01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.security.jacc;
23:
24: import java.security.AccessController;
25: import java.security.PrivilegedAction;
26: import java.util.Set;
27: import java.util.HashSet;
28: import javax.security.auth.Subject;
29: import javax.security.jacc.PolicyContextException;
30: import javax.security.jacc.PolicyContextHandler;
31:
32: import org.jboss.security.RunAsIdentity;
33: import org.jboss.security.SecurityAssociation;
34:
35: /** A PolicyContextHandler for the current authenticated Subject.
36: * @author Scott.Stark@jboss.org
37: * @version $Revison:$
38: */
39: public class SubjectPolicyContextHandler implements
40: PolicyContextHandler {
41: public static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
42: public static final HashSet EMPTY_SET = new HashSet();
43:
44: private static class GetSubjectAction implements PrivilegedAction {
45: static PrivilegedAction ACTION = new GetSubjectAction();
46:
47: public Object run() {
48: Subject theSubject = null;
49: Subject activeSubject = SecurityAssociation.getSubject();
50: if (activeSubject != null) {
51: Set principalsSet = null;
52: RunAsIdentity callerRunAsIdentity = (RunAsIdentity) SecurityAssociation
53: .peekRunAsIdentity(1);
54: if (callerRunAsIdentity == null) {
55: principalsSet = activeSubject.getPrincipals();
56: } else {
57: principalsSet = callerRunAsIdentity
58: .getPrincipalsSet();
59: }
60:
61: theSubject = new Subject(true, principalsSet,
62: activeSubject.getPublicCredentials(),
63: activeSubject.getPrivateCredentials());
64: } else {
65: RunAsIdentity callerRunAsIdentity = (RunAsIdentity) SecurityAssociation
66: .peekRunAsIdentity(1);
67: if (callerRunAsIdentity != null) {
68: Set principalsSet = callerRunAsIdentity
69: .getPrincipalsSet();
70: theSubject = new Subject(true, principalsSet,
71: EMPTY_SET, EMPTY_SET);
72: }
73: }
74: return theSubject;
75: }
76: }
77:
78: public Object getContext(String key, Object data)
79: throws PolicyContextException {
80: if (key.equalsIgnoreCase(SUBJECT_CONTEXT_KEY) == false)
81: return null;
82:
83: Subject subject = (Subject) AccessController
84: .doPrivileged(GetSubjectAction.ACTION);
85: return subject;
86: }
87:
88: public String[] getKeys() throws PolicyContextException {
89: String[] keys = { SUBJECT_CONTEXT_KEY };
90: return keys;
91: }
92:
93: public boolean supports(String key) throws PolicyContextException {
94: return key.equalsIgnoreCase(SUBJECT_CONTEXT_KEY);
95: }
96: }
|