001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.ejb.plugins;
023:
024: import java.security.PrivilegedAction;
025: import java.security.PrivilegedExceptionAction;
026: import java.security.Principal;
027: import java.security.AccessController;
028: import java.security.PrivilegedActionException;
029: import java.lang.reflect.UndeclaredThrowableException;
030:
031: import javax.security.auth.Subject;
032: import javax.security.jacc.PolicyContext;
033: import javax.security.jacc.PolicyContextException;
034:
035: import org.jboss.security.SecurityAssociation;
036: import org.jboss.security.RunAsIdentity;
037:
038: /** A collection of privileged actions for this package
039: * @author Scott.Stark@jboss.org
040: * @author <a href="mailto:alex@jboss.org">Alexey Loubyansky</a>
041: * @author Anil.Saldhana@jboss.org
042: * @version $Revison: $
043: */
044: class SecurityActions {
045: interface PrincipalInfoAction {
046: PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction() {
047: public void push(final Principal principal,
048: final Object credential, final Subject subject) {
049: AccessController.doPrivileged(new PrivilegedAction() {
050: public Object run() {
051: SecurityAssociation.pushSubjectContext(subject,
052: principal, credential);
053: return null;
054: }
055: });
056: }
057:
058: public void dup() {
059: AccessController.doPrivileged(new PrivilegedAction() {
060: public Object run() {
061: SecurityAssociation.dupSubjectContext();
062: return null;
063: }
064: });
065: }
066:
067: public void pop() {
068: AccessController.doPrivileged(new PrivilegedAction() {
069: public Object run() {
070: SecurityAssociation.popSubjectContext();
071: return null;
072: }
073: });
074: }
075: };
076:
077: PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction() {
078: public void push(Principal principal, Object credential,
079: Subject subject) {
080: SecurityAssociation.pushSubjectContext(subject,
081: principal, credential);
082: }
083:
084: public void dup() {
085: SecurityAssociation.dupSubjectContext();
086: }
087:
088: public void pop() {
089: SecurityAssociation.popSubjectContext();
090: }
091: };
092:
093: void push(Principal principal, Object credential,
094: Subject subject);
095:
096: void dup();
097:
098: void pop();
099: }
100:
101: interface RunAsIdentityActions {
102: RunAsIdentityActions PRIVILEGED = new RunAsIdentityActions() {
103: private final PrivilegedAction peekAction = new PrivilegedAction() {
104: public Object run() {
105: return SecurityAssociation.peekRunAsIdentity();
106: }
107: };
108:
109: private final PrivilegedAction popAction = new PrivilegedAction() {
110: public Object run() {
111: return SecurityAssociation.popRunAsIdentity();
112: }
113: };
114:
115: public RunAsIdentity peek() {
116: return (RunAsIdentity) AccessController
117: .doPrivileged(peekAction);
118: }
119:
120: public RunAsIdentity peek(final int depth) {
121: return (RunAsIdentity) AccessController
122: .doPrivileged(new PrivilegedAction() {
123:
124: public Object run() {
125: return SecurityAssociation
126: .peekRunAsIdentity(depth);
127: }
128: });
129: }
130:
131: public void push(final RunAsIdentity id) {
132: AccessController.doPrivileged(new PrivilegedAction() {
133: public Object run() {
134: SecurityAssociation.pushRunAsIdentity(id);
135: return null;
136: }
137: });
138: }
139:
140: public RunAsIdentity pop() {
141: return (RunAsIdentity) AccessController
142: .doPrivileged(popAction);
143: }
144: };
145:
146: RunAsIdentityActions NON_PRIVILEGED = new RunAsIdentityActions() {
147: public RunAsIdentity peek() {
148: return SecurityAssociation.peekRunAsIdentity();
149: }
150:
151: public RunAsIdentity peek(int depth) {
152: return SecurityAssociation.peekRunAsIdentity(depth);
153: }
154:
155: public void push(RunAsIdentity id) {
156: SecurityAssociation.pushRunAsIdentity(id);
157: }
158:
159: public RunAsIdentity pop() {
160: return SecurityAssociation.popRunAsIdentity();
161: }
162: };
163:
164: RunAsIdentity peek();
165:
166: RunAsIdentity peek(int depth);
167:
168: void push(RunAsIdentity id);
169:
170: RunAsIdentity pop();
171: }
172:
173: interface ContextInfoActions {
174: static final String EX_KEY = "org.jboss.security.exception";
175: ContextInfoActions PRIVILEGED = new ContextInfoActions() {
176: private final PrivilegedAction exAction = new PrivilegedAction() {
177: public Object run() {
178: return SecurityAssociation.getContextInfo(EX_KEY);
179: }
180: };
181:
182: public Exception getContextException() {
183: return (Exception) AccessController
184: .doPrivileged(exAction);
185: }
186: };
187:
188: ContextInfoActions NON_PRIVILEGED = new ContextInfoActions() {
189: public Exception getContextException() {
190: return (Exception) SecurityAssociation
191: .getContextInfo(EX_KEY);
192: }
193: };
194:
195: Exception getContextException();
196: }
197:
198: interface PolicyContextActions {
199: /** The JACC PolicyContext key for the current Subject */
200: static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
201: PolicyContextActions PRIVILEGED = new PolicyContextActions() {
202: private final PrivilegedExceptionAction exAction = new PrivilegedExceptionAction() {
203: public Object run() throws Exception {
204: return (Subject) PolicyContext
205: .getContext(SUBJECT_CONTEXT_KEY);
206: }
207: };
208:
209: public Subject getContextSubject()
210: throws PolicyContextException {
211: try {
212: return (Subject) AccessController
213: .doPrivileged(exAction);
214: } catch (PrivilegedActionException e) {
215: Exception ex = e.getException();
216: if (ex instanceof PolicyContextException)
217: throw (PolicyContextException) ex;
218: else
219: throw new UndeclaredThrowableException(ex);
220: }
221: }
222: };
223:
224: PolicyContextActions NON_PRIVILEGED = new PolicyContextActions() {
225: public Subject getContextSubject()
226: throws PolicyContextException {
227: return (Subject) PolicyContext
228: .getContext(SUBJECT_CONTEXT_KEY);
229: }
230: };
231:
232: Subject getContextSubject() throws PolicyContextException;
233: }
234:
235: static ClassLoader getContextClassLoader() {
236: return TCLAction.UTIL.getContextClassLoader();
237: }
238:
239: static void setContextClassLoader(ClassLoader loader) {
240: TCLAction.UTIL.setContextClassLoader(loader);
241: }
242:
243: static void pushSubjectContext(Principal principal,
244: Object credential, Subject subject) {
245: if (System.getSecurityManager() == null) {
246: PrincipalInfoAction.NON_PRIVILEGED.push(principal,
247: credential, subject);
248: } else {
249: PrincipalInfoAction.PRIVILEGED.push(principal, credential,
250: subject);
251: }
252: }
253:
254: static void dupSubjectContext() {
255: if (System.getSecurityManager() == null) {
256: PrincipalInfoAction.NON_PRIVILEGED.dup();
257: } else {
258: PrincipalInfoAction.PRIVILEGED.dup();
259: }
260: }
261:
262: static void popSubjectContext() {
263: if (System.getSecurityManager() == null) {
264: PrincipalInfoAction.NON_PRIVILEGED.pop();
265: } else {
266: PrincipalInfoAction.PRIVILEGED.pop();
267: }
268: }
269:
270: static RunAsIdentity peekRunAsIdentity() {
271: if (System.getSecurityManager() == null) {
272: return RunAsIdentityActions.NON_PRIVILEGED.peek();
273: } else {
274: return RunAsIdentityActions.PRIVILEGED.peek();
275: }
276: }
277:
278: static RunAsIdentity peekRunAsIdentity(int depth) {
279: if (System.getSecurityManager() == null) {
280: return RunAsIdentityActions.NON_PRIVILEGED.peek(depth);
281: } else {
282: return RunAsIdentityActions.PRIVILEGED.peek(depth);
283: }
284: }
285:
286: static void pushRunAsIdentity(RunAsIdentity principal) {
287: if (System.getSecurityManager() == null) {
288: RunAsIdentityActions.NON_PRIVILEGED.push(principal);
289: } else {
290: RunAsIdentityActions.PRIVILEGED.push(principal);
291: }
292: }
293:
294: static RunAsIdentity popRunAsIdentity() {
295: if (System.getSecurityManager() == null) {
296: return RunAsIdentityActions.NON_PRIVILEGED.pop();
297: } else {
298: return RunAsIdentityActions.PRIVILEGED.pop();
299: }
300: }
301:
302: static Exception getContextException() {
303: if (System.getSecurityManager() == null) {
304: return ContextInfoActions.NON_PRIVILEGED
305: .getContextException();
306: } else {
307: return ContextInfoActions.PRIVILEGED.getContextException();
308: }
309: }
310:
311: static Subject getContextSubject() throws PolicyContextException {
312: if (System.getSecurityManager() == null) {
313: return PolicyContextActions.NON_PRIVILEGED
314: .getContextSubject();
315: } else {
316: return PolicyContextActions.PRIVILEGED.getContextSubject();
317: }
318: }
319:
320: interface TCLAction {
321: class UTIL {
322: static TCLAction getTCLAction() {
323: return System.getSecurityManager() == null ? NON_PRIVILEGED
324: : PRIVILEGED;
325: }
326:
327: static ClassLoader getContextClassLoader() {
328: return getTCLAction().getContextClassLoader();
329: }
330:
331: static ClassLoader getContextClassLoader(Thread thread) {
332: return getTCLAction().getContextClassLoader(thread);
333: }
334:
335: static void setContextClassLoader(ClassLoader cl) {
336: getTCLAction().setContextClassLoader(cl);
337: }
338:
339: static void setContextClassLoader(Thread thread,
340: ClassLoader cl) {
341: getTCLAction().setContextClassLoader(thread, cl);
342: }
343: }
344:
345: TCLAction NON_PRIVILEGED = new TCLAction() {
346: public ClassLoader getContextClassLoader() {
347: return Thread.currentThread().getContextClassLoader();
348: }
349:
350: public ClassLoader getContextClassLoader(Thread thread) {
351: return thread.getContextClassLoader();
352: }
353:
354: public void setContextClassLoader(ClassLoader cl) {
355: Thread.currentThread().setContextClassLoader(cl);
356: }
357:
358: public void setContextClassLoader(Thread thread,
359: ClassLoader cl) {
360: thread.setContextClassLoader(cl);
361: }
362: };
363:
364: TCLAction PRIVILEGED = new TCLAction() {
365: private final PrivilegedAction getTCLPrivilegedAction = new PrivilegedAction() {
366: public Object run() {
367: return Thread.currentThread()
368: .getContextClassLoader();
369: }
370: };
371:
372: public ClassLoader getContextClassLoader() {
373: return (ClassLoader) AccessController
374: .doPrivileged(getTCLPrivilegedAction);
375: }
376:
377: public ClassLoader getContextClassLoader(final Thread thread) {
378: return (ClassLoader) AccessController
379: .doPrivileged(new PrivilegedAction() {
380: public Object run() {
381: return thread.getContextClassLoader();
382: }
383: });
384: }
385:
386: public void setContextClassLoader(final ClassLoader cl) {
387: AccessController.doPrivileged(new PrivilegedAction() {
388: public Object run() {
389: Thread.currentThread()
390: .setContextClassLoader(cl);
391: return null;
392: }
393: });
394: }
395:
396: public void setContextClassLoader(final Thread thread,
397: final ClassLoader cl) {
398: AccessController.doPrivileged(new PrivilegedAction() {
399: public Object run() {
400: thread.setContextClassLoader(cl);
401: return null;
402: }
403: });
404: }
405: };
406:
407: ClassLoader getContextClassLoader();
408:
409: ClassLoader getContextClassLoader(Thread thread);
410:
411: void setContextClassLoader(ClassLoader cl);
412:
413: void setContextClassLoader(Thread thread, ClassLoader cl);
414: }
415: }
|