org.jboss.mq.security: public class: SecurityManager

org.jboss.mq.security
public class: SecurityManager [javadoc | source]

java.lang.Object
   org.jboss.mx.util.JBossNotificationBroadcasterSupport
      org.jboss.system.ServiceMBeanSupport
         org.jboss.mq.server.jmx.InterceptorMBeanSupport
            org.jboss.mq.security.SecurityManager

All Implemented Interfaces:
SecurityManagerMBean, InterceptorMBean, KernelControllerContextAware, ServiceMBean, MBeanRegistration, NotificationEmitter

A JAAS based security manager for JBossMQ.

author: Peter - Antman

author: Scott.Stark - @jboss.org

version: $ - Revision: 37459 $

Nested Class Summary:
class	SecurityManager.SubjectInfo	Cached info on subject, to speed lookups.

Field Summary
Context	securityCtx
HashMap	authCache
HashMap	securityConf
ServerSecurityInterceptor	interceptor
SubjectSecurityManager	sec
SessionIDGenerator	idGenerator
Element	defaultSecurityConfig
String	securityDomain

Fields inherited from org.jboss.system.ServiceMBeanSupport:
SERVICE_CONTROLLER_SIG, log, server, serviceName

Method from org.jboss.mq.security.SecurityManager Summary:
addDestination, addDestination, authenticate, authorize, getDefaultSecurityConfig, getInterceptor, getInvoker, getObjectName, getSecurityDomain, getSecurityMetadata, logout, printAuthCache, removeDestination, setDefaultSecurityConfig, setSecurityDomain, startService, stopService

Methods from org.jboss.mq.server.jmx.InterceptorMBeanSupport:
getNextInterceptor, setNextInterceptor, startService

Methods from org.jboss.system.ServiceMBeanSupport:
create, createService, destroy, destroyService, getDeploymentInfo, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, pojoChange, pojoCreate, pojoDestroy, pojoStart, pojoStop, postDeregister, postRegister, preDeregister, preRegister, setKernelControllerContext, start, startService, stop, stopService, unsetKernelControllerContext

Methods from org.jboss.system.ServiceMBeanSupport:

create, createService, destroy, destroyService, getDeploymentInfo, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, pojoChange, pojoCreate, pojoDestroy, pojoStart, pojoStop, postDeregister, postRegister, preDeregister, preRegister, setKernelControllerContext, start, startService, stop, stopService, unsetKernelControllerContext

Methods from org.jboss.mx.util.JBossNotificationBroadcasterSupport:
addNotificationListener, getNotificationInfo, handleNotification, nextNotificationSequenceNumber, removeNotificationListener, removeNotificationListener, sendNotification

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.jboss.mq.security.SecurityManager Detail:
public void addDestination(String destName, Element conf) throws Exception { SecurityMetadata m = new SecurityMetadata(conf); securityConf.put(destName, m); }
public void addDestination(String destName, String conf) throws Exception { SecurityMetadata m = new SecurityMetadata(conf); securityConf.put(destName, m); }
public String authenticate(String user, String password) throws JMSException { /* try { o = securityCtx.lookup("securityMgr"); }catch(NamingException ex) { throw new JMSException("Could not get a security context"); } */ boolean trace = log.isTraceEnabled(); SimplePrincipal principal = new SimplePrincipal(user); char[] passwordChars = null; if (password != null) passwordChars = password.toCharArray(); Subject subject = new Subject(); if (sec.isValid(principal, passwordChars, subject)) { if (trace) log.trace("Username: " + user + " is authenticated"); String sessionId = generateId(subject); addId(sessionId, subject, principal); // Should we log it out since we do not use manager any more? return sessionId; } else { if (trace) log.trace("User: " + user + " is NOT authenticated"); throw new JMSSecurityException("User: " + user + " is NOT authenticated"); } }
public boolean authorize(ConnectionToken token, Set rolePrincipals) throws JMSException { //Unfortunately we can not reliably use the securityManager and its // subject, since can not guarantee that every connection is // connected to a unique thread. // For now we implement the RealmMapping our self boolean trace = log.isTraceEnabled(); boolean hasRole = false; SubjectInfo info = (SubjectInfo) authCache.get(token.getSessionId()); if (info == null) throw new JMSSecurityException("User session is not valid"); if (trace) log.trace( "Checking authorize on subjectInfo: " + info.toString() + " for rolePrincipals " + rolePrincipals.toString()); Group group = info.roles; if (group != null) { Iterator iter = rolePrincipals.iterator(); while (hasRole == false && iter.hasNext()) { Principal role = (Principal) iter.next(); hasRole = group.isMember(role); } } return hasRole; }
public Element getDefaultSecurityConfig() { return defaultSecurityConfig; }
public JMSServerInterceptor getInterceptor() { return interceptor; }
public JMSServerInterceptor getInvoker() { return interceptor; }
protected ObjectName getObjectName(MBeanServer server, ObjectName name) throws MalformedObjectNameException { this.name = name == null ? OBJECT_NAME : name; return this.name; }
public String getSecurityDomain() { return securityDomain; }
public SecurityMetadata getSecurityMetadata(String destName) { SecurityMetadata m = (SecurityMetadata) securityConf.get(destName); if (m == null) { // No SecurityManager was configured for the dest, // Apply the default if (defaultSecurityConfig != null) { log.debug("No SecurityMetadadata was available for " + destName + " using default security config"); try { m = new SecurityMetadata(defaultSecurityConfig); } catch (Exception e) { log.warn("Unable to apply default security for destName, using guest " + destName, e); m = new SecurityMetadata(); } } else { // default to guest log.warn("No SecurityMetadadata was available for " + destName + " adding guest"); m = new SecurityMetadata(); } securityConf.put(destName, m); } return m; }
public void logout(ConnectionToken token) { if (token == null) return; // Not much we can do // FIXME - how do we clear the thread local in security manager? removeId(token.getSessionId()); }
public String printAuthCache() { return authCache.toString(); }
public void removeDestination(String destName) throws Exception { securityConf.remove(destName); }
public void setDefaultSecurityConfig(Element conf) throws Exception { defaultSecurityConfig = conf; // Force a parse new SecurityMetadata(conf); }
public void setSecurityDomain(String securityDomain) { this.securityDomain = securityDomain; }
public void startService() throws Exception { // Get the JBoss security manager from JNDI InitialContext iniCtx = new InitialContext(); try { sec = (SubjectSecurityManager) iniCtx.lookup(securityDomain); } catch (NamingException e) { // Apparently there is no security context, try adding java:/jaas log.debug("Failed to lookup securityDomain=" + securityDomain, e); if (securityDomain.startsWith("java:/jaas/") == false) sec = (SubjectSecurityManager) iniCtx.lookup("java:/jaas/" + securityDomain); else throw e; } interceptor = new ServerSecurityInterceptor(this); idGenerator = new SessionIDGenerator(); super.startService(); }
public void stopService() throws Exception { // Anything to do here? }