001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.resource.security;
023:
024: import java.security.AccessController;
025: import java.security.Principal;
026: import java.security.PrivilegedAction;
027: import java.security.acl.Group;
028: import java.util.Iterator;
029: import java.util.Set;
030: import javax.resource.spi.ManagedConnectionFactory;
031: import javax.resource.spi.security.PasswordCredential;
032: import javax.security.auth.Subject;
033:
034: import org.jboss.security.SimpleGroup;
035:
036: /**
037: * Common package privileged actions.
038: *
039: * @author Scott.Stark@jboss.org
040: * @version $Revision: 57189 $
041: */
042: class SubjectActions {
043: interface AddRolesActions {
044: AddRolesActions PRIVILEGED = new AddRolesActions() {
045: public void addRoles(final Subject subject, final Set roles) {
046: AccessController.doPrivileged(new PrivilegedAction() {
047: public Object run() {
048: addSubjectRoles(subject, roles);
049: return null;
050: }
051: });
052: }
053: };
054:
055: AddRolesActions NON_PRIVILEGED = new AddRolesActions() {
056: public void addRoles(final Subject subject, final Set roles) {
057: addSubjectRoles(subject, roles);
058: }
059: };
060:
061: void addRoles(Subject subject, Set roles);
062: }
063:
064: static class AddCredentialsAction implements PrivilegedAction {
065: Subject subject;
066: PasswordCredential cred;
067:
068: AddCredentialsAction(Subject subject, PasswordCredential cred) {
069: this .subject = subject;
070: this .cred = cred;
071: }
072:
073: public Object run() {
074: subject.getPrivateCredentials().add(cred);
075: return null;
076: }
077: }
078:
079: static class AddPrincipalsAction implements PrivilegedAction {
080: Subject subject;
081: Principal p;
082:
083: AddPrincipalsAction(Subject subject, Principal p) {
084: this .subject = subject;
085: this .p = p;
086: }
087:
088: public Object run() {
089: subject.getPrincipals().add(p);
090: return null;
091: }
092: }
093:
094: static class RemoveCredentialsAction implements PrivilegedAction {
095: Subject subject;
096: ManagedConnectionFactory mcf;
097:
098: RemoveCredentialsAction(Subject subject,
099: ManagedConnectionFactory mcf) {
100: this .subject = subject;
101: this .mcf = mcf;
102: }
103:
104: public Object run() {
105: Iterator i = subject.getPrivateCredentials().iterator();
106: while (i.hasNext()) {
107: Object o = i.next();
108: if (o instanceof PasswordCredential) {
109: PasswordCredential pc = (PasswordCredential) o;
110: if (pc.getManagedConnectionFactory() == mcf)
111: i.remove();
112: }
113: }
114: return null;
115: }
116: }
117:
118: static void addCredentials(Subject subject, PasswordCredential cred) {
119: AddCredentialsAction action = new AddCredentialsAction(subject,
120: cred);
121: AccessController.doPrivileged(action);
122: }
123:
124: static void addPrincipals(Subject subject, Principal p) {
125: AddPrincipalsAction action = new AddPrincipalsAction(subject, p);
126: AccessController.doPrivileged(action);
127: }
128:
129: static void removeCredentials(Subject subject,
130: ManagedConnectionFactory mcf) {
131: RemoveCredentialsAction action = new RemoveCredentialsAction(
132: subject, mcf);
133: AccessController.doPrivileged(action);
134: }
135:
136: static void addRoles(Subject subject, Set runAsRoles) {
137: if (System.getSecurityManager() != null) {
138: AddRolesActions.PRIVILEGED.addRoles(subject, runAsRoles);
139: } else {
140: AddRolesActions.NON_PRIVILEGED
141: .addRoles(subject, runAsRoles);
142: }
143: }
144:
145: private static Group addSubjectRoles(Subject theSubject, Set roles) {
146: Set subjectGroups = theSubject.getPrincipals(Group.class);
147: Iterator iter = subjectGroups.iterator();
148: Group roleGrp = null;
149: while (iter.hasNext()) {
150: Group grp = (Group) iter.next();
151: String name = grp.getName();
152: if (name.equals("Roles"))
153: roleGrp = grp;
154: }
155:
156: // Create the Roles group if it was not found
157: if (roleGrp == null) {
158: roleGrp = new SimpleGroup("Roles");
159: theSubject.getPrincipals().add(roleGrp);
160: }
161:
162: iter = roles.iterator();
163: while (iter.hasNext()) {
164: Principal role = (Principal) iter.next();
165: roleGrp.addMember(role);
166: }
167: return roleGrp;
168: }
169:
170: }
|