1 /*
2 * JBoss, Home of Professional Open Source.
3 * Copyright 2008, Red Hat Middleware LLC, and individual contributors
4 * as indicated by the @author tags. See the copyright.txt file in the
5 * distribution for a full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.web.tomcat.security;
23
24 import java.io.IOException;
25 import java.security.CodeSource;
26 import java.util.Map;
27 import java.util.Set;
28
29 import javax.security.jacc.PolicyContext;
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServletRequest;
32
33 import org.apache.catalina.connector.Request;
34 import org.apache.catalina.connector.Response;
35 import org.apache.catalina.valves.ValveBase;
36 import org.jboss.logging.Logger;
37 import org.jboss.metadata.web.jboss.JBossWebMetaData;
38 import org.jboss.security.SecurityRolesAssociation;
39 import org.jboss.servlet.http.HttpEvent;
40
41 /**
42 * A Valve that sets the JACC context id and HttpServletRequest policy
43 * context handler value. The context id needs to be established prior to
44 * any authorization valves.
45 *
46 * @author Scott.Stark@jboss.org
47 * @author Anil.Saldhana@redhat.com
48 * @version $Revision: 81037 $
49 */
50 public class JaccContextValve extends ValveBase
51 {
52 private static Logger log = Logger.getLogger(JaccContextValve.class);
53 public static ThreadLocal<CodeSource> activeCS = new ThreadLocal<CodeSource>();
54
55 /** The web app metadata */
56 private String contextID;
57 /** The web app deployment code source */
58 private CodeSource warCS;
59 private JBossWebMetaData metaData;
60 private boolean trace;
61
62 public JaccContextValve(JBossWebMetaData wmd, CodeSource cs)
63 {
64 this.metaData = wmd;
65 this.contextID = metaData.getJaccContextID();
66 this.warCS = cs;
67 this.trace = log.isTraceEnabled();
68 }
69
70 public void invoke(Request request, Response response)
71 throws IOException, ServletException
72 {
73 SecurityAssociationValve.activeWebMetaData.set(metaData);
74 activeCS.set(warCS);
75 HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest();
76
77 //Set the customized rolename-principalset mapping in jboss-app.xml
78 Map<String, Set<String>> principalToRoleSetMap = metaData.getPrincipalVersusRolesMap();
79 SecurityRolesAssociation.setSecurityRoles(principalToRoleSetMap);
80 if(trace)
81 log.trace("MetaData:"+metaData+":principalToRoleSetMap"+principalToRoleSetMap);
82
83 try
84 {
85 // Set the JACC context id
86 PolicyContext.setContextID(contextID);
87 // Set the JACC HttpServletRequest PolicyContextHandler data
88 HttpServletRequestPolicyContextHandler.setRequest(httpRequest);
89 if(SecurityAssociationValve.activeRequest.get() == null)
90 SecurityAssociationValve.activeRequest.set(request);
91 // Perform the request
92 getNext().invoke(request, response);
93 }
94 finally
95 {
96 SecurityAssociationValve.activeWebMetaData.set(null);
97 SecurityAssociationValve.activeRequest.set(null);
98 SecurityAssociationActions.clear();
99 activeCS.set(null);
100 SecurityRolesAssociation.setSecurityRoles(null);
101 HttpServletRequestPolicyContextHandler.setRequest(null);
102 }
103 }
104
105 public void event(Request request, Response response, HttpEvent event)
106 throws IOException, ServletException
107 {
108 SecurityAssociationValve.activeWebMetaData.set(metaData);
109 activeCS.set(warCS);
110 HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest();
111
112 //Set the customized rolename-principalset mapping in jboss-app.xml
113 Map<String, Set<String>> principalToRoleSetMap = metaData.getPrincipalVersusRolesMap();
114 SecurityRolesAssociation.setSecurityRoles(principalToRoleSetMap);
115 if(trace)
116 log.trace("MetaData:"+metaData+":principalToRoleSetMap"+principalToRoleSetMap);
117
118 try
119 {
120 // Set the JACC context id
121 PolicyContext.setContextID(contextID);
122 // Set the JACC HttpServletRequest PolicyContextHandler data
123 HttpServletRequestPolicyContextHandler.setRequest(httpRequest);
124 if(SecurityAssociationValve.activeRequest.get() == null)
125 SecurityAssociationValve.activeRequest.set(request);
126 // Perform the request
127 getNext().event(request, response, event);
128 }
129 finally
130 {
131 SecurityAssociationValve.activeWebMetaData.set(null);
132 SecurityAssociationValve.activeRequest.set(null);
133 SecurityAssociationActions.clear();
134 activeCS.set(null);
135 SecurityRolesAssociation.setSecurityRoles(null);
136 HttpServletRequestPolicyContextHandler.setRequest(null);
137 }
138 }
139
140 }
Save This Page