org.jbpm.security.authentication.SubjectAuthenticationService.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.jbpm.security.authentication.SubjectAuthenticationService.java

Introduction

Here is the source code for org.jbpm.security.authentication.SubjectAuthenticationService.java

Source

/*
 * JBoss, Home of Professional Open Source
 * Copyright 2005, JBoss Inc., and individual contributors as indicated
 * by the @authors tag. See the copyright.txt in the distribution for a
 * full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.jbpm.security.authentication;

import java.security.AccessController;
import java.security.Principal;
import java.util.Set;

import javax.security.auth.Subject;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import org.jbpm.JbpmConfiguration.Configs;
import org.jbpm.JbpmContext;
import org.jbpm.JbpmException;
import org.jbpm.security.AuthenticationService;
import org.jbpm.util.ClassLoaderUtil;

/**
 * gets the authenticated actor id from the current Subject. This Authenticator is either
 * configured via the {@link SubjectAuthenticationServiceFactory} or it requires the two other
 * configuration parameter 'jbpm.authenticator.principal.classname' and
 * 'jbpm.authenticator.principal.allow.overwrite' This configuration property specifies the
 * class name of the principal that should be used from the current subject. This could be for
 * example org.jboss.security.CallerIdentity in an JBoss AS. If not actorId is set, the name of
 * that principal is used as the currently authenticated actorId. If an actorId!=null is set
 * (via setActorId) this one overwrites the principal. This behavior is configurable via the
 * 'jbpm.authenticator.principal.allow.overwrite' attribute. If this is set to false, setActorId
 * is simply ignored.
 */
public class SubjectAuthenticationService implements AuthenticationService {

    private static final long serialVersionUID = 1L;

    private static final Log log = LogFactory.getLog(JbpmContext.class);

    private Class principalClass;
    private String actorId;
    private boolean allowActorIdOverwrite;

    public SubjectAuthenticationService(String principalClassName, Boolean allowActorIdOverwrite) {
        if (principalClassName != null) {
            initPrincipalClass(principalClassName);
        } else {
            initPrincipalClass(Configs.getString("jbpm.authenticator.principal.classname"));
        }
        if (allowActorIdOverwrite != null) {
            this.allowActorIdOverwrite = allowActorIdOverwrite.booleanValue();
        } else {
            this.allowActorIdOverwrite = Configs.getBoolean("jbpm.authenticator.principal.allow.overwrite");
        }
    }

    public SubjectAuthenticationService() {
        initPrincipalClass(Configs.getString("jbpm.authenticator.principal.classname"));
        allowActorIdOverwrite = Configs.getBoolean("jbpm.authenticator.principal.allow.overwrite");
    }

    protected void initPrincipalClass(String principalClassName) {
        try {
            principalClass = ClassLoaderUtil.classForName(principalClassName);
        } catch (ClassNotFoundException e) {
            throw new JbpmException("principal class not found: " + principalClassName, e);
        }
    }

    public String getActorId() {
        if (actorId == null) {
            Subject subject = Subject.getSubject(AccessController.getContext());
            if (subject == null) {
                log.warn("no subject exists! cannot get actorId");
                return null;
            }

            Set principals = subject.getPrincipals(principalClass);
            if (principals != null && !principals.isEmpty()) {
                // always use the first one (so be patient what Principal classes are used)
                Principal principal = (Principal) principals.iterator().next();
                actorId = principal.getName();
            }
        }
        return actorId;
    }

    public void setActorId(String actorId) {
        if (allowActorIdOverwrite && actorId != null) {
            this.actorId = actorId;
        }
    }

    public void close() {
    }
}