1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.jboss.as.quickstarts.ejb_security_interceptors;
18
19 import java.security.AccessController;
20 import java.security.Principal;
21 import java.security.PrivilegedAction;
22 import java.security.PrivilegedActionException;
23 import java.security.PrivilegedExceptionAction;
24 import java.util.Collection;
25
26 import javax.security.auth.Subject;
27
28 import org.jboss.as.security.api.ConnectionSecurityContext;
29 import org.jboss.as.security.api.ContextStateCache;
30 import org.jboss.security.SecurityContext;
31 import org.jboss.security.SecurityContextAssociation;
32 import org.jboss.security.SecurityContextFactory;
33
34
35
36
37
38
39 final class SecurityActions {
40
41 private SecurityActions() {
42 }
43
44
45
46
47
48 static Collection<Principal> getConnectionPrincipals() {
49 return connectionSecurityContextActions().getConnectionPrincipals();
50 }
51
52 static ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
53 return connectionSecurityContextActions().pushIdentity(principal, credential);
54 }
55
56 static void popIdentity(final ContextStateCache stateCache) {
57 connectionSecurityContextActions().popIdentity(stateCache);
58 }
59
60 private static ConnectionSecurityContextActions connectionSecurityContextActions() {
61 return System.getSecurityManager() == null ? ConnectionSecurityContextActions.NON_PRIVILEGED : ConnectionSecurityContextActions.PRIVILEGED;
62 }
63
64 private interface ConnectionSecurityContextActions {
65
66 Collection<Principal> getConnectionPrincipals();
67
68 ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception;
69
70 void popIdentity(final ContextStateCache stateCache);
71
72 ConnectionSecurityContextActions NON_PRIVILEGED = new ConnectionSecurityContextActions() {
73
74 public Collection<Principal> getConnectionPrincipals() {
75 return ConnectionSecurityContext.getConnectionPrincipals();
76 }
77
78 @Override
79 public ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
80 return ConnectionSecurityContext.pushIdentity(principal, credential);
81 }
82
83 @Override
84 public void popIdentity(ContextStateCache stateCache) {
85 ConnectionSecurityContext.popIdentity(stateCache);
86 }
87 };
88
89 ConnectionSecurityContextActions PRIVILEGED = new ConnectionSecurityContextActions() {
90
91 PrivilegedAction<Collection<Principal>> GET_CONNECTION_PRINCIPALS_ACTION = new PrivilegedAction<Collection<Principal>>() {
92
93 @Override
94 public Collection<Principal> run() {
95 return NON_PRIVILEGED.getConnectionPrincipals();
96 }
97 };
98
99 public Collection<Principal> getConnectionPrincipals() {
100 return AccessController.doPrivileged(GET_CONNECTION_PRINCIPALS_ACTION);
101 }
102
103 @Override
104 public ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
105 try {
106 return AccessController.doPrivileged(new PrivilegedExceptionAction<ContextStateCache>() {
107
108 @Override
109 public ContextStateCache run() throws Exception {
110 return NON_PRIVILEGED.pushIdentity(principal, credential);
111 }
112 });
113 } catch (PrivilegedActionException e) {
114 throw e.getException();
115 }
116 }
117
118 @Override
119 public void popIdentity(final ContextStateCache stateCache) {
120 AccessController.doPrivileged(new PrivilegedAction<Void>() {
121
122 @Override
123 public Void run() {
124 NON_PRIVILEGED.popIdentity(stateCache);
125 return null;
126 }
127 });
128
129 }
130
131 };
132
133 }
134
135
136
137
138
139 static void securityContextSet(final SecurityContext context) {
140 securityContextActions().setSecurityContext(context);
141 }
142
143 static void securityContextClear() {
144 securityContextActions().clear();
145 }
146
147 static Principal securityContextGetPrincipal() {
148 return securityContextActions().getPrincipal();
149 }
150
151 static void securityContextSetPrincpal(final Principal principal) {
152 securityContextActions().setPrincipal(principal);
153 }
154
155
156
157
158 static SecurityContext securityContextSetPrincipalInfo(final Principal principal, final OuterUserCredential credential)
159 throws Exception {
160 return securityContextActions().setPrincipalInfo(principal, credential);
161 }
162
163 private static SecurityContextActions securityContextActions() {
164 return System.getSecurityManager() == null ? SecurityContextActions.NON_PRIVILEGED : SecurityContextActions.PRIVILEGED;
165 }
166
167 private interface SecurityContextActions {
168
169 void setSecurityContext(final SecurityContext context);
170
171 void clear();
172
173 Principal getPrincipal();
174
175 void setPrincipal(final Principal principal);
176
177 SecurityContext setPrincipalInfo(final Principal principal, final OuterUserCredential credential) throws Exception;
178
179 SecurityContextActions NON_PRIVILEGED = new SecurityContextActions() {
180
181 public void setSecurityContext(SecurityContext context) {
182 SecurityContextAssociation.setSecurityContext(context);
183 }
184
185 public void clear() {
186 SecurityContextAssociation.clearSecurityContext();
187 }
188
189 public Principal getPrincipal() {
190 return SecurityContextAssociation.getPrincipal();
191 }
192
193 public void setPrincipal(final Principal principal) {
194 SecurityContextAssociation.setPrincipal(principal);
195 }
196
197 public SecurityContext setPrincipalInfo(Principal principal, OuterUserCredential credential) throws Exception {
198 SecurityContext currentContext = SecurityContextAssociation.getSecurityContext();
199
200 SecurityContext nextContext = SecurityContextFactory.createSecurityContext(principal, credential,
201 new Subject(), "USER_DELEGATION");
202 SecurityContextAssociation.setSecurityContext(nextContext);
203
204 return currentContext;
205 }
206
207 };
208
209 SecurityContextActions PRIVILEGED = new SecurityContextActions() {
210
211 PrivilegedAction<Principal> GET_PRINCIPAL_ACTION = new PrivilegedAction<Principal>() {
212
213 public Principal run() {
214 return NON_PRIVILEGED.getPrincipal();
215 }
216 };
217
218 PrivilegedAction<Void> CLEAR_ACTION = new PrivilegedAction<Void>() {
219
220 public Void run() {
221 NON_PRIVILEGED.clear();
222 return null;
223 }
224 };
225
226 public void setSecurityContext(final SecurityContext context) {
227 AccessController.doPrivileged(new PrivilegedAction<Void>() {
228
229 public Void run() {
230 NON_PRIVILEGED.setSecurityContext(context);
231 return null;
232 }
233 });
234 }
235
236 public void clear() {
237 AccessController.doPrivileged(CLEAR_ACTION);
238 }
239
240 public Principal getPrincipal() {
241 return AccessController.doPrivileged(GET_PRINCIPAL_ACTION);
242 }
243
244 public void setPrincipal(final Principal principal) {
245 AccessController.doPrivileged(new PrivilegedAction<Void>() {
246
247 public Void run() {
248 NON_PRIVILEGED.setPrincipal(principal);
249 return null;
250 }
251 });
252 }
253
254 public SecurityContext setPrincipalInfo(final Principal principal, final OuterUserCredential credential)
255 throws Exception {
256 try {
257 return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>() {
258
259 public SecurityContext run() throws Exception {
260 return NON_PRIVILEGED.setPrincipalInfo(principal, credential);
261 }
262 });
263 } catch (PrivilegedActionException e) {
264 throw e.getException();
265 }
266 }
267
268 };
269
270 }
271
272
273
274
275
276 static ClassLoader getContextClassLoader() {
277 return (System.getSecurityManager() == null ? ContextClassLoaderAction.NON_PRIVILEGED
278 : ContextClassLoaderAction.PRIVILEGED).getContextClassLoader();
279 }
280
281 private interface ContextClassLoaderAction {
282
283 ClassLoader getContextClassLoader();
284
285 ContextClassLoaderAction NON_PRIVILEGED = new ContextClassLoaderAction() {
286
287 public ClassLoader getContextClassLoader() {
288 return Thread.currentThread().getContextClassLoader();
289 }
290 };
291
292 ContextClassLoaderAction PRIVILEGED = new ContextClassLoaderAction() {
293
294 private PrivilegedAction<ClassLoader> GET_CONTEXT_CLASS_LOADER = new PrivilegedAction<ClassLoader>() {
295
296 public ClassLoader run() {
297 return NON_PRIVILEGED.getContextClassLoader();
298 }
299 };
300
301 public ClassLoader getContextClassLoader() {
302 return AccessController.doPrivileged(GET_CONTEXT_CLASS_LOADER);
303 }
304 };
305 }
306 }