From ceeb10506cd2909cc536f620d94459bc33c18622 Mon Sep 17 00:00:00 2001 From: Sanjay Dalal Date: Fri, 30 Apr 2010 17:29:56 +0000 Subject: [PATCH] NOJIRA refactoring based on walkthrough discussion, renamed securitycontextutils->authncontext, added utility method to retrieve tenant name test: all service tests M authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java D authentication/service/src/main/java/org/collectionspace/authentication/realm/CSpaceDbRealm.java A authentication/service/src/main/java/org/collectionspace/authentication/realm/db A + authentication/service/src/main/java/org/collectionspace/authentication/realm/db/CSpaceDbRealm.java D authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringSecurityContextUtils.java A + authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java A authentication/service/src/main/java/org/collectionspace/authentication/spi A + authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java D authentication/service/src/main/java/org/collectionspace/authentication/SecurityContextUtils.java M authentication/service/src/main/java/org/collectionspace/authentication/jaas/CSpaceJBossDBLoginModule.java --- .../collectionspace/authentication/AuthN.java | 30 +++++++---- .../jaas/CSpaceJBossDBLoginModule.java | 2 +- .../realm/{ => db}/CSpaceDbRealm.java | 3 +- .../AuthNContext.java} | 52 ++++++++---------- ...textUtils.java => SpringAuthNContext.java} | 54 +++++++++++++------ 5 files changed, 84 insertions(+), 57 deletions(-) rename services/authentication/service/src/main/java/org/collectionspace/authentication/realm/{ => db}/CSpaceDbRealm.java (99%) rename services/authentication/service/src/main/java/org/collectionspace/authentication/{SecurityContextUtils.java => spi/AuthNContext.java} (51%) rename services/authentication/service/src/main/java/org/collectionspace/authentication/spring/{SpringSecurityContextUtils.java => SpringAuthNContext.java} (77%) diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java index e259e2f02..0860e1951 100644 --- a/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java +++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java @@ -47,10 +47,10 @@ * To change this template, choose Tools | Templates * and open the template in the editor. */ - package org.collectionspace.authentication; -import org.collectionspace.authentication.spring.SpringSecurityContextUtils; +import org.collectionspace.authentication.spi.AuthNContext; +import org.collectionspace.authentication.spring.SpringAuthNContext; /** * AuthN is a singleton to access various authentication related utilities @@ -58,16 +58,17 @@ import org.collectionspace.authentication.spring.SpringSecurityContextUtils; * @author */ public class AuthN { + /** * volatile is used here to assume about ordering (post JDK 1.5) */ - private static volatile AuthN self = new AuthN(); - private SecurityContextUtils securityContextUtils; - + private static volatile AuthN self = new AuthN(); + private AuthNContext authnContext; + private AuthN() { //hardcoded initialization of a provider //FIXME initialize with the help of configuration meta data - securityContextUtils = new SpringSecurityContextUtils(); + authnContext = new SpringAuthNContext(); } public final static AuthN get() { @@ -78,8 +79,8 @@ public class AuthN { * getAuthn returns authentication utilities * @return */ - public SecurityContextUtils getSecurityContextUtils() { - return securityContextUtils; + public AuthNContext getAuthNContext() { + return authnContext; } /** @@ -87,14 +88,23 @@ public class AuthN { * @return */ public String getUserId() { - return securityContextUtils.getUserId(); + return authnContext.getUserId(); } + /** * getTenantIds returns a list of tenant ids the user is associated with * @return */ public String[] getTenantIds() { - return securityContextUtils.getTenantIds(); + return authnContext.getTenantIds(); } + /** + * getTenants returns tenants associated with user + * @see CSpaceTenant + * @return + */ + public CSpaceTenant[] getTenants() { + return authnContext.getTenants(); + } } diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/jaas/CSpaceJBossDBLoginModule.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/jaas/CSpaceJBossDBLoginModule.java index 80aee4ef9..c9c5452ab 100644 --- a/services/authentication/service/src/main/java/org/collectionspace/authentication/jaas/CSpaceJBossDBLoginModule.java +++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/jaas/CSpaceJBossDBLoginModule.java @@ -32,7 +32,7 @@ import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; -import org.collectionspace.authentication.realm.CSpaceDbRealm; +import org.collectionspace.authentication.realm.db.CSpaceDbRealm; import org.jboss.security.auth.spi.UsernamePasswordLoginModule; /** diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/realm/CSpaceDbRealm.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/realm/db/CSpaceDbRealm.java similarity index 99% rename from services/authentication/service/src/main/java/org/collectionspace/authentication/realm/CSpaceDbRealm.java rename to services/authentication/service/src/main/java/org/collectionspace/authentication/realm/db/CSpaceDbRealm.java index dc948e6d7..b8be3f5f9 100644 --- a/services/authentication/service/src/main/java/org/collectionspace/authentication/realm/CSpaceDbRealm.java +++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/realm/db/CSpaceDbRealm.java @@ -47,7 +47,7 @@ * To change this template, choose Tools | Templates * and open the template in the editor. */ -package org.collectionspace.authentication.realm; +package org.collectionspace.authentication.realm.db; import java.lang.reflect.Constructor; import java.security.Principal; @@ -68,6 +68,7 @@ import javax.sql.DataSource; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.collectionspace.authentication.CSpaceTenant; +import org.collectionspace.authentication.realm.CSpaceRealm; /** * CSpaceDbRealm provides access to user, password, role, tenant database diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/SecurityContextUtils.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java similarity index 51% rename from services/authentication/service/src/main/java/org/collectionspace/authentication/SecurityContextUtils.java rename to services/authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java index 720fe926c..896f36bd5 100644 --- a/services/authentication/service/src/main/java/org/collectionspace/authentication/SecurityContextUtils.java +++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java @@ -20,41 +20,19 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. +. */ -package org.collectionspace.authentication; +package org.collectionspace.authentication.spi; + +import javax.security.auth.Subject; +import org.collectionspace.authentication.CSpaceTenant; /** * Utilities to be used by Services runtime to interface with authentication service * @author */ -public abstract class SecurityContextUtils { +public abstract class AuthNContext { /** * getUserId returns authenticated user id @@ -63,8 +41,24 @@ public abstract class SecurityContextUtils { public abstract String getUserId(); /** - * get tenant ids associated with the security context + * getTenantIds get tenant ids from the tenant context associated with the + * security context * @return */ public abstract String[] getTenantIds(); + + + /** + * getTenants get tenant context associated with the security context + * @see CSpaceTenant + * @return + */ + public abstract CSpaceTenant[] getTenants(); + + + /** + * getSubject retrieves security context as Subject + * @see javax.security.auth.Subject + */ + public abstract Subject getSubject(); } diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringSecurityContextUtils.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java similarity index 77% rename from services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringSecurityContextUtils.java rename to services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java index a95878891..48a6bab38 100644 --- a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringSecurityContextUtils.java +++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java @@ -52,19 +52,20 @@ package org.collectionspace.authentication.spring; import java.security.acl.Group; import java.util.ArrayList; import java.util.Enumeration; +import java.util.List; import java.util.Set; import javax.security.auth.Subject; -import org.collectionspace.authentication.SecurityContextUtils; import org.collectionspace.authentication.CSpaceTenant; +import org.collectionspace.authentication.spi.AuthNContext; import org.springframework.security.authentication.jaas.JaasAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; /** - * SpringSecurityContextUtils provides utilities to CSpace services runtime + * SpringAuthNContext provides utilities to CSpace services runtime * @author */ -final public class SpringSecurityContextUtils extends SecurityContextUtils { +final public class SpringAuthNContext extends AuthNContext { //private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container"; public String getUserId() { @@ -79,22 +80,24 @@ final public class SpringSecurityContextUtils extends SecurityContextUtils { @Override public String[] getTenantIds() { - ArrayList tenants = new ArrayList(); - Subject caller = null; - Authentication authToken = SecurityContextHolder.getContext().getAuthentication(); - JaasAuthenticationToken jaasToken = null; - if (authToken instanceof JaasAuthenticationToken) { - jaasToken = (JaasAuthenticationToken) authToken; - caller = (Subject) jaasToken.getLoginContext().getSubject(); + ArrayList tenantList = new ArrayList(); + CSpaceTenant[] tenants = getTenants(); + for(CSpaceTenant tenant : tenants) { + tenantList.add(tenant.getId()); } - //caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY); + return tenantList.toArray(new String[0]); + } + + public CSpaceTenant[] getTenants() { + List tenants = new ArrayList(); + Subject caller = getSubject(); if (caller == null) { - String msg = "security not enabled!"; + String msg = "Could not find Subject!"; //TODO: find out why subject is not null //FIXME: if logger is loaded when authn comes up, use it //logger.warn(msg); System.err.println(msg); - return tenants.toArray(new String[0]); + return tenants.toArray(new CSpaceTenant[0]); } Set groups = null; groups = caller.getPrincipals(Group.class); @@ -104,14 +107,14 @@ final public class SpringSecurityContextUtils extends SecurityContextUtils { //FIXME: if logger is loaded when authn comes up, use it //logger.warn(msg); System.err.println(msg); - return tenants.toArray(new String[0]); + return tenants.toArray(new CSpaceTenant[0]); } for (Group g : groups) { if ("Tenants".equals(g.getName())) { Enumeration members = g.members(); while (members.hasMoreElements()) { CSpaceTenant tenant = (CSpaceTenant) members.nextElement(); - tenants.add(tenant.getId()); + tenants.add(tenant); //FIXME: if logger is loaded when authn comes up, use it // if (logger.isDebugEnabled()) { // logger.debug("found tenant id=" + tenant.getId() @@ -120,6 +123,25 @@ final public class SpringSecurityContextUtils extends SecurityContextUtils { } } } - return tenants.toArray(new String[0]); + return tenants.toArray(new CSpaceTenant[0]); + } + + public Subject getSubject() { + Subject caller = null; + //if Spring was not used.... + //caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY); + + //FIXME the follow call should be protected with a privileged action + //and must only be available to users with super privileges + //Spring does not offer any easy mechanism + //It is a bad idea to ship with a kernel user...kernel user should be + //created at startup time perhaps and used it here + Authentication authToken = SecurityContextHolder.getContext().getAuthentication(); + JaasAuthenticationToken jaasToken = null; + if (authToken instanceof JaasAuthenticationToken) { + jaasToken = (JaasAuthenticationToken) authToken; + caller = (Subject) jaasToken.getLoginContext().getSubject(); + } + return caller; } } -- 2.47.3