From 386075afda4934c5973fe697041bd43e263cdba1 Mon Sep 17 00:00:00 2001 From: Jared Anderson Date: Sun, 13 Oct 2024 11:20:15 -0500 Subject: [PATCH] Update Jakarta Authorization 3.0 implementation - Switch from using Policy to using PolicyFactory - Implement impliesByRole, isExcluded and isUnchecked in the test provider and upate to call Policy.imply method instead of impl on the PermissionCollection - Switch to only use the jakarta names for the provider service for Authorization 3.0 --- .../ejb/impl/EJBSecurityValidatorImpl.java | 2 +- .../web/impl/WebSecurityValidatorImpl.java | 4 +- .../jacc/common/PolicyProxy.java | 2 +- .../internal/proxy/JavaSePolicyProxyImpl.java | 2 +- .../authorization/jacc/ProviderService.java | 8 +- ...ava => JakartaPolicyFactoryProxyImpl.java} | 24 +++--- .../proxy/ProviderServiceProxyImpl.java | 54 ++++---------- .../jacc/provider/JaccPolicyProxy.java | 73 ++++++++++++++++--- .../jacc/provider/PolicyFactoryImpl.java | 39 ++++++++++ .../jacc/service/ProviderServiceImpl.java | 22 +++--- 10 files changed, 148 insertions(+), 82 deletions(-) rename dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/{JakartaPolicyProxyImpl.java => JakartaPolicyFactoryProxyImpl.java} (57%) create mode 100644 dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/PolicyFactoryImpl.java diff --git a/dev/com.ibm.ws.security.authorization.jacc.ejb/src/com/ibm/ws/security/authorization/jacc/ejb/impl/EJBSecurityValidatorImpl.java b/dev/com.ibm.ws.security.authorization.jacc.ejb/src/com/ibm/ws/security/authorization/jacc/ejb/impl/EJBSecurityValidatorImpl.java index 302c8045c4a..92e2cbc28aa 100644 --- a/dev/com.ibm.ws.security.authorization.jacc.ejb/src/com/ibm/ws/security/authorization/jacc/ejb/impl/EJBSecurityValidatorImpl.java +++ b/dev/com.ibm.ws.security.authorization.jacc.ejb/src/com/ibm/ws/security/authorization/jacc/ejb/impl/EJBSecurityValidatorImpl.java @@ -147,7 +147,7 @@ public Boolean run() throws javax.security.jacc.PolicyContextException { PolicyContext.setHandlerData(handlerObjects); if (tc.isDebugEnabled()) Tr.debug(tc, "Calling JACC implies. subject : " + subject); - return policyProxy.implies(subject, permission); + return policyProxy.implies(contextId, subject, permission); } }); return result.booleanValue(); diff --git a/dev/com.ibm.ws.security.authorization.jacc.web/src/com/ibm/ws/security/authorization/jacc/web/impl/WebSecurityValidatorImpl.java b/dev/com.ibm.ws.security.authorization.jacc.web/src/com/ibm/ws/security/authorization/jacc/web/impl/WebSecurityValidatorImpl.java index 249f41a512f..93d70adee36 100644 --- a/dev/com.ibm.ws.security.authorization.jacc.web/src/com/ibm/ws/security/authorization/jacc/web/impl/WebSecurityValidatorImpl.java +++ b/dev/com.ibm.ws.security.authorization.jacc.web/src/com/ibm/ws/security/authorization/jacc/web/impl/WebSecurityValidatorImpl.java @@ -74,7 +74,7 @@ public Boolean run() throws javax.security.jacc.PolicyContextException { PolicyContext.setHandlerData(handlerObjects); if (tc.isDebugEnabled()) Tr.debug(tc, "Calling JACC implies"); - return Boolean.valueOf(policyProxy.implies(null, wudp)); + return Boolean.valueOf(policyProxy.implies(contextId, null, wudp)); } }); @@ -145,7 +145,7 @@ public Boolean run() throws javax.security.jacc.PolicyContextException { PolicyContext.setHandlerData(handlerObjects); if (tc.isDebugEnabled()) Tr.debug(tc, "Calling JACC implies. Subject : " + subject); - return policyProxy.implies(subject, permission); + return policyProxy.implies(contextId, subject, permission); } }); return result.booleanValue(); diff --git a/dev/com.ibm.ws.security.authorization.jacc/src/com/ibm/ws/security/authorization/jacc/common/PolicyProxy.java b/dev/com.ibm.ws.security.authorization.jacc/src/com/ibm/ws/security/authorization/jacc/common/PolicyProxy.java index 7adccd78bd8..932a93fb4fa 100644 --- a/dev/com.ibm.ws.security.authorization.jacc/src/com/ibm/ws/security/authorization/jacc/common/PolicyProxy.java +++ b/dev/com.ibm.ws.security.authorization.jacc/src/com/ibm/ws/security/authorization/jacc/common/PolicyProxy.java @@ -22,5 +22,5 @@ public interface PolicyProxy { public void setPolicy(); - public boolean implies(Subject subject, Permission permission); + public boolean implies(String contextId, Subject subject, Permission permission); } diff --git a/dev/com.ibm.ws.security.authorization.jacc/src/io/openliberty/security/authorization/jacc/internal/proxy/JavaSePolicyProxyImpl.java b/dev/com.ibm.ws.security.authorization.jacc/src/io/openliberty/security/authorization/jacc/internal/proxy/JavaSePolicyProxyImpl.java index 6c8cb0c1122..73d0ca1bf57 100644 --- a/dev/com.ibm.ws.security.authorization.jacc/src/io/openliberty/security/authorization/jacc/internal/proxy/JavaSePolicyProxyImpl.java +++ b/dev/com.ibm.ws.security.authorization.jacc/src/io/openliberty/security/authorization/jacc/internal/proxy/JavaSePolicyProxyImpl.java @@ -46,7 +46,7 @@ public void setPolicy() { } @Override - public boolean implies(Subject subject, Permission permission) { + public boolean implies(String contextId, Subject subject, Permission permission) { ProtectionDomain pd = null; if (subject != null && subject.getPrincipals().size() > 0) { Principal[] principalArray = subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]); diff --git a/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/com/ibm/wsspi/security/authorization/jacc/ProviderService.java b/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/com/ibm/wsspi/security/authorization/jacc/ProviderService.java index 05de78ce457..f882f3c0e86 100644 --- a/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/com/ibm/wsspi/security/authorization/jacc/ProviderService.java +++ b/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/com/ibm/wsspi/security/authorization/jacc/ProviderService.java @@ -10,18 +10,18 @@ package com.ibm.wsspi.security.authorization.jacc; -import jakarta.security.jacc.Policy; import jakarta.security.jacc.PolicyConfigurationFactory; +import jakarta.security.jacc.PolicyFactory; public interface ProviderService { /** * Returns the instance representing the provider-specific implementation - * of the jakarta.security.jacc.Policy abstract class. + * of the jakarta.security.jacc.PolicyFactory abstract class. * - * @return An instance which implements Policy class. + * @return An instance which implements the PolicyFactory class. */ - public Policy getPolicy(); + public PolicyFactory getPolicyFactory(); /** * Returns the instance representing the provider-specific implementation diff --git a/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/JakartaPolicyProxyImpl.java b/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/JakartaPolicyFactoryProxyImpl.java similarity index 57% rename from dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/JakartaPolicyProxyImpl.java rename to dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/JakartaPolicyFactoryProxyImpl.java index f9d1d32774c..7485cb01022 100644 --- a/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/JakartaPolicyProxyImpl.java +++ b/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/JakartaPolicyFactoryProxyImpl.java @@ -10,25 +10,22 @@ package io.openliberty.security.authorization.jacc.internal.proxy; import java.security.Permission; -import java.security.PermissionCollection; import javax.security.auth.Subject; import com.ibm.ws.security.authorization.jacc.common.PolicyProxy; import jakarta.security.jacc.Policy; +import jakarta.security.jacc.PolicyFactory; -public class JakartaPolicyProxyImpl implements PolicyProxy { +public class JakartaPolicyFactoryProxyImpl implements PolicyProxy { - private final Policy policy; - - JakartaPolicyProxyImpl(Policy p) { - policy = p; + JakartaPolicyFactoryProxyImpl(PolicyFactory policyFactory) { + PolicyFactory.setPolicyFactory(policyFactory); } @Override public void refresh() { - policy.refresh(); } @Override @@ -36,8 +33,15 @@ public void setPolicy() { } @Override - public boolean implies(Subject subject, Permission permission) { - PermissionCollection permCollection = policy.getPermissionCollection(subject); - return permCollection.implies(permission); + public boolean implies(String contextId, Subject subject, Permission permission) { + PolicyFactory policyFactory = PolicyFactory.getPolicyFactory(); + if (policyFactory == null) { + return false; + } + Policy policy = policyFactory.getPolicy(contextId); + if (policy == null) { + return false; + } + return policy.implies(permission, subject); } } diff --git a/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/ProviderServiceProxyImpl.java b/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/ProviderServiceProxyImpl.java index 45c33927324..dc76eebf3db 100644 --- a/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/ProviderServiceProxyImpl.java +++ b/dev/io.openliberty.security.authorization.internal.jacc.3.0/src/io/openliberty/security/authorization/jacc/internal/proxy/ProviderServiceProxyImpl.java @@ -23,8 +23,8 @@ import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference; import com.ibm.wsspi.security.authorization.jacc.ProviderService; -import jakarta.security.jacc.Policy; import jakarta.security.jacc.PolicyConfigurationFactory; +import jakarta.security.jacc.PolicyFactory; @Component(service = ProviderServiceProxy.class, immediate = true, name = "io.openliberty.security.authorization.jacc.provider.proxy", configurationPolicy = ConfigurationPolicy.IGNORE, property = { "service.vendor=IBM" }) @@ -32,10 +32,6 @@ public class ProviderServiceProxyImpl implements ProviderServiceProxy { private static final TraceComponent tc = Tr.register(ProviderServiceProxyImpl.class); - private static final String JACC_FACTORY = "javax.security.jacc.PolicyConfigurationFactory.provider"; - private static final String JACC_FACTORY_EE9 = "jakarta.security.jacc.PolicyConfigurationFactory.provider"; - private static final String JACC_POLICY_PROVIDER = "javax.security.jacc.policy.provider"; - private static final String JACC_POLICY_PROVIDER_EE9 = "jakarta.security.jacc.policy.provider"; static final String KEY_JACC_PROVIDER_SERVICE = "jaccProviderService"; private final AtomicServiceReference jaccProviderService = new AtomicServiceReference(KEY_JACC_PROVIDER_SERVICE); @@ -62,8 +58,8 @@ public PolicyProxy getPolicyProxy() { if (providerService == null) { return null; } - Policy policy = providerService.getPolicy(); - return policy == null ? null : new JakartaPolicyProxyImpl(policy); + PolicyFactory policyFactory = providerService.getPolicyFactory(); + return policyFactory == null ? null : new JakartaPolicyFactoryProxyImpl(policyFactory); } @Override @@ -97,50 +93,31 @@ protected void deactivate(ComponentContext cc) { } private void initializeSystemProperties(ServiceReference reference) { - Object obj = reference.getProperty(JACC_POLICY_PROVIDER); + Object obj = reference.getProperty(PolicyFactory.FACTORY_NAME); if (obj != null && obj instanceof String) { policyName = (String) obj; } - if (policyName == null) { - obj = reference.getProperty(JACC_POLICY_PROVIDER_EE9); - if (obj != null && obj instanceof String) { - policyName = (String) obj; - } - } - obj = reference.getProperty(JACC_FACTORY); + obj = reference.getProperty(PolicyConfigurationFactory.FACTORY_NAME); if (obj != null && obj instanceof String) { factoryName = (String) obj; } - if (factoryName == null) { - obj = reference.getProperty(JACC_FACTORY_EE9); - if (obj != null && obj instanceof String) { - factoryName = (String) obj; - } - } if (tc.isDebugEnabled()) Tr.debug(tc, "Meta data : policyName : " + policyName + " factoryName : " + factoryName); originalSystemPolicyName = null; originalSystemFactoryName = null; - String systemPolicyName = System.getProperty(JACC_POLICY_PROVIDER); - if (systemPolicyName == null) { - systemPolicyName = System.getProperty(JACC_POLICY_PROVIDER_EE9); - } + String systemPolicyName = System.getProperty(PolicyFactory.FACTORY_NAME); - String systemFactoryName = System.getProperty(JACC_FACTORY); - if (systemFactoryName == null) { - systemFactoryName = System.getProperty(JACC_FACTORY_EE9); - } + String systemFactoryName = System.getProperty(PolicyConfigurationFactory.FACTORY_NAME); if (tc.isDebugEnabled()) { Tr.debug(tc, "System properties : policyName : " + systemPolicyName + " factoryName : " + systemFactoryName); } if (systemPolicyName == null) { if (policyName != null) { - System.setProperty(JACC_POLICY_PROVIDER, policyName); - System.setProperty(JACC_POLICY_PROVIDER_EE9, policyName); + System.setProperty(PolicyFactory.FACTORY_NAME, policyName); } else if (policyName == null) { Tr.error(tc, "JACC_POLICY_IS_NOT_SET"); return; @@ -150,15 +127,13 @@ private void initializeSystemProperties(ServiceReference refere policyName = systemPolicyName; } else if (!systemPolicyName.equals(policyName)) { Tr.warning(tc, "JACC_INCONSISTENT_POLICY_CLASS", new Object[] { systemPolicyName, policyName }); - System.setProperty(JACC_POLICY_PROVIDER, policyName); - System.setProperty(JACC_POLICY_PROVIDER_EE9, policyName); + System.setProperty(PolicyFactory.FACTORY_NAME, policyName); originalSystemPolicyName = systemPolicyName; } } if (systemFactoryName == null) { if (factoryName != null) { - System.setProperty(JACC_FACTORY, factoryName); - System.setProperty(JACC_FACTORY_EE9, factoryName); + System.setProperty(PolicyConfigurationFactory.FACTORY_NAME, factoryName); } else if (factoryName == null) { Tr.error(tc, "JACC_FACTORY_IS_NOT_SET"); return; @@ -168,8 +143,7 @@ private void initializeSystemProperties(ServiceReference refere factoryName = systemFactoryName; } else if (!systemFactoryName.equals(factoryName)) { Tr.warning(tc, "JACC_INCONSISTENT_FACTORY_CLASS", new Object[] { systemFactoryName, factoryName }); - System.setProperty(JACC_FACTORY, factoryName); - System.setProperty(JACC_FACTORY_EE9, factoryName); + System.setProperty(PolicyConfigurationFactory.FACTORY_NAME, factoryName); originalSystemFactoryName = systemFactoryName; } } @@ -177,15 +151,13 @@ private void initializeSystemProperties(ServiceReference refere private void restoreSystemProperties() { if (originalSystemPolicyName != null) { - System.setProperty(JACC_POLICY_PROVIDER, originalSystemPolicyName); - System.setProperty(JACC_POLICY_PROVIDER_EE9, originalSystemPolicyName); + System.setProperty(PolicyFactory.FACTORY_NAME, originalSystemPolicyName); if (tc.isDebugEnabled()) { Tr.debug(tc, "PolicyName system property is restored by : " + originalSystemPolicyName); } } if (originalSystemFactoryName != null) { - System.setProperty(JACC_FACTORY, originalSystemFactoryName); - System.setProperty(JACC_FACTORY_EE9, originalSystemFactoryName); + System.setProperty(PolicyConfigurationFactory.FACTORY_NAME, originalSystemFactoryName); if (tc.isDebugEnabled()) { Tr.debug(tc, "PolicyName system property is restored by : " + originalSystemFactoryName); } diff --git a/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/JaccPolicyProxy.java b/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/JaccPolicyProxy.java index ab48077d962..09510ae5a99 100755 --- a/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/JaccPolicyProxy.java +++ b/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/JaccPolicyProxy.java @@ -6,9 +6,6 @@ * http://www.eclipse.org/legal/epl-2.0/ * * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * IBM Corporation - initial API and implementation *******************************************************************************/ package com.ibm.ws.security.authorization.jacc.provider; @@ -28,7 +25,6 @@ import jakarta.security.jacc.EJBMethodPermission; import jakarta.security.jacc.EJBRoleRefPermission; import jakarta.security.jacc.Policy; -import jakarta.security.jacc.PolicyContext; import jakarta.security.jacc.PolicyContextException; import jakarta.security.jacc.WebResourcePermission; import jakarta.security.jacc.WebRoleRefPermission; @@ -37,6 +33,7 @@ public class JaccPolicyProxy implements Policy { private JaccProvider jaccProvider = null; private static final TraceComponent tc = Tr.register(JaccPolicyProxy.class); + private final String contextID; static { /** @@ -64,8 +61,63 @@ public class JaccPolicyProxy implements Policy { c.getName(); // Use c to prevent compile warnings } - // This is called during startup - only one thread is active - public JaccPolicyProxy() { + public JaccPolicyProxy(String contextId) { + this.contextID = contextId; + } + + @Override + public boolean impliesByRole(Permission p, Subject subject) { + if (p instanceof WebResourcePermission) { + Set principals = subject == null ? null : subject.getPrincipals(); + if (principals != null && principals.size() > 0) { + WSPolicyConfigurationImpl pc = getPolicyConfiguration(); + if (pc != null) { + if (tc.isDebugEnabled()) + Tr.debug(tc, "Checking the role list"); + return jaccProvider.checkRolePerm(pc, p, contextID); + } + } + } else if (p instanceof WebRoleRefPermission || p instanceof EJBRoleRefPermission || p instanceof EJBMethodPermission) { + WSPolicyConfigurationImpl pc = getPolicyConfiguration(); + if (pc != null) { + if (tc.isDebugEnabled()) + Tr.debug(tc, "Checking the role list"); + return jaccProvider.checkRolePerm(pc, p, contextID); + } + } + return false; + } + + @Override + public boolean isExcluded(Permission p) { + if (p instanceof WebResourcePermission || p instanceof WebUserDataPermission || p instanceof EJBMethodPermission) { + WSPolicyConfigurationImpl pc = getPolicyConfiguration(); + if (pc != null) { + if (tc.isDebugEnabled()) + Tr.debug(tc, "Checking the excluded list"); + + return jaccProvider.checkExcludedPerm(pc, p); + } + } + return false; + } + + @Override + public boolean isUnchecked(Permission p) { + if (p instanceof WebResourcePermission || p instanceof WebUserDataPermission || p instanceof EJBMethodPermission) { + WSPolicyConfigurationImpl pc = getPolicyConfiguration(); + if (pc != null) { + if (tc.isDebugEnabled()) + Tr.debug(tc, "Checking the unchecked list"); + if (jaccProvider.checkUncheckedPerm(pc, p)) { + return true; + } + if (p instanceof WebResourcePermission) { + return jaccProvider.isEveryoneGranted(pc, p, contextID); + } + } + } + return false; } @Override @@ -74,7 +126,6 @@ public void refresh() { private WSPolicyConfigurationImpl getPolicyConfiguration() { //get contextID; - String contextID = PolicyContext.getContextID(); WSPolicyConfigurationImpl pc = null; pc = AllPolicyConfigs.getInstance().getPolicyConfig(contextID); @@ -143,7 +194,7 @@ public boolean implies(Permission p) { if (jaccProvider.checkUncheckedPerm(pc, p)) { return true; } else { - return jaccProvider.isEveryoneGranted(pc, p, PolicyContext.getContextID()); + return jaccProvider.isEveryoneGranted(pc, p, contextID); } } else { if (tc.isDebugEnabled()) @@ -153,7 +204,7 @@ public boolean implies(Permission p) { } else { if (tc.isDebugEnabled()) Tr.debug(tc, "Checking the role list"); - return jaccProvider.checkRolePerm(pc, p, PolicyContext.getContextID()); + return jaccProvider.checkRolePerm(pc, p, contextID); } } } else if (p instanceof WebUserDataPermission) { @@ -177,7 +228,7 @@ public boolean implies(Permission p) { } if (tc.isDebugEnabled()) Tr.debug(tc, "Checking the role list"); - return jaccProvider.checkRolePerm(pc, p, PolicyContext.getContextID()); + return jaccProvider.checkRolePerm(pc, p, contextID); } else if (p instanceof EJBMethodPermission) { WSPolicyConfigurationImpl pc = getPolicyConfiguration(); if (pc == null) { @@ -193,7 +244,7 @@ public boolean implies(Permission p) { if (jaccProvider.checkUncheckedPerm(pc, p)) { return true; } else { - return jaccProvider.checkRolePerm(pc, p, PolicyContext.getContextID()); + return jaccProvider.checkRolePerm(pc, p, contextID); } } } diff --git a/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/PolicyFactoryImpl.java b/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/PolicyFactoryImpl.java new file mode 100644 index 00000000000..4cea637ff84 --- /dev/null +++ b/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/provider/PolicyFactoryImpl.java @@ -0,0 +1,39 @@ +/******************************************************************************* + * Copyright (c) 2024 IBM Corporation and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + *******************************************************************************/ +package com.ibm.ws.security.authorization.jacc.provider; + +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import jakarta.security.jacc.Policy; +import jakarta.security.jacc.PolicyFactory; + +public class PolicyFactoryImpl extends PolicyFactory { + + private final Map policyMap = new ConcurrentHashMap<>(); + + @Override + public Policy getPolicy(String contextId) { + Policy policy = policyMap.get(contextId); + if (policy == null) { + // get policy and set it in the map + policy = new JaccPolicyProxy(contextId); + policyMap.put(contextId, policy); + } + + return policy; + } + + @Override + public void setPolicy(String contextId, Policy policy) { + policyMap.put(contextId, policy); + } + +} diff --git a/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/service/ProviderServiceImpl.java b/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/service/ProviderServiceImpl.java index 2011ec2cfb0..e356c50efb7 100755 --- a/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/service/ProviderServiceImpl.java +++ b/dev/io.openliberty.security.authorization.jacc.testprovider/src/com/ibm/ws/security/authorization/jacc/service/ProviderServiceImpl.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2015, 2020 IBM Corporation and others. + * Copyright (c) 2015, 2024 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License 2.0 * which accompanies this distribution, and is available at @@ -24,26 +24,26 @@ import com.ibm.websphere.ras.Tr; import com.ibm.websphere.ras.TraceComponent; -import com.ibm.ws.security.authorization.jacc.provider.JaccPolicyProxy; +import com.ibm.ws.security.authorization.jacc.provider.PolicyFactoryImpl; import com.ibm.ws.security.authorization.jacc.role.FileRoleMapping; import com.ibm.wsspi.security.authorization.jacc.ProviderService; -import jakarta.security.jacc.Policy; import jakarta.security.jacc.PolicyConfigurationFactory; +import jakarta.security.jacc.PolicyFactory; @Component(service = ProviderService.class, immediate = true, name = "com.ibm.ws.security.authorization.jacc.provider", configurationPolicy = ConfigurationPolicy.OPTIONAL, property = { "service.vendor=IBM", // "RequestMethodArgumentsRequired=true", - "jakarta.security.jacc.policy.provider=com.ibm.ws.security.authorization.jacc.provider.JaccPolicyProxy", + "jakarta.security.jacc.PolicyFactory.provider=com.ibm.ws.security.authorization.jacc.provider.PolicyFactoryImpl", "jakarta.security.jacc.PolicyConfigurationFactory.provider=com.ibm.ws.security.authorization.jacc.provider.WSPolicyConfigurationFactoryImpl" }) public class ProviderServiceImpl implements ProviderService { private static final TraceComponent tc = Tr.register(ProviderServiceImpl.class); - private static final String JACC_FACTORY = "jakarta.security.jacc.PolicyConfigurationFactory.provider"; + private static final String JACC_FACTORY = PolicyConfigurationFactory.FACTORY_NAME; private static final String JACC_FACTORY_IMPL = "com.ibm.ws.security.authorization.jacc.provider.WSPolicyConfigurationFactoryImpl"; - private static final String JACC_POLICY_PROVIDER = "jakarta.security.jacc.policy.provider"; - private static final String JACC_POLICY_PROVIDER_IMPL = "com.ibm.ws.security.authorization.jacc.provider.JaccPolicyProxy"; + private static final String JACC_POLICY_FACTORY_PROVIDER = PolicyFactory.FACTORY_NAME; + private static final String JACC_POLICY_FACTORY_PROVIDER_IMPL = "com.ibm.ws.security.authorization.jacc.provider.PolicyFactoryImpl"; private static final String CFG_ROLE_MAPPING_FILE = "roleMappingFile"; public ProviderServiceImpl() { @@ -66,11 +66,11 @@ protected void deactivate(ComponentContext cc) { /** {@inheritDoc} */ @Override - public Policy getPolicy() { - if (System.getProperty(JACC_POLICY_PROVIDER) == null) { - System.setProperty(JACC_POLICY_PROVIDER, JACC_POLICY_PROVIDER_IMPL); + public PolicyFactory getPolicyFactory() { + if (System.getProperty(JACC_POLICY_FACTORY_PROVIDER) == null) { + System.setProperty(JACC_POLICY_FACTORY_PROVIDER, JACC_POLICY_FACTORY_PROVIDER_IMPL); } - return new JaccPolicyProxy(); + return new PolicyFactoryImpl(); } /** {@inheritDoc} */