org.jboss.security.jndi: public class: JndiLoginInitialContextFactory

org.jboss.security.jndi
public class: JndiLoginInitialContextFactory [javadoc | source]

java.lang.Object
   org.jnp.interfaces.NamingContextFactory
      org.jboss.naming.NamingContextFactory
         org.jboss.security.jndi.JndiLoginInitialContextFactory

A naming provider InitialContextFactory implementation that combines the authentication phase with the InitialContext creation. During the getInitialContext callback from the JNDI naming, layer security context identity is populated with the username obtained from the Context.SECURITY_PRINCIPAL env property and the credentials from the Context.SECURITY_CREDENTIALS env property. There is no actual authentication of this information. It is merely made available to the jboss transport layer for incorporation into subsequent invocations. Authentication and authorization will occur on the server.

Also see:

javax.naming.spi.InitialContextFactory

author: Scott.Stark - @jboss.org

version: $ - Revision: 37459 $

Nested Class Summary:
public static class	JndiLoginInitialContextFactory.ContextProxy

Fields inherited from org.jboss.naming.NamingContextFactory:
lastInitialContextEnv

Method from org.jboss.security.jndi.JndiLoginInitialContextFactory Summary:
getInitialContext

Methods from org.jboss.naming.NamingContextFactory:
getInitialContext

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.jboss.security.jndi.JndiLoginInitialContextFactory Detail:
public Context getInitialContext(Hashtable env) throws NamingException { // Get the login principal and credentials from the JNDI env Object credentials = env.get(Context.SECURITY_CREDENTIALS); Object principal = env.get(Context.SECURITY_PRINCIPAL); Principal securityPrincipal = null; /** Flag indicating if the SecurityAssociation existing at login should be restored on logout. / String flag = (String) env.get("jnp.multi-threaded"); if (Boolean.valueOf(flag).booleanValue() == true) { / Turn on the server mode which uses thread local storage for the principal information. */ SecurityAssociationActions.setServer(); } boolean restoreLoginIdentity = false; flag = (String) env.get("jnp.restoreLoginIdentity"); if( flag != null ) restoreLoginIdentity = Boolean.parseBoolean(flag); // See if the principal is a Principal or String if( principal instanceof Principal ) { securityPrincipal = (Principal) principal; } else { // Simply convert this to a name using toString String username = principal.toString(); securityPrincipal = new SimplePrincipal(username); } // Associate this security context if( restoreLoginIdentity ) { SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials, null); } else { SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials); } // Now return the context using the standard jnp naming context factory Context iniCtx = super.getInitialContext(env); if( restoreLoginIdentity ) { // Use a proxy to pop the stack when the context is closed ClassLoader loader = SecurityAssociationActions.getContextClassLoader(); ContextProxy handler = new ContextProxy(iniCtx); Class[] ifaces = {Context.class}; iniCtx = (Context) Proxy.newProxyInstance(loader, ifaces, handler); } return iniCtx; } Take the env Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS and propagate these to the SecurityAssociation principal and credential. If Context.SECURITY_PRINCIPAL is a java.security.Principal then it is used as is, otherwise its treated as a name using toString and a SimplePrincipal is created. The Context.SECURITY_CREDENTIALS is passed as is.

Method from org.jboss.security.jndi.JndiLoginInitialContextFactory Detail:

 public Context getInitialContext(Hashtable env) throws NamingException {
      // Get the login principal and credentials from the JNDI env
      Object credentials = env.get(Context.SECURITY_CREDENTIALS);
      Object principal = env.get(Context.SECURITY_PRINCIPAL);
      Principal securityPrincipal = null;
      /** Flag indicating if the SecurityAssociation existing at login should
      be restored on logout.
      */
      String flag = (String) env.get("jnp.multi-threaded");
      if (Boolean.valueOf(flag).booleanValue() == true)
      {
         /* Turn on the server mode which uses thread local storage for
            the principal information.
         */
         SecurityAssociationActions.setServer();
      }
      boolean restoreLoginIdentity = false;
      flag = (String) env.get("jnp.restoreLoginIdentity");
      if( flag != null )
         restoreLoginIdentity = Boolean.parseBoolean(flag);
      // See if the principal is a Principal or String
      if( principal instanceof Principal )
      {
         securityPrincipal = (Principal) principal; 
      }
      else
      {
         // Simply convert this to a name using toString
         String username = principal.toString();
         securityPrincipal = new SimplePrincipal(username);
      }
      // Associate this security context
      if( restoreLoginIdentity )
      {
         SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials, null);
      }
      else
      {
         SecurityAssociationActions.setPrincipalInfo(securityPrincipal, credentials);
      }
      // Now return the context using the standard jnp naming context factory
      Context iniCtx = super.getInitialContext(env);
      if( restoreLoginIdentity )
      {
         // Use a proxy to pop the stack when the context is closed
         ClassLoader loader = SecurityAssociationActions.getContextClassLoader();
         ContextProxy handler = new ContextProxy(iniCtx);
         Class[] ifaces = {Context.class};
         iniCtx = (Context) Proxy.newProxyInstance(loader, ifaces, handler);
      }
      return iniCtx;
}

Take the env Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS and propagate these to the SecurityAssociation principal and credential. If Context.SECURITY_PRINCIPAL is a java.security.Principal then it is used as is, otherwise its treated as a name using toString and a SimplePrincipal is created. The Context.SECURITY_CREDENTIALS is passed as is.