Newer
Older
Patrick Dowler
committed
if (mySocketFactory != null)
throw new IllegalStateException("Illegal use of GMSClient: "
+ "cannot set SSLSocketFactory after using one created from Subject");
Patrick Dowler
committed
private int subjectHashCode = 0;
private SSLSocketFactory getSSLSocketFactory()
{
Patrick Dowler
committed
AccessControlContext ac = AccessController.getContext();
Subject s = Subject.getSubject(ac);
// no real Subject: can only use the one from setSSLSocketFactory
if (s == null || s.getPrincipals().isEmpty())
{
return sslSocketFactory;
}
// lazy init
if (this.mySocketFactory == null)
{
log.debug("getSSLSocketFactory: " + s);
this.mySocketFactory = SSLUtil.getSocketFactory(s);
this.subjectHashCode = s.hashCode();
}
else
Patrick Dowler
committed
int c = s.hashCode();
if (c != subjectHashCode)
throw new IllegalStateException("Illegal use of "
+ this.getClass().getSimpleName()
+ ": subject change not supported for internal SSLSocketFactory");
Patrick Dowler
committed
return this.mySocketFactory;
protected void clearCache()
{
AccessControlContext acContext = AccessController.getContext();
Subject subject = Subject.getSubject(acContext);
if (subject != null)
{
Patrick Dowler
committed
subject.getPrivateCredentials().remove(new GroupMemberships());
Patrick Dowler
committed
protected GroupMemberships getGroupCache(Principal userID)
{
AccessControlContext acContext = AccessController.getContext();
Subject subject = Subject.getSubject(acContext);
// only consult cache if the userID is of the calling subject
if (userIsSubject(userID, subject))
Patrick Dowler
committed
Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class);
if (gset == null || gset.isEmpty())
Patrick Dowler
committed
GroupMemberships mems = new GroupMemberships();
subject.getPrivateCredentials().add(mems);
return mems;
Patrick Dowler
committed
GroupMemberships mems = gset.iterator().next();
return mems;
Patrick Dowler
committed
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
return null; // no cache
}
protected Group getCachedGroup(Principal userID, String groupID, Role role)
{
List<Group> groups = getCachedGroups(userID, role, false);
if (groups == null)
return null; // no cache
for (Group g : groups)
{
if (g.getID().equals(groupID))
return g;
}
return null;
}
protected List<Group> getCachedGroups(Principal userID, Role role, boolean complete)
{
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return null; // no cache
Boolean cacheState = mems.complete.get(role);
if (!complete || Boolean.TRUE.equals(cacheState))
return mems.memberships.get(role);
// caller wanted complete and we don't have that
Patrick Dowler
committed
protected void addCachedGroup(Principal userID, Group group, Role role)
{
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return; // no cache
List<Group> groups = mems.memberships.get(role);
if (groups == null)
{
groups = new ArrayList<Group>();
mems.complete.put(role, Boolean.FALSE);
mems.memberships.put(role, groups);
}
if (!groups.contains(group))
groups.add(group);
}
protected void setCachedGroups(Principal userID, List<Group> groups, Role role)
Patrick Dowler
committed
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return; // no cache
Patrick Dowler
committed
log.debug("Caching groups for " + userID + ", role " + role);
List<Group> cur = mems.memberships.get(role);
if (cur == null)
Patrick Dowler
committed
cur = new ArrayList<Group>();
mems.complete.put(role, Boolean.FALSE);
mems.memberships.put(role, cur);
}
for (Group group : groups)
{
if (!cur.contains(group))
cur.add(group);
mems.complete.put(role, Boolean.TRUE);
}
}
protected boolean userIsSubject(Principal userID, Subject subject)
{
if (userID == null || subject == null)
{
return false;
}
for (Principal subjectPrincipal : subject.getPrincipals())
Patrick Dowler
committed
if (AuthenticationUtil.equals(subjectPrincipal, userID))
Patrick Dowler
committed
* Class used to hold list of groups in which a user is known to be a member.
Patrick Dowler
committed
protected class GroupMemberships implements Comparable
Map<Role, List<Group>> memberships = new HashMap<Role, List<Group>>();
Patrick Dowler
committed
Map<Role, Boolean> complete = new HashMap<Role, Boolean>();
Patrick Dowler
committed
// only allow one in a set - makes clearCache simple too
public boolean equals(Object rhs)
{
if (rhs != null && rhs instanceof GroupMemberships)
return true;
return false;
}
public int compareTo(Object t)
{
if (this.equals(t))
return 0;
return -1; // wonder if this is sketchy
}