View Javadoc
1   /*
2    * JBoss, Home of Professional Open Source
3    * Copyright 2014, Red Hat, Inc. and/or its affiliates, and individual
4    * contributors by the @authors tag. See the copyright.txt in the
5    * distribution for a full listing of individual contributors.
6    *
7    * Licensed under the Apache License, Version 2.0 (the "License");
8    * you may not use this file except in compliance with the License.
9    * You may obtain a copy of the License at
10   * http://www.apache.org/licenses/LICENSE-2.0
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.jboss.as.quickstarts.ejb_security_interceptors;
18  
19  import java.security.AccessController;
20  import java.security.Principal;
21  import java.security.PrivilegedAction;
22  import java.security.PrivilegedActionException;
23  import java.security.PrivilegedExceptionAction;
24  import java.util.Collection;
25  
26  import javax.security.auth.Subject;
27  
28  import org.jboss.as.security.api.ConnectionSecurityContext;
29  import org.jboss.as.security.api.ContextStateCache;
30  import org.jboss.security.SecurityContext;
31  import org.jboss.security.SecurityContextAssociation;
32  import org.jboss.security.SecurityContextFactory;
33  
34  /**
35   * Security actions for this package only.
36   *
37   * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
38   */
39  final class SecurityActions {
40  
41      private SecurityActions() {
42      }
43  
44      /*
45       * ConnectionSecurityContext Actions
46       */
47  
48      static Collection<Principal> getConnectionPrincipals() {
49          return connectionSecurityContextActions().getConnectionPrincipals();
50      }
51  
52      static ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
53          return connectionSecurityContextActions().pushIdentity(principal, credential);
54      }
55  
56      static void popIdentity(final ContextStateCache stateCache) {
57          connectionSecurityContextActions().popIdentity(stateCache);
58      }
59  
60      private static ConnectionSecurityContextActions connectionSecurityContextActions() {
61          return System.getSecurityManager() == null ? ConnectionSecurityContextActions.NON_PRIVILEGED : ConnectionSecurityContextActions.PRIVILEGED;
62      }
63  
64      private interface ConnectionSecurityContextActions {
65  
66          Collection<Principal> getConnectionPrincipals();
67  
68          ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception;
69  
70          void popIdentity(final ContextStateCache stateCache);
71  
72          ConnectionSecurityContextActions NON_PRIVILEGED = new ConnectionSecurityContextActions() {
73  
74              public Collection<Principal> getConnectionPrincipals() {
75                  return ConnectionSecurityContext.getConnectionPrincipals();
76              }
77  
78              @Override
79              public ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
80                  return ConnectionSecurityContext.pushIdentity(principal, credential);
81              }
82  
83              @Override
84              public void popIdentity(ContextStateCache stateCache) {
85                  ConnectionSecurityContext.popIdentity(stateCache);
86              }
87          };
88  
89          ConnectionSecurityContextActions PRIVILEGED = new ConnectionSecurityContextActions() {
90  
91              PrivilegedAction<Collection<Principal>> GET_CONNECTION_PRINCIPALS_ACTION = new PrivilegedAction<Collection<Principal>>() {
92  
93                  @Override
94                  public Collection<Principal> run() {
95                      return NON_PRIVILEGED.getConnectionPrincipals();
96                  }
97              };
98  
99              public Collection<Principal> getConnectionPrincipals() {
100                 return AccessController.doPrivileged(GET_CONNECTION_PRINCIPALS_ACTION);
101             }
102 
103             @Override
104             public ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
105                 try {
106                     return AccessController.doPrivileged(new PrivilegedExceptionAction<ContextStateCache>() {
107 
108                         @Override
109                         public ContextStateCache run() throws Exception {
110                             return NON_PRIVILEGED.pushIdentity(principal, credential);
111                         }
112                     });
113                 } catch (PrivilegedActionException e) {
114                     throw e.getException();
115                 }
116             }
117 
118             @Override
119             public void popIdentity(final ContextStateCache stateCache) {
120                 AccessController.doPrivileged(new PrivilegedAction<Void>() {
121 
122                     @Override
123                     public Void run() {
124                         NON_PRIVILEGED.popIdentity(stateCache);
125                         return null;
126                     }
127                 });
128 
129             }
130 
131         };
132 
133     }
134 
135     /*
136      * SecurityContext Actions
137      */
138 
139     static void securityContextSet(final SecurityContext context) {
140         securityContextActions().setSecurityContext(context);
141     }
142 
143     static void securityContextClear() {
144         securityContextActions().clear();
145     }
146 
147     static Principal securityContextGetPrincipal() {
148         return securityContextActions().getPrincipal();
149     }
150 
151     static void securityContextSetPrincpal(final Principal principal) {
152         securityContextActions().setPrincipal(principal);
153     }
154 
155     /**
156      * @return The SecurityContext previously set if any.
157      */
158     static SecurityContext securityContextSetPrincipalInfo(final Principal principal, final OuterUserCredential credential)
159         throws Exception {
160         return securityContextActions().setPrincipalInfo(principal, credential);
161     }
162 
163     private static SecurityContextActions securityContextActions() {
164         return System.getSecurityManager() == null ? SecurityContextActions.NON_PRIVILEGED : SecurityContextActions.PRIVILEGED;
165     }
166 
167     private interface SecurityContextActions {
168 
169         void setSecurityContext(final SecurityContext context);
170 
171         void clear();
172 
173         Principal getPrincipal();
174 
175         void setPrincipal(final Principal principal);
176 
177         SecurityContext setPrincipalInfo(final Principal principal, final OuterUserCredential credential) throws Exception;
178 
179         SecurityContextActions NON_PRIVILEGED = new SecurityContextActions() {
180 
181             public void setSecurityContext(SecurityContext context) {
182                 SecurityContextAssociation.setSecurityContext(context);
183             }
184 
185             public void clear() {
186                 SecurityContextAssociation.clearSecurityContext();
187             }
188 
189             public Principal getPrincipal() {
190                 return SecurityContextAssociation.getPrincipal();
191             }
192 
193             public void setPrincipal(final Principal principal) {
194                 SecurityContextAssociation.setPrincipal(principal);
195             }
196 
197             public SecurityContext setPrincipalInfo(Principal principal, OuterUserCredential credential) throws Exception {
198                 SecurityContext currentContext = SecurityContextAssociation.getSecurityContext();
199 
200                 SecurityContext nextContext = SecurityContextFactory.createSecurityContext(principal, credential,
201                     new Subject(), "USER_DELEGATION");
202                 SecurityContextAssociation.setSecurityContext(nextContext);
203 
204                 return currentContext;
205             }
206 
207         };
208 
209         SecurityContextActions PRIVILEGED = new SecurityContextActions() {
210 
211             PrivilegedAction<Principal> GET_PRINCIPAL_ACTION = new PrivilegedAction<Principal>() {
212 
213                 public Principal run() {
214                     return NON_PRIVILEGED.getPrincipal();
215                 }
216             };
217 
218             PrivilegedAction<Void> CLEAR_ACTION = new PrivilegedAction<Void>() {
219 
220                 public Void run() {
221                     NON_PRIVILEGED.clear();
222                     return null;
223                 }
224             };
225 
226             public void setSecurityContext(final SecurityContext context) {
227                 AccessController.doPrivileged(new PrivilegedAction<Void>() {
228 
229                     public Void run() {
230                         NON_PRIVILEGED.setSecurityContext(context);
231                         return null;
232                     }
233                 });
234             }
235 
236             public void clear() {
237                 AccessController.doPrivileged(CLEAR_ACTION);
238             }
239 
240             public Principal getPrincipal() {
241                 return AccessController.doPrivileged(GET_PRINCIPAL_ACTION);
242             }
243 
244             public void setPrincipal(final Principal principal) {
245                 AccessController.doPrivileged(new PrivilegedAction<Void>() {
246 
247                     public Void run() {
248                         NON_PRIVILEGED.setPrincipal(principal);
249                         return null;
250                     }
251                 });
252             }
253 
254             public SecurityContext setPrincipalInfo(final Principal principal, final OuterUserCredential credential)
255                 throws Exception {
256                 try {
257                     return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>() {
258 
259                         public SecurityContext run() throws Exception {
260                             return NON_PRIVILEGED.setPrincipalInfo(principal, credential);
261                         }
262                     });
263                 } catch (PrivilegedActionException e) {
264                     throw e.getException();
265                 }
266             }
267 
268         };
269 
270     }
271 
272     /*
273      * ClassLoader Actions
274      */
275 
276     static ClassLoader getContextClassLoader() {
277         return (System.getSecurityManager() == null ? ContextClassLoaderAction.NON_PRIVILEGED
278             : ContextClassLoaderAction.PRIVILEGED).getContextClassLoader();
279     }
280 
281     private interface ContextClassLoaderAction {
282 
283         ClassLoader getContextClassLoader();
284 
285         ContextClassLoaderAction NON_PRIVILEGED = new ContextClassLoaderAction() {
286 
287             public ClassLoader getContextClassLoader() {
288                 return Thread.currentThread().getContextClassLoader();
289             }
290         };
291 
292         ContextClassLoaderAction PRIVILEGED = new ContextClassLoaderAction() {
293 
294             private PrivilegedAction<ClassLoader> GET_CONTEXT_CLASS_LOADER = new PrivilegedAction<ClassLoader>() {
295 
296                 public ClassLoader run() {
297                     return NON_PRIVILEGED.getContextClassLoader();
298                 }
299             };
300 
301             public ClassLoader getContextClassLoader() {
302                 return AccessController.doPrivileged(GET_CONTEXT_CLASS_LOADER);
303             }
304         };
305     }
306 }