001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security;
018:
019: /**
020: * Wrapper for the javax.security.auth.Subject class.
021: * Due to a design oversight in JAAS 1.0, the javax.security.auth.Subject.getSubject method does not return the Subject
022: * that is associated with the running thread !inside! a java.security.AccessController.doPrivileged code block.
023: * As a result, the current subject cannot be determined correctly.
024: * This class uses the ThreadLocal mechanism to carry the thread-specific instance of the subject
025: * @author hajo
026: *
027: */
028:
029: import javax.security.auth.*;
030: import java.security.AccessControlContext;
031: import java.security.PrivilegedActionException;
032:
033: public class JSSubject implements java.io.Serializable {
034:
035: private static final long serialVersionUID = -8308522755600156057L;
036:
037: static ThreadLocal threadLocal = new ThreadLocal();
038:
039: /**
040: * Get the <code>Subject</code> associated with the provided
041: * <code>AccessControlContext</code> fromn the current Thread or from the standard SUBJECT mechansim
042: * <p>
043: *
044: * @param acc the <code>AccessControlContext</code> from which to retrieve
045: * the <code>Subject</code>. Only used if current thread doesn't carry subject
046: *
047: * @return the <code>Subject</code> associated with the provided
048: * <code>AccessControlContext</code>, or <code>null</code>
049: * if no <code>Subject</code> is associated
050: * with the provided <code>AccessControlContext</code>.
051: *
052: * @exception SecurityException if the caller does not have permission
053: * to get the <code>Subject</code>. <p>
054: *
055: * @exception NullPointerException if the provided
056: * <code>AccessControlContext</code> is <code>null</code>.
057: */
058: public static Subject getSubject(final AccessControlContext acc) {
059: Subject s = null;
060: try {
061: s = (Subject) threadLocal.get();
062: } catch (Exception e) {
063: }
064: if (s == null)
065: return Subject.getSubject(acc);
066: else
067: return s;
068: }
069:
070: /**
071: * Perform work as a particular <code>Subject</code> after setting subject reference in current thread
072: *
073: * @param subject the <code>Subject</code> that the specified
074: * <code>action</code> will run as. This parameter
075: * may be <code>null</code>. <p>
076: *
077: * @param action the code to be run as the specified
078: * <code>Subject</code>. <p>
079: *
080: * @return the <code>Object</code> returned by the PrivilegedAction's
081: * <code>run</code> method.
082: *
083: * @exception NullPointerException if the <code>PrivilegedAction</code>
084: * is <code>null</code>. <p>
085: *
086: * @exception SecurityException if the caller does not have permission
087: * to invoke this method.
088: */
089: public static Object doAs(final Subject subject1,
090: final java.security.PrivilegedAction action) {
091: Subject subject = subject1;
092: if (subject == null)
093: subject = JSSubject.getSubject(null);
094: threadLocal.set(subject);
095: return Subject.doAs(subject, action);
096: }
097:
098: /**
099: * Perform work as a particular <code>Subject</code> after setting subject reference in current thread.
100: *
101: *
102: * @param subject the <code>Subject</code> that the specified
103: * <code>action</code> will run as. This parameter
104: * may be <code>null</code>. <p>
105: *
106: * @param action the code to be run as the specified
107: * <code>Subject</code>. <p>
108: *
109: * @return the <code>Object</code> returned by the
110: * PrivilegedExceptionAction's <code>run</code> method.
111: *
112: * @exception PrivilegedActionException if the
113: * <code>PrivilegedExceptionAction.run</code>
114: * method throws a checked exception. <p>
115: *
116: * @exception NullPointerException if the specified
117: * <code>PrivilegedExceptionAction</code> is
118: * <code>null</code>. <p>
119: *
120: * @exception SecurityException if the caller does not have permission
121: * to invoke this method.
122: */
123: public static Object doAs(final Subject subject1,
124: final java.security.PrivilegedExceptionAction action)
125: throws java.security.PrivilegedActionException {
126: Subject subject = subject1;
127: if (subject == null)
128: subject = JSSubject.getSubject(null);
129: threadLocal.set(subject);
130: if (subject != null)
131: return Subject.doAs(subject, action);
132: else
133: return Subject.doAs(subject, action);
134: }
135:
136: /**
137: * Perform privileged work as a particular <code>Subject</code> after setting subject reference in current thread.
138: *
139: *
140: * @param subject the <code>Subject</code> that the specified
141: * <code>action</code> will run as. This parameter
142: * may be <code>null</code>. <p>
143: *
144: * @param action the code to be run as the specified
145: * <code>Subject</code>. <p>
146: *
147: * @param acc the <code>AccessControlContext</code> to be tied to the
148: * specified <i>subject</i> and <i>action</i>. <p>
149: *
150: * @return the <code>Object</code> returned by the PrivilegedAction's
151: * <code>run</code> method.
152: *
153: * @exception NullPointerException if the <code>PrivilegedAction</code>
154: * is <code>null</code>. <p>
155: *
156: * @exception SecurityException if the caller does not have permission
157: * to invoke this method.
158: */
159: public static Object doAsPrivileged(final Subject subject1,
160: final java.security.PrivilegedAction action,
161: final java.security.AccessControlContext acc) {
162: Subject subject = subject1;
163: if (subject == null)
164: subject = JSSubject.getSubject(acc);
165: threadLocal.set(subject);
166: if (subject != null)
167: return Subject.doAsPrivileged(subject, action, acc);
168: else
169: return Subject.doAsPrivileged(subject, action, acc);
170:
171: }
172:
173: /**
174: * Perform privileged work as a particular <code>Subject</code> after setting subject reference in current thread.
175: *
176: *
177: * @param subject the <code>Subject</code> that the specified
178: * <code>action</code> will run as. This parameter
179: * may be <code>null</code>. <p>
180: *
181: * @param action the code to be run as the specified
182: * <code>Subject</code>. <p>
183: *
184: * @param acc the <code>AccessControlContext</code> to be tied to the
185: * specified <i>subject</i> and <i>action</i>. <p>
186: *
187: * @return the <code>Object</code> returned by the
188: * PrivilegedExceptionAction's <code>run</code> method.
189: *
190: * @exception PrivilegedActionException if the
191: * <code>PrivilegedExceptionAction.run</code>
192: * method throws a checked exception. <p>
193: *
194: * @exception NullPointerException if the specified
195: * <code>PrivilegedExceptionAction</code> is
196: * <code>null</code>. <p>
197: *
198: * @exception SecurityException if the caller does not have permission
199: * to invoke this method.
200: */
201: public static Object doAsPrivileged(final Subject subject,
202: final java.security.PrivilegedExceptionAction action,
203: final java.security.AccessControlContext acc)
204: throws java.security.PrivilegedActionException {
205: Subject s = subject;
206: if (s == null)
207: s = JSSubject.getSubject(acc);
208: threadLocal.set(s);
209: if (s != null)
210: return Subject.doAsPrivileged(s, action, acc);
211: else
212: return Subject.doAsPrivileged(s, action, acc);
213:
214: }
215:
216: }
|