001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.security;
017:
018: import java.security.Policy;
019: import javax.security.jacc.PolicyConfigurationFactory;
020: import javax.security.jacc.PolicyContextException;
021: import org.apache.commons.logging.Log;
022: import org.apache.commons.logging.LogFactory;
023: import org.apache.geronimo.gbean.GBeanInfo;
024: import org.apache.geronimo.gbean.GBeanInfoBuilder;
025: import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
026: import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject;
027: import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest;
028: import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage;
029: import org.apache.geronimo.security.util.ConfigurationUtil;
030: import org.apache.geronimo.system.serverinfo.ServerInfo;
031:
032: /**
033: * An MBean that registers the JACC factory and handlers.
034: *
035: * @version $Rev: 476049 $ $Date: 2006-11-16 20:35:17 -0800 (Thu, 16 Nov 2006) $
036: */
037: public class SecurityServiceImpl implements SecurityService {
038:
039: public static boolean POLICY_INSTALLED = false;
040:
041: private final Log log = LogFactory
042: .getLog(SecurityServiceImpl.class);
043:
044: /**
045: * Permissions that protect access to sensitive security information
046: */
047: public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission(
048: "configure");
049:
050: public SecurityServiceImpl(ClassLoader classLoader,
051: ServerInfo serverInfo, String policyConfigurationFactory,
052: String policyProvider, String keyStore,
053: String keyStorePassword, String trustStore,
054: String trustStorePassword) throws PolicyContextException,
055: ClassNotFoundException, IllegalAccessException,
056: InstantiationException {
057:
058: /**
059: * @see "JSR 115 4.6.1" Container Subject Policy Context Handler
060: */
061: ConfigurationUtil.registerPolicyContextHandler(
062: new PolicyContextHandlerContainerSubject(), true);
063: ConfigurationUtil.registerPolicyContextHandler(
064: new PolicyContextHandlerSOAPMessage(), true);
065: ConfigurationUtil.registerPolicyContextHandler(
066: new PolicyContextHandlerHttpServletRequest(), true);
067:
068: if (!POLICY_INSTALLED) {
069: policyProvider = sysOverRide(policyProvider,
070: POLICY_PROVIDER);
071:
072: if (policyProvider != null) {
073: Policy policy = (Policy) classLoader.loadClass(
074: policyProvider).newInstance();
075: policy.refresh();
076: Policy.setPolicy(policy);
077: }
078:
079: POLICY_INSTALLED = true;
080: }
081:
082: policyConfigurationFactory = sysOverRide(
083: policyConfigurationFactory, POLICY_CONFIG_FACTORY);
084: if (policyConfigurationFactory != null) {
085: Thread currentThread = Thread.currentThread();
086: ClassLoader oldClassLoader = currentThread
087: .getContextClassLoader();
088: currentThread.setContextClassLoader(classLoader);
089: try {
090: PolicyConfigurationFactory
091: .getPolicyConfigurationFactory();
092: } finally {
093: currentThread.setContextClassLoader(oldClassLoader);
094: }
095: }
096: if (keyStore != null)
097: sysOverRide(serverInfo.resolveServerPath(keyStore),
098: KEYSTORE);
099: if (keyStorePassword != null)
100: sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
101:
102: if (trustStore != null)
103: sysOverRide(serverInfo.resolveServerPath(trustStore),
104: TRUSTSTORE);
105: if (trustStorePassword != null)
106: sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
107:
108: log.debug(KEYSTORE + ": " + System.getProperty(KEYSTORE));
109: log.debug(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE));
110:
111: log.debug("JACC factory registered");
112: }
113:
114: private String sysOverRide(String attribute, String sysVar) {
115:
116: String sysValue = System.getProperty(sysVar);
117:
118: /**
119: * System variable gets highest priority
120: */
121: if (sysValue != null)
122: return sysValue;
123:
124: if (attribute != null) {
125: System.setProperty(sysVar, attribute);
126: }
127:
128: return attribute;
129:
130: }
131:
132: public static final GBeanInfo GBEAN_INFO;
133:
134: static {
135: GBeanInfoBuilder infoFactory = GBeanInfoBuilder
136: .createStatic(SecurityServiceImpl.class);
137:
138: infoFactory.addAttribute("classLoader", ClassLoader.class,
139: false);
140: infoFactory.addReference("ServerInfo", ServerInfo.class,
141: NameFactory.GERONIMO_SERVICE);
142: infoFactory.addAttribute("policyConfigurationFactory",
143: String.class, true);
144: infoFactory.addAttribute("policyProvider", String.class, true);
145: infoFactory.addAttribute("keyStore", String.class, true);
146: infoFactory
147: .addAttribute("keyStorePassword", String.class, true);
148: infoFactory.addAttribute("trustStore", String.class, true);
149: infoFactory.addAttribute("trustStorePassword", String.class,
150: true);
151:
152: infoFactory.setConstructor(new String[] { "classLoader",
153: "ServerInfo", "policyConfigurationFactory",
154: "policyProvider", "keyStore", "keyStorePassword",
155: "trustStore", "trustStorePassword" });
156:
157: GBEAN_INFO = infoFactory.getBeanInfo();
158: }
159:
160: public static GBeanInfo getGBeanInfo() {
161: return GBEAN_INFO;
162: }
163: }
|