public void updateWebSecurityManager() { if (webSecurityManager == null) { webSecurityManager = getWebSecurityManager(true); } if (webSecurityManager != null) { try { webSecurityManager.release(); webSecurityManager.destroy(); } catch (Exception ex) { ex.printStackTrace(); } webSecurityManager = webSecurityManagerFactory.createManager(webDesc, true, serverContext); if (_logger.isLoggable(Level.FINE)) { _logger.fine("WebSecurityManager for "+CONTEXT_ID+" has been update"); } } }
WebSecurityManager(WebBundleDescriptor wbd, ServerContext svc, WebSecurityManagerFactory fact, boolean register) throws PolicyContextException{ this.register = register; this.wbd = wbd; this.CONTEXT_ID = getContextID(wbd); this.serverContext = svc; this.wsmf = fact; String appname = getAppId(); //factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory(); postConstruct(); initialise(appname); }
private PolicyConfigurationFactory getPolicyFactory() throws PolicyContextException { if (pcf != null) { return pcf; } return _getPolicyFactory(); }
public boolean permitAll(HttpServletRequest req) { boolean ret = false; WebResourcePermission webResPerm = createWebResourcePermission(req); if (uncheckedPermissionCache != null) { ret = uncheckedPermissionCache.checkPermission(webResPerm); } if (ret == false) { ret = checkPermissionWithoutCache(webResPerm, null); } return ret; }
/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } recordWebInvocation(httpsr, RESOURCE, isGranted); return isGranted; }
private void initialise(String appName) throws PolicyContextException { getPolicyFactory(); CODEBASE = removeSpaces(CONTEXT_ID) ; if(Constants.ADMIN_VS.equals(getVirtualServers(appName))){ LoginConfiguration lgConf = wbd.getLoginConfiguration(); if (lgConf != null){ loadPolicyConfiguration();
public WebSecurityManager createManager(WebBundleDescriptor wbd, boolean register, ServerContext context) { String ctxId = WebSecurityManager.getContextID(wbd); WebSecurityManager manager = null; if (register) { manager = getManager(ctxId, null,false); } if (manager == null || !register) { try { probeProvider.securityManagerCreationStartedEvent(wbd.getModuleID()); manager = new WebSecurityManager(wbd, context, this, register); probeProvider.securityManagerCreationEndedEvent(wbd.getModuleID()); if (register) { String appName = wbd.getApplication().getRegistrationName(); addManagerToApp(ctxId, null, appName, manager); probeProvider.securityManagerCreationEvent(ctxId); } } catch (javax.security.jacc.PolicyContextException e) { logger.log(Level.FINE, "[Web-Security] FATAL Exception. Unable to create WebSecurityManager: " + e.getMessage()); throw new RuntimeException(e); } } return manager; } }
/** * Generate the JSR 115 policy file for a web application, bundled * within a ear or deployed as a standalone war file. * * Implementation note: If the generated file doesn't contains * all the permission, the role mapper is probably broken. */ protected void configureSecurity(WebBundleDescriptor wbd, boolean isSystem) { try { webSecurityManagerFactory.createManager(wbd,true, serverContext); String context = WebSecurityManager.getContextID(wbd); SecurityUtil.generatePolicyFile(context); if (isSystem && context.equals("__admingui/__admingui")) { websecurityProbeProvider.policyCreationEvent(context); } } catch (Exception ce) { _logger.log(Level.SEVERE, "policy.configure", ce); throw new RuntimeException(ce); } }
setSecurityInfo(httpsr); WebUserDataPermission perm; boolean requestIsSecure = httpsr.isSecure(); boolean isGranted = checkPermission(perm, defaultPrincipalSet); int result = 0; recordWebInvocation(httpsr, USERDATA, isGranted); if ( !isGranted && !requestIsSecure) { "CONFIDENTIAL"); isGranted = checkPermission(perm, defaultPrincipalSet);
public boolean hasRoleRefPermission(String servletName, String role, Principal p) { Set principalSet = getSecurityContext(p).getPrincipalSet(); WebRoleRefPermission perm = new WebRoleRefPermission(servletName, role); boolean isGranted = checkPermission(perm,principalSet); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasRoleRef perm: {0}", perm); logger.log(Level.FINE, "[Web-Security] hasRoleRef isGranted: {0}", isGranted); } return isGranted; }
protected boolean checkPermission(Permission perm, Set principalSet) { boolean ret = false; if (uncheckedPermissionCache != null) { ret = uncheckedPermissionCache.checkPermission(perm); } if (ret == false) { ret = checkPermissionWithoutCache(perm, principalSet); } else { try { setPolicyContext(CONTEXT_ID); } catch(Throwable t){ if (logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] Web Permission Access Denied.",t); } ret = false; } } return ret; }
public void loadPolicyConfiguration() throws PolicyContextException { boolean inService = getPolicyFactory().inService(CONTEXT_ID); // only regenerate policy file if it isn't already in service // Consequently all things that deploy modules (as apposed to // loading already deployed modules) must make sure pre-exiting // pc is either in deleted or open state before this method // (i.e. initialise) is called. That is, before constructing // the WebSecurityManager. Note that policy statements are not // removed to allow multiple web modules to be represented by same pc. if (!inService) { pc = getPolicyFactory().getPolicyConfiguration(CONTEXT_ID,false); try{ WebPermissionUtil.processConstraints(wbd, pc); WebPermissionUtil.createWebRoleRefPermission(wbd, pc); } catch (PolicyContextException pce){ logger.log(Level.FINE,"[Web-Security] FATAL Permission Generation: " + pce.getMessage()); throw pce; } } }
setSecurityInfo(httpsr); WebUserDataPermission perm; boolean requestIsSecure = httpsr.isSecure(); boolean isGranted = checkPermission(perm, defaultPrincipalSet); int result = 0; "CONFIDENTIAL"); isGranted = checkPermission(perm, defaultPrincipalSet);
/** * Translate Web Bundle Policy * @param webBD * @param remove boolean indicated whether any existing policy statements * are removed form context before translation * @throws DeploymentException */ private void loadPolicy(WebBundleDescriptor webBD, boolean remove) throws DeploymentException { try { if (webBD != null) { if (remove) { String cid = SecurityUtil.getContextID(webBD); WebSecurityManager wsm = wsmf.getManager(cid, null, true); if (wsm != null) { wsm.release(); } } wsmf.createManager(webBD, true, serverContext); } } catch (Exception se) { String msg = "Error in generating security policy for " + webBD.getModuleDescriptor().getModuleName(); throw new DeploymentException(msg, se); } }
managers.get(i).destroy(); websecurityProbeProvider.securityManagerDestructionEndedEvent(appName); websecurityProbeProvider.securityManagerDestructionEvent(appName);
private void postConstruct() { SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory().setAppNameForContext(getAppId(), CONTEXT_ID); }
/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } AuditManager auditManager = SecurityServicesUtil.getInstance().getAuditManager(); if(auditManager !=null && auditManager.isAuditOn()){ Principal prin = httpsr.getUserPrincipal(); String user = (prin != null) ? prin.getName(): null; auditManager.webInvocation(user, httpsr, RESOURCE, isGranted); } return isGranted; }
private void initialise(String appName) throws PolicyContextException { getPolicyFactory(); CODEBASE = removeSpaces(CONTEXT_ID) ; if(Constants.ADMIN_VS.equals(getVirtualServers(appName))){ LoginConfiguration lgConf = wbd.getLoginConfiguration(); if (lgConf != null){ loadPolicyConfiguration();
public WebSecurityManager createManager(WebBundleDescriptor wbd, boolean register, ServerContext context) { String ctxId = WebSecurityManager.getContextID(wbd); WebSecurityManager manager = null; if (register) { manager = getManager(ctxId, null,false); } if (manager == null || !register) { try { probeProvider.securityManagerCreationStartedEvent(wbd.getModuleID()); manager = new WebSecurityManager(wbd, context, this, register); probeProvider.securityManagerCreationEndedEvent(wbd.getModuleID()); if (register) { String appName = wbd.getApplication().getRegistrationName(); addManagerToApp(ctxId, null, appName, manager); probeProvider.securityManagerCreationEvent(ctxId); } } catch (javax.security.jacc.PolicyContextException e) { logger.log(Level.FINE, "[Web-Security] FATAL Exception. Unable to create WebSecurityManager: " + e.getMessage()); throw new RuntimeException(e); } } return manager; } }
private void generatePolicy(WebBundleDescriptor wbd) { String name = null; ClassLoader oldTcc = Thread.currentThread().getContextClassLoader(); try { //TODO: workaround here. Once fixed in V3 we should be able to use //Context ClassLoader instead. ClassLoaderHierarchy hierarchy = habitat.getComponent(ClassLoaderHierarchy.class); ClassLoader tcc = hierarchy.getCommonClassLoader(); Thread.currentThread().setContextClassLoader(tcc); policyLoader.loadPolicy(); WebSecurityManagerFactory wsmf =habitat.getComponent(WebSecurityManagerFactory.class); // this should create all permissions wsmf.createManager(wbd,true,serverContext); // for an application the securityRoleMapper should already be // created. I am just creating the web permissions and handing // it to the security component. name = WebSecurityManager.getContextID(wbd); SecurityUtil.generatePolicyFile(name); websecurityProbeProvider.policyCreationEvent(name); } catch (IASSecurityException se) { String msg = "Error in generating security policy for " + name; throw new RuntimeException(msg, se); } finally { Thread.currentThread().setContextClassLoader(oldTcc); } }