the JACC policy configuration state machine from the * jacc-policy-config-states.xml file. * */ public JBossPolicyConfigurationFactory() { try { ClassLoader loader = Thread.currentThread().getContextClassLoader(); URL states = loader.getResource("org/jboss/security/jacc/jacc-policy-config-states.xml"); StateMachineParser smp = new StateMachineParser(); configStateMachine = smp.parse(states); } catch(Exception e) { IllegalStateException ex = new IllegalStateException("Failed to parse jacc-policy-config-states.xml"); ex.initCause(e); throw ex; } } public PolicyConfiguration getPolicyConfiguration(String contextID, boolean remove) throws PolicyContextException { JBossPolicyConfiguration pc = (JBossPolicyConfiguration) policyConfigMap.get(contextID); if( pc == null || remove == true ) { StateMachine sm = (StateMachine) configStateMachine.clone(); pc = new JBossPolicyConfiguration(contextID, sm); policyConfigMap.put(contextID, pc); } return pc; } public boolean inService(String contextID) throws PolicyContextException { boolean inService = false; JBossPolicyConfiguration pc = (JBossPolicyConfiguration) policyConfigMap.get(contextID); if( pc != null ) inService = pc.inService(); return inService; } } 1.1 jbosssx/src/main/org/jboss/security/jacc/SecurityService.java Index: SecurityService.java =================================================================== package org.jboss.security.jacc; import java.security.Policy; import java.lang.reflect.Constructor; import org.jboss.security.util.PropertyAccess; import org.jboss.logging.Logger; /** The SecurityService installs a java.security.Policy implementation that * handles the JACC permission checks... * * @author Sco...@jb... * @version $Revision: 1.1 $ */ public class SecurityService { /** The system property name for the Policy implementation class */ private static final String JACC_POLICY_PROVIDER = "javax.security.jacc.policy.provider"; private static final Logger log = Logger.getLogger(SecurityService.class); private Policy oldPolicy; private Policy jaccPolicy; /** * The following permissions are required: * java.security.SecurityPermission("getPolicy") * java.security.SecurityPermission("setPolicy") * * @throws Exception */ public void start() throws Exception { // Get the current Policy impl oldPolicy = Policy.getPolicy(); String provider = PropertyAccess.getProperty(JACC_POLICY_PROVIDER, "org.jboss.security.provider.DelegatingPolicy"); ClassLoader loader = Thread.currentThread().getContextClassLoader(); Class providerClass = loader.loadClass(provider); // Look for a ctor(Policy) signature Class[] ctorSig = {Policy.class}; Constructor ctor = providerClass.getConstructor(ctorSig); Object[] ctorArgs = {oldPolicy}; jaccPolicy = (Policy) ctor.newInstance(ctorArgs); // Install the JACC policy provider Policy.setPolicy(jaccPolicy); } public void stop() throws Exception { // Install the policy provider that existed on startup if( jaccPolicy != null ) Policy.setPolicy(oldPolicy); } } 1.1 jbosssx/src/main/org/jboss/security/jacc/jacc-policy-config-states.xml Index: jacc-policy-config-states.xml =================================================================== <?xml version='1.0'?> <state-machine description="JACC PolicyConfiguration States"> <state name="open"> <transition name="inService" target="open" /> <transition name="getContextID" target="open" /> <transition name="getPolicyConfiguration" target="open" /> <transition name="addToRole" target="open" /> <transition name="removeRole" target="open" /> <transition name="addToExcludedPolicy" target="open" /> <transition name="removeExcludedPolicy" target="open" /> <transition name="addToUncheckedPolicy" target="open" /> <transition name="removeUncheckedPolicy" target="open" /> <transition name="linkConfiguration" target="open" /> <transition name="commit" target="inService" /> <transition name="delete" target="deleted" /> </state> <state name="inService"> <transition name="getPolicyConfiguration" target="open" /> <transition name="getContextID" target="inService" /> <transition name="inService" target="inService" /> <transition name="delete" target="deleted" /> </state> <state name="deleted" isStartState="true"> <transition name="getPolicyConfiguration" target="open" /> <transition name="delete" target="deleted" /> <transition name="inService" target="deleted" /> <transition name="getContextID" target="deleted" /> </state> </state-machine> |