File Doc Category Size Date Package
GFServerConfigProvider.java API Doc Glassfish v2 API 49882 Fri May 04 22:36:14 BST 2007 com.sun.enterprise.security.jmac.config

GFServerConfigProvider

java.lang.Object

public class GFServerConfigProvider extends Object implements javax.security.auth.message.config.AuthConfigProvider

This class implements the interface AuthConfigProvider.

author: Shing Wai Chan
author: Ronald Monzillo

Fields Summary
public static final String
SOAP
public static final String
HTTPSERVLET
protected static final String
CLIENT
protected static final String
SERVER
protected static final String
MANAGES_SESSIONS_OPTION
private static Logger
logger
private static final String
DEFAULT_HANDLER_CLASS
private static final String
DEFAULT_PARSER_CLASS
private static final ThreadLocal
subjectLocal
protected static final ReadWriteLock
rwLock
protected static final Map
layerDefaultRegisIDMap
protected static int
epoch
protected static String
parserClassName
protected static ConfigParser
parser
protected static boolean
parserInitialized
protected static javax.security.auth.message.config.AuthConfigFactory
slaveFactory
protected static javax.security.auth.message.config.AuthConfigProvider
slaveProvider
protected javax.security.auth.message.config.AuthConfigFactory
factory
Constructors Summary
private GFServerConfigProvider()
public GFServerConfigProvider(Map properties, javax.security.auth.message.config.AuthConfigFactory factory)
this.factory = factory; initializeParser(); if (factory != null) { boolean hasSlaveFactory = false; try { rwLock.readLock().lock(); hasSlaveFactory = (slaveFactory != null); } finally { rwLock.readLock().unlock(); } if (!hasSlaveFactory) { try { rwLock.writeLock().lock(); if (slaveFactory == null) { slaveFactory = factory; } } finally { rwLock.writeLock().unlock(); } } } boolean hasSlaveProvider = false; try { rwLock.readLock().lock(); hasSlaveProvider = (slaveProvider != null); } finally { rwLock.readLock().unlock(); } if (!hasSlaveProvider) { try { rwLock.writeLock().lock(); if (slaveProvider == null) { slaveProvider = this; } } finally { rwLock.writeLock().unlock(); } }
Methods Summary
protected static com.sun.enterprise.security.jmac.config.GFServerConfigProvider$ModuleInfo createModuleInfo(com.sun.enterprise.security.jmac.config.GFServerConfigProvider$Entry entry, javax.security.auth.callback.CallbackHandler handler, java.lang.String type, java.util.Map properties)
Instantiate+initialize module class
try { // instantiate module using no-arg constructor Object newModule = entry.newInstance(); Map map = properties; Map entryOptions = entry.getOptions(); if (entryOptions != null) { if (map == null) { map = new HashMap(); } else { map = new HashMap(map); } map.putAll(entryOptions); } // no doPrivilege at this point, need to revisit if (SERVER.equals(type)) { if (newModule instanceof ServerAuthModule) { ServerAuthModule sam = (ServerAuthModule)newModule; sam.initialize(entry.getRequestPolicy(), entry.getResponsePolicy(), handler, map); } else if (newModule instanceof com.sun.enterprise.security.jauth.ServerAuthModule) { com.sun.enterprise.security.jauth.ServerAuthModule sam0 = (com.sun.enterprise.security.jauth.ServerAuthModule)newModule; AuthPolicy requestPolicy = (entry.getRequestPolicy() != null) ? new AuthPolicy(entry.getRequestPolicy()) : null; AuthPolicy responsePolicy = (entry.getResponsePolicy() != null) ? new AuthPolicy(entry.getResponsePolicy()) : null; sam0.initialize(requestPolicy, responsePolicy, handler, map); } } else { // CLIENT if (newModule instanceof ClientAuthModule) { ClientAuthModule cam = (ClientAuthModule)newModule; cam.initialize(entry.getRequestPolicy(), entry.getResponsePolicy(), handler, map); } else if (newModule instanceof com.sun.enterprise.security.jauth.ClientAuthModule) { com.sun.enterprise.security.jauth.ClientAuthModule cam0 = (com.sun.enterprise.security.jauth.ClientAuthModule)newModule; AuthPolicy requestPolicy = new AuthPolicy(entry.getRequestPolicy()); AuthPolicy responsePolicy = new AuthPolicy(entry.getResponsePolicy()); cam0.initialize(requestPolicy,responsePolicy, handler, map); } } return new ModuleInfo(newModule, map); } catch(Exception e) { if (e instanceof AuthException) { throw (AuthException)e; } AuthException ae = new AuthException(); ae.initCause(e); throw ae; }
private static java.lang.Object createObject(java.lang.String className)
Create an object of a given class.
param
className
try { final String finalClassName = className; return AppservAccessController.doPrivileged( new PrivilegedExceptionAction() { public Object run() throws Exception { ClassLoader loader = Thread.currentThread().getContextClassLoader(); Class c = Class.forName(finalClassName, true, loader); return c.newInstance(); } }); } catch (PrivilegedActionException pae) { throw new RuntimeException(pae.getException()); }
protected static java.lang.ClassLoader getClassLoader()
final ClassLoader rvalue = (ClassLoader)AppservAccessController.doPrivileged( new PrivilegedAction() { public Object run() { return Thread.currentThread().getContextClassLoader(); } }); return rvalue;
public javax.security.auth.message.config.ClientAuthConfig getClientAuthConfig(java.lang.String layer, java.lang.String appContext, javax.security.auth.callback.CallbackHandler handler)
Get an instance of ClientAuthConfig from this provider.
The implementation of this method returns a ClientAuthConfig instance that describes the configuration of ClientAuthModules at a given message layer, and for use in an identified application context.
param
layer a String identifying the message layer for the returned ClientAuthConfig object. This argument must not be null.
param
appContext a String that identifies the messaging context for the returned ClientAuthConfig object. This argument must not be null.
param
handler a CallbackHandler to be passed to the ClientAuthModules encapsulated by ClientAuthContext objects derived from the returned ClientAuthConfig. This argument may be null, in which case the implementation may assign a default handler to the configuration.
return
a ClientAuthConfig Object that describes the configuration of ClientAuthModules at the message layer and messaging context identified by the layer and appContext arguments. This method does not return null.
exception
AuthException if this provider does not support the assignment of a default CallbackHandler to the returned ClientAuthConfig.
exception
SecurityException if the caller does not have permission to retrieve the configuration. The CallbackHandler assigned to the configuration must support the Callback objects required to be supported by the profile of this specification being followed by the messaging runtime. The CallbackHandler instance must be initialized with any application context needed to process the required callbacks on behalf of the corresponding application.
return new GFClientAuthConfig(this, layer, appContext, handler);
protected com.sun.enterprise.security.jmac.config.GFServerConfigProvider$Entry getEntry(java.lang.String intercept, java.lang.String id, javax.security.auth.message.MessagePolicy requestPolicy, javax.security.auth.message.MessagePolicy responsePolicy, java.lang.String type)
// get the parsed module config and DD information Map configMap; try { rwLock.readLock().lock(); configMap = parser.getConfigMap(); } finally { rwLock.readLock().unlock(); } if (configMap == null) { return null; } // get the module config info for this intercept InterceptEntry intEntry = (InterceptEntry)configMap.get(intercept); if (intEntry == null || intEntry.idMap == null) { if (logger.isLoggable(Level.FINE)) { logger.fine("module config has no IDs configured for [" + intercept + "]"); } return null; } // look up the DD's provider ID in the module config IDEntry idEntry = null; if (id == null || (idEntry = (IDEntry)intEntry.idMap.get(id)) == null) { // either the DD did not specify a provider ID, // or the DD-specified provider ID was not found // in the module config. // // in either case, look for a default ID in the module config if (logger.isLoggable(Level.FINE)) { logger.fine("DD did not specify ID, " + "or DD-specified ID for [" + intercept + "] not found in config -- " + "attempting to look for default ID"); } String defaultID; if (CLIENT.equals(type)) { defaultID = intEntry.defaultClientID; } else { defaultID = intEntry.defaultServerID; } idEntry = (IDEntry)intEntry.idMap.get(defaultID); if (idEntry == null) { // did not find a default provider ID if (logger.isLoggable(Level.FINE)) { logger.fine("no default config ID for [" + intercept + "]"); } return null; } } // we found the DD provider ID in the module config // or we found a default module config // check provider-type if (idEntry.type.indexOf(type) < 0) { if (logger.isLoggable(Level.FINE)) { logger.fine("request type [" + type + "] does not match config type [" + idEntry.type + "]"); } return null; } // check whether a policy is set MessagePolicy reqP = (requestPolicy != null || responsePolicy != null) ? requestPolicy : idEntry.requestPolicy; //default; MessagePolicy respP = (requestPolicy != null || responsePolicy != null) ? responsePolicy : idEntry.responsePolicy; //default; // optimization: if policy was not set, return null if (reqP == null && respP == null) { if (logger.isLoggable(Level.FINE)) { logger.fine("no policy applies"); } return null; } // return the configured modules with the correct policies Entry entry = new Entry(idEntry.moduleClassName, reqP, respP, idEntry.options); if (logger.isLoggable(Level.FINE)) { logger.fine("getEntry for: " + intercept + " -- " + id + "\n module class: " + entry.moduleClassName + "\n options: " + entry.options + "\n request policy: " + entry.requestPolicy + "\n response policy: " + entry.responsePolicy); } return entry;
public javax.security.auth.message.config.ServerAuthConfig getServerAuthConfig(java.lang.String layer, java.lang.String appContext, javax.security.auth.callback.CallbackHandler handler)
Get an instance of ServerAuthConfig from this provider.
The implementation of this method returns a ServerAuthConfig instance that describes the configuration of ServerAuthModules at a given message layer, and for a particular application context.
param
layer a String identifying the message layer for the returned ServerAuthConfig object. This argument must not be null.
param
appContext a String that identifies the messaging context for the returned ServerAuthConfig object. This argument must not be null.
param
handler a CallbackHandler to be passed to the ServerAuthModules encapsulated by ServerAuthContext objects derived from the returned ServerAuthConfig. This argument may be null, in which case the implementation may assign a default handler to the configuration.
return
a ServerAuthConfig Object that describes the configuration of ServerAuthModules at a given message layer, and for a particular application context. This method does not return null.
exception
AuthException if this provider does not support the assignment of a default CallbackHandler to the returned ServerAuthConfig.
exception
SecurityException if the caller does not have permission to retrieve the configuration.
The CallbackHandler assigned to the configuration must support the Callback objects required to be supported by the profile of this specification being followed by the messaging runtime. The CallbackHandler instance must be initialized with any application context needed to process the required callbacks on behalf of the corresponding application.
return new GFServerAuthConfig(this, layer, appContext, handler);
private void initializeParser()
try { rwLock.readLock().lock(); if (parserInitialized) { return; } } finally { rwLock.readLock().unlock(); } try { rwLock.writeLock().lock(); if (!parserInitialized) { parserClassName = System.getProperty("config.parser", DEFAULT_PARSER_CLASS); loadParser(this, factory, null); // null ConfigContext parserInitialized = true; } } finally { rwLock.writeLock().unlock(); }
public static void loadConfigContext(com.sun.enterprise.config.ConfigContext configContext)
AuthConfigFactory aFactory = slaveFactory; if (aFactory == null) { aFactory = AuthConfigFactory.getFactory(); } loadParser(slaveProvider, slaveFactory, configContext);
protected static void loadParser(javax.security.auth.message.config.AuthConfigProvider aProvider, javax.security.auth.message.config.AuthConfigFactory aFactory, com.sun.enterprise.config.ConfigContext configContext)
try { rwLock.writeLock().lock(); ConfigParser nextParser; int next = epoch + 1; nextParser = (ConfigParser)createObject(parserClassName); nextParser.initialize(configContext); if (aFactory != null && aProvider != null) { Set<String> layerSet = nextParser.getLayersWithDefault(); for (String layer : layerDefaultRegisIDMap.keySet()) { if (!layerSet.contains(layer)) { String regisID = layerDefaultRegisIDMap.remove(layer); aFactory.removeRegistration(regisID); } } for (String layer : layerSet) { if (!layerDefaultRegisIDMap.containsKey(layer)) { String regisID = aFactory.registerConfigProvider (aProvider, layer, null, "GFServerConfigProvider: self registration"); layerDefaultRegisIDMap.put(layer, regisID); } } } epoch = (next == 0 ? 1 : next); parser = nextParser; } catch(IOException ex) { throw new RuntimeException(ex); } finally { rwLock.writeLock().unlock(); }
public void refresh()
Causes a dynamic configuration provider to update its internal state such that any resulting change to its state is reflected in the corresponding authentication context configuration objects previously created by the provider within the current process context.
exception
AuthException if an error occured during the refresh.
exception
SecurityException if the caller does not have permission to refresh the provider.
loadParser(this, factory, null); // null ConfigContext
public static void setValidateRequestSubject(javax.security.auth.Subject subject)
subjectLocal.set(subject);