FileDocCategorySizeDatePackage
SecurityUtil.javaAPI DocApache Tomcat 6.0.1415507Fri Jul 20 04:20:36 BST 2007org.apache.catalina.security

SecurityUtil

public final class SecurityUtil extends Object
This utility class associates a Subject to the current AccessControlContext. When a SecurityManager is used, * the container will always associate the called thread with an AccessControlContext * containing only the principal of the requested Servlet/Filter. This class uses reflection to invoke the invoke methods.
author
Jean-Francois Arcand

Fields Summary
private static final int
INIT
private static final int
SERVICE
private static final int
DOFILTER
private static final int
DESTROY
private static final String
INIT_METHOD
private static final String
DOFILTER_METHOD
private static final String
SERVICE_METHOD
private static final String
DESTROY_METHOD
private static HashMap
objectCache
Cache every object for which we are creating method on it.
private static org.apache.juli.logging.Log
log
private static String
PACKAGE
private static boolean
packageDefinitionEnabled
private static final org.apache.catalina.util.StringManager
sm
The string resources for this package.
Constructors Summary
Methods Summary
private static java.lang.reflect.MethodcreateMethodAndCacheIt(java.lang.reflect.Method[] methodsCache, java.lang.String methodName, java.lang.Object targetObject, java.lang.Class[] targetType)
Create the method and cache it for further re-use.

param
methodsCache the cache used to store method instance
param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetType Class array used to instanciate a Method object.
return
the method instance.

        
        if ( methodsCache == null){
            methodsCache = new Method[3];
        }               
                
        Method method = 
            targetObject.getClass().getMethod(methodName, targetType); 

        if (methodName.equalsIgnoreCase(INIT_METHOD)){
            methodsCache[INIT] = method;
        } else if (methodName.equalsIgnoreCase(DESTROY_METHOD)){
            methodsCache[DESTROY] = method;
        } else if (methodName.equalsIgnoreCase(SERVICE_METHOD)){
            methodsCache[SERVICE] = method;
        } else if (methodName.equalsIgnoreCase(DOFILTER_METHOD)){
            methodsCache[DOFILTER] = method;
        } 
         
        objectCache.put(targetObject, methodsCache );
                                           
        return method;
    
public static voiddoAsPrivilege(java.lang.String methodName, javax.servlet.Servlet targetObject)
Perform work as a particular Subject. Here the work will be granted to a null subject.

param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.

    
    
    
                                              
          
                                         
         doAsPrivilege(methodName, targetObject, null, null, null);                                
    
public static voiddoAsPrivilege(java.lang.String methodName, javax.servlet.Servlet targetObject, java.lang.Class[] targetType, java.lang.Object[] targetArguments)
Perform work as a particular Subject. Here the work will be granted to a null subject.

param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetType Class array used to instanciate a i Method object.
param
targetArguments Object array contains the runtime parameters instance.

    

         doAsPrivilege(methodName, 
                       targetObject, 
                       targetType, 
                       targetArguments, 
                       null);                                
    
public static voiddoAsPrivilege(java.lang.String methodName, javax.servlet.Servlet targetObject, java.lang.Class[] targetType, java.lang.Object[] targetArguments, java.security.Principal principal)
Perform work as a particular Subject. Here the work will be granted to a null subject.

param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetType Class array used to instanciate a Method object.
param
targetArguments Object array contains the runtime parameters instance.
param
principal the Principal to which the security privilege apply..


        Method method = null;
        Method[] methodsCache = null;
        if(objectCache.containsKey(targetObject)){
            methodsCache = (Method[])objectCache.get(targetObject);
            method = findMethod(methodsCache, methodName);
            if (method == null){
                method = createMethodAndCacheIt(methodsCache,
                                                methodName,
                                                targetObject,
                                                targetType);
            }
        } else {
            method = createMethodAndCacheIt(methodsCache,
                                            methodName,
                                            targetObject,
                                            targetType);                     
        }

        execute(method, targetObject, targetArguments, principal);
    
public static voiddoAsPrivilege(java.lang.String methodName, javax.servlet.Filter targetObject)
Perform work as a particular Subject. Here the work will be granted to a null subject.

param
methodName the method to apply the security restriction
param
targetObject the Filter on which the method will be called.


         doAsPrivilege(methodName, targetObject, null, null);                                
    
public static voiddoAsPrivilege(java.lang.String methodName, javax.servlet.Filter targetObject, java.lang.Class[] targetType, java.lang.Object[] targetArguments)
Perform work as a particular Subject. Here the work will be granted to a null subject.

param
methodName the method to apply the security restriction
param
targetObject the Filter on which the method will be called.
param
targetType Class array used to instanciate a Method object.
param
targetArguments Object array contains the runtime parameters instance.

        Method method = null;

        Method[] methodsCache = null;
        if(objectCache.containsKey(targetObject)){
            methodsCache = (Method[])objectCache.get(targetObject);
            method = findMethod(methodsCache, methodName);
            if (method == null){
                method = createMethodAndCacheIt(methodsCache,
                                                methodName,
                                                targetObject,
                                                targetType);
            }
        } else {
            method = createMethodAndCacheIt(methodsCache,
                                            methodName,
                                            targetObject,
                                            targetType);                     
        }

        execute(method, targetObject, targetArguments, null);
    
private static voidexecute(java.lang.reflect.Method method, java.lang.Object targetObject, java.lang.Object[] targetArguments, java.security.Principal principal)
Perform work as a particular Subject. Here the work will be granted to a null subject.

param
methodName the method to apply the security restriction
param
targetObject the Servlet on which the method will be called.
param
targetArguments Object array contains the runtime parameters instance.
param
principal the Principal to which the security privilege applies

       
        try{   
            Subject subject = null;
            PrivilegedExceptionAction pea = new PrivilegedExceptionAction(){
                    public Object run() throws Exception{
                       method.invoke(targetObject, targetArguments);
                       return null;
                    }
            };

            // The first argument is always the request object
            if (targetArguments != null 
                    && targetArguments[0] instanceof HttpServletRequest){
                HttpServletRequest request = 
                    (HttpServletRequest)targetArguments[0];

                boolean hasSubject = false;
                HttpSession session = request.getSession(false);
                if (session != null){
                    subject = 
                        (Subject)session.getAttribute(Globals.SUBJECT_ATTR);
                    hasSubject = (subject != null);
                }

                if (subject == null){
                    subject = new Subject();
                    
                    if (principal != null){
                        subject.getPrincipals().add(principal);
                    }
                }

                if (session != null && !hasSubject) {
                    session.setAttribute(Globals.SUBJECT_ATTR, subject);
                }
            }

            Subject.doAsPrivileged(subject, pea, null);       
       } catch( PrivilegedActionException pe) {
            Throwable e = ((InvocationTargetException)pe.getException())
                                .getTargetException();
            
            if (log.isDebugEnabled()){
                log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e); 
            }
            
            if (e instanceof UnavailableException)
                throw (UnavailableException) e;
            else if (e instanceof ServletException)
                throw (ServletException) e;
            else if (e instanceof IOException)
                throw (IOException) e;
            else if (e instanceof RuntimeException)
                throw (RuntimeException) e;
            else
                throw new ServletException(e.getMessage(), e);
        }  
    
private static java.lang.reflect.MethodfindMethod(java.lang.reflect.Method[] methodsCache, java.lang.String methodName)
Find a method stored within the cache.

param
methodsCache the cache used to store method instance
param
methodName the method to apply the security restriction
return
the method instance, null if not yet created.

        if (methodName.equalsIgnoreCase(INIT_METHOD) 
                && methodsCache[INIT] != null){
            return methodsCache[INIT];
        } else if (methodName.equalsIgnoreCase(DESTROY_METHOD) 
                && methodsCache[DESTROY] != null){
            return methodsCache[DESTROY];            
        } else if (methodName.equalsIgnoreCase(SERVICE_METHOD) 
                && methodsCache[SERVICE] != null){
            return methodsCache[SERVICE];
        } else if (methodName.equalsIgnoreCase(DOFILTER_METHOD) 
                && methodsCache[DOFILTER] != null){
            return methodsCache[DOFILTER];          
        } 
        return null;
    
public static booleanisPackageProtectionEnabled()
Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.

        if (packageDefinitionEnabled && Globals.IS_SECURITY_ENABLED){
            return true;
        }
        return false;
    
public static voidremove(java.lang.Object cachedObject)
Remove the object from the cache.

param
cachedObject The object to remove

        objectCache.remove(cachedObject);