Home » geronimo-2.2-source-release » org.apache.geronimo.openejb » [javadoc | source]

    1   /**
    2    *
    3    * Licensed to the Apache Software Foundation (ASF) under one or more
    4    * contributor license agreements.  See the NOTICE file distributed with
    5    * this work for additional information regarding copyright ownership.
    6    * The ASF licenses this file to You under the Apache License, Version 2.0
    7    * (the "License"); you may not use this file except in compliance with
    8    * the License.  You may obtain a copy of the License at
    9    *
   10    *     http://www.apache.org/licenses/LICENSE-2.0
   11    *
   12    *  Unless required by applicable law or agreed to in writing, software
   13    *  distributed under the License is distributed on an "AS IS" BASIS,
   14    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   15    *  See the License for the specific language governing permissions and
   16    *  limitations under the License.
   17    */
   18   package org.apache.geronimo.openejb;
   19   
   20   import java.lang.reflect.Method;
   21   import java.security.AccessControlContext;
   22   import java.security.AccessControlException;
   23   import java.security.Permission;
   24   import java.security.Principal;
   25   import java.util.Properties;
   26   
   27   import javax.security.auth.Subject;
   28   import javax.security.auth.login.LoginContext;
   29   import javax.security.auth.login.LoginException;
   30   import javax.security.jacc.EJBMethodPermission;
   31   import javax.security.jacc.EJBRoleRefPermission;
   32   
   33   import org.apache.geronimo.security.ContextManager;
   34   import org.apache.geronimo.security.SubjectId;
   35   import org.apache.openejb.InterfaceType;
   36   import org.apache.openejb.core.CoreDeploymentInfo;
   37   import org.apache.openejb.core.ThreadContext;
   38   import org.apache.openejb.core.security.jaas.UsernamePasswordCallbackHandler;
   39   import org.apache.openejb.spi.SecurityService;
   40   
   41   /**
   42    * @version $Rev: 663791 $ $Date: 2008-06-05 17:06:12 -0700 (Thu, 05 Jun 2008) $
   43    */
   44   public class GeronimoSecurityService implements SecurityService {
   45       public void init(Properties props) throws Exception {
   46       }
   47   
   48       public Object login(String user, String pass) throws LoginException {
   49           return login("OpenEJB", user, pass);
   50       }
   51   
   52       public Object login(String securityRealm, String user, String pass) throws LoginException {
   53           LoginContext context = ContextManager.login(securityRealm, new UsernamePasswordCallbackHandler(user, pass));
   54   
   55           Subject subject = context.getSubject();
   56           return ContextManager.getSubjectId(subject);
   57       }
   58   
   59       public void logout(Object securityIdentity) {
   60           Subject subject = ContextManager.getRegisteredSubject((SubjectId) securityIdentity);
   61           ContextManager.unregisterSubject(subject);
   62       }
   63   
   64       public void associate(Object securityIdentity) throws LoginException {
   65           if (securityIdentity == null) {
   66               return;
   67           }
   68   
   69           Subject subject = ContextManager.getRegisteredSubject((SubjectId) securityIdentity);
   70           if (subject == null) {
   71               return;
   72           }
   73           ContextManager.setCallers(subject, subject);
   74       }
   75   
   76       public Object disassociate() {
   77           // this is only called before the thread is put back in the pool so it should be ok
   78           ContextManager.popCallers(null);
   79           return null;
   80       }
   81   
   82       public boolean isCallerAuthorized(Method method, InterfaceType typee) {
   83           ThreadContext threadContext = ThreadContext.getThreadContext();
   84   
   85           try {
   86               CoreDeploymentInfo deploymentInfo = threadContext.getDeploymentInfo();
   87   
   88               // if security is not enabled we are autorized
   89               EjbDeployment ejbDeployment = deploymentInfo.get(EjbDeployment.class);
   90               if (ejbDeployment == null || !ejbDeployment.isSecurityEnabled()) {
   91                   return true;
   92               }
   93   
   94               String ejbName = deploymentInfo.getEjbName();
   95   
   96               InterfaceType type = deploymentInfo.getInterfaceType(method.getDeclaringClass());
   97   
   98               String name = (type == null) ? null : type.getSpecName();
   99   
  100               Permission permission = new EJBMethodPermission(ejbName, name, method);
  101   
  102               AccessControlContext accessContext = ContextManager.getCurrentContext();
  103   
  104               if (permission != null) accessContext.checkPermission(permission);
  105   
  106           } catch (AccessControlException e) {
  107               return false;
  108           }
  109           return true;
  110       }
  111   
  112       public boolean isCallerInRole(String role) {
  113           if (role == null) throw new IllegalArgumentException("Role must not be null");
  114   
  115           ThreadContext threadContext = ThreadContext.getThreadContext();
  116   
  117           CoreDeploymentInfo deploymentInfo = threadContext.getDeploymentInfo();
  118   
  119           // if security is not enabled we are not in that role
  120           EjbDeployment ejbDeployment = deploymentInfo.get(EjbDeployment.class);
  121           if (ejbDeployment == null || !ejbDeployment.isSecurityEnabled()) {
  122               return false;
  123           }
  124   
  125           String EJBName = deploymentInfo.getEjbName();
  126           if (EJBName == null) throw new IllegalArgumentException("EJBName must not be null");
  127           try {
  128               AccessControlContext context = ContextManager.getCurrentContext();
  129               context.checkPermission(new EJBRoleRefPermission(EJBName, role));
  130           } catch (AccessControlException e) {
  131               return false;
  132           }
  133           return true;
  134       }
  135   
  136       public Principal getCallerPrincipal() {
  137           // if security is not enabled, we don't have a principal
  138           ThreadContext threadContext = ThreadContext.getThreadContext();
  139           CoreDeploymentInfo deploymentInfo = threadContext.getDeploymentInfo();
  140           EjbDeployment ejbDeployment = deploymentInfo.get(EjbDeployment.class);
  141           if (ejbDeployment == null || !ejbDeployment.isSecurityEnabled()) {
  142               return null;
  143           }
  144   
  145           Subject callerSubject = ContextManager.getCurrentCaller();
  146           return ContextManager.getCurrentPrincipal(callerSubject);
  147       }
  148   
  149       //
  150       // Unused
  151       //
  152   
  153       public Object getSecurityIdentity() {
  154           return null;
  155       }
  156   
  157       public void setSecurityIdentity(Object securityIdentity) {
  158           throw new UnsupportedOperationException();
  159       }
  160   
  161       public <T> T translateTo(Object securityIdentity, Class<T> type) {
  162           throw new UnsupportedOperationException();
  163       }
  164   
  165       public Subject getCurrentSubject() {
  166           throw new UnsupportedOperationException();
  167       }
  168   
  169   }

Home » geronimo-2.2-source-release » org.apache.geronimo.openejb » [javadoc | source]