FileDocCategorySizeDatePackage
AuthenticationInterceptor.javaAPI DocJBoss 4.2.15219Fri Jul 13 21:02:28 BST 2007org.jboss.aspects.security

AuthenticationInterceptor

public class AuthenticationInterceptor extends Object implements org.jboss.aop.advice.Interceptor
The AuthenticationInterceptor authenticates the caller.
author
Scott Stark.
author
Bill Burke
version
$Revision: 57186 $

Fields Summary
protected Logger
log
protected org.jboss.security.AuthenticationManager
authenticationManager
Constructors Summary
public AuthenticationInterceptor(org.jboss.security.AuthenticationManager manager)


     
   
      authenticationManager = manager;
Methods Summary
protected voidauthenticate(org.jboss.aop.joinpoint.Invocation invocation)

      Principal principal = (Principal) invocation.getMetaData("security", "principal");
      Object credential = invocation.getMetaData("security", "credential");
      
      if (principal == null)
      {
         principal = SecurityActions.getPrincipal();
      }
      if (credential == null)
      {
         credential = SecurityActions.getCredential();
      }

      if (authenticationManager == null)
      {
         SecurityActions.pushSubjectContext(principal, credential, null);
         return;
      }


      // authenticate the current principal
      RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
      if (callerRunAsIdentity == null)
      {
         // Check the security info from the method invocation
         Subject subject = new Subject();
         if (authenticationManager.isValid(principal, credential, subject) == false)
         {
            /* todo support CSIV2 authenticationObserver
            // Notify authentication observer
            if (authenticationObserver != null)
               authenticationObserver.authenticationFailed();
               */
            // Check for the security association exception
            Exception ex = SecurityActions.getContextException();
            if (ex != null)
               throw ex;
            // Else throw a generic SecurityException
            String msg = "Authentication exception, principal=" + principal;
            SecurityException e = new SecurityException(msg);
            throw e;
         }
         else
         {
            SecurityActions.pushSubjectContext(principal, credential, subject);
            if (log.isTraceEnabled())
            {
               log.trace("Authenticated  principal=" + principal);
            }
         }
      }
public java.lang.StringgetName()

      return "AuthenticationInterceptor";
protected voidhandleGeneralSecurityException(java.security.GeneralSecurityException gse)

      throw new SecurityException(gse.getMessage());
public java.lang.Objectinvoke(org.jboss.aop.joinpoint.Invocation invocation)
Authenticates the caller using the principal and credentials in the Infocation if thre is a security manager and an invcocation method.

      try
      {
         authenticate(invocation);
      }
      catch (GeneralSecurityException gse)
      {
         handleGeneralSecurityException(gse);
      }

      Object oldDomain = SecurityContext.currentDomain.get();
      try
      {
         SecurityContext.currentDomain.set(authenticationManager);
         return invocation.invokeNext();
      }
      finally
      {
         SecurityContext.currentDomain.set(oldDomain);
         // so that the principal doesn't keep being associated with thread if the thread is pooled
         // only pop if it's been pushed
         RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
         if (authenticationManager == null || callerRunAsIdentity == null)
            SecurityActions.popSubjectContext();
         
         if (invocation.getMetaData("security", "principal") != null)
         {
            SecurityActions.setPrincipal(null);
            SecurityActions.setCredential(null);
         }
      }