User: starksm Date: 01/05/19 20:29:29 Modified: src/main/org/jboss/security SecurityAssociation.java Log: Default the SecurityAssociation server mode of storing security information to use InheritableThreadLocal to allow the propagation of the security information to child threads. Revision Changes Path 1.2 +62 -9 jbosssx/src/main/org/jboss/security/SecurityAssociation.java Index: SecurityAssociation.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/SecurityAssociation.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- SecurityAssociation.java 2001/03/05 09:53:27 1.1 +++ SecurityAssociation.java 2001/05/20 03:29:29 1.2 @@ -9,21 +9,55 @@ import java.security.Principal; -/** - * <description> - * - * @see <related> - * @author Daniel O'Connor ([EMAIL PROTECTED]) - */ - +/** The SecurityAssociation class maintains the security principal and +credentials. This can be done on either a singleton basis or a thread +local basis depending on the server property. When the server property has +been set to true, the security information is maintained in thread local +storage. The type of thread local storage depends on the +org.jboss.security.SecurityAssociation.ThreadLocal property. +If this property is true, then the thread local storage object is of +type java.lang.ThreadLocal which results in the current thread's +security information NOT being propagated to child threads. + +When the property is false or does not exist, the thread local storage object +is of type java.lang.InheritableThreadLocal, and any threads spawned by the +current thread will inherit the security information of the current thread. +Subseqent changes to the current thread's security information are NOT +propagated to any previously spawned child threads. + +When the server property is false, security information is maintained in +class variables which makes the information available to all threads within +the current VM. + +@author Daniel O'Connor ([EMAIL PROTECTED]) +@author [EMAIL PROTECTED] +@version $Revision: 1.2 $ +*/ public final class SecurityAssociation { private static boolean server; private static Principal principal; private static Object credential; - private static ThreadLocal thread_principal = new ThreadLocal(); - private static ThreadLocal thread_credential = new ThreadLocal(); + private static ThreadLocal thread_principal; + private static ThreadLocal thread_credential; + static + { + boolean useThreadLocal = Boolean.getBoolean("org.jboss.security.SecurityAssociation.ThreadLocal"); + if( useThreadLocal ) + { + thread_principal = new ThreadLocal(); + thread_credential = new ThreadLocal(); + } + else + { + thread_principal = new InheritableThreadLocal(); + thread_credential = new InheritableThreadLocal(); + } + } + /** Get the current principal information. + @return Principal, the current principal identity. + */ public static Principal getPrincipal() { if (server) @@ -32,6 +66,11 @@ return principal; } + /** Get the current principal credential information. This can be of + any type including: a String password, a char[] password, an X509 cert, + etc. + @return Object, the credential that proves the principal identity. + */ public static Object getCredential() { if (server) @@ -40,6 +79,9 @@ return credential; } + /** Set the current principal information. + @param principal, the current principal identity. + */ public static void setPrincipal( Principal principal ) { if (server) @@ -48,6 +90,11 @@ SecurityAssociation.principal = principal; } + /** Set the current principal credential information. This can be of + any type including: a String password, a char[] password, an X509 cert, + etc. + @param credential, the credential that proves the principal identity. + */ public static void setCredential( Object credential ) { if (server) @@ -56,6 +103,12 @@ SecurityAssociation.credential = credential; } + /** Set the server mode of operation. When the server property has + been set to true, the security information is maintained in thread local + storage. This should be called to enable property security semantics + in any multi-threaded environment where more than one thread requires + that security information be restricted to the thread's flow of control. + */ public static void setServer() { server = true; _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development