public Object run() throws AuthorizationException { int result = invokeAuthorize(resource); if(result == PERMIT) invokeCommit(); if(result == DENY) { invokeAbort(); throw new AuthorizationException("Denied"); } return null; } });
private void invokeAbort() throws AuthorizationException { int length = modules.size(); for(int i = 0; i < length; i++) { AuthorizationModule module = (AuthorizationModule)modules.get(i); boolean bool = module.abort(); if(!bool) throw new AuthorizationException("abort on modules failed:"+module.getClass()); } modules.clear(); }
private void invokeCommit() throws AuthorizationException { int length = modules.size(); for(int i = 0; i < length; i++) { AuthorizationModule module = (AuthorizationModule)modules.get(i); boolean bool = module.commit(); if(!bool) throw new AuthorizationException("commit on modules failed:"+module.getClass()); } modules.clear(); }
private void validateResource(Resource resource) { if(resource == null) throw new IllegalArgumentException("resource is null"); if(resource.getMap() == null) throw new IllegalArgumentException("resource has null context map"); }
private ACLInfo getACLInfo(String domainName, Resource resource) { ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(domainName); if (aPolicy == null) { if (trace) log.trace("Application Policy not obtained for domain=" + domainName + ". Trying to obtain the App policy for the default domain of the layer:"); aPolicy = SecurityConfiguration.getApplicationPolicy(resource.getLayer().name()); } if (aPolicy == null) throw new IllegalStateException("Application Policy is null for domain:" + domainName); return aPolicy.getAclInfo(); }
private int internalAuthorization(final Resource resource, Subject subject, RoleGroup role) throws AuthorizationException { lock.lock(); try { if(this.authorizationContext == null) this.authorizationContext = new JBossAuthorizationContext(this.securityDomain); return this.authorizationContext.authorize(resource, subject, role); } finally { lock.unlock(); } }
@SuppressWarnings("unchecked") public Collection<ACL> getACLs() { Map<String, Object> context = new HashMap<String, Object>(); context.put("resource", "ALL"); return (Collection<ACL>) this.registration.getPolicy(null, PolicyRegistration.ACL, context); }
/** * Options may have a comma separated delegate map * @param commaSeparatedDelegates */ protected void populateDelegateMap(String commaSeparatedDelegates) { StringTokenizer st = new StringTokenizer(commaSeparatedDelegates,","); while(st.hasMoreTokens()) { String keyPair = st.nextToken(); StringTokenizer keyst = new StringTokenizer(keyPair,"="); if(keyst.countTokens() != 2) throw new IllegalStateException("DelegateMap entry invalid:"+keyPair); String key = keyst.nextToken(); String value = keyst.nextToken(); this.delegateMap.put(ResourceType.valueOf(key),value); } } }
/** * Set the AuthorizationContext */ public void setAuthorizationContext(AuthorizationContext authorizationContext) { if(authorizationContext == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("authorizationContext"); String sc = authorizationContext.getSecurityDomain(); if(this.securityDomain.equals(sc) == false) throw PicketBoxMessages.MESSAGES.unexpectedSecurityDomainInContext(this.securityDomain); lock.lock(); try { this.authorizationContext = authorizationContext; } finally { lock.unlock(); } }
@Override public void undeploy(DeploymentUnit unit) { unit.removeAttachment(JACC_ATTACHMENT_NAME); // unregister any XACML or ACL policies associated with the deployment unit. String contextId = unit.getSimpleName(); if (this.policyRegistration != null) { this.policyRegistration.deRegisterPolicy(contextId, PolicyRegistration.XACML); this.policyRegistration.deRegisterPolicy(contextId, PolicyRegistration.ACL); } }
/** * Authorize the Resource * @param resource * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY * @throws AuthorizationException */ public int authorize(final Resource resource) throws AuthorizationException { return this.authorize(resource, this.authenticatedSubject, (RoleGroup) resource.getMap().get( ResourceKeys.SECURITY_CONTEXT_ROLES)); }
private void invokeCommit( List<AuthorizationModule> modules, List<ControlFlag> controlFlags ) throws AuthorizationException { int length = modules.size(); for (int i = 0; i < length; i++) { AuthorizationModule module = modules.get(i); boolean bool = module.commit(); if (!bool) throw new AuthorizationException(PicketBoxMessages.MESSAGES.moduleCommitFailedMessage()); } }
private void invokeAbort( List<AuthorizationModule> modules, List<ControlFlag> controlFlags ) throws AuthorizationException { int length = modules.size(); for (int i = 0; i < length; i++) { AuthorizationModule module = modules.get(i); boolean bool = module.abort(); if (!bool) throw new AuthorizationException(PicketBoxMessages.MESSAGES.moduleAbortFailedMessage()); } }
public Object run() throws AuthorizationException { int result = invokeAuthorize(resource, modules, controlFlags); if (result == PERMIT) invokeCommit( modules, controlFlags ); if (result == DENY) { invokeAbort( modules, controlFlags ); throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage()); } return null; } });
private int internalAuthorization(final Resource resource, Subject subject, RoleGroup role) throws AuthorizationException { if(this.authorizationContext == null) this.setAuthorizationContext( new JBossAuthorizationContext(this.securityDomain) ); return this.authorizationContext.authorize(resource, subject, role); }
public ACL getACL(Resource resource) { String resourceString = Util.getResourceAsString(resource); Map<String, Object> context = new HashMap<String, Object>(); context.put("resource", resourceString); return (ACL) this.registration.getPolicy(null, PolicyRegistration.ACL, context); }
/** * Options may have a comma separated delegate map * @param commaSeparatedDelegates */ protected void populateDelegateMap(String commaSeparatedDelegates) { StringTokenizer st = new StringTokenizer(commaSeparatedDelegates,","); while(st.hasMoreTokens()) { String keyPair = st.nextToken(); StringTokenizer keyst = new StringTokenizer(keyPair,"="); if(keyst.countTokens() != 2) throw PicketBoxMessages.MESSAGES.invalidDelegateMapEntry(keyPair); String key = keyst.nextToken(); String value = keyst.nextToken(); this.delegateMap.put(ResourceType.valueOf(key),value); } } }
/** * Authorize the Resource * @param resource * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY * @throws AuthorizationException */ public int authorize(final Resource resource) throws AuthorizationException { return this.authorize(resource, this.authenticatedSubject, (RoleGroup)resource.getMap().get(ResourceKeys.SECURITY_CONTEXT_ROLES)); }
private void invokeTeardown() throws AuthorizationException { int length = modules.size(); for (int i = 0; i < length; i++) { ACLProvider module = modules.get(i); boolean bool = module.tearDown(); if (!bool) throw new AuthorizationException("TearDown on module failed:" + module.getClass()); } modules.clear(); }
private void validateResource(Resource resource) { if(resource == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("resource"); if(resource.getMap() == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("resource.contextMap"); }