001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 package org.apache.geronimo.security;
019
020 import java.security.Policy;
021 import javax.security.jacc.PolicyConfigurationFactory;
022 import javax.security.jacc.PolicyContextException;
023 import org.apache.commons.logging.Log;
024 import org.apache.commons.logging.LogFactory;
025 import org.apache.geronimo.gbean.GBeanInfo;
026 import org.apache.geronimo.gbean.GBeanInfoBuilder;
027 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
028 import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject;
029 import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest;
030 import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage;
031 import org.apache.geronimo.security.util.ConfigurationUtil;
032 import org.apache.geronimo.system.serverinfo.ServerInfo;
033
034
035 /**
036 * An MBean that registers the JACC factory and handlers.
037 *
038 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $
039 */
040 public class SecurityServiceImpl implements SecurityService {
041
042 public static boolean POLICY_INSTALLED = false;
043
044 private final Log log = LogFactory.getLog(SecurityServiceImpl.class);
045
046 /**
047 * Permissions that protect access to sensitive security information
048 */
049 public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission("configure");
050
051 public SecurityServiceImpl(ClassLoader classLoader, ServerInfo serverInfo, String policyConfigurationFactory,
052 String policyProvider, String keyStore, String keyStorePassword,
053 String trustStore, String trustStorePassword)
054 throws PolicyContextException, ClassNotFoundException, IllegalAccessException, InstantiationException
055 {
056
057 /**
058 * @see "JSR 115 4.6.1" Container Subject Policy Context Handler
059 */
060 ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerContainerSubject(), true);
061 ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerSOAPMessage(), true);
062 ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerHttpServletRequest(), true);
063
064 if (!POLICY_INSTALLED) {
065 policyProvider = sysOverRide(policyProvider, POLICY_PROVIDER);
066
067 if (policyProvider != null) {
068 Policy policy = (Policy) classLoader.loadClass(policyProvider).newInstance();
069 policy.refresh();
070 Policy.setPolicy(policy);
071 }
072
073 POLICY_INSTALLED = true;
074 }
075
076 policyConfigurationFactory = sysOverRide(policyConfigurationFactory, POLICY_CONFIG_FACTORY);
077 if (policyConfigurationFactory != null) {
078 Thread currentThread = Thread.currentThread();
079 ClassLoader oldClassLoader = currentThread.getContextClassLoader();
080 currentThread.setContextClassLoader(classLoader);
081 try {
082 PolicyConfigurationFactory.getPolicyConfigurationFactory();
083 } finally {
084 currentThread.setContextClassLoader(oldClassLoader);
085 }
086 }
087 if (keyStore != null) sysOverRide(serverInfo.resolveServerPath(keyStore), KEYSTORE);
088 if (keyStorePassword != null) sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
089
090 if (trustStore != null) sysOverRide(serverInfo.resolveServerPath(trustStore), TRUSTSTORE);
091 if (trustStorePassword != null) sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
092
093 log.debug(KEYSTORE + ": " + System.getProperty(KEYSTORE));
094 log.debug(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE));
095
096 log.debug("JACC factory registered");
097 }
098
099 private String sysOverRide(String attribute, String sysVar) {
100
101 String sysValue = System.getProperty(sysVar);
102
103 /**
104 * System variable gets highest priority
105 */
106 if (sysValue != null)
107 return sysValue;
108
109 if (attribute != null) {
110 System.setProperty(sysVar, attribute);
111 }
112
113 return attribute;
114
115 }
116
117 public static final GBeanInfo GBEAN_INFO;
118
119 static {
120 GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(SecurityServiceImpl.class);
121
122 infoFactory.addAttribute("classLoader", ClassLoader.class, false);
123 infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
124 infoFactory.addAttribute("policyConfigurationFactory", String.class, true);
125 infoFactory.addAttribute("policyProvider", String.class, true);
126 infoFactory.addAttribute("keyStore", String.class, true);
127 infoFactory.addAttribute("keyStorePassword", String.class, true);
128 infoFactory.addAttribute("trustStore", String.class, true);
129 infoFactory.addAttribute("trustStorePassword", String.class, true);
130
131 infoFactory.setConstructor(new String[]{"classLoader", "ServerInfo", "policyConfigurationFactory",
132 "policyProvider", "keyStore", "keyStorePassword", "trustStore",
133 "trustStorePassword"});
134
135 GBEAN_INFO = infoFactory.getBeanInfo();
136 }
137
138 public static GBeanInfo getGBeanInfo() {
139 return GBEAN_INFO;
140 }
141 }