1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.proxy;
23
24 import java.security.Principal;
25
26 import org.jboss.invocation.Invocation;
27 import org.jboss.invocation.InvocationKey;
28 import org.jboss.security.RunAs;
29 import org.jboss.security.SecurityContext;
30
31 /**
32 * The client-side proxy for an EJB Home object.
33 *
34 * @author <a href="mailto:marc.fleury@jboss.org">Marc Fleury</a>
35 * @author Anil.Saldhana@redhat.com
36 * @version $Revision: 69871 $
37 */
38 public class SecurityInterceptor
39 extends Interceptor
40 {
41 /** Serial Version Identifier. @since 1.4.2.1 */
42 private static final long serialVersionUID = -4206940878404525061L;
43
44 /**
45 * No-argument constructor for externalization.
46 */
47 public SecurityInterceptor()
48 {
49 }
50
51 // Public --------------------------------------------------------
52
53 public Object invoke(Invocation invocation)
54 throws Throwable
55 {
56 // Get Principal and credentials
57 SecurityActions sa = SecurityActions.UTIL.getSecurityActions();
58
59 Principal principal = sa.getPrincipal();
60 if (principal != null)
61 {
62 invocation.setPrincipal(principal);
63 }
64
65 Object credential = sa.getCredential();
66 if (credential != null)
67 {
68 invocation.setCredential(credential);
69 }
70
71 SecurityContext sc = sa.getSecurityContext();
72 RunAs callerRAI = sa.getCallerRunAsIdentity();
73 SecurityContext newSc = createSecurityContext(invocation);
74 //Push the caller run-as identity onto the security context
75 if(callerRAI != null)
76 {
77 newSc.setOutgoingRunAs(callerRAI);
78 newSc.setIncomingRunAs(callerRAI);
79 }
80 /**
81 * Push the security context on the invocation
82 */
83 invocation.setSecurityContext(newSc);
84
85 try
86 {
87 return getNext().invoke(invocation);
88 }
89 finally
90 {
91 if(sc != null)
92 sa.setSecurityContext(sc);
93 }
94 }
95
96 /**
97 * Return loaded Security Context to be passed on the invocation
98 * @param invocation invocation instance
99 * @return
100 */
101 private SecurityContext createSecurityContext(Invocation invocation) throws Exception
102 {
103 SecurityActions sa = SecurityActions.UTIL.getSecurityActions();
104
105 //There may be principal set on the invocation
106 Principal p = invocation.getPrincipal();
107 Object cred = invocation.getCredential();
108
109 //Create a new SecurityContext
110 String domain = (String) invocation.getInvocationContext().getValue(InvocationKey.SECURITY_DOMAIN);
111 if(domain == null)
112 domain = "CLIENT_PROXY";
113 return sa.createSecurityContext(p,cred, domain);
114 }
115 }
Save This Page