/*
* JBoss, the OpenSource J2EE webOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins;
import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.RunAs;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SecurityContextUtil;
import org.jboss.security.SecurityManagerLocator;
import org.jboss.security.SubjectInfo;
import org.jboss.security.audit.AuditManager;
import org.jboss.security.auth.callback.SecurityAssociationHandler;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.mapping.MappingManager;
/**
* Implementation of the Security Context for the JBoss AS
* @author <a href="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
* @version $Revision$
* @since Aug 30, 2006
*/
public class JBossSecurityContext implements SecurityContext, SecurityManagerLocator
{
private static final long serialVersionUID = 1L;
protected static final Logger log = Logger.getLogger(JBossSecurityContext.class);
protected boolean trace = log.isTraceEnabled();
protected Map<String,Object> contextData = new HashMap<String,Object>();
protected String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
protected SubjectInfo subjectInfo = null;
protected RunAs incomingRunAs = null;
protected RunAs outgoingRunAs = null;
protected ISecurityManagement iSecurityManagement;
protected CallbackHandler callbackHandler = new SecurityAssociationHandler();
public JBossSecurityContext(String securityDomain)
{
this.securityDomain = securityDomain;
iSecurityManagement = new DefaultSecurityManagement(this.callbackHandler);
//Create a null subjectinfo as default
getUtil().createSubjectInfo(null, null, null);
}
/**
* @see SecurityContext#getSecurityManagement()
*/
public ISecurityManagement getSecurityManagement()
{
return this.iSecurityManagement;
}
/**
* @see SecurityContext#setSecurityManagement(ISecurityManagement)
*/
public void setSecurityManagement(ISecurityManagement ism)
{
if(ism == null)
throw new IllegalArgumentException("ism is null");
this.iSecurityManagement = ism;
}
/**
* @see SecurityContext#getData()
*/
public Map<String,Object> getData()
{
return contextData;
}
public String getSecurityDomain()
{
return securityDomain;
}
/**
* @see SecurityContext#getSubjectInfo()
*/
public SubjectInfo getSubjectInfo()
{
return subjectInfo;
}
/**
* @see SecurityContext#getOutgoingRunAs()
*/
public RunAs getIncomingRunAs()
{
return this.incomingRunAs;
}
/**
* @see SecurityContext#setOutgoingRunAs(RunAs)
*/
public void setIncomingRunAs(RunAs runAs)
{
this.incomingRunAs = runAs;
}
/**
* @see SecurityContext#getOutgoingRunAs()
*/
public RunAs getOutgoingRunAs()
{
return this.outgoingRunAs;
}
/**
* @see SecurityContext#setOutgoingRunAs(RunAs)
*/
public void setOutgoingRunAs(RunAs runAs)
{
this.outgoingRunAs = runAs;
}
/**
* @see SecurityContext#getUtil()
*/
public SecurityContextUtil getUtil()
{
SecurityContextUtil util = null;
try
{
util = SecurityContextFactory.createUtil(this);
}
catch (Exception e)
{
throw new IllegalStateException(e);
}
return util;
}
public AuditManager getAuditManager()
{
return this.iSecurityManagement.getAuditManager(this.securityDomain);
}
public AuthenticationManager getAuthenticationManager()
{
return this.iSecurityManagement.getAuthenticationManager(this.securityDomain);
}
public AuthorizationManager getAuthorizationManager()
{
return this.iSecurityManagement.getAuthorizationManager(this.securityDomain);
}
public IdentityTrustManager getIdentityTrustManager()
{
return this.iSecurityManagement.getIdentityTrustManager(this.securityDomain);
}
public MappingManager getMappingManager()
{
return this.iSecurityManagement.getMappingManager(this.securityDomain);
}
//Value Added Methods
public void setSubjectInfo(SubjectInfo si)
{
this.subjectInfo = si;
}
public void setRoles(Group roles, boolean replace)
{
Group mergedRoles = roles;
if(!replace)
{
mergedRoles = mergeGroups( (Group)contextData.get(ROLES_IDENTIFIER), roles);
}
contextData.put(ROLES_IDENTIFIER, mergedRoles);
}
private Group mergeGroups(Group a, Group b)
{
Group newGroup = b;
if(a != null)
{
Enumeration<? extends Principal> en = a.members();
while(en.hasMoreElements())
{
newGroup.addMember(en.nextElement());
}
}
return newGroup;
}
/**
* Set the CallbackHandler for the Managers in the SecurityContext
* @param callbackHandler
*/
public void setCallbackHandler(CallbackHandler callbackHandler)
{
this.callbackHandler = callbackHandler;
}
@SuppressWarnings("unchecked")
@Override
public Object clone() throws CloneNotSupportedException
{
JBossSecurityContext jsc = (JBossSecurityContext) super.clone();
if(jsc != null)
{
HashMap<String,Object> cmap = (HashMap<String,Object>)contextData;
jsc.contextData = (Map<String, Object>) (cmap).clone();
}
return super.clone();
}
}