This repository has been archived by the owner on Jan 5, 2021. It is now read-only.
forked from wildfly/wildfly
/
SecurityBootstrapService.java
160 lines (132 loc) · 6.41 KB
/
SecurityBootstrapService.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
/*
* JBoss, Home of Professional Open Source.
* Copyright 2010, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.as.security.service;
import java.lang.reflect.Constructor;
import java.security.Policy;
import java.util.Properties;
import java.util.Set;
import javax.security.jacc.PolicyContext;
import org.jboss.as.security.SecurityExtension;
import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.as.security.plugins.ModuleClassLoaderLocator;
import org.jboss.as.server.moduleservice.ServiceModuleLoader;
import org.jboss.modules.ModuleLoadException;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.jboss.security.SecurityConstants;
import org.jboss.security.auth.callback.CallbackHandlerPolicyContextHandler;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.plugins.ClassLoaderLocatorFactory;
import org.wildfly.security.manager.WildFlySecurityManager;
/**
* Bootstrap service for the security container
*
* @author <a href="mailto:mmoyses@redhat.com">Marcus Moyses</a>
* @author Anil Saldhana
*/
public class SecurityBootstrapService implements Service<Void> {
static final String JACC_MODULE = "org.jboss.as.security.jacc-module";
public static final ServiceName SERVICE_NAME = SecurityExtension.JBOSS_SECURITY.append("bootstrap");
private static final SecurityLogger log = SecurityLogger.ROOT_LOGGER;
private final InjectedValue<ServiceModuleLoader> moduleLoaderValue = new InjectedValue<ServiceModuleLoader>();
protected volatile Properties securityProperty;
private Policy oldPolicy;
private Policy jaccPolicy;
private static final String JACC_POLICY_PROVIDER = "javax.security.jacc.policy.provider";
public SecurityBootstrapService() {
}
/** {@inheritDoc} */
@Override
public void start(StartContext context) throws StartException {
log.debugf("Starting SecurityBootstrapService");
try {
//Print out the current version of PicketBox
SecurityLogger.ROOT_LOGGER.currentVersion(org.picketbox.Version.VERSION);
// Get the current Policy impl
oldPolicy = Policy.getPolicy();
String module = WildFlySecurityManager.getPropertyPrivileged(JACC_MODULE, null);
String provider = WildFlySecurityManager.getPropertyPrivileged(JACC_POLICY_PROVIDER, "org.jboss.security.jacc.DelegatingPolicy");
Class<?> providerClass = loadClass(module, provider);
try {
// Look for a ctor(Policy) signature
Class<?>[] ctorSig = { Policy.class };
Constructor<?> ctor = providerClass.getConstructor(ctorSig);
Object[] ctorArgs = { oldPolicy };
jaccPolicy = (Policy) ctor.newInstance(ctorArgs);
} catch (NoSuchMethodException e) {
log.debugf("Provider does not support ctor(Policy)");
try {
jaccPolicy = (Policy) providerClass.newInstance();
} catch (Exception e1) {
throw SecurityLogger.ROOT_LOGGER.unableToStartException("SecurityBootstrapService", e1);
}
} catch (Exception e) {
throw SecurityLogger.ROOT_LOGGER.unableToStartException("SecurityBootstrapService", e);
}
// Install the JACC policy provider
Policy.setPolicy(jaccPolicy);
// Have the policy load/update itself
jaccPolicy.refresh();
// Register the default active Subject PolicyContextHandler
SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler();
PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY, handler, true);
// Register the JAAS CallbackHandler JACC PolicyContextHandlers
CallbackHandlerPolicyContextHandler chandler = new CallbackHandlerPolicyContextHandler();
PolicyContext.registerHandler(SecurityConstants.CALLBACK_HANDLER_KEY, chandler, true);
//Register a module classloader locator
ClassLoaderLocatorFactory.set(new ModuleClassLoaderLocator(moduleLoaderValue.getValue()));
} catch (Exception e) {
throw SecurityLogger.ROOT_LOGGER.unableToStartException("SecurityBootstrapService", e);
}
}
private Class<?> loadClass(final String module, final String className) throws ClassNotFoundException, ModuleLoadException {
if (module != null) {
return SecurityActions.getModuleClassLoader(module).loadClass(className);
}
return SecurityActions.loadClass(className);
}
/** {@inheritDoc} */
@SuppressWarnings("rawtypes")
@Override
public void stop(StopContext context) {
// remove handlers
Set handlerKeys = PolicyContext.getHandlerKeys();
handlerKeys.remove(SecurityConstants.CALLBACK_HANDLER_KEY);
handlerKeys.remove(SecurityConstants.SUBJECT_CONTEXT_KEY);
// Install the policy provider that existed on startup
if (jaccPolicy != null)
Policy.setPolicy(oldPolicy);
}
/** {@inheritDoc} */
@Override
public Void getValue() throws IllegalStateException {
return null;
}
public Injector<ServiceModuleLoader> getServiceModuleLoaderInjectedValue() {
return moduleLoaderValue;
}
}