File Doc Category Size Date Package
SecurityUtil.java API Doc Glassfish v2 API 16988 Fri May 25 10:59:42 BST 2007 org.apache.catalina.security

SecurityUtil

java.lang.Object

public final class SecurityUtil extends Object

This utility class associates a Subject to the current AccessControlContext. When a SecurityManager is used, the container will always associate the called thread with an AccessControlContext containing only the principal of the requested Servlet/Filter. This class uses reflection to invoke the invoke methods.

author: Jean-Francois Arcand

Fields Summary
private static final int
INIT
private static final int
SERVICE
private static final int
DOFILTER
private static final int
DESTROY
private static final String
INIT_METHOD
private static final String
DOFILTER_METHOD
private static final String
SERVICE_METHOD
private static final String
DESTROY_METHOD
private static HashMap
objectCache
Cache every object for which we are creating method on it.
private static com.sun.org.apache.commons.logging.Log
log
private static String
PACKAGE
private static boolean
packageDefinitionEnabled
private static final org.apache.catalina.util.StringManager
sm
The string resources for this package.
public static boolean
executeUnderSubjectDoAs
Do we need to execute all invokation under a Subject.doAs call.
Constructors Summary
Methods Summary
private static java.lang.reflect.Method createMethodAndCacheIt(java.lang.reflect.Method[] methodsCache, java.lang.String methodName, java.lang.Object targetObject, java.lang.Class[] targetType)
Create the method and cache it for further re-use.
param
methodsCache the cache used to store method instance
param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetType Class array used to instanciate a Method object.
return
the method instance.
if ( methodsCache == null){ methodsCache = new Method[3]; } Method method = targetObject.getClass().getMethod(methodName, targetType); if (methodName.equalsIgnoreCase(INIT_METHOD)){ methodsCache[INIT] = method; } else if (methodName.equalsIgnoreCase(DESTROY_METHOD)){ methodsCache[DESTROY] = method; } else if (methodName.equalsIgnoreCase(SERVICE_METHOD)){ methodsCache[SERVICE] = method; } else if (methodName.equalsIgnoreCase(DOFILTER_METHOD)){ methodsCache[DOFILTER] = method; } objectCache.put(targetObject, methodsCache ); return method;
public static void doAsPrivilege(java.lang.String methodName, javax.servlet.Servlet targetObject)
Perform work as a particular Subject. Here the work will be granted to a null subject.
param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
// END SJS WS 7.0 6236329 doAsPrivilege(methodName, targetObject, null, null, null);
public static void doAsPrivilege(java.lang.String methodName, javax.servlet.Servlet targetObject, java.lang.Class[] targetType, java.lang.Object[] targetArguments)
Perform work as a particular Subject. Here the work will be granted to a null subject.
param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetType Class array used to instanciate a i Method object.
param
targetObject Object array contains the runtime parameters instance.
doAsPrivilege(methodName, targetObject, targetType, targetArguments, null);
public static void doAsPrivilege(java.lang.String methodName, javax.servlet.Servlet targetObject, java.lang.Class[] targetType, java.lang.Object[] targetArguments, java.security.Principal principal)
Perform work as a particular Subject. Here the work will be granted to a null subject.
param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetType Class array used to instanciate a Method object.
param
targetArgumentst Object array contains the runtime parameters instance.
param
principal the Principal to which the security privilege apply..
Method method = null; Method[] methodsCache = null; if(objectCache.containsKey(targetObject)){ methodsCache = (Method[])objectCache.get(targetObject); method = findMethod(methodsCache, methodName); if (method == null){ method = createMethodAndCacheIt(methodsCache, methodName, targetObject, targetType); } } else { method = createMethodAndCacheIt(methodsCache, methodName, targetObject, targetType); } execute(method, targetObject, targetArguments, principal);
public static void doAsPrivilege(java.lang.String methodName, javax.servlet.Filter targetObject)
Perform work as a particular Subject. Here the work will be granted to a null subject.
param
methodName the method to apply the security restriction
param
targetObject the Filter on which the method will be called.
doAsPrivilege(methodName, targetObject, null, null);
public static void doAsPrivilege(java.lang.String methodName, javax.servlet.Filter targetObject, java.lang.Class[] targetType, java.lang.Object[] targetArguments)
Perform work as a particular Subject. Here the work will be granted to a null subject.
param
methodName the method to apply the security restriction
param
targetObject the Filter on which the method will be called.
param
targetType Class array used to instanciate a Method object.
param
targetArgumentst Object array contains the runtime parameters instance.
Method method = null; Method[] methodsCache = null; if(objectCache.containsKey(targetObject)){ methodsCache = (Method[])objectCache.get(targetObject); method = findMethod(methodsCache, methodName); if (method == null){ method = createMethodAndCacheIt(methodsCache, methodName, targetObject, targetType); } } else { method = createMethodAndCacheIt(methodsCache, methodName, targetObject, targetType); } execute(method, targetObject, targetArguments, null);
private static void execute(java.lang.reflect.Method method, java.lang.Object targetObject, java.lang.Object[] targetArguments, java.security.Principal principal)
Perform work as a particular Subject. Here the work will be granted to a null subject.
param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetType Class array used to instanciate a Method object.
param
targetArgumentst Object array contains the runtime parameters instance.
param
principal the Principal to which the security privilege apply..
try{ Subject subject = null; PrivilegedExceptionAction pea = new PrivilegedExceptionAction(){ public Object run() throws Exception{ method.invoke(targetObject, targetArguments); return null; } }; // The first argument is always the request object if (targetArguments != null && targetArguments[0] instanceof HttpServletRequest){ HttpServletRequest request = (HttpServletRequest)targetArguments[0]; boolean hasSubject = false; HttpSession session = request.getSession(false); if (session != null){ subject = (Subject)session.getAttribute(Globals.SUBJECT_ATTR); hasSubject = (subject != null); } if (subject == null){ subject = new Subject(); if (principal != null){ subject.getPrincipals().add(principal); } } if (session != null && !hasSubject) { session.setAttribute(Globals.SUBJECT_ATTR, subject); } } Subject.doAsPrivileged(subject, pea, null); } catch( PrivilegedActionException pe) { Throwable e = ((InvocationTargetException)pe.getException()) .getTargetException(); if (log.isDebugEnabled()){ log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e); } if (e instanceof UnavailableException) throw (UnavailableException) e; else if (e instanceof ServletException) throw (ServletException) e; else if (e instanceof IOException) throw (IOException) e; else if (e instanceof RuntimeException) throw (RuntimeException) e; else throw new ServletException(e.getMessage(), e); }
public static boolean executeUnderSubjectDoAs()
Return true if a SecurityManager is used and is isDoAsRequired is required.
if (executeUnderSubjectDoAs && Globals.IS_SECURITY_ENABLED) { return true; } return false;
private static java.lang.reflect.Method findMethod(java.lang.reflect.Method[] methodsCache, java.lang.String methodName)
Find a method stored within the cache.
param
methodsCache the cache used to store method instance
param
methodName the method to apply the security restriction
return
the method instance, null if not yet created.
if (methodName.equalsIgnoreCase(INIT_METHOD) && methodsCache[INIT] != null){ return methodsCache[INIT]; } else if (methodName.equalsIgnoreCase(DESTROY_METHOD) && methodsCache[DESTROY] != null){ return methodsCache[DESTROY]; } else if (methodName.equalsIgnoreCase(SERVICE_METHOD) && methodsCache[SERVICE] != null){ return methodsCache[SERVICE]; } else if (methodName.equalsIgnoreCase(DOFILTER_METHOD) && methodsCache[DOFILTER] != null){ return methodsCache[DOFILTER]; } return null;
public static boolean isPackageProtectionEnabled()
Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.
if (packageDefinitionEnabled && Globals.IS_SECURITY_ENABLED) { return true; } return false;
public static void remove(java.lang.Object cachedObject)
Remove the object from the cache.
objectCache.remove(cachedObject);