001 /**
002 *
003 * Copyright 2003-2004 The Apache Software Foundation
004 *
005 * Licensed under the Apache License, Version 2.0 (the "License");
006 * you may not use this file except in compliance with the License.
007 * You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.security.jacc;
018
019 import java.security.Permission;
020 import java.security.PermissionCollection;
021 import java.security.Policy;
022 import java.util.Enumeration;
023 import java.util.HashMap;
024 import java.util.Iterator;
025 import java.util.Map;
026 import javax.security.auth.Subject;
027 import javax.security.jacc.PolicyConfiguration;
028 import javax.security.jacc.PolicyConfigurationFactory;
029 import javax.security.jacc.PolicyContextException;
030
031 import org.apache.geronimo.gbean.GBeanInfo;
032 import org.apache.geronimo.gbean.GBeanInfoBuilder;
033 import org.apache.geronimo.gbean.GBeanLifecycle;
034 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
035 import org.apache.geronimo.security.ContextManager;
036 import org.apache.geronimo.security.IdentificationPrincipal;
037 import org.apache.geronimo.security.SubjectId;
038
039 /**
040 * @version $Rev: 431706 $ $Date: 2006-08-15 14:19:27 -0700 (Tue, 15 Aug 2006) $
041 */
042 public class ApplicationPolicyConfigurationManager implements GBeanLifecycle {
043
044 private final Map contextIdToPolicyConfigurationMap = new HashMap();
045 private final Map roleDesignates;
046 private final PrincipalRoleMapper principalRoleMapper;
047
048 public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map roleDesignates, ClassLoader cl, PrincipalRoleMapper principalRoleMapper) throws PolicyContextException, ClassNotFoundException {
049 this.principalRoleMapper = principalRoleMapper;
050 Thread currentThread = Thread.currentThread();
051 ClassLoader oldClassLoader = currentThread.getContextClassLoader();
052 currentThread.setContextClassLoader(cl);
053 PolicyConfigurationFactory policyConfigurationFactory;
054 try {
055 policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
056 } finally {
057 currentThread.setContextClassLoader(oldClassLoader);
058 }
059
060 for (Iterator iterator = contextIdToPermissionsMap.entrySet().iterator(); iterator.hasNext();) {
061 Map.Entry entry = (Map.Entry) iterator.next();
062 String contextID = (String) entry.getKey();
063 ComponentPermissions componentPermissions = (ComponentPermissions) entry.getValue();
064
065 PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID, true);
066 contextIdToPolicyConfigurationMap.put(contextID, policyConfiguration);
067 policyConfiguration.addToExcludedPolicy(componentPermissions.getExcludedPermissions());
068 policyConfiguration.addToUncheckedPolicy(componentPermissions.getUncheckedPermissions());
069 for (Iterator roleIterator = componentPermissions.getRolePermissions().entrySet().iterator(); roleIterator.hasNext();) {
070 Map.Entry roleEntry = (Map.Entry) roleIterator.next();
071 String roleName = (String) roleEntry.getKey();
072 PermissionCollection rolePermissions = (PermissionCollection) roleEntry.getValue();
073 for (Enumeration permissions = rolePermissions.elements(); permissions.hasMoreElements();) {
074 Permission permission = (Permission) permissions.nextElement();
075 policyConfiguration.addToRole(roleName, permission);
076
077 }
078 }
079 }
080
081 if (principalRoleMapper != null) {
082 principalRoleMapper.install(contextIdToPermissionsMap.keySet());
083 }
084
085 //link everything together
086 for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) {
087 PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
088 for (Iterator iterator2 = contextIdToPolicyConfigurationMap.values().iterator(); iterator2.hasNext();) {
089 PolicyConfiguration policyConfiguration2 = (PolicyConfiguration) iterator2.next();
090 if (policyConfiguration != policyConfiguration2) {
091 policyConfiguration.linkConfiguration(policyConfiguration2);
092 }
093 }
094 }
095
096 //commit
097 for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) {
098 PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
099 policyConfiguration.commit();
100 }
101
102 //refresh policy
103 Policy policy = Policy.getPolicy();
104 policy.refresh();
105
106 for (Iterator iterator = roleDesignates.entrySet().iterator(); iterator.hasNext();) {
107 Map.Entry entry = (Map.Entry) iterator.next();
108 Subject roleDesignate = (Subject) entry.getValue();
109 ContextManager.registerSubject(roleDesignate);
110 SubjectId id = ContextManager.getSubjectId(roleDesignate);
111 roleDesignate.getPrincipals().add(new IdentificationPrincipal(id));
112 }
113 this.roleDesignates = roleDesignates;
114 }
115
116 public void doStart() throws Exception {
117
118 }
119
120 public void doStop() throws Exception {
121 for (Iterator iterator = roleDesignates.entrySet().iterator(); iterator.hasNext();) {
122 Map.Entry entry = (Map.Entry) iterator.next();
123 Subject roleDesignate = (Subject) entry.getValue();
124 ContextManager.unregisterSubject(roleDesignate);
125 }
126
127 if (principalRoleMapper != null) {
128 principalRoleMapper.uninstall();
129 }
130
131 for (Iterator iterator = contextIdToPolicyConfigurationMap.values().iterator(); iterator.hasNext();) {
132 PolicyConfiguration policyConfiguration = (PolicyConfiguration) iterator.next();
133 policyConfiguration.delete();
134 }
135 }
136
137 public void doFail() {
138
139 }
140
141 public static final GBeanInfo GBEAN_INFO;
142
143 static {
144 GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ApplicationPolicyConfigurationManager.class, NameFactory.JACC_MANAGER);
145 infoBuilder.addAttribute("contextIdToPermissionsMap", Map.class, true);
146 infoBuilder.addAttribute("roleDesignates", Map.class, true);
147 infoBuilder.addAttribute("classLoader", ClassLoader.class, false);
148 infoBuilder.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, NameFactory.JACC_MANAGER);
149 infoBuilder.setConstructor(new String[] {"contextIdToPermissionsMap", "roleDesignates", "classLoader", "PrincipalRoleMapper"});
150 GBEAN_INFO = infoBuilder.getBeanInfo();
151 }
152
153 public static GBeanInfo getGBeanInfo() {
154 return GBEAN_INFO;
155 }
156 }