001: /**
002: *
003: * Licensed to the Apache Software Foundation (ASF) under one or more
004: * contributor license agreements. See the NOTICE file distributed with
005: * this work for additional information regarding copyright ownership.
006: * The ASF licenses this file to You under the Apache License, Version 2.0
007: * (the "License"); you may not use this file except in compliance with
008: * the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing, software
013: * distributed under the License is distributed on an "AS IS" BASIS,
014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: * See the License for the specific language governing permissions and
016: * limitations under the License.
017: */package org.apache.geronimo.openejb;
018:
019: import java.lang.reflect.Method;
020: import java.security.AccessControlContext;
021: import java.security.AccessControlException;
022: import java.security.Permission;
023: import java.security.Principal;
024: import java.util.Properties;
025:
026: import javax.security.auth.Subject;
027: import javax.security.auth.login.LoginContext;
028: import javax.security.auth.login.LoginException;
029: import javax.security.jacc.EJBMethodPermission;
030:
031: import org.apache.geronimo.security.ContextManager;
032: import org.apache.geronimo.security.SubjectId;
033: import org.apache.openejb.InterfaceType;
034: import org.apache.openejb.core.CoreDeploymentInfo;
035: import org.apache.openejb.core.ThreadContext;
036: import org.apache.openejb.core.security.jaas.UsernamePasswordCallbackHandler;
037: import org.apache.openejb.spi.SecurityService;
038:
039: /**
040: * @version $Rev: 583409 $ $Date: 2007-10-10 02:38:51 -0700 (Wed, 10 Oct 2007) $
041: */
042: public class GeronimoSecurityService implements SecurityService {
043: public void init(Properties props) throws Exception {
044: }
045:
046: public Object login(String user, String pass) throws LoginException {
047: return login("OpenEJB", user, pass);
048: }
049:
050: public Object login(String securityRealm, String user, String pass)
051: throws LoginException {
052: LoginContext context = ContextManager.login(securityRealm,
053: new UsernamePasswordCallbackHandler(user, pass));
054:
055: Subject subject = context.getSubject();
056: return ContextManager.getSubjectId(subject);
057: }
058:
059: public void logout(Object securityIdentity) {
060: Subject subject = ContextManager
061: .getRegisteredSubject((SubjectId) securityIdentity);
062: ContextManager.unregisterSubject(subject);
063: }
064:
065: public void associate(Object securityIdentity)
066: throws LoginException {
067: if (securityIdentity == null) {
068: return;
069: }
070:
071: Subject subject = ContextManager
072: .getRegisteredSubject((SubjectId) securityIdentity);
073: if (subject == null) {
074: return;
075: }
076: ContextManager.setCallers(subject, subject);
077: }
078:
079: public Object disassociate() {
080: // this is only called before the thread is put back in the pool so it should be ok
081: ContextManager.popCallers(null);
082: return null;
083: }
084:
085: public boolean isCallerAuthorized(Method method, InterfaceType typee) {
086: ThreadContext threadContext = ThreadContext.getThreadContext();
087:
088: try {
089: CoreDeploymentInfo deploymentInfo = threadContext
090: .getDeploymentInfo();
091:
092: // if security is not enabled we are autorized
093: EjbDeployment ejbDeployment = deploymentInfo
094: .get(EjbDeployment.class);
095: if (ejbDeployment == null
096: || !ejbDeployment.isSecurityEnabled()) {
097: return true;
098: }
099:
100: String ejbName = deploymentInfo.getEjbName();
101:
102: InterfaceType type = deploymentInfo.getInterfaceType(method
103: .getDeclaringClass());
104:
105: String name = (type == null) ? null : type.getSpecName();
106:
107: Permission permission = new EJBMethodPermission(ejbName,
108: name, method);
109:
110: AccessControlContext accessContext = ContextManager
111: .getCurrentContext();
112:
113: if (permission != null)
114: accessContext.checkPermission(permission);
115:
116: } catch (AccessControlException e) {
117: return false;
118: }
119: return true;
120: }
121:
122: public boolean isCallerInRole(String role) {
123: if (role == null)
124: throw new IllegalArgumentException("Role must not be null");
125:
126: ThreadContext threadContext = ThreadContext.getThreadContext();
127:
128: CoreDeploymentInfo deploymentInfo = threadContext
129: .getDeploymentInfo();
130:
131: // if security is not enabled we are not in that role
132: EjbDeployment ejbDeployment = deploymentInfo
133: .get(EjbDeployment.class);
134: if (ejbDeployment == null || !ejbDeployment.isSecurityEnabled()) {
135: return false;
136: }
137:
138: return ContextManager.isCallerInRole(deploymentInfo
139: .getEjbName(), role);
140: }
141:
142: public Principal getCallerPrincipal() {
143: // if security is not enabled, we don't have a principal
144: ThreadContext threadContext = ThreadContext.getThreadContext();
145: CoreDeploymentInfo deploymentInfo = threadContext
146: .getDeploymentInfo();
147: EjbDeployment ejbDeployment = deploymentInfo
148: .get(EjbDeployment.class);
149: if (ejbDeployment == null || !ejbDeployment.isSecurityEnabled()) {
150: return null;
151: }
152:
153: Subject callerSubject = ContextManager.getCurrentCaller();
154: return ContextManager.getCurrentPrincipal(callerSubject);
155: }
156:
157: //
158: // Unused
159: //
160:
161: public Object getSecurityIdentity() {
162: return null;
163: }
164:
165: public void setSecurityIdentity(Object securityIdentity) {
166: throw new UnsupportedOperationException();
167: }
168:
169: public <T> T translateTo(Object securityIdentity, Class<T> type) {
170: throw new UnsupportedOperationException();
171: }
172:
173: public Subject getCurrentSubject() {
174: throw new UnsupportedOperationException();
175: }
176:
177: }
|