001 /** 002 * 003 * Copyright 2003-2005 The Apache Software Foundation 004 * 005 * Licensed under the Apache License, Version 2.0 (the "License"); 006 * you may not use this file except in compliance with the License. 007 * You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018 package org.apache.geronimo.security; 019 020 import java.security.Policy; 021 import javax.security.jacc.PolicyConfigurationFactory; 022 import javax.security.jacc.PolicyContextException; 023 import org.apache.commons.logging.Log; 024 import org.apache.commons.logging.LogFactory; 025 import org.apache.geronimo.gbean.GBeanInfo; 026 import org.apache.geronimo.gbean.GBeanInfoBuilder; 027 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; 028 import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject; 029 import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest; 030 import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage; 031 import org.apache.geronimo.security.util.ConfigurationUtil; 032 import org.apache.geronimo.system.serverinfo.ServerInfo; 033 034 035 /** 036 * An MBean that registers the JACC factory and handlers. 037 * 038 * @version $Rev: 406493 $ $Date: 2006-05-14 18:14:11 -0700 (Sun, 14 May 2006) $ 039 */ 040 public class SecurityServiceImpl implements SecurityService { 041 042 public static boolean POLICY_INSTALLED = false; 043 044 private final Log log = LogFactory.getLog(SecurityServiceImpl.class); 045 046 /** 047 * Permissions that protect access to sensitive security information 048 */ 049 public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission("configure"); 050 051 public SecurityServiceImpl(ClassLoader classLoader, ServerInfo serverInfo, String policyConfigurationFactory, 052 String policyProvider, String keyStore, String keyStorePassword, 053 String trustStore, String trustStorePassword) 054 throws PolicyContextException, ClassNotFoundException, IllegalAccessException, InstantiationException 055 { 056 057 /** 058 * @see "JSR 115 4.6.1" Container Subject Policy Context Handler 059 */ 060 ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerContainerSubject(), true); 061 ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerSOAPMessage(), true); 062 ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerHttpServletRequest(), true); 063 064 if (!POLICY_INSTALLED) { 065 policyProvider = sysOverRide(policyProvider, POLICY_PROVIDER); 066 067 if (policyProvider != null) { 068 Policy policy = (Policy) classLoader.loadClass(policyProvider).newInstance(); 069 policy.refresh(); 070 Policy.setPolicy(policy); 071 } 072 073 POLICY_INSTALLED = true; 074 } 075 076 policyConfigurationFactory = sysOverRide(policyConfigurationFactory, POLICY_CONFIG_FACTORY); 077 if (policyConfigurationFactory != null) { 078 Thread currentThread = Thread.currentThread(); 079 ClassLoader oldClassLoader = currentThread.getContextClassLoader(); 080 currentThread.setContextClassLoader(classLoader); 081 try { 082 PolicyConfigurationFactory.getPolicyConfigurationFactory(); 083 } finally { 084 currentThread.setContextClassLoader(oldClassLoader); 085 } 086 } 087 if (keyStore != null) sysOverRide(serverInfo.resolveServerPath(keyStore), KEYSTORE); 088 if (keyStorePassword != null) sysOverRide(keyStorePassword, KEYSTORE_PASSWORD); 089 090 if (trustStore != null) sysOverRide(serverInfo.resolveServerPath(trustStore), TRUSTSTORE); 091 if (trustStorePassword != null) sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD); 092 093 log.debug(KEYSTORE + ": " + System.getProperty(KEYSTORE)); 094 log.debug(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE)); 095 096 log.debug("JACC factory registered"); 097 } 098 099 private String sysOverRide(String attribute, String sysVar) { 100 101 String sysValue = System.getProperty(sysVar); 102 103 /** 104 * System variable gets highest priority 105 */ 106 if (sysValue != null) 107 return sysValue; 108 109 if (attribute != null) { 110 System.setProperty(sysVar, attribute); 111 } 112 113 return attribute; 114 115 } 116 117 public static final GBeanInfo GBEAN_INFO; 118 119 static { 120 GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(SecurityServiceImpl.class); 121 122 infoFactory.addAttribute("classLoader", ClassLoader.class, false); 123 infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE); 124 infoFactory.addAttribute("policyConfigurationFactory", String.class, true); 125 infoFactory.addAttribute("policyProvider", String.class, true); 126 infoFactory.addAttribute("keyStore", String.class, true); 127 infoFactory.addAttribute("keyStorePassword", String.class, true); 128 infoFactory.addAttribute("trustStore", String.class, true); 129 infoFactory.addAttribute("trustStorePassword", String.class, true); 130 131 infoFactory.setConstructor(new String[]{"classLoader", "ServerInfo", "policyConfigurationFactory", 132 "policyProvider", "keyStore", "keyStorePassword", "trustStore", 133 "trustStorePassword"}); 134 135 GBEAN_INFO = infoFactory.getBeanInfo(); 136 } 137 138 public static GBeanInfo getGBeanInfo() { 139 return GBEAN_INFO; 140 } 141 }