You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by we...@apache.org on 2004/11/30 21:22:21 UTC
cvs commit: jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl AbstractSecurityValve.java SecurityValveImpl.java
weaver 2004/11/30 12:22:21
Modified: portal/src/java/org/apache/jetspeed/security/impl
SecurityValveImpl.java
Added: portal/src/java/org/apache/jetspeed/security/impl
AbstractSecurityValve.java
Log:
Made the SecurityValve more extensible by creating an abstract class that takes care of invoking doPrivileged while requiring
concrete subclasses to implement logic for retrieving both the principal and the subject.
Revision Changes Path
1.12 +71 -88 jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
Index: SecurityValveImpl.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- SecurityValveImpl.java 29 Nov 2004 19:14:45 -0000 1.11
+++ SecurityValveImpl.java 30 Nov 2004 20:22:21 -0000 1.12
@@ -16,7 +16,6 @@
package org.apache.jetspeed.security.impl;
import java.security.Principal;
-import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;
@@ -25,10 +24,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.PortalReservedParameters;
-import org.apache.jetspeed.pipeline.PipelineException;
-import org.apache.jetspeed.pipeline.valve.AbstractValve;
-import org.apache.jetspeed.pipeline.valve.ValveContext;
+import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.profiler.Profiler;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.SecurityException;
@@ -41,9 +37,11 @@
* SecurityValve
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
+ * @author <a href="mailto:rwatler@finali.com">Randy Walter </a>
+ * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
* @version $Id$
*/
-public class SecurityValveImpl extends AbstractValve implements org.apache.jetspeed.pipeline.valve.SecurityValve
+public class SecurityValveImpl extends AbstractSecurityValve implements SecurityValve
{
private static final Log log = LogFactory.getLog(SecurityValveImpl.class);
private Profiler profiler;
@@ -55,101 +53,86 @@
this.userMgr = userMgr;
}
+ public String toString()
+ {
+ return "SecurityValve";
+ }
+
/**
- * @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext,
- * org.apache.jetspeed.pipeline.valve.ValveContext)
+ *
+ * <p>
+ * getSubject
+ * </p>
+ * Check for previously established session subject and
+ * invalidate if subject and current user principals do
+ * not match
+ * @param request
+ * @return
*/
-public void invoke(RequestContext request, ValveContext context) throws PipelineException
+ protected final Subject getSubject(RequestContext request)
{
-
- // initialize/validate security subject
-
- // access request user principal if defined or default
- // to profiler anonymous user
- Principal userPrincipal = request.getRequest().getUserPrincipal();
- if (userPrincipal == null)
+ HttpSession session = request.getRequest().getSession();
+ Principal userPrincipal = getUserPrincipal(request);
+
+ Subject subject = getSubjectFromSession(request);
+ if (subject != null)
+ {
+ Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
+ if ((subjectUserPrincipal == null) || !subjectUserPrincipal.getName().equals(getUserPrincipal(request).getName()))
{
- userPrincipal = new UserPrincipalImpl(userMgr.getAnonymousUser());
+ subject = null;
}
-
- // check for previously established session subject and
- // invalidate if subject and current user principals do
- // not match
- HttpSession session = request.getRequest().getSession();
- Subject subject = (Subject) session.getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
- if (subject != null)
+ }
+
+ // create new session subject for user principal if required
+ if (subject == null)
+ {
+ // attempt to get complete subject for user principal
+ // from user manager
+ try
{
- Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
- if ((subjectUserPrincipal == null) || !subjectUserPrincipal.getName().equals(userPrincipal.getName()))
- {
- subject = null;
- }
- }
-
- // create new session subject for user principal if required
- if (subject == null)
- {
- // attempt to get complete subject for user principal
- // from user manager
- try
- {
- User user = userMgr.getUser(userPrincipal.getName());
- if ( user != null )
- {
- subject = user.getSubject();
- }
- }
- catch (SecurityException sex)
+ User user = userMgr.getUser(userPrincipal.getName());
+ if ( user != null )
{
- subject = null;
+ subject = user.getSubject();
}
-
-
- // if subject not available, generate default subject using
- // request or default profiler anonymous user principal
- if (subject == null)
- {
- Set principals = new HashSet();
- principals.add(userPrincipal);
- subject = new Subject(true, principals, new HashSet(), new HashSet());
- }
-
- // establish session subject
- session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
}
-
- // set request context subject
- request.setSubject(subject);
-
- // Pass control to the next Valve in the Pipeline and execute under
- // the current subject
- final ValveContext vc = context;
- final RequestContext rc = request;
- PipelineException pe = (PipelineException) Subject.doAsPrivileged(subject, new PrivilegedAction()
+ catch (SecurityException sex)
{
- public Object run()
- {
- try
- {
- vc.invokeNext(rc);
- return null;
- }
- catch (PipelineException e)
- {
- return e;
- }
- }
- }, null);
+ subject = null;
+ }
- if(pe != null)
+ // if subject not available, generate default subject using
+ // request or default profiler anonymous user principal
+ if (subject == null)
{
- throw pe;
- }
-
+ Set principals = new HashSet();
+ principals.add(userPrincipal);
+ subject = new Subject(true, principals, new HashSet(), new HashSet());
+ }
+ }
+
+ return subject;
}
- public String toString()
+
+ /**
+ *
+ * <p>
+ * getUserPrincipal
+ * </p>
+ * Aaccess request user principal if defined or default
+ * to profiler anonymous user
+ * @param request
+ * @return
+ */
+ protected final Principal getUserPrincipal(RequestContext request)
{
- return "SecurityValve";
+ Principal userPrincipal = request.getRequest().getUserPrincipal();
+ if (userPrincipal == null)
+ {
+ userPrincipal = new UserPrincipalImpl(userMgr.getAnonymousUser());
+ }
+ return userPrincipal;
}
}
1.1 jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
Index: AbstractSecurityValve.java
===================================================================
/*
* Created on Nov 30, 2004
*
* TODO To change the template for this generated file go to
* Window - Preferences - Java - Code Generation - Code and Comments
*/
package org.apache.jetspeed.security.impl;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.pipeline.valve.AbstractValve;
import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.pipeline.valve.ValveContext;
import org.apache.jetspeed.request.RequestContext;
/**
* <p>
* AbstractSecurityValve
* </p>
* <p>
*
* </p>
* @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
* @version $Id: AbstractSecurityValve.java,v 1.1 2004/11/30 20:22:21 weaver Exp $
*
*/
public abstract class AbstractSecurityValve extends AbstractValve implements SecurityValve
{
/**
*
* <p>
* getSubject
* </p>
* Should build and return a <code>javax.security.Subject</code>
* @param request
* @return Subject
*/
protected abstract Subject getSubject(RequestContext request);
/**
*
* <p>
* getUserPrincipal
* </p>
* Should build and return a <code>java.security.Principal</code> that represents the user name
* the Subject returned from <code>getSubject()</code>
* @param request
* @return Principal
*/
protected abstract Principal getUserPrincipal(RequestContext request);
/**
*
* <p>
* getSubjectFromSession
* </p>
*
* @param request
* @return javax.security.Subject or <code>null</code> if there is no servlet session attribute defined
* for the key <code>org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT</code>.
*/
protected final Subject getSubjectFromSession(RequestContext request)
{
return (Subject) request.getRequest().getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
}
/**
* <p>
* invoke
* </p>
*
* <p>
* Uses <code>getSubject()</code> to call <code>ValveContext.invokeNext()</code> via
* <code>Subject.doAsPrivileged()</code>. This method also takes care of setting the value of
* the <code>RequestContext.subject</code> property and the session attribute
* <code>org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT</code>
* </p>
*
* @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext, org.apache.jetspeed.pipeline.valve.ValveContext)
* @param request
* @param context
* @throws PipelineException if the is an error encountered during any security operations.
*/
public void invoke( RequestContext request, ValveContext context ) throws PipelineException
{
// initialize/validate security subject
Subject subject = getSubject(request);
request.getRequest().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT, subject);
// set request context subject
request.setSubject(subject);
// Pass control to the next Valve in the Pipeline and execute under
// the current subject
final ValveContext vc = context;
final RequestContext rc = request;
PipelineException pe = (PipelineException) Subject.doAsPrivileged(subject, new PrivilegedAction()
{
public Object run()
{
try
{
vc.invokeNext(rc);
return null;
}
catch (PipelineException e)
{
return e;
}
}
}, null);
if(pe != null)
{
throw pe;
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org