User: oconnor
Date: 00/08/06 14:52:15
Added: src/main/org/jboss/security CacheRealmMapping.java
CacheRealmMappingService.java
CacheRealmMappingServiceMBean.java
EJBSecurityManagerDefaultImpl.java
EJBSecurityManagerService.java
EJBSecurityManagerServiceMBean.java
SimpleRealmMapping.java
SimpleRealmMappingService.java
SimpleRealmMappingServiceMBean.java
Log:
Changes to introduce a skeleton security system.
Revision Changes Path
1.1 jboss/src/main/org/jboss/security/CacheRealmMapping.java
Index: CacheRealmMapping.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.util.Set;
import java.util.LinkedList;
import java.util.Iterator;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.system.RealmMapping;
/**
* CacheRealmMapping has two purposes (one of them currently unimplemented.)
* It allows beans to have mappings for multiple security realms, and it
* (eventually) will cache data from realms that allow it.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class CacheRealmMapping implements RealmMapping
{
private LinkedList realms = new LinkedList();
public void addRealmMapping( RealmMapping realmMapping )
{
realms.add( realmMapping );
}
public boolean doesUserHaveRole( Principal principal, Set roleNames )
{
Iterator iter=realms.iterator();
while( iter.hasNext() )
{
RealmMapping realmMapping = (RealmMapping) iter.next();
if (realmMapping.doesUserHaveRole( principal, roleNames ))
return true;
}
return false;
}
}
1.1 jboss/src/main/org/jboss/security/CacheRealmMappingService.java
Index: CacheRealmMappingService.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
/**
* This is a JMX service which manages access to security realms for a bean.
* The service creates it and binds a Reference to it into JNDI.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class CacheRealmMappingService
extends ServiceMBeanSupport
implements EJBSecurityManagerServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "CacheRealmMapping";
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Cache Realm Mapping";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
}
protected void startService()
throws Exception
{
// Bind reference to JNDI
Reference ref = new Reference(CacheRealmMapping.class.toString(),
getClass().getName(), null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void stopService()
{
try
{
// Remove mapping from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the cache realm mapping manager
return new CacheRealmMapping();
}
}
1.1
jboss/src/main/org/jboss/security/CacheRealmMappingServiceMBean.java
Index: CacheRealmMappingServiceMBean.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
public interface CacheRealmMappingServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=CacheRealmMappingFactory";
// Public --------------------------------------------------------
}
1.1
jboss/src/main/org/jboss/security/EJBSecurityManagerDefaultImpl.java
Index: EJBSecurityManagerDefaultImpl.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.transaction.TransactionManager;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.system.EJBSecurityManager;
/**
* The EJBSecurityManager is responsible for validating credentials
* associated with principals. Right now it is a "demo" that just
* ensures name == credential
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class EJBSecurityManagerDefaultImpl implements EJBSecurityManager
{
public boolean isValid( Principal principal, Object credential )
{
return principal.getName().equals( credential.toString() );
}
}
1.1 jboss/src/main/org/jboss/security/EJBSecurityManagerService.java
Index: EJBSecurityManagerService.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.system.EJBSecurityManager;
/**
* This is a JMX service which manages the EJBSecurityManager.
* The service creates it and binds a Reference to it into JNDI.
* The EJBSecurityManager is responsible for validating credentials
* associated with principals.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class EJBSecurityManagerService
extends ServiceMBeanSupport
implements EJBSecurityManagerServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "EJBSecurityManager";
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
static EJBSecurityManager sm;
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Security manager";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
// Create a new SM
sm = new EJBSecurityManagerDefaultImpl();
// Bind reference to SM in JNDI
Reference ref = new Reference(sm.getClass().toString(),
getClass().getName(), null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void startService()
throws Exception
{
}
protected void stopService()
{
try
{
// Remove SM from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the security manager
return sm;
}
}
1.1
jboss/src/main/org/jboss/security/EJBSecurityManagerServiceMBean.java
Index: EJBSecurityManagerServiceMBean.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
public interface EJBSecurityManagerServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=EJBSecurityManager";
// Public --------------------------------------------------------
}
1.1 jboss/src/main/org/jboss/security/SimpleRealmMapping.java
Index: SimpleRealmMapping.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.util.Set;
import java.util.LinkedList;
import java.util.Iterator;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.system.RealmMapping;
/**
* SimpleRealmMapping removes the level of indirection
* in the specification between roles and principals/groups
* for the standard "deploy without configuring"
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class SimpleRealmMapping implements RealmMapping
{
public boolean doesUserHaveRole( Principal principal, Set roleNames )
{
Iterator iter = roleNames.iterator();
while (iter.hasNext())
{
String roleName = (String) iter.next();
if (principal.getName().equals( roleName ))
return true;
}
return false;
}
}
1.1 jboss/src/main/org/jboss/security/SimpleRealmMappingService.java
Index: SimpleRealmMappingService.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
/**
* This is a JMX service which manages access to security realms for a bean.
* The service creates it and binds a Reference to it into JNDI.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class SimpleRealmMappingService
extends ServiceMBeanSupport
implements SimpleRealmMappingServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "SimpleRealmMapping";
private static SimpleRealmMapping srm;
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Simple Realm Mapping";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
// Create a new SM
srm = new SimpleRealmMapping();
// Bind reference to JNDI
Reference ref = new Reference(SimpleRealmMapping.class.toString(),
getClass().getName(), null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void startService()
throws Exception
{
}
protected void stopService()
{
try
{
// Remove mapping from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the simple realm mapping manager
return srm;
}
}
1.1
jboss/src/main/org/jboss/security/SimpleRealmMappingServiceMBean.java
Index: SimpleRealmMappingServiceMBean.java
===================================================================
/*
* jBoss, the OpenSource EJB server
*
* Distributable under GPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security;
public interface SimpleRealmMappingServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=SimpleRealmMappingFactory";
// Public --------------------------------------------------------
}
