User: starksm
Date: 01/05/19 20:29:29
Modified: src/main/org/jboss/security SecurityAssociation.java
Log:
Default the SecurityAssociation server mode of storing security information
to use InheritableThreadLocal to allow the propagation of the security
information to child threads.
Revision Changes Path
1.2 +62 -9 jbosssx/src/main/org/jboss/security/SecurityAssociation.java
Index: SecurityAssociation.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/SecurityAssociation.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SecurityAssociation.java 2001/03/05 09:53:27 1.1
+++ SecurityAssociation.java 2001/05/20 03:29:29 1.2
@@ -9,21 +9,55 @@
import java.security.Principal;
-/**
- * <description>
- *
- * @see <related>
- * @author Daniel O'Connor ([EMAIL PROTECTED])
- */
-
+/** The SecurityAssociation class maintains the security principal and
+credentials. This can be done on either a singleton basis or a thread
+local basis depending on the server property. When the server property has
+been set to true, the security information is maintained in thread local
+storage. The type of thread local storage depends on the
+org.jboss.security.SecurityAssociation.ThreadLocal property.
+If this property is true, then the thread local storage object is of
+type java.lang.ThreadLocal which results in the current thread's
+security information NOT being propagated to child threads.
+
+When the property is false or does not exist, the thread local storage object
+is of type java.lang.InheritableThreadLocal, and any threads spawned by the
+current thread will inherit the security information of the current thread.
+Subseqent changes to the current thread's security information are NOT
+propagated to any previously spawned child threads.
+
+When the server property is false, security information is maintained in
+class variables which makes the information available to all threads within
+the current VM.
+
+@author Daniel O'Connor ([EMAIL PROTECTED])
+@author [EMAIL PROTECTED]
+@version $Revision: 1.2 $
+*/
public final class SecurityAssociation
{
private static boolean server;
private static Principal principal;
private static Object credential;
- private static ThreadLocal thread_principal = new ThreadLocal();
- private static ThreadLocal thread_credential = new ThreadLocal();
+ private static ThreadLocal thread_principal;
+ private static ThreadLocal thread_credential;
+ static
+ {
+ boolean useThreadLocal =
Boolean.getBoolean("org.jboss.security.SecurityAssociation.ThreadLocal");
+ if( useThreadLocal )
+ {
+ thread_principal = new ThreadLocal();
+ thread_credential = new ThreadLocal();
+ }
+ else
+ {
+ thread_principal = new InheritableThreadLocal();
+ thread_credential = new InheritableThreadLocal();
+ }
+ }
+ /** Get the current principal information.
+ @return Principal, the current principal identity.
+ */
public static Principal getPrincipal()
{
if (server)
@@ -32,6 +66,11 @@
return principal;
}
+ /** Get the current principal credential information. This can be of
+ any type including: a String password, a char[] password, an X509 cert,
+ etc.
+ @return Object, the credential that proves the principal identity.
+ */
public static Object getCredential()
{
if (server)
@@ -40,6 +79,9 @@
return credential;
}
+ /** Set the current principal information.
+ @param principal, the current principal identity.
+ */
public static void setPrincipal( Principal principal )
{
if (server)
@@ -48,6 +90,11 @@
SecurityAssociation.principal = principal;
}
+ /** Set the current principal credential information. This can be of
+ any type including: a String password, a char[] password, an X509 cert,
+ etc.
+ @param credential, the credential that proves the principal identity.
+ */
public static void setCredential( Object credential )
{
if (server)
@@ -56,6 +103,12 @@
SecurityAssociation.credential = credential;
}
+ /** Set the server mode of operation. When the server property has
+ been set to true, the security information is maintained in thread local
+ storage. This should be called to enable property security semantics
+ in any multi-threaded environment where more than one thread requires
+ that security information be restricted to the thread's flow of control.
+ */
public static void setServer()
{
server = true;
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
