portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wea...@apache.org
Subject cvs commit: jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl AbstractSecurityValve.java SecurityValveImpl.java
Date Tue, 30 Nov 2004 20:22:21 GMT
weaver      2004/11/30 12:22:21

  Modified:    portal/src/java/org/apache/jetspeed/security/impl
                        SecurityValveImpl.java
  Added:       portal/src/java/org/apache/jetspeed/security/impl
                        AbstractSecurityValve.java
  Log:
  Made the SecurityValve more extensible by creating an abstract class that takes care of
invoking doPrivileged while requiring
  concrete subclasses to implement logic for retrieving both the principal and the subject.
  
  Revision  Changes    Path
  1.12      +71 -88    jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
  
  Index: SecurityValveImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- SecurityValveImpl.java	29 Nov 2004 19:14:45 -0000	1.11
  +++ SecurityValveImpl.java	30 Nov 2004 20:22:21 -0000	1.12
  @@ -16,7 +16,6 @@
   package org.apache.jetspeed.security.impl;
   
   import java.security.Principal;
  -import java.security.PrivilegedAction;
   import java.util.HashSet;
   import java.util.Set;
   
  @@ -25,10 +24,7 @@
   
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
  -import org.apache.jetspeed.PortalReservedParameters;
  -import org.apache.jetspeed.pipeline.PipelineException;
  -import org.apache.jetspeed.pipeline.valve.AbstractValve;
  -import org.apache.jetspeed.pipeline.valve.ValveContext;
  +import org.apache.jetspeed.pipeline.valve.SecurityValve;
   import org.apache.jetspeed.profiler.Profiler;
   import org.apache.jetspeed.request.RequestContext;
   import org.apache.jetspeed.security.SecurityException;
  @@ -41,9 +37,11 @@
    * SecurityValve
    * 
    * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
  + * @author <a href="mailto:rwatler@finali.com">Randy Walter </a>
  + * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
    * @version $Id$
    */
  -public class SecurityValveImpl extends AbstractValve implements org.apache.jetspeed.pipeline.valve.SecurityValve
  +public class SecurityValveImpl extends AbstractSecurityValve implements SecurityValve
   {
       private static final Log log = LogFactory.getLog(SecurityValveImpl.class);
       private Profiler profiler;
  @@ -55,101 +53,86 @@
           this.userMgr = userMgr;
       }
   
  +    public String toString()
  +    {
  +        return "SecurityValve";
  +    }
  +    
       /**
  -     * @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext,
  -     *          org.apache.jetspeed.pipeline.valve.ValveContext)
  +     * 
  +     * <p>
  +     * getSubject
  +     * </p>
  +     * Check for previously established session subject and
  +     * invalidate if subject and current user principals do
  +     * not match
  +     * @param request
  +     * @return 
        */
  -public void invoke(RequestContext request, ValveContext context) throws PipelineException
  +    protected final Subject getSubject(RequestContext request)
       {
  -
  -            // initialize/validate security subject
  -
  -            // access request user principal if defined or default
  -            // to profiler anonymous user
  -            Principal userPrincipal = request.getRequest().getUserPrincipal();
  -            if (userPrincipal == null)
  +        HttpSession session = request.getRequest().getSession();
  +        Principal userPrincipal = getUserPrincipal(request);
  +        
  +        Subject subject = getSubjectFromSession(request);
  +        if (subject != null)
  +        {
  +            Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
  +            if ((subjectUserPrincipal == null) || !subjectUserPrincipal.getName().equals(getUserPrincipal(request).getName()))
               {
  -                userPrincipal = new UserPrincipalImpl(userMgr.getAnonymousUser());
  +                subject = null;
               }
  -
  -            // check for previously established session subject and
  -            // invalidate if subject and current user principals do
  -            // not match
  -            HttpSession session = request.getRequest().getSession();
  -            Subject subject = (Subject) session.getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
  -            if (subject != null)
  +        }
  +        
  +        // create new session subject for user principal if required
  +        if (subject == null)
  +        {
  +            // attempt to get complete subject for user principal
  +            // from user manager
  +            try
               {
  -                Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
  -                if ((subjectUserPrincipal == null) || !subjectUserPrincipal.getName().equals(userPrincipal.getName()))
  -                {
  -                    subject = null;
  -                }
  -            }
  -
  -            // create new session subject for user principal if required
  -            if (subject == null)
  -            {
  -                // attempt to get complete subject for user principal
  -                // from user manager
  -                try
  -                {
  -                    User user = userMgr.getUser(userPrincipal.getName());
  -                    if ( user != null )
  -                    {
  -                        subject = user.getSubject();
  -                    }
  -                }
  -                catch (SecurityException sex)
  +                User user = userMgr.getUser(userPrincipal.getName());
  +                if ( user != null )
                   {
  -                    subject = null;
  +                    subject = user.getSubject();
                   }
  -           
  -                
  -                // if subject not available, generate default subject using
  -                // request or default profiler anonymous user principal
  -                if (subject == null)
  -                {
  -                    Set principals = new HashSet();
  -                    principals.add(userPrincipal);
  -                    subject = new Subject(true, principals, new HashSet(), new HashSet());
  -                }
  -
  -                // establish session subject
  -                session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
               }
  -
  -            // set request context subject
  -            request.setSubject(subject);
  -            
  -            // Pass control to the next Valve in the Pipeline and execute under
  -            // the current subject
  -            final ValveContext vc = context;
  -            final RequestContext rc = request;            
  -            PipelineException pe = (PipelineException) Subject.doAsPrivileged(subject,
new PrivilegedAction()
  +            catch (SecurityException sex)
               {
  -                public Object run() 
  -                {
  -                     try
  -                    {
  -                        vc.invokeNext(rc);                 
  -                        return null;
  -                    }
  -                    catch (PipelineException e)
  -                    {
  -                        return e;
  -                    }                    
  -                }
  -            }, null);
  +                subject = null;
  +            }       
               
  -            if(pe != null)
  +            // if subject not available, generate default subject using
  +            // request or default profiler anonymous user principal
  +            if (subject == null)
               {
  -                throw pe;
  -            }       
  -
  +                Set principals = new HashSet();
  +                principals.add(userPrincipal);
  +                subject = new Subject(true, principals, new HashSet(), new HashSet());
  +            }           
  +        }
  +        
  +        return subject;
       }
  -    public String toString()
  +    
  +    /**
  +     * 
  +     * <p>
  +     * getUserPrincipal
  +     * </p>
  +     * Aaccess request user principal if defined or default
  +     * to profiler anonymous user
  +     * @param request
  +     * @return
  +     */
  +    protected final Principal getUserPrincipal(RequestContext request)
       {
  -        return "SecurityValve";
  +        Principal userPrincipal = request.getRequest().getUserPrincipal();
  +        if (userPrincipal == null)
  +        {
  +            userPrincipal = new UserPrincipalImpl(userMgr.getAnonymousUser());
  +        }
  +        return userPrincipal;
       }
   
   }
  
  
  
  1.1                  jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
  
  Index: AbstractSecurityValve.java
  ===================================================================
  /*
   * Created on Nov 30, 2004
   *
   * TODO To change the template for this generated file go to
   * Window - Preferences - Java - Code Generation - Code and Comments
   */
  package org.apache.jetspeed.security.impl;
  
  import java.security.Principal;
  import java.security.PrivilegedAction;
  
  import javax.security.auth.Subject;
  
  import org.apache.jetspeed.PortalReservedParameters;
  import org.apache.jetspeed.pipeline.PipelineException;
  import org.apache.jetspeed.pipeline.valve.AbstractValve;
  import org.apache.jetspeed.pipeline.valve.SecurityValve;
  import org.apache.jetspeed.pipeline.valve.ValveContext;
  import org.apache.jetspeed.request.RequestContext;
  
  /**
   * <p>
   * AbstractSecurityValve
   * </p>
   * <p>
   *
   * </p>
   * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
   * @version $Id: AbstractSecurityValve.java,v 1.1 2004/11/30 20:22:21 weaver Exp $
   *
   */
  public abstract class AbstractSecurityValve extends AbstractValve implements SecurityValve
  {
      /**
       * 
       * <p>
       * getSubject
       * </p>
       *  Should build and return a <code>javax.security.Subject</code>
       * @param request
       * @return Subject
       */
      protected abstract Subject getSubject(RequestContext request);
      
      /**
       * 
       * <p>
       * getUserPrincipal
       * </p>
       * Should build and return a <code>java.security.Principal</code> that represents
the user name
       * the Subject returned from <code>getSubject()</code> 
       * @param request
       * @return Principal
       */
      protected abstract Principal getUserPrincipal(RequestContext request);
      
      /**
       * 
       * <p>
       * getSubjectFromSession
       * </p>
       * 
       * @param request
       * @return javax.security.Subject or <code>null</code> if there is no servlet
session attribute defined
       * for the key <code>org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT</code>.
       */
      protected final Subject getSubjectFromSession(RequestContext request)
      {
          return (Subject) request.getRequest().getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
      }
  
      /**
       * <p>
       * invoke
       * </p>
       * 
       * <p>
       * Uses <code>getSubject()</code> to call <code>ValveContext.invokeNext()</code>
via 
       * <code>Subject.doAsPrivileged()</code>.  This method also takes care of
setting the value of
       * the <code>RequestContext.subject</code> property and the session attribute

       * <code>org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT</code>
       * </p>
       *
       * @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext,
org.apache.jetspeed.pipeline.valve.ValveContext)
       * @param request
       * @param context
       * @throws PipelineException if the is an error encountered during any security operations.
       */
      public void invoke( RequestContext request, ValveContext context ) throws PipelineException
      {
              // initialize/validate security subject
              Subject subject = getSubject(request);
      
              request.getRequest().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);
              // set request context subject
              request.setSubject(subject);
              
              // Pass control to the next Valve in the Pipeline and execute under
              // the current subject
              final ValveContext vc = context;
              final RequestContext rc = request;            
              PipelineException pe = (PipelineException) Subject.doAsPrivileged(subject, new
PrivilegedAction()
              {
                  public Object run() 
                  {
                       try
                      {
                          vc.invokeNext(rc);                 
                          return null;
                      }
                      catch (PipelineException e)
                      {
                          return e;
                      }                    
                  }
              }, null);
              
              if(pe != null)
              {
                  throw pe;
              }       
      
      }
  }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message