001    /**
002     *
003     * Copyright 2003-2005 The Apache Software Foundation
004     *
005     *  Licensed under the Apache License, Version 2.0 (the "License");
006     *  you may not use this file except in compliance with the License.
007     *  You may obtain a copy of the License at
008     *
009     *     http://www.apache.org/licenses/LICENSE-2.0
010     *
011     *  Unless required by applicable law or agreed to in writing, software
012     *  distributed under the License is distributed on an "AS IS" BASIS,
013     *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     *  See the License for the specific language governing permissions and
015     *  limitations under the License.
016     */
017    
018    package org.apache.geronimo.security;
019    
020    import java.security.Policy;
021    import javax.security.jacc.PolicyConfigurationFactory;
022    import javax.security.jacc.PolicyContextException;
023    import org.apache.commons.logging.Log;
024    import org.apache.commons.logging.LogFactory;
025    import org.apache.geronimo.gbean.GBeanInfo;
026    import org.apache.geronimo.gbean.GBeanInfoBuilder;
027    import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
028    import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject;
029    import org.apache.geronimo.security.jacc.PolicyContextHandlerHttpServletRequest;
030    import org.apache.geronimo.security.jacc.PolicyContextHandlerSOAPMessage;
031    import org.apache.geronimo.security.util.ConfigurationUtil;
032    import org.apache.geronimo.system.serverinfo.ServerInfo;
033    
034    
035    /**
036     * An MBean that registers the JACC factory and handlers.
037     *
038     * @version $Rev: 406493 $ $Date: 2006-05-14 18:14:11 -0700 (Sun, 14 May 2006) $
039     */
040    public class SecurityServiceImpl implements SecurityService {
041    
042        public static boolean POLICY_INSTALLED = false;
043    
044        private final Log log = LogFactory.getLog(SecurityServiceImpl.class);
045    
046        /**
047         * Permissions that protect access to sensitive security information
048         */
049        public static final GeronimoSecurityPermission CONFIGURE = new GeronimoSecurityPermission("configure");
050    
051        public SecurityServiceImpl(ClassLoader classLoader, ServerInfo serverInfo, String policyConfigurationFactory,
052                                   String policyProvider, String keyStore, String keyStorePassword,
053                                   String trustStore, String trustStorePassword)
054                throws PolicyContextException, ClassNotFoundException, IllegalAccessException, InstantiationException
055        {
056    
057            /**
058             *  @see "JSR 115 4.6.1" Container Subject Policy Context Handler
059             */
060            ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerContainerSubject(), true);
061            ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerSOAPMessage(), true);
062            ConfigurationUtil.registerPolicyContextHandler(new PolicyContextHandlerHttpServletRequest(), true);
063    
064            if (!POLICY_INSTALLED) {
065                policyProvider = sysOverRide(policyProvider, POLICY_PROVIDER);
066    
067                if (policyProvider != null) {
068                    Policy policy = (Policy) classLoader.loadClass(policyProvider).newInstance();
069                    policy.refresh();
070                    Policy.setPolicy(policy);
071                }
072    
073                POLICY_INSTALLED = true;
074            }
075    
076            policyConfigurationFactory = sysOverRide(policyConfigurationFactory, POLICY_CONFIG_FACTORY);
077            if (policyConfigurationFactory != null) {
078                Thread currentThread = Thread.currentThread();
079                ClassLoader oldClassLoader = currentThread.getContextClassLoader();
080                currentThread.setContextClassLoader(classLoader);
081                try {
082                    PolicyConfigurationFactory.getPolicyConfigurationFactory();
083                } finally {
084                    currentThread.setContextClassLoader(oldClassLoader);
085                }
086            }
087            if (keyStore != null) sysOverRide(serverInfo.resolveServerPath(keyStore), KEYSTORE);
088            if (keyStorePassword != null) sysOverRide(keyStorePassword, KEYSTORE_PASSWORD);
089    
090            if (trustStore != null) sysOverRide(serverInfo.resolveServerPath(trustStore), TRUSTSTORE);
091            if (trustStorePassword != null) sysOverRide(trustStorePassword, TRUSTSTORE_PASSWORD);
092    
093            log.debug(KEYSTORE + ": " + System.getProperty(KEYSTORE));
094            log.debug(TRUSTSTORE + ": " + System.getProperty(TRUSTSTORE));
095    
096            log.debug("JACC factory registered");
097        }
098    
099        private String sysOverRide(String attribute, String sysVar) {
100    
101            String sysValue = System.getProperty(sysVar);
102    
103            /**
104             * System variable gets highest priority
105             */
106            if (sysValue != null)
107                return sysValue;
108    
109            if (attribute != null) {
110                System.setProperty(sysVar, attribute);
111            }
112    
113            return attribute;
114    
115        }
116    
117        public static final GBeanInfo GBEAN_INFO;
118    
119        static {
120            GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(SecurityServiceImpl.class);
121    
122            infoFactory.addAttribute("classLoader", ClassLoader.class, false);
123            infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
124            infoFactory.addAttribute("policyConfigurationFactory", String.class, true);
125            infoFactory.addAttribute("policyProvider", String.class, true);
126            infoFactory.addAttribute("keyStore", String.class, true);
127            infoFactory.addAttribute("keyStorePassword", String.class, true);
128            infoFactory.addAttribute("trustStore", String.class, true);
129            infoFactory.addAttribute("trustStorePassword", String.class, true);
130    
131            infoFactory.setConstructor(new String[]{"classLoader", "ServerInfo", "policyConfigurationFactory",
132                                                    "policyProvider", "keyStore", "keyStorePassword", "trustStore",
133                                                    "trustStorePassword"});
134    
135            GBEAN_INFO = infoFactory.getBeanInfo();
136        }
137    
138        public static GBeanInfo getGBeanInfo() {
139            return GBEAN_INFO;
140        }
141    }