001: /*
002: * $Id: SubjectAccessor.java,v 1.6 2007/08/08 15:05:29 kumarjayanti Exp $
003: */
004:
005: /*
006: * The contents of this file are subject to the terms
007: * of the Common Development and Distribution License
008: * (the License). You may not use this file except in
009: * compliance with the License.
010: *
011: * You can obtain a copy of the license at
012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
013: * See the License for the specific language governing
014: * permissions and limitations under the License.
015: *
016: * When distributing Covered Code, include this CDDL
017: * Header Notice in each file and include the License file
018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
019: * If applicable, add the following below the CDDL Header,
020: * with the fields enclosed by brackets [] replaced by
021: * you own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
025: */
026:
027: package com.sun.xml.wss;
028:
029: import com.sun.xml.wss.impl.MessageConstants;
030: import com.sun.xml.wss.logging.LogDomainConstants;
031:
032: import javax.security.auth.Subject;
033: import javax.xml.rpc.handler.MessageContext;
034: import javax.xml.rpc.server.ServletEndpointContext;
035: import java.util.logging.Level;
036: import java.util.logging.Logger;
037:
038: /**
039: * Class that can be used on the ServerSide by the SEI implementation methods, Callback Handlers
040: * and Standalone SAAJ Applications using XWSS.
041: */
042: public class SubjectAccessor {
043:
044: private static Logger log = Logger.getLogger(
045: LogDomainConstants.WSS_API_DOMAIN,
046: LogDomainConstants.WSS_API_DOMAIN_BUNDLE);
047:
048: private static ThreadLocal<Subject> wssThreadCtx = new ThreadLocal<Subject>();
049:
050: /**
051: *@return the Requester's Subject if one is available, null otherwise.
052: * The subject is populated with credentials from the incoming secure message.
053: * Note: the context supplied should either be a ServletEndpointContext or a
054: * com.sun.xml.wss.ProcessingContext
055: */
056: public static Subject getRequesterSubject(Object context)
057: throws XWSSecurityException {
058:
059: if (context instanceof ProcessingContext) {
060: return (Subject) ((ProcessingContext) context)
061: .getExtraneousProperty(MessageConstants.AUTH_SUBJECT);
062: } else if (context instanceof javax.xml.ws.handler.MessageContext) {
063:
064: javax.xml.ws.handler.MessageContext msgContext = (javax.xml.ws.handler.MessageContext) context;
065:
066: Subject subject = (Subject) msgContext
067: .get(MessageConstants.AUTH_SUBJECT);
068: return subject;
069:
070: } else if (context instanceof javax.xml.ws.WebServiceContext) {
071: try {
072:
073: javax.xml.ws.WebServiceContext wsCtx = (javax.xml.ws.WebServiceContext) context;
074: javax.xml.ws.handler.MessageContext msgContext = wsCtx
075: .getMessageContext();
076: if (msgContext != null) {
077: Subject subject = (Subject) msgContext
078: .get(MessageConstants.AUTH_SUBJECT);
079: return subject;
080: } else {
081: return null;
082: }
083:
084: } catch (NoClassDefFoundError ncde) {
085: log
086: .log(Level.SEVERE,
087: "WSS0761.context.not.instanceof.servletendpointcontext");
088: throw new XWSSecurityException(
089: "'context' argument is not an instanceof ServletEndpointContext, WebServiceContext or com.sun.xml.wss.ProcessingContext");
090: } catch (Exception ex) {
091: log
092: .log(Level.SEVERE,
093: "WSS0761.context.not.instanceof.servletendpointcontext");
094: throw new XWSSecurityException(
095: "'context' argument is not an instanceof ServletEndpointContext, WebServiceContext or com.sun.xml.wss.ProcessingContext");
096: }
097: } else if (context instanceof ServletEndpointContext) {
098:
099: MessageContext msgContext = ((ServletEndpointContext) context)
100: .getMessageContext();
101: if (msgContext != null) {
102: Subject subject = (Subject) msgContext
103: .getProperty(MessageConstants.AUTH_SUBJECT);
104: return subject;
105:
106: } else {
107: return null;
108: }
109:
110: }
111: return null;
112: }
113:
114: /**
115: *@return the Requester's Subject if one is available, null otherwise.The subject
116: * is populated with credentials from the incoming secure message.
117: * This method should be used only with synchronous Request-Response Message
118: * Exchange Patterns.
119: */
120: public static Subject getRequesterSubject() {
121: return wssThreadCtx.get();
122:
123: }
124:
125: /*
126: * set the Requester's Subject into the context
127: * @param sub the Requesters Subject
128: * This method should be used only with synchronous Request-Response Message
129: * Exchange Patterns.
130: */
131: public static void setRequesterSubject(Subject sub) {
132: wssThreadCtx.set(sub);
133: }
134: }
|