AuthConfigFactory.java

/**
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package jakarta.security.auth.message.config;

import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.security.SecurityPermission;
import java.util.Map;

import jakarta.security.auth.message.module.ServerAuthModule;

public abstract class AuthConfigFactory {

    public static final String DEFAULT_FACTORY_SECURITY_PROPERTY = "authconfigprovider.factory";
    public static final String GET_FACTORY_PERMISSION_NAME = "getProperty.authconfigprovider.factory";
    public static final String SET_FACTORY_PERMISSION_NAME = "setProperty.authconfigprovider.factory";
    public static final String PROVIDER_REGISTRATION_PERMISSION_NAME = "setProperty.authconfigfactory.provider";

    /**
     * @deprecated Following JEP 411
     */
    @Deprecated(forRemoval = true)
    public static final SecurityPermission getFactorySecurityPermission =
            new SecurityPermission(GET_FACTORY_PERMISSION_NAME);

    /**
     * @deprecated Following JEP 411
     */
    @Deprecated(forRemoval = true)
    public static final SecurityPermission setFactorySecurityPermission =
            new SecurityPermission(SET_FACTORY_PERMISSION_NAME);

    /**
     * @deprecated Following JEP 411
     */
    @Deprecated(forRemoval = true)
    public static final SecurityPermission providerRegistrationSecurityPermission =
            new SecurityPermission(PROVIDER_REGISTRATION_PERMISSION_NAME);

    private static final String DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL =
            "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl";

    private static volatile AuthConfigFactory factory;

    public AuthConfigFactory() {
    }

    public static AuthConfigFactory getFactory() {
        checkPermission(getFactorySecurityPermission);
        if (factory != null) {
            return factory;
        }

        synchronized (AuthConfigFactory.class) {
            if (factory == null) {
                final String className = getFactoryClassName();
                try {
                    factory = AccessController.doPrivileged((PrivilegedExceptionAction<AuthConfigFactory>) () -> {
                        // Load this class with the same class loader as used for
                        // this class. Note that the Thread context class loader
                        // should not be used since that would trigger a memory leak
                        // in container environments.
                        if (className.equals("org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl")) {
                            return new org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl();
                        } else {
                            Class<?> clazz = Class.forName(className);
                            return (AuthConfigFactory) clazz.getConstructor().newInstance();
                        }
                    });
                } catch (PrivilegedActionException e) {
                    Exception inner = e.getException();
                    if (inner instanceof InstantiationException) {
                        throw new SecurityException("AuthConfigFactory error:" + inner.getCause().getMessage(),
                                inner.getCause());
                    } else {
                        throw new SecurityException("AuthConfigFactory error: " + inner, inner);
                    }
                }
            }
        }

        return factory;
    }

    public static synchronized void setFactory(AuthConfigFactory factory) {
        checkPermission(setFactorySecurityPermission);
        AuthConfigFactory.factory = factory;
    }

    public abstract AuthConfigProvider getConfigProvider(String layer, String appContext,
            RegistrationListener listener);

    public abstract String registerConfigProvider(String className, Map<String,String> properties, String layer,
            String appContext, String description);

    public abstract String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext,
            String description);

    public abstract boolean removeRegistration(String registrationID);

    public abstract String[] detachListener(RegistrationListener listener, String layer, String appContext);

    public abstract String[] getRegistrationIDs(AuthConfigProvider provider);

    public abstract RegistrationContext getRegistrationContext(String registrationID);

    public abstract void refresh();

    /**
     * Convenience method for registering a {@link ServerAuthModule} that should have the same effect as calling
     * {@link #registerConfigProvider(AuthConfigProvider, String, String, String)} with the implementation providing the
     * appropriate {@link AuthConfigProvider} generated from the provided context.
     *
     * @param serverAuthModule The {@link ServerAuthModule} to register
     * @param context          The associated application context
     *
     * @return A string identifier for the created registration
     *
     * @since Authentication 3.0
     */
    public abstract String registerServerAuthModule(ServerAuthModule serverAuthModule, Object context);

    /**
     * Convenience method for deregistering a {@link ServerAuthModule} that should have the same effect as calling
     * {@link AuthConfigFactory#removeRegistration(String)}.
     *
     * @param context The associated application context
     *
     * @since Authentication 3.0
     */
    public abstract void removeServerAuthModule(Object context);

    /**
     * @deprecated Following JEP 411
     */
    @Deprecated(forRemoval = true)
    private static void checkPermission(Permission permission) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(permission);
        }
    }

    private static String getFactoryClassName() {
        String className = AccessController
                .doPrivileged((PrivilegedAction<String>) () -> Security.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY));

        if (className != null) {
            return className;
        }

        return DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL;
    }

    public interface RegistrationContext {

        String getMessageLayer();

        String getAppContext();

        String getDescription();

        boolean isPersistent();
    }
}