|
Glassfish example source code file (WebSecurityManager.java)
The Glassfish WebSecurityManager.java source code/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package com.sun.enterprise.security.web.integration;
import org.glassfish.internal.api.ServerContext;
import java.security.*;
import java.util.Set;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.Collections;
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import javax.security.jacc.*;
import java.util.logging.*;
import com.sun.logging.LogDomains;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.CachedPermission;
import com.sun.enterprise.security.CachedPermissionImpl;
import com.sun.enterprise.security.PermissionCache;
import com.sun.enterprise.security.PermissionCacheFactory;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.audit.AuditManager;
import com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping;
import org.glassfish.security.common.PrincipalImpl;
import org.glassfish.security.common.Group;
import com.sun.enterprise.config.serverbeans.*;
//V3:Commented import com.sun.enterprise.server.ApplicationServer;
import com.sun.enterprise.deployment.runtime.common.WLSecurityRoleAssignment;
import com.sun.enterprise.deployment.web.LoginConfiguration;
import com.sun.enterprise.deployment.runtime.web.SunWebApp;
//import org.apache.catalina.Globals;
import com.sun.enterprise.security.SecurityRoleMapperFactoryGen;
import com.sun.enterprise.security.SecurityServicesUtil;
import com.sun.enterprise.security.SecurityUtil;
import com.sun.enterprise.security.WebSecurityDeployerProbeProvider;
import java.util.List;
import org.glassfish.api.web.Constants;
/**
* The class implements the JSR 115 - JavaTM Authorization Contract for Containers.
* This class is a companion class of EJBSecurityManager.
*
* All the security decisions required to allow access to a resource are defined
* in that class.
*
* @author Jean-Francois Arcand
* @author Harpreet Singh.
* @todo introduce a new class called AbstractSecurityManager. Move functionality
* from this class and EJBSecurityManager class and extend this class from
* AbstractSecurityManager
*/
public class WebSecurityManager {
private static final Logger logger =
Logger.getLogger(LogDomains.SECURITY_LOGGER);
/**
* Request path. Copied from org.apache.catalina.Globals;
* Required to break dependence on WebTier of Security Module
*/
public static final String CONSTRAINT_URI =
"org.apache.catalina.CONSTRAINT_URI";
private static final String RESOURCE = "hasResourcePermission";
private static final String USERDATA = "hasUserDataPermission";
private static final String ROLEREF = "hasRoleRefPermission";
private static final String DEFAULT_PATTERN = "/";
private static final String EMPTY_STRING = "";
// The context ID associated with this instance. This is the name
// of the application
private String CONTEXT_ID = null;
private String CODEBASE = null;
// The JACC policy provider.
protected Policy policy = Policy.getPolicy();
protected PolicyConfiguration pc = null;
protected PolicyConfigurationFactory pcf= null;
protected CodeSource codesource = null;
// protection domain cache
private Map protectionDomainCache =
Collections.synchronizedMap(new WeakHashMap());
private static final WebResourcePermission allResources =
new WebResourcePermission("/*",(String) null);
private static final WebUserDataPermission allConnections =
new WebUserDataPermission("/*",null);
private static Permission[] protoPerms = {
allResources,
allConnections
};
// permissions tied to unchecked permission cache, and used
// to determine if the effective policy is grant all
// WebUserData and WebResource permisions.
private CachedPermission allResourcesCP = null;
private CachedPermission allConnectionsCP = null;
// unchecked permission cache
private PermissionCache uncheckedPermissionCache = null;
private static Set defaultPrincipalSet =
SecurityContext.getDefaultSecurityContext().getPrincipalSet();
//private SecurityRoleMapperFactory factory = null;
private WebSecurityManagerFactory wsmf = null;
private ServerContext serverContext = null;
// WebBundledescriptor
private WebBundleDescriptor wbd = null;
//ProbeProvider
private WebSecurityDeployerProbeProvider probeProvider = new WebSecurityDeployerProbeProvider();
private boolean register = true;
WebSecurityManager(WebBundleDescriptor wbd, ServerContext svc, WebSecurityManagerFactory fact, boolean register) throws PolicyContextException{
this.register = register;
this.wbd = wbd;
this.CONTEXT_ID = getContextID(wbd);
this.serverContext = svc;
this.wsmf = fact;
String appname = getAppId();
//factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
postConstruct();
initialise(appname);
}
// Create a WebSecurityObject
private WebSecurityManager(WebBundleDescriptor wbd, WebSecurityManagerFactory fact) throws PolicyContextException {
this(wbd,null, fact);
}
WebSecurityManager(WebBundleDescriptor wbd, ServerContext svc, WebSecurityManagerFactory fact) throws PolicyContextException {
this.wbd = wbd;
this.CONTEXT_ID = getContextID(wbd);
this.serverContext = svc;
this.wsmf = fact;
String appname = getAppId();
// factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
postConstruct();
initialise(appname);
}
private void postConstruct() {
SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory().setAppNameForContext(getAppId(), CONTEXT_ID);
}
private String removeSpaces(String withSpaces){
return withSpaces.replace(' ', '_');
}
// fix for CR 6155144
// used to get the policy context id. Also used by the RealmAdapter
public static String getContextID(WebBundleDescriptor wbd) {
return SecurityUtil.getContextID(wbd);
}
private void initialise(String appName) throws PolicyContextException {
getPolicyFactory();
CODEBASE = removeSpaces(CONTEXT_ID) ;
//V3:Commented if(VirtualServer.ADMIN_VS.equals(getVirtualServers(appName))){
if(Constants.ADMIN_VS.equals(getVirtualServers(appName))){
LoginConfiguration lgConf = wbd.getLoginConfiguration();
if (lgConf != null){
String realmName = lgConf.getRealmName();
SunWebApp sunDes = wbd.getSunDescriptor();
if(sunDes != null){
SecurityRoleMapping[] srms = sunDes.getSecurityRoleMapping();
if(srms != null){
for (SecurityRoleMapping srm : srms) {
String[] principals = srm.getPrincipalName();
if (principals != null) {
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
for (String group : srm.getGroupNames()) {
wsmf.ADMIN_GROUP.put(realmName + group, new Group(group));
}
}
}
WLSecurityRoleAssignment[] sras = sunDes.getWLSecurityRoleAssignment();
if(sras != null){
for (WLSecurityRoleAssignment sra : sras) {
List<String> principals = sra.getPrincipalNames();
if (sra.isExternallyDefined()) {
wsmf.ADMIN_GROUP.put(realmName + sra.getRoleName(), new Group(sra.getRoleName()));
continue;
}
for (String principal : principals) {
wsmf.ADMIN_PRINCIPAL.put(realmName + principal, new PrincipalImpl(principal));
}
}
}
}
}
}
// will require stuff in hash format for reference later on.
try{
java.net.URI uri = null;
try{
if(logger.isLoggable(Level.FINE))
logger.log(Level.FINE, "[Web-Security] Creating a Codebase URI with = {0}", CODEBASE);
uri = new java.net.URI("file:///"+ CODEBASE);
if(uri != null){
codesource = new CodeSource(new URL(uri.toString()),
(java.security.cert.Certificate[]) null);
}
} catch(java.net.URISyntaxException use){
// manually create the URL
logger.log(Level.FINE, "[Web-Security] Error Creating URI ", use);
throw new RuntimeException(use);
}
} catch(java.net.MalformedURLException mue){
logger.log(Level.SEVERE, "ejbsm.codesourceerror", mue);
throw new RuntimeException(mue);
}
if(logger.isLoggable(Level.FINE)){
logger.log(Level.FINE, "[Web-Security] Context id (id under which WEB component in application will be created) = {0}", CONTEXT_ID);
logger.log(Level.FINE, "[Web-Security] Codebase (module id for web component) {0}", CODEBASE);
}
loadPolicyConfiguration();
if (uncheckedPermissionCache == null) {
if (register) {
uncheckedPermissionCache =
PermissionCacheFactory.createPermissionCache(this.CONTEXT_ID, codesource, protoPerms, null);
allResourcesCP =
new CachedPermissionImpl(uncheckedPermissionCache,
allResources);
allConnectionsCP =
new CachedPermissionImpl(uncheckedPermissionCache,
allConnections);
}
} else {
uncheckedPermissionCache.reset();
}
}
public void loadPolicyConfiguration() throws PolicyContextException {
boolean inService = getPolicyFactory().inService(CONTEXT_ID);
// only regenerate policy file if it isn't already in service
// Consequently all things that deploy modules (as apposed to
// loading already deployed modules) must make sure pre-exiting
// pc is either in deleted or open state before this method
// (i.e. initialise) is called. That is, before constructing
// the WebSecurityManager. Note that policy statements are not
// removed to allow multiple web modules to be represented by same pc.
if (!inService) {
pc = getPolicyFactory().getPolicyConfiguration(CONTEXT_ID,false);
try{
WebPermissionUtil.processConstraints(wbd, pc);
WebPermissionUtil.createWebRoleRefPermission(wbd, pc);
} catch (PolicyContextException pce){
logger.log(Level.FINE,"[Web-Security] FATAL Permission Generation: " + pce.getMessage());
throw pce;
}
}
}
// this will change too - get the application id name
private String getAppId() {
return wbd.getApplication().getRegistrationName();
}
public boolean permitAll(HttpServletRequest req) {
boolean ret = false;
WebResourcePermission webResPerm = createWebResourcePermission(req);
if (uncheckedPermissionCache != null) {
ret = uncheckedPermissionCache.checkPermission(webResPerm);
}
if (ret == false) {
ret = checkPermissionWithoutCache(webResPerm, null);
}
return ret;
}
/*
* Invoke the <code>Policy to determine if the
Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish WebSecurityManager.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.