Glassfish example source code file (WebSecurityManagerFactory.java)

This example Glassfish source code file (WebSecurityManagerFactory.java) is included in the DevDaily.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" ^TM.

Java - Glassfish tags/keywords

arraylist, arraylist, context_ids, hashmap, log, logging, map, map, policycontexthandlerimpl, principal, security, string, string, util, websecuritydeployerprobeprovider, websecuritymanager, websecuritymanager, websecuritymanagerfactory

The Glassfish WebSecurityManagerFactory.java source code

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
 * or packager/legal/LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at packager/legal/LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */

package com.sun.enterprise.security.web.integration;

import java.util.HashMap;
import java.util.Map;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.security.WebSecurityDeployerProbeProvider;
import com.sun.enterprise.security.authorize.PolicyContextHandlerImpl;
import com.sun.enterprise.security.factory.SecurityManagerFactory;
import org.glassfish.internal.api.ServerContext;
import java.util.logging.*;
import com.sun.logging.LogDomains;
import java.security.Principal;
import java.util.ArrayList;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.PolicyContextHandler;
import org.jvnet.hk2.annotations.Scoped;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.Singleton;

/** @author JeanFrancois Arcand
 *  @author Harpreet Singh
 */
@Service
@Scoped(Singleton.class)
public class WebSecurityManagerFactory extends SecurityManagerFactory {

    private static Logger logger =
            Logger.getLogger(LogDomains.SECURITY_LOGGER);
    private WebSecurityDeployerProbeProvider probeProvider = new WebSecurityDeployerProbeProvider();
    public WebSecurityManagerFactory() {
        registerPolicyHandlers();
    }
    
    /*
    private Map securityManagerPool = new HashMap();
    // stores the context ids to appnames for standalone web apps
    private Map CONTEXT_ID = new HashMap();
    private static WebSecurityManagerFactory factory = null;

    private WebSecurityManagerFactory() {
    }
    // returns the singleton instance of WebSecurityManagerFactory
    public static synchronized WebSecurityManagerFactory getInstance() {
        if (factory == null) {
            factory = new WebSecurityManagerFactory();
            registerPolicyHandlers();
        }        
        return factory;
    }
    // generates a webSecurityManager
    public WebSecurityManager newWebSecurityManager(WebBundleDescriptor wbd) {
        String contextId = WebSecurityManager.getContextID(wbd);
        String appname = wbd.getApplication().getRegistrationName();

        synchronized (CONTEXT_ID) {
            List lst = (List) CONTEXT_ID.get(appname);
            if (lst == null) {
                lst = new ArrayList();
                CONTEXT_ID.put(appname, lst);
            }
            if (!lst.contains(contextId)) {
                lst.add(contextId);
            }
        }

        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "[Web-Security] Web Security:Creating WebSecurityManager for contextId = " + contextId);
        }

        WebSecurityManager wsManager = getWebSecurityManager(contextId);
        if (wsManager == null) {

            // we should see if it is safe to do the security manager 
            // construction within the synchronize block.
            // for the time being, we will just make sure that we 
            // synchronize access to the pool.
            try {
                wsManager = new WebSecurityManager(wbd);
            } catch (javax.security.jacc.PolicyContextException e) {
                logger.log(Level.FINE, "[Web-Security] FATAl Exception. Unable to create WebSecurityManager: " + e.getMessage());
                throw new RuntimeException(e);
            }

            synchronized (securityManagerPool) {
                WebSecurityManager other =
                        (WebSecurityManager) securityManagerPool.get(contextId);
                if (other == null) {
                    securityManagerPool.put(contextId, wsManager);
                } else {
                    wsManager = other;
                }
            }
        }
        return wsManager;
    }

    public WebSecurityManager newWebSecurityManager(WebBundleDescriptor wbd, ServerContext context) {
        String contextId = WebSecurityManager.getContextID(wbd);
        String appname = wbd.getApplication().getRegistrationName();

        synchronized (CONTEXT_ID) {
            List lst = (List) CONTEXT_ID.get(appname);
            if (lst == null) {
                lst = new ArrayList();
                CONTEXT_ID.put(appname, lst);
            }
            if (!lst.contains(contextId)) {
                lst.add(contextId);
            }
        }

        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "[Web-Security] Web Security:Creating WebSecurityManager for contextId = " + contextId);
        }

        WebSecurityManager wsManager = getWebSecurityManager(contextId);
        if (wsManager == null) {

            // we should see if it is safe to do the security manager 
            // construction within the synchronize block.
            // for the time being, we will just make sure that we 
            // synchronize access to the pool.
            try {
                wsManager = new WebSecurityManager(wbd, context);
            } catch (javax.security.jacc.PolicyContextException e) {
                logger.log(Level.FINE, "[Web-Security] FATAl Exception. Unable to create WebSecurityManager: " + e.getMessage());
                throw new RuntimeException(e);
            }

            synchronized (securityManagerPool) {
                WebSecurityManager other =
                        (WebSecurityManager) securityManagerPool.get(contextId);
                if (other == null) {
                    securityManagerPool.put(contextId, wsManager);
                } else {
                    wsManager = other;
                }
            }
        }
        return wsManager;
    }

    public WebSecurityManager getWebSecurityManager(String contextId) {
        synchronized (securityManagerPool) {
            return (WebSecurityManager) securityManagerPool.get(contextId);
        }
    }

    public void removeWebSecurityManager(String contextId) {
        synchronized (securityManagerPool) {
            securityManagerPool.remove(contextId);
        }
    }*/

    /**
     * valid for standalone web apps
     
    public String[] getContextIdsOfApp(String appName) {
        synchronized (CONTEXT_ID) {
            List contextId = (List) CONTEXT_ID.get(appName);
            if (contextId == null) {
                return null;
            }
            String[] arrayContext = new String[contextId.size()];
            arrayContext = (String[]) contextId.toArray(arrayContext);
            return arrayContext;
        }
    }*/

    /**
     * valid for standalone web apps
    
    public String[] getAndRemoveContextIdForWebAppName(String appName) {
        synchronized (CONTEXT_ID) {
            String[] rvalue = getContextIdsOfApp(appName);
            CONTEXT_ID.remove(appName);
            return rvalue;
        }
    }*/
    
    final PolicyContextHandlerImpl pcHandlerImpl =
            (PolicyContextHandlerImpl)PolicyContextHandlerImpl.getInstance();
    
    final Map ADMIN_PRINCIPAL = new HashMap();
    final Map ADMIN_GROUP = new HashMap();
    
    public Principal getAdminPrincipal(String username, String realmName){
        return (Principal)ADMIN_PRINCIPAL.get(realmName+username);
    }
    public Principal getAdminGroup(String group, String realmName){
        return (Principal)ADMIN_GROUP.get(realmName+group);
    }

    private static  void registerPolicyHandlers()
             {
        try {
            PolicyContextHandler pch = PolicyContextHandlerImpl.getInstance();
            PolicyContext.registerHandler(PolicyContextHandlerImpl.ENTERPRISE_BEAN, pch, true);
            PolicyContext.registerHandler(PolicyContextHandlerImpl.SUBJECT, pch, true);
            PolicyContext.registerHandler(PolicyContextHandlerImpl.EJB_ARGUMENTS, pch, true);
            PolicyContext.registerHandler(PolicyContextHandlerImpl.SOAP_MESSAGE, pch, true);
            PolicyContext.registerHandler(PolicyContextHandlerImpl.HTTP_SERVLET_REQUEST, pch, true);
            PolicyContext.registerHandler(PolicyContextHandlerImpl.REUSE, pch, true);
        } catch (PolicyContextException ex) {
            Logger.getLogger(WebSecurityManagerFactory.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
    
     // stores the context ids to appnames for standalone web apps
     private Map<String, ArrayList CONTEXT_IDS =
             new HashMap<String, ArrayList();
     private Map<String, Map SECURITY_MANAGERS =
             new HashMap<String, Map();
 
     public WebSecurityManager getManager(String ctxId, String name,
						     boolean remove) {
         return getManager(SECURITY_MANAGERS, ctxId, name, remove);
     }
 
     public<T> ArrayList 
             getManagers(String ctxId, boolean remove) {
         return getManagers(SECURITY_MANAGERS, ctxId, remove);
     }
 
     public<T> ArrayList 
             getManagersForApp(String appName, boolean remove) {
         return getManagersForApp(SECURITY_MANAGERS, CONTEXT_IDS, appName, 
				  remove);
     }
 
     public<T> String[] getContextsForApp(String appName, boolean 
						  remove) {
         return getContextsForApp(CONTEXT_IDS, appName, remove);
     }
 
     public<T> void addManagerToApp(String ctxId, String name,
             String appName, WebSecurityManager manager) {
         addManagerToApp(SECURITY_MANAGERS, CONTEXT_IDS, ctxId, name, 
			 appName, manager);
     }
 
     public  WebSecurityManager createManager(WebBundleDescriptor wbd,
             boolean register, ServerContext context) {
         String ctxId = WebSecurityManager.getContextID(wbd);
         WebSecurityManager manager = null;
         if (register) {
            manager = getManager(ctxId, null,false);
         } 
         if (manager == null || !register) {
             try {
                 probeProvider.securityManagerCreationStartedEvent(wbd.getModuleID());
                 manager = new WebSecurityManager(wbd, context, this, register);
                 probeProvider.securityManagerCreationEndedEvent(wbd.getModuleID());
                 if (register) {
                    
                  
                    
                    String appName = wbd.getApplication().getRegistrationName();
                    addManagerToApp(ctxId, null, appName, manager);
                    probeProvider.securityManagerCreationEvent(ctxId);
                 }
             } catch (javax.security.jacc.PolicyContextException e) {
                 logger.log(Level.FINE, "[Web-Security] FATAL Exception. Unable to create WebSecurityManager: " + e.getMessage());
                 throw new RuntimeException(e);
             }
         }
         return manager;
     }
}