From 66ca69979bd763662773944f54946584036b58ce Mon Sep 17 00:00:00 2001 From: Stefan Guilhen Date: Tue, 14 Jul 2015 11:18:55 -0300 Subject: [PATCH] Allow configuration of multiple jboss modules when instantiating classes (the jboss module attribute is currently overridden if more than one picketbox module defines it, which ends up causing class loading failures) --- .../JBossCachedAuthenticationManager.java | 6 +++--- security-jboss-sx/jbosssx/pom.xml | 9 +++++++++ .../message/config/JBossServerAuthConfig.java | 7 ++++--- .../jboss/security/config/BaseSecurityInfo.java | 13 ++++++++----- .../JBossIdentityTrustContext.java | 7 ++++--- .../security/plugins/ClassLoaderLocator.java | 17 +++++++++++++---- .../plugins/audit/JBossAuditManager.java | 7 ++++--- .../plugins/auth/JaasSecurityManagerBase.java | 6 +++--- .../JBossAuthorizationContext.java | 7 ++++--- .../plugins/mapping/JBossMappingManager.java | 7 ++++--- ...horizationManagerWithModuleUnitTestCase.java | 6 ++++-- 11 files changed, 60 insertions(+), 32 deletions(-) diff --git a/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java b/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java index bffd226d..c4d8a7a3 100644 --- a/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java +++ b/picketbox-infinispan/src/main/java/org/jboss/security/authentication/JBossCachedAuthenticationManager.java @@ -307,14 +307,14 @@ private boolean authenticate(Principal principal, Object credential, Subject the if(theAppPolicy != null) { BaseAuthenticationInfo authInfo = theAppPolicy.getAuthenticationInfo(); - String jbossModuleName = authInfo.getJBossModuleName(); - if(jbossModuleName != null) + Set jbossModuleNames = authInfo.getJBossModuleNames(); + if(!jbossModuleNames.isEmpty()) { ClassLoader currentTccl = SubjectActions.getContextClassLoader(); ClassLoaderLocator theCLL = ClassLoaderLocatorFactory.get(); if(theCLL != null) { - ClassLoader newTCCL = theCLL.get(jbossModuleName); + ClassLoader newTCCL = theCLL.get(jbossModuleNames); if(newTCCL != null) { try diff --git a/security-jboss-sx/jbosssx/pom.xml b/security-jboss-sx/jbosssx/pom.xml index db6a6d2a..f610d7b6 100644 --- a/security-jboss-sx/jbosssx/pom.xml +++ b/security-jboss-sx/jbosssx/pom.xml @@ -112,6 +112,15 @@ + + org.apache.maven.plugins + maven-compiler-plugin + 3.1 + + 1.8 + 1.8 + + diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java index 8d860485..2841af25 100755 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java @@ -26,6 +26,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; @@ -139,12 +140,12 @@ public ServerAuthContext getAuthContext(String authContextID, // establish the module classloader if a jboss-module has been specified. ClassLoader moduleCL = null; - String jbossModule = jai.getJBossModuleName(); - if (jbossModule != null && !jbossModule.isEmpty()) + Set jbossModuleNames = jai.getJBossModuleNames(); + if (!jbossModuleNames.isEmpty()) { ClassLoaderLocator locator = ClassLoaderLocatorFactory.get(); if (locator != null) - moduleCL = locator.get(jbossModule); + moduleCL = locator.get(jbossModuleNames); } for(AuthModuleEntry ame: amearr) diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java index 34ca6f55..831a54d2 100644 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/BaseSecurityInfo.java @@ -22,7 +22,9 @@ package org.jboss.security.config; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; +import java.util.Set; import javax.security.auth.AuthPermission; @@ -48,7 +50,7 @@ public abstract class BaseSecurityInfo * Name of the JBoss Module that can be optionally configured for * custom login modules etc */ - protected String jbossModuleName; + protected Set jbossModuleNames = new HashSet(); public BaseSecurityInfo() { @@ -94,18 +96,19 @@ public void setName(String name) * Get the name of the JBoss Module * @return */ - public String getJBossModuleName() + public Set getJBossModuleNames() { - return jbossModuleName; + return jbossModuleNames; } /** * Set the name of the JBoss Module * @param jbossModuleName */ - public void setJBossModuleName(String jbossModuleName) + public void addJBossModuleName(String jbossModuleName) { - this.jbossModuleName = jbossModuleName; + if (jbossModuleName != null && !jbossModuleName.isEmpty()) + this.jbossModuleNames.add(jbossModuleName); } protected abstract BaseSecurityInfo create(String name); diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java index b1fa93d4..ff33788f 100644 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/identitytrust/JBossIdentityTrustContext.java @@ -25,6 +25,7 @@ import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.Map; +import java.util.Set; import javax.security.auth.login.LoginException; @@ -107,13 +108,13 @@ private void initializeModules() throws Exception IdentityTrustInfo iti = aPolicy.getIdentityTrustInfo(); if(iti == null) return; - String jbossModuleName = iti.getJBossModuleName(); - if(jbossModuleName != null) + Set jbossModuleNames = iti.getJBossModuleNames(); + if(!jbossModuleNames.isEmpty()) { ClassLoaderLocator cll = ClassLoaderLocatorFactory.get(); if(cll != null) { - moduleCL = cll.get(jbossModuleName); + moduleCL = cll.get(jbossModuleNames); } } IdentityTrustModuleEntry[] itmearr = iti.getIdentityTrustModuleEntry(); diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java index f193235b..8b006b6b 100644 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/ClassLoaderLocator.java @@ -21,6 +21,9 @@ */ package org.jboss.security.plugins; +import java.util.HashSet; +import java.util.Set; + /** * An interface to locate a {@code ClassLoader}} * The primary use of this interface is in the JBoss Application Server, @@ -31,9 +34,15 @@ public interface ClassLoaderLocator { /** - * Given a key, return a {@code ClassLoader} - * @param key - * @return + * Given a module name, return a {@code ClassLoader} + * @param module the name of the module for which we want a {@link ClassLoader}. + * @return the module {@link java.lang.ClassLoader}. */ - ClassLoader get(String key); + default ClassLoader get(String module) { + Set modules = new HashSet<>(); + modules.add(module); + return get(modules); + } + + ClassLoader get(Set modules); } \ No newline at end of file diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java index d88ace2a..cd5ea928 100644 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/audit/JBossAuditManager.java @@ -9,6 +9,7 @@ import java.security.PrivilegedActionException; import java.util.Arrays; import java.util.List; +import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; @@ -64,13 +65,13 @@ public AuditContext getAuditContext() throws PrivilegedActionException AuditInfo ai = ap.getAuditInfo(); if(ai != null) { - String jbossModuleName = ai.getJBossModuleName(); - if(jbossModuleName != null) + Set jbossModuleNames = ai.getJBossModuleNames(); + if(!jbossModuleNames.isEmpty()) { ClassLoaderLocator cll = ClassLoaderLocatorFactory.get(); if(cll != null) { - moduleCL = cll.get(jbossModuleName); + moduleCL = cll.get(jbossModuleNames); } } ac = instantiate(moduleCL, ai); diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java index ba30167c..ec1d5186 100644 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JaasSecurityManagerBase.java @@ -292,14 +292,14 @@ private boolean authenticate(Principal principal, Object credential, if(theAppPolicy != null) { BaseAuthenticationInfo authInfo = theAppPolicy.getAuthenticationInfo(); - String jbossModuleName = authInfo.getJBossModuleName(); - if(jbossModuleName != null) + Set jbossModuleNames = authInfo.getJBossModuleNames(); + if(!jbossModuleNames.isEmpty()) { ClassLoader currentTccl = SubjectActions.getContextClassLoader(); ClassLoaderLocator theCLL = ClassLoaderLocatorFactory.get(); if(theCLL != null) { - ClassLoader newTCCL = theCLL.get(jbossModuleName); + ClassLoader newTCCL = theCLL.get(jbossModuleNames); if(newTCCL != null) { try diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java index 3331630f..73737ce4 100644 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/authorization/JBossAuthorizationContext.java @@ -27,6 +27,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; @@ -181,13 +182,13 @@ private void initializeModules(Resource resource, RoleGroup role, List jbossModuleNames = authzInfo.getJBossModuleNames(); + if(!jbossModuleNames.isEmpty()) { ClassLoaderLocator cll = ClassLoaderLocatorFactory.get(); if( cll != null) { - moduleCL = cll.get(jbossModuleName); + moduleCL = cll.get(jbossModuleNames); } } AuthorizationModuleEntry[] entries = authzInfo.getAuthorizationModuleEntry(); diff --git a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java index 94297433..99c76f56 100644 --- a/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java +++ b/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/mapping/JBossMappingManager.java @@ -22,6 +22,7 @@ package org.jboss.security.plugins.mapping; import java.util.ArrayList; +import java.util.Set; import org.jboss.security.PicketBoxLogger; import org.jboss.security.PicketBoxMessages; @@ -101,13 +102,13 @@ public MappingContext getMappingContext(Class mappingType) private MappingContext generateMappingContext(MappingContext mc, MappingInfo rmi) { ClassLoader moduleCL = null; - String jbossModuleName = rmi.getJBossModuleName(); - if(jbossModuleName != null) + Set jbossModuleNames = rmi.getJBossModuleNames(); + if(!jbossModuleNames.isEmpty()) { ClassLoaderLocator cll = ClassLoaderLocatorFactory.get(); if(cll != null) { - moduleCL = cll.get(jbossModuleName); + moduleCL = cll.get(jbossModuleNames); } } MappingModuleEntry[] mpe = rmi.getMappingModuleEntry(); diff --git a/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java b/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java index 0699fbe5..c1c94989 100644 --- a/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java +++ b/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authorization/JBossAuthorizationManagerWithModuleUnitTestCase.java @@ -21,6 +21,8 @@ */ package org.jboss.test.authorization; +import java.util.Set; + import org.jboss.security.config.ApplicationPolicy; import org.jboss.security.config.AuthorizationInfo; import org.jboss.security.config.SecurityConfiguration; @@ -41,13 +43,13 @@ protected void setSecurityConfiguration() throws Exception super.setSecurityConfiguration(); ApplicationPolicy ap = SecurityConfiguration.getApplicationPolicy("other"); AuthorizationInfo ai = ap.getAuthorizationInfo(); - ai.setJBossModuleName("org.picketbox"); + ai.addJBossModuleName("org.picketbox"); ap.setAuthorizationInfo(ai); SecurityConfiguration.addApplicationPolicy(ap); ClassLoaderLocatorFactory.set(new ClassLoaderLocator() { - public ClassLoader get(String key) { + public ClassLoader get(Set modules) { return Thread.currentThread().getContextClassLoader(); } });