001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.aspects.security;
023:
024: import java.security.PrivilegedAction;
025: import java.security.PrivilegedExceptionAction;
026: import java.security.Principal;
027: import java.security.AccessController;
028: import java.security.PrivilegedActionException;
029: import java.lang.reflect.UndeclaredThrowableException;
030:
031: import javax.security.auth.Subject;
032: import javax.security.jacc.PolicyContext;
033: import javax.security.jacc.PolicyContextException;
034:
035: import org.jboss.logging.Logger;
036: import org.jboss.security.SecurityAssociation;
037: import org.jboss.security.RunAsIdentity;
038:
039: /** A collection of privileged actions for this package
040: * @author Scott.Stark@jboss.org
041: * @author <a href="mailto:alex@jboss.org">Alexey Loubyansky</a>
042: * @version $Revison: $
043: */
044: class SecurityActions {
045: private static final Logger log = Logger
046: .getLogger(SecurityActions.class);
047:
048: interface PrincipalInfoAction {
049: PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction() {
050: public void push(final Principal principal,
051: final Object credential, final Subject subject) {
052: AccessController.doPrivileged(new PrivilegedAction() {
053: public Object run() {
054: SecurityAssociation.pushSubjectContext(subject,
055: principal, credential);
056: return null;
057: }
058: });
059: }
060:
061: public void pop() {
062: AccessController.doPrivileged(new PrivilegedAction() {
063: public Object run() {
064: SecurityAssociation.popSubjectContext();
065: return null;
066: }
067: });
068: }
069:
070: public Principal getPrincipal() {
071: return (Principal) AccessController
072: .doPrivileged(new PrivilegedAction() {
073: public Object run() {
074: return SecurityAssociation
075: .getPrincipal();
076: }
077: });
078: }
079:
080: public void setPrincipal(final Principal principal) {
081: AccessController.doPrivileged(new PrivilegedAction() {
082: public Object run() {
083: SecurityAssociation.setPrincipal(principal);
084: return null;
085: }
086: });
087: }
088:
089: public Principal getCallerPrincipal() {
090: return (Principal) AccessController
091: .doPrivileged(new PrivilegedAction() {
092: public Object run() {
093: return SecurityAssociation
094: .getCallerPrincipal();
095: }
096: });
097: }
098:
099: public Object getCredential() {
100: return AccessController
101: .doPrivileged(new PrivilegedAction() {
102: public Object run() {
103: return SecurityAssociation
104: .getCredential();
105: }
106: });
107: }
108:
109: public void setCredential(final Object credential) {
110: AccessController.doPrivileged(new PrivilegedAction() {
111: public Object run() {
112: SecurityAssociation.setCredential(credential);
113: return null;
114: }
115: });
116: }
117: };
118:
119: PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction() {
120: public void push(Principal principal, Object credential,
121: Subject subject) {
122: SecurityAssociation.pushSubjectContext(subject,
123: principal, credential);
124: }
125:
126: public void pop() {
127: SecurityAssociation.popSubjectContext();
128: }
129:
130: public Principal getPrincipal() {
131: return SecurityAssociation.getPrincipal();
132: }
133:
134: public void setPrincipal(Principal principal) {
135: SecurityAssociation.setPrincipal(principal);
136: }
137:
138: public Principal getCallerPrincipal() {
139: return SecurityAssociation.getPrincipal();
140: }
141:
142: public Object getCredential() {
143: return SecurityAssociation.getCredential();
144: }
145:
146: public void setCredential(Object credential) {
147: SecurityAssociation.setCredential(credential);
148: }
149: };
150:
151: void push(Principal principal, Object credential,
152: Subject subject);
153:
154: void pop();
155:
156: Principal getPrincipal();
157:
158: void setPrincipal(Principal principal);
159:
160: Principal getCallerPrincipal();
161:
162: Object getCredential();
163:
164: void setCredential(Object credential);
165: }
166:
167: interface RunAsIdentityActions {
168: RunAsIdentityActions PRIVILEGED = new RunAsIdentityActions() {
169: private final PrivilegedAction peekAction = new PrivilegedAction() {
170: public Object run() {
171: return SecurityAssociation.peekRunAsIdentity();
172: }
173: };
174:
175: private final PrivilegedAction popAction = new PrivilegedAction() {
176: public Object run() {
177: return SecurityAssociation.popRunAsIdentity();
178: }
179: };
180:
181: public RunAsIdentity peek() {
182: return (RunAsIdentity) AccessController
183: .doPrivileged(peekAction);
184: }
185:
186: public void push(final RunAsIdentity id) {
187: AccessController.doPrivileged(new PrivilegedAction() {
188: public Object run() {
189: SecurityAssociation.pushRunAsIdentity(id);
190: return null;
191: }
192: });
193: }
194:
195: public RunAsIdentity pop() {
196: return (RunAsIdentity) AccessController
197: .doPrivileged(popAction);
198: }
199: };
200:
201: RunAsIdentityActions NON_PRIVILEGED = new RunAsIdentityActions() {
202: public RunAsIdentity peek() {
203: return SecurityAssociation.peekRunAsIdentity();
204: }
205:
206: public void push(RunAsIdentity id) {
207: SecurityAssociation.pushRunAsIdentity(id);
208: }
209:
210: public RunAsIdentity pop() {
211: return SecurityAssociation.popRunAsIdentity();
212: }
213: };
214:
215: RunAsIdentity peek();
216:
217: void push(RunAsIdentity id);
218:
219: RunAsIdentity pop();
220: }
221:
222: interface ContextInfoActions {
223: static final String EX_KEY = "org.jboss.security.exception";
224: ContextInfoActions PRIVILEGED = new ContextInfoActions() {
225: private final PrivilegedAction exAction = new PrivilegedAction() {
226: public Object run() {
227: return SecurityAssociation.getContextInfo(EX_KEY);
228: }
229: };
230:
231: public Exception getContextException() {
232: return (Exception) AccessController
233: .doPrivileged(exAction);
234: }
235: };
236:
237: ContextInfoActions NON_PRIVILEGED = new ContextInfoActions() {
238: public Exception getContextException() {
239: return (Exception) SecurityAssociation
240: .getContextInfo(EX_KEY);
241: }
242: };
243:
244: Exception getContextException();
245: }
246:
247: interface PolicyContextActions {
248: /** The JACC PolicyContext key for the current Subject */
249: static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
250: PolicyContextActions PRIVILEGED = new PolicyContextActions() {
251: private final PrivilegedExceptionAction exAction = new PrivilegedExceptionAction() {
252: public Object run() throws Exception {
253: return (Subject) PolicyContext
254: .getContext(SUBJECT_CONTEXT_KEY);
255: }
256: };
257:
258: public Subject getContextSubject()
259: throws PolicyContextException {
260: try {
261: return (Subject) AccessController
262: .doPrivileged(exAction);
263: } catch (PrivilegedActionException e) {
264: Exception ex = e.getException();
265: if (ex instanceof PolicyContextException)
266: throw (PolicyContextException) ex;
267: else
268: throw new UndeclaredThrowableException(ex);
269: }
270: }
271: };
272:
273: PolicyContextActions NON_PRIVILEGED = new PolicyContextActions() {
274: public Subject getContextSubject()
275: throws PolicyContextException {
276: return (Subject) PolicyContext
277: .getContext(SUBJECT_CONTEXT_KEY);
278: }
279: };
280:
281: Subject getContextSubject() throws PolicyContextException;
282: }
283:
284: static ClassLoader getContextClassLoader() {
285: return TCLAction.UTIL.getContextClassLoader();
286: }
287:
288: static void setContextClassLoader(ClassLoader loader) {
289: TCLAction.UTIL.setContextClassLoader(loader);
290: }
291:
292: static Principal getCallerPrincipal() {
293: if (System.getSecurityManager() == null) {
294: return PrincipalInfoAction.NON_PRIVILEGED
295: .getCallerPrincipal();
296: } else {
297: return PrincipalInfoAction.PRIVILEGED.getCallerPrincipal();
298: }
299: }
300:
301: static Principal getPrincipal() {
302: if (System.getSecurityManager() == null) {
303: return PrincipalInfoAction.NON_PRIVILEGED.getPrincipal();
304: } else {
305: return PrincipalInfoAction.PRIVILEGED.getPrincipal();
306: }
307: }
308:
309: static void setPrincipal(Principal principal) {
310: if (System.getSecurityManager() == null) {
311: PrincipalInfoAction.NON_PRIVILEGED.setPrincipal(principal);
312: } else {
313: PrincipalInfoAction.PRIVILEGED.setPrincipal(principal);
314: }
315: }
316:
317: static Object getCredential() {
318: if (System.getSecurityManager() == null) {
319: return PrincipalInfoAction.NON_PRIVILEGED.getCredential();
320: } else {
321: return PrincipalInfoAction.PRIVILEGED.getCredential();
322: }
323: }
324:
325: static void setCredential(Object credential) {
326: if (System.getSecurityManager() == null) {
327: PrincipalInfoAction.NON_PRIVILEGED
328: .setCredential(credential);
329: } else {
330: PrincipalInfoAction.PRIVILEGED.setCredential(credential);
331: }
332: }
333:
334: static void pushSubjectContext(Principal principal,
335: Object credential, Subject subject) {
336: if (System.getSecurityManager() == null) {
337: PrincipalInfoAction.NON_PRIVILEGED.push(principal,
338: credential, subject);
339: } else {
340: PrincipalInfoAction.PRIVILEGED.push(principal, credential,
341: subject);
342: }
343: }
344:
345: static void popSubjectContext() {
346: if (System.getSecurityManager() == null) {
347: PrincipalInfoAction.NON_PRIVILEGED.pop();
348: } else {
349: PrincipalInfoAction.PRIVILEGED.pop();
350: }
351: }
352:
353: static RunAsIdentity peekRunAsIdentity() {
354: if (System.getSecurityManager() == null) {
355: return RunAsIdentityActions.NON_PRIVILEGED.peek();
356: } else {
357: return RunAsIdentityActions.PRIVILEGED.peek();
358: }
359: }
360:
361: static void pushRunAsIdentity(RunAsIdentity principal) {
362: if (System.getSecurityManager() == null) {
363: RunAsIdentityActions.NON_PRIVILEGED.push(principal);
364: } else {
365: RunAsIdentityActions.PRIVILEGED.push(principal);
366: }
367: }
368:
369: static RunAsIdentity popRunAsIdentity() {
370: if (System.getSecurityManager() == null) {
371: return RunAsIdentityActions.NON_PRIVILEGED.pop();
372: } else {
373: return RunAsIdentityActions.PRIVILEGED.pop();
374: }
375: }
376:
377: static Exception getContextException() {
378: if (System.getSecurityManager() == null) {
379: return ContextInfoActions.NON_PRIVILEGED
380: .getContextException();
381: } else {
382: return ContextInfoActions.PRIVILEGED.getContextException();
383: }
384: }
385:
386: static Subject getContextSubject() throws PolicyContextException {
387: if (System.getSecurityManager() == null) {
388: return PolicyContextActions.NON_PRIVILEGED
389: .getContextSubject();
390: } else {
391: return PolicyContextActions.PRIVILEGED.getContextSubject();
392: }
393: }
394:
395: interface TCLAction {
396: class UTIL {
397: static TCLAction getTCLAction() {
398: return System.getSecurityManager() == null ? NON_PRIVILEGED
399: : PRIVILEGED;
400: }
401:
402: static ClassLoader getContextClassLoader() {
403: return getTCLAction().getContextClassLoader();
404: }
405:
406: static ClassLoader getContextClassLoader(Thread thread) {
407: return getTCLAction().getContextClassLoader(thread);
408: }
409:
410: static void setContextClassLoader(ClassLoader cl) {
411: getTCLAction().setContextClassLoader(cl);
412: }
413:
414: static void setContextClassLoader(Thread thread,
415: ClassLoader cl) {
416: getTCLAction().setContextClassLoader(thread, cl);
417: }
418: }
419:
420: TCLAction NON_PRIVILEGED = new TCLAction() {
421: public ClassLoader getContextClassLoader() {
422: return Thread.currentThread().getContextClassLoader();
423: }
424:
425: public ClassLoader getContextClassLoader(Thread thread) {
426: return thread.getContextClassLoader();
427: }
428:
429: public void setContextClassLoader(ClassLoader cl) {
430: Thread.currentThread().setContextClassLoader(cl);
431: }
432:
433: public void setContextClassLoader(Thread thread,
434: ClassLoader cl) {
435: thread.setContextClassLoader(cl);
436: }
437: };
438:
439: TCLAction PRIVILEGED = new TCLAction() {
440: private final PrivilegedAction getTCLPrivilegedAction = new PrivilegedAction() {
441: public Object run() {
442: return Thread.currentThread()
443: .getContextClassLoader();
444: }
445: };
446:
447: public ClassLoader getContextClassLoader() {
448: return (ClassLoader) AccessController
449: .doPrivileged(getTCLPrivilegedAction);
450: }
451:
452: public ClassLoader getContextClassLoader(final Thread thread) {
453: return (ClassLoader) AccessController
454: .doPrivileged(new PrivilegedAction() {
455: public Object run() {
456: return thread.getContextClassLoader();
457: }
458: });
459: }
460:
461: public void setContextClassLoader(final ClassLoader cl) {
462: AccessController.doPrivileged(new PrivilegedAction() {
463: public Object run() {
464: Thread.currentThread()
465: .setContextClassLoader(cl);
466: return null;
467: }
468: });
469: }
470:
471: public void setContextClassLoader(final Thread thread,
472: final ClassLoader cl) {
473: AccessController.doPrivileged(new PrivilegedAction() {
474: public Object run() {
475: thread.setContextClassLoader(cl);
476: return null;
477: }
478: });
479: }
480: };
481:
482: ClassLoader getContextClassLoader();
483:
484: ClassLoader getContextClassLoader(Thread thread);
485:
486: void setContextClassLoader(ClassLoader cl);
487:
488: void setContextClassLoader(Thread thread, ClassLoader cl);
489: }
490: }
|