Google Git
Sign in
apache / directory-fortress-realm / fb2c1dc9082fc2f8178705042ccf900e187ea317 / . / proxy / src / main / java / org / apache / directory / fortress / realm / tomcat / Tc7AccessMgrProxy.java
blob: 4c6ad0564f7262cb578758f4d5f4c8a4dc3cabfd [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.fortress.realm.tomcat;
import org.apache.directory.fortress.realm.util.CpUtil;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Wrapper;
import org.apache.catalina.realm.RealmBase;
import java.net.URL;
import java.security.Principal;
import java.net.URLClassLoader;
import java.util.logging.Logger;
import org.apache.directory.fortress.realm.util.ChildFirstUrlClassLoader;
/**
* This class extends the Tomcat 7 and beyond RealmBase class and provides Java EE security services within the Tomcat container.
* This class is a "proxy" for the {@link org.apache.directory.fortress.realm.tomcat.TcAccessMgrImpl} class which isolates dependencies from the Tomcat
* runtime environment by loading the implementation on a URLClassLoader.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</ga>
*/
public class Tc7AccessMgrProxy extends RealmBase
{
private static final String CLS_NM = Tc7AccessMgrProxy.class.getName();
private static final Logger LOG = Logger.getLogger(CLS_NM);
private static final String REALM_IMPL = "org.apache.directory.fortress.realm.tomcat.TcAccessMgrImpl";
private static final String REALM_CLASSPATH = "REALM_CLASSPATH";
private static final String JBOSS_AGENT = "jboss";
private String CONTAINER = "Catalina7";
private String defaultRoles;
private String realmClasspath;
private TcAccessMgr realm;
/**
* This method will load the Fortress Tomcat implementation on a URL classloader. Methods on the implementation are
* wrapped by methods on this class and are accessed via the {@code realm} instance variable of this class.
*/
private void initialize()
{
try
{
URLClassLoader ucl;
if ( CONTAINER.equalsIgnoreCase( JBOSS_AGENT ) )
{
LOG.info( CLS_NM + ".initialize JBoss policy agent" );
URL[] cp = CpUtil.getRealmClasspath( REALM_CLASSPATH );
ucl = new ChildFirstUrlClassLoader(cp, this.getClass().getClassLoader() );
}
else if ( CONTAINER.equalsIgnoreCase( "TomcatContext" ) )
{
LOG.info( CLS_NM + ".initialize Tomcat7 Context-based policy agent" );
ucl = new URLClassLoader( new URL[]{}, Thread.currentThread().getContextClassLoader() );
}
else
{
LOG.info( CLS_NM + ".initialize Tomcat7 policy agent" );
if ( ( realmClasspath != null ) && ( realmClasspath.length() > 0 ) )
{
ucl = new URLClassLoader( CpUtil.parseRealmClasspath( realmClasspath ), this.getClass().getClassLoader() );
}
else
{
URL[] cp = CpUtil.getRealmClasspath( REALM_CLASSPATH );
ucl = new URLClassLoader( cp, this.getClass().getClassLoader() );
}
}
LOG.info( CLS_NM + ".initialize - instantiate policy agent name: " + REALM_IMPL );
Class<?> sc = ucl.loadClass( REALM_IMPL );
realm = (TcAccessMgr) sc.newInstance();
realm.setDefaultRoles( defaultRoles );
LOG.info( CLS_NM + " J2EE Tomcat7 policy agent initialization successful" );
}
catch ( ClassNotFoundException e )
{
String error = CLS_NM + ".initialize caught java.lang.ClassNotFoundException=" + e.toString();
LOG.severe( error );
throw new RuntimeException( error, e );
}
catch ( InstantiationException ie )
{
String error = CLS_NM + ".initialize caught java.lang.InstantiationException=" + ie.toString();
LOG.severe( error );
throw new RuntimeException( error, ie );
}
catch ( IllegalAccessException iae )
{
String error = CLS_NM + ".initialize caught java.lang.IllegalAccessException=" + iae.toString();
LOG.severe( error );
throw new RuntimeException( error, iae );
}
}
/**
* Gets the info attribute of the TcAccessMgrProxy object
*
* @return The info value
*/
@Override
public String getInfo()
{
return info;
}
/**
* Perform user authentication and evaluate password policies.
*
* @param userId Contains the userid of the user signing on.
* @param password Contains the user's password.
* @return Principal whic * This method will load the Fortress Tomcat implementation on a URL classloader. Methods on the implementation are
* wrapped by methods on this class and are accessed via the {@code realm} instance variable of this class.
*/
@Override
public Principal authenticate( String userId, String password )
{
if ( realm == null )
{
throw new IllegalArgumentException( CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration" );
}
return realm.authenticate( userId, password.toCharArray() );
}
/**
* Determine if given Role is contained within User's Tomcat Principal object. This method does not need to hit
* the ldap server as the User's activated Roles are loaded into {@link org.apache.directory.fortress.realm.tomcat.TcPrincipal#setContext(java.util.HashMap)}
*
* @param principal Contains User's Tomcat RBAC Session data that includes activated Roles.
* @param role Maps to {@code org.apache.directory.fortress.core.model.Role#name}.
* @return True if Role is found in TcPrincipal, false otherwise.
*/
@Override
public boolean hasRole( Wrapper wrapper, Principal principal, String role )
{
if(realm == null)
{
throw new IllegalArgumentException( CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration" );
}
return realm.hasRole( principal, role );
}
/**
* Gets the name attribute of the TcAccessMgrProxy object
*
* @return The name value
*/
@Override
protected String getName()
{
return CLS_NM;
}
/**
* Gets the password attribute of the TcAccessMgrProxy object
*
* @param username Description of the Parameter
* @return The password value
*/
@Override
protected String getPassword( String username )
{
return null;
}
/**
* Gets the principal attribute of the TcAccessMgrProxy object
*
* @param username Description of the Parameter
* @return The principal value
*/
@Override
protected Principal getPrincipal( String username )
{
return null;
}
/**
* Prepare for the beginning of active use of the public methods of this
* component and implement the requirements of
* {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
*
* @throws LifecycleException if this component detects a fatal error
* that prevents this component from being used
*/
@Override
protected void startInternal() throws LifecycleException
{
try
{
initialize();
}
catch (Exception e)
{
String error = CLS_NM + ".startInternal caught Exception=" + e;
LOG.severe( error );
e.printStackTrace();
throw new LifecycleException( error );
}
super.startInternal();
}
/**
* Gracefully terminate the active use of the public methods of this
* component and implement the requirements of
* {@link org.apache.catalina.util.LifecycleBase#stopInternal()}.
*
* @throws LifecycleException if this component detects a fatal error
* that needs to be reported
*/
@Override
protected void stopInternal() throws LifecycleException
{
// Perform normal superclass finalization
super.stopInternal();
// Release reference to our sentry impl
realm = null;
}
/**
* Gets the containerType attribute of the TcAccessMgrProxy object
*
* @return The containerType value
*/
public String getContainerType()
{
return CONTAINER;
}
/**
* Sets the containerType attribute of the TcAccessMgrProxy object
*
* @param container The new containerType value
*/
public void setContainerType( String container )
{
LOG.info( CLS_NM + ".setContainerType <" + container + ">" );
this.CONTAINER = container;
}
/**
* Gets the realmClasspath attribute of the TcAccessMgrProxy object
*
* @return The realmClasspath value
*/
public String getRealmClasspath()
{
LOG.info( CLS_NM + ".getRealmClasspath <" + realmClasspath + ">" );
return realmClasspath;
}
/**
* Sets the realmClasspath attribute of the TcAccessMgrProxy object
*
* @param rCpth The new realmClasspath value
*/
public void setRealmClasspath( String rCpth )
{
LOG.info( CLS_NM + ".setRealmClasspath <" + rCpth + ">" );
this.realmClasspath = rCpth;
}
/**
* Gets the defaultRoles attribute of the TcAccessMgrProxy object. When set, it will be passed into all subsequent calls to Fortress createSession.
*
* @return String containing comma delimited list of role names.
*/
public String getDefaultRoles()
{
LOG.info( CLS_NM + ".getDefaultRoles <" + defaultRoles + ">" );
return defaultRoles;
}
/**
* Sets the defaultRoles attribute of the TcAccessMgrProxy object. When set, it will be passed into all subsequent calls to Fortress createSession.
*
* @param defaultRoles containing comma delimited list of role names.
*/
public void setDefaultRoles( String defaultRoles )
{
LOG.info( CLS_NM + ".setDefaultRoles <" + defaultRoles + ">" );
this.defaultRoles = defaultRoles;
}
}