1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.web.tomcat.security;
23
24 import java.io.IOException;
25 import java.security.CodeSource;
26 import java.util.Map;
27 import java.util.Set;
28
29 import javax.security.jacc.PolicyContext;
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServletRequest;
32
33 import org.apache.catalina.connector.Request;
34 import org.apache.catalina.connector.Response;
35 import org.apache.catalina.valves.ValveBase;
36 import org.jboss.logging.Logger;
37 import org.jboss.metadata.web.jboss.JBossWebMetaData;
38 import org.jboss.security.SecurityRolesAssociation;
39
40 /**
41 * A Valve that sets the JACC context id and HttpServletRequest policy
42 * context handler value. The context id needs to be established prior to
43 * any authorization valves.
44 *
45 * @author Scott.Stark@jboss.org
46 * @author Anil.Saldhana@redhat.com
47 * @version $Revision: 67051 $
48 */
49 public class JaccContextValve extends ValveBase
50 {
51 private static Logger log = Logger.getLogger(JaccContextValve.class);
52 public static ThreadLocal<CodeSource> activeCS = new ThreadLocal<CodeSource>();
53
54 /** The web app metadata */
55 private String contextID;
56 /** The web app deployment code source */
57 private CodeSource warCS;
58 private JBossWebMetaData metaData;
59 private boolean trace;
60
61 public JaccContextValve(JBossWebMetaData wmd, CodeSource cs)
62 {
63 this.metaData = wmd;
64 this.contextID = metaData.getJaccContextID();
65 this.warCS = cs;
66 this.trace = log.isTraceEnabled();
67 }
68
69 public void invoke(Request request, Response response)
70 throws IOException, ServletException
71 {
72 activeCS.set(warCS);
73 HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest();
74
75 //Set the customized rolename-principalset mapping in jboss-app.xml
76 Map<String, Set<String>> principalToRoleSetMap = metaData.getPrincipalVersusRolesMap();
77 SecurityRolesAssociation.setSecurityRoles(principalToRoleSetMap);
78 if(trace)
79 log.trace("MetaData:"+metaData+":principalToRoleSetMap"+principalToRoleSetMap);
80
81 try
82 {
83 // Set the JACC context id
84 PolicyContext.setContextID(contextID);
85 // Set the JACC HttpServletRequest PolicyContextHandler data
86 HttpServletRequestPolicyContextHandler.setRequest(httpRequest);
87 if(SecurityAssociationValve.activeRequest.get() == null)
88 SecurityAssociationValve.activeRequest.set(request);
89 // Perform the request
90 getNext().invoke(request, response);
91 }
92 finally
93 {
94 SecurityAssociationValve.activeRequest.set(null);
95 SecurityAssociationActions.clear();
96 activeCS.set(null);
97 SecurityRolesAssociation.setSecurityRoles(null);
98 HttpServletRequestPolicyContextHandler.setRequest(null);
99 }
100 }
101 }
Save This Page