/*
 * JBoss, the OpenSource J2EE webOS
 *
 * Distributable under LGPL license.
 * See terms of license at gnu.org.
 * 
 */
package org.jboss.security.jacc;

import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.AccessController;
import java.lang.reflect.Constructor;

import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.security.jacc.PolicyContext;

import org.jboss.logging.Logger;

/** The SecurityService installs a java.security.Policy implementation that
 * handles the JACC permission checks. The Policy provider can be done using the
 * standard javax.security.jacc.policy.provider system property, or by setting
 * the PolicyName attribute to an mbean which supports a Policy attribute of
 * type java.security.Policy.
 *
 * @author Scott.Stark@jboss.org
 * @version $Revision: 1.6.4.2 $
 */
public class SecurityService
{
   /** The system property name for the Policy implementation class */
   private static final String JACC_POLICY_PROVIDER = "javax.security.jacc.policy.provider";
   private static final Logger log = Logger.getLogger(SecurityService.class);

   /** The startup Policy.getPolicy() value */
   private Policy oldPolicy;
   /** The JACC_POLICY_PROVIDER Policy implementation */
   private Policy jaccPolicy;
   /** The mbean name to use if we should register the jaccPolicy as an mbean */
   private ObjectName policyName;

   /** The attribute name on policyName used to obtain the Policy impl */
   private String policyAttributeName = "Policy";
   private MBeanServer server;

   public ObjectName getPolicyName()
   {
      return policyName;
   }
   public void setPolicyName(ObjectName policyName)
   {
      this.policyName = policyName;
   }

   public String getPolicyAttributeName()
   {
      return policyAttributeName;
   }
   public void setPolicyAttributeName(String policyAttributeName)
   {
      this.policyAttributeName = policyAttributeName;
   }

   public MBeanServer getMBeanServer()
   {
      return server;
   }
   public void setMBeanServer(MBeanServer server)
   {
      this.server = server;
   }

   /**
    * The following permissions are required:
    * java.security.SecurityPermission("getPolicy")
    * java.security.SecurityPermission("setPolicy")
    * 
    * @throws Exception
    */ 
   public void start() throws Exception
   {
      // Get the current Policy impl
      oldPolicy = Policy.getPolicy();

      // If the policy is an mbean, first see if it already exists
      if( server != null && policyName != null && server.isRegistered(policyName) )
      {
         // Get the Policy from the mbean
         try
         {
            jaccPolicy = (Policy) server.getAttribute(policyName, policyAttributeName);
         }
         catch(Exception e)
         {
            log.warn("Failed to get " + policyAttributeName
               + " attribute from: " + policyName, e);
         }
      }

      // Use the provider system property if there is no policy
      if( jaccPolicy == null )
      {
         String provider = getProperty(JACC_POLICY_PROVIDER,
            "org.jboss.security.jacc.DelegatingPolicy");
         ClassLoader loader = Thread.currentThread().getContextClassLoader();
         Class providerClass = loader.loadClass(provider);
         try
         {
            // Look for a ctor(Policy) signature
            Class[] ctorSig = {Policy.class};
            Constructor ctor = providerClass.getConstructor(ctorSig);
            Object[] ctorArgs = {oldPolicy};
            jaccPolicy = (Policy) ctor.newInstance(ctorArgs);
         }
         catch(NoSuchMethodException e)
         {
            log.debug("Provider does not support ctor(Policy)");
            jaccPolicy = (Policy) providerClass.newInstance();
         }
      }

      // Install the JACC policy provider
      Policy.setPolicy(jaccPolicy);

      // Have the policy load/update itself
      jaccPolicy.refresh();

      // Register the default active Subject PolicyContextHandler
      SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler();
      PolicyContext.registerHandler(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY,
         handler, true);
   }

   public void stop() throws Exception
   {
      // Install the policy provider that existed on startup
      if( jaccPolicy != null )
         Policy.setPolicy(oldPolicy);      
   }
  
   static class PropertyAccessAction implements PrivilegedAction
   {
      private String name;
      private String defaultValue;
      PropertyAccessAction(String name, String defaultValue)
      {
         this.name = name;
         this.defaultValue = defaultValue;
      }
      public Object run()
      {
         return System.getProperty(name, defaultValue);
      }
   }

   static String getProperty(String name)
   {
      return getProperty(name, null);
   }

   static String getProperty(String name, String defaultValue)
   {
      PrivilegedAction action = new PropertyAccessAction(name, defaultValue);
      String property = (String) AccessController.doPrivileged(action);
      return property;
   }
}