FileDocCategorySizeDatePackage
AuthMessagePolicy.javaAPI DocGlassfish v2 API15874Fri May 04 22:36:14 BST 2007com.sun.enterprise.security.jmac

AuthMessagePolicy

public class AuthMessagePolicy extends Object
Utility class for JMAC appserver implementation.

Fields Summary
private static final String
SENDER
private static final String
CONTENT
private static final String
BEFORE_CONTENT
private static final String
HANDLER_CLASS_PROPERTY
private static final String
DEFAULT_HANDLER_CLASS
private static final javax.security.auth.message.MessagePolicy
MANDATORY_POLICY
private static final javax.security.auth.message.MessagePolicy
OPTIONAL_POLICY
private static String
handlerClassName
Constructors Summary
private AuthMessagePolicy()


      
Methods Summary
public static javax.security.auth.callback.CallbackHandlergetDefaultCallbackHandler()

        // get the default handler class
        try {
            CallbackHandler rvalue = 
                (CallbackHandler)AppservAccessController.doPrivileged
                (new PrivilegedExceptionAction() {
                    public Object run() throws Exception {
                        ClassLoader loader =
                            Thread.currentThread().getContextClassLoader();
                        if (handlerClassName == null) {
                            handlerClassName = System.getProperty(
                                HANDLER_CLASS_PROPERTY, DEFAULT_HANDLER_CLASS);
                        }
                        final String className = handlerClassName;
                        Class c = Class.forName(className, true, loader);
                        return c.newInstance();
                    }
                });
            return rvalue;

        } catch(PrivilegedActionException pae) {
            throw new RuntimeException(pae.getException());
        }
    
public static javax.security.auth.message.MessagePolicy[]getHttpServletPolicies(java.lang.String authContextID)

        if (Boolean.valueOf(authContextID)) {
            return new MessagePolicy[] { MANDATORY_POLICY, null };
        } else {
            return new MessagePolicy[] { OPTIONAL_POLICY, null };
        }
    
public static javax.security.auth.message.MessagePolicygetMessagePolicy(java.lang.String authSource, java.lang.String authRecipient)

        boolean sourceSender = SENDER.equals(authSource);
        boolean sourceContent = CONTENT.equals(authSource);
        boolean recipientAuth = (authRecipient != null);
        boolean mandatory =
                (sourceSender || sourceContent) || recipientAuth;
        return getMessagePolicy(authSource, authRecipient, mandatory);
    
public static javax.security.auth.message.MessagePolicygetMessagePolicy(java.lang.String authSource, java.lang.String authRecipient, boolean mandatory)


        boolean sourceSender = SENDER.equals(authSource);
        boolean sourceContent = CONTENT.equals(authSource);
        boolean recipientAuth = (authRecipient != null);
        boolean beforeContent = BEFORE_CONTENT.equals(authRecipient);

        List<TargetPolicy> targetPolicies = new ArrayList<TargetPolicy>();
        if (recipientAuth && beforeContent) {
            targetPolicies.add(new TargetPolicy(null,
                new ProtectionPolicy() {
                    public String getID() {
                        return ProtectionPolicy.AUTHENTICATE_RECIPIENT;
                    } 
                })
            );
            targetPolicies.add(new TargetPolicy(null,
                new ProtectionPolicy() {
                    public String getID() {
                        return ProtectionPolicy.AUTHENTICATE_CONTENT;
                    } 
                })
            );
        } else {
            if (sourceSender) {
                targetPolicies.add(new TargetPolicy(null,
                    new ProtectionPolicy() {
                        public String getID() {
                            return ProtectionPolicy.AUTHENTICATE_SENDER;
                        } 
                    })
                );
            } else if (sourceContent) {
                targetPolicies.add(new TargetPolicy(null,
                    new ProtectionPolicy() {
                        public String getID() {
                            return ProtectionPolicy.AUTHENTICATE_CONTENT;
                        } 
                    })
                );
            }

            if (recipientAuth) {
                targetPolicies.add(new TargetPolicy(null,
                    new ProtectionPolicy() {
                        public String getID() {
                            return ProtectionPolicy.AUTHENTICATE_RECIPIENT;
                        } 
                    })
                );
            }
        }

        return new MessagePolicy(
                 targetPolicies.toArray(
                        new TargetPolicy[targetPolicies.size()]),
                 mandatory);
    
public static javax.security.auth.message.MessagePolicygetMessagePolicy(com.sun.enterprise.deployment.runtime.common.ProtectionDescriptor pd)

	MessagePolicy messagePolicy = null;
        if (pd != null) {
            String source = pd.getAttributeValue
                (ProtectionDescriptor.AUTH_SOURCE);
            String recipient = pd.getAttributeValue
                (ProtectionDescriptor.AUTH_RECIPIENT);
            messagePolicy = getMessagePolicy(source, recipient);
        }
        return messagePolicy;
    
public static com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptorgetMessageSecurityBinding(java.lang.String layer, java.util.Map properties)

	     
	if (properties == null) {
	    return null;
	}

	MessageSecurityBindingDescriptor binding = null;

	WebServiceEndpoint e = (WebServiceEndpoint) 
	    properties.get("SERVICE_ENDPOINT");

	if (e != null) {
	    binding = e.getMessageSecurityBinding();
	} else {
	    ServiceReferenceDescriptor s = (ServiceReferenceDescriptor) 
		properties.get("SERVICE_REF");
	    if (s != null) {
		WSDLPort p = (WSDLPort) properties.get("WSDL_MODEL");
		QName portName = null;
		if (p != null) {
		    portName = p.getName();
		}
		if (portName != null) {
		    ServiceRefPortInfo i = s.getPortInfoByPort(portName);
		    if (i != null) {
			binding = i.getMessageSecurityBinding();
		    }
		}
	    }
	}

	if (binding != null) {
	    String bindingLayer = binding.getAttributeValue
		(MessageSecurityBindingDescriptor.AUTH_LAYER);
	    if (bindingLayer == null || layer.equals(bindingLayer)) {
		return binding;
	    }
	}

	return null;
    
public static java.lang.StringgetProviderID(com.sun.enterprise.deployment.runtime.web.SunWebApp sunWebApp)

        String providerID = null;
        if (sunWebApp != null) {
            providerID = sunWebApp.getAttributeValue(
                    SunWebApp.HTTPSERVLET_SECURITY_PROVIDER);
        }
        return providerID;
    
public static java.lang.StringgetProviderID(com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptor binding)

        String providerID = null;
        if (binding != null) {
            String layer = binding.getAttributeValue
                (MessageSecurityBindingDescriptor.AUTH_LAYER);
            if (SOAP.equals(layer)) {
                providerID = binding.getAttributeValue
                    (MessageSecurityBindingDescriptor.PROVIDER_ID);
            }
        }
        return providerID;
    
public static javax.security.auth.message.MessagePolicy[]getSOAPPolicies(com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptor binding, java.lang.String operation, boolean onePolicy)


	MessagePolicy requestPolicy = null;
	MessagePolicy responsePolicy = null;

        if (binding != null) {
            ArrayList msgSecDescs = null;
            String layer = binding.getAttributeValue
                (MessageSecurityBindingDescriptor.AUTH_LAYER);
            if (SOAP.equals(layer)) {
                msgSecDescs = binding.getMessageSecurityDescriptors();
            }

            if (onePolicy) {
                if (msgSecDescs.size() > 0) {
                    MessageSecurityDescriptor msd =
                        (MessageSecurityDescriptor)msgSecDescs.get(0);
                    requestPolicy = getMessagePolicy(
                        msd.getRequestProtectionDescriptor());
                    responsePolicy = getMessagePolicy(
                        msd.getResponseProtectionDescriptor());
                }
            } else { // try to match
                MessageSecurityDescriptor matchMsd = null;
                for (int i = 0; i < msgSecDescs.size(); i++) {
                    MessageSecurityDescriptor msd = 
                        (MessageSecurityDescriptor) msgSecDescs.get(i);
                    ArrayList msgDescs = msd.getMessageDescriptors();
                    for (int j = i + 1; j < msgDescs.size(); j++) {
                        //XXX don't know how to get JavaMethod from operation
                        MessageDescriptor msgDesc =
                                (MessageDescriptor)msgDescs.get(j); 
                        String opName = msgDesc.getOperationName();
                        if ((opName == null && matchMsd == null)) {
                            matchMsd = msd;
                        } else if (opName != null && opName.equals(operation)) {
                            matchMsd = msd;
                            break;
                        }
                    }

                    if (matchMsd != null) {
                        requestPolicy = getMessagePolicy(
                            matchMsd.getRequestProtectionDescriptor());
                        responsePolicy = getMessagePolicy(
                            matchMsd.getResponseProtectionDescriptor());
                    }
                }
            }
        }

        return new MessagePolicy[] { requestPolicy, responsePolicy };
    
public static com.sun.enterprise.deployment.runtime.web.SunWebAppgetSunWebApp(java.util.Map properties)

        if (properties == null) {
            return null;
        }

        WebBundleDescriptor webBundle =
            (WebBundleDescriptor)properties.get(HttpServletConstants.WEB_BUNDLE);
        return webBundle.getSunDescriptor();
    
public static booleanoneSOAPPolicy(com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptor binding)


        boolean onePolicy = true;
        ArrayList msgSecDescs = null;
        if (binding != null) {
            String layer = binding.getAttributeValue
                (MessageSecurityBindingDescriptor.AUTH_LAYER);
            if (SOAP.equals(layer)) {
                msgSecDescs = binding.getMessageSecurityDescriptors();
            }
        }

	if (msgSecDescs == null) {
	    return true;
	}

        for (int i = 0; i < msgSecDescs.size(); i++) {

            MessageSecurityDescriptor msd = 
                (MessageSecurityDescriptor) msgSecDescs.get(i);

            // determine if all the different messageSecurityDesriptors have the
            // same policy which will help us interpret the effective policy if
            // we cannot determine the opcode of a request at runtime.

            for (int j = 0; j < msgSecDescs.size(); j++) {
                if (j != i && !policiesAreEqual
                    (msd,((MessageSecurityDescriptor)msgSecDescs.get(j)))) {
                    onePolicy = false;
                }
            }
        }

        return onePolicy;
    
private static booleanpoliciesAreEqual(com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor reference, com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor other)

        return (protectionDescriptorsAreEqual(
                reference.getRequestProtectionDescriptor(),
                other.getRequestProtectionDescriptor()) &&
            protectionDescriptorsAreEqual(
                reference.getResponseProtectionDescriptor(),
                other.getResponseProtectionDescriptor()));
    
private static booleanprotectionDescriptorsAreEqual(com.sun.enterprise.deployment.runtime.common.ProtectionDescriptor pd1, com.sun.enterprise.deployment.runtime.common.ProtectionDescriptor pd2)

        String authSource1 =
            pd1.getAttributeValue(ProtectionDescriptor.AUTH_SOURCE);
        String authRecipient1 = 
            pd1.getAttributeValue(ProtectionDescriptor.AUTH_RECIPIENT);

        String authSource2 =
            pd2.getAttributeValue(ProtectionDescriptor.AUTH_SOURCE);
        String authRecipient2 = 
            pd2.getAttributeValue(ProtectionDescriptor.AUTH_RECIPIENT);
        
        boolean sameAuthSource =
            (authSource1 == null && authSource2 == null) &&
            (authSource1 != null && authSource1.equals(authSource2));
        boolean sameAuthRecipient =
            (authRecipient1 == null && authRecipient2 == null) &&
            (authRecipient1 != null && authRecipient1.equals(authRecipient2));

        return sameAuthSource && sameAuthRecipient;