[jboss-cvs] jboss/src/main/org/jboss/ejb/plugins ...
Anil Saldhana
anil.saldhana at jboss.com
Tue Jul 25 22:26:10 EDT 2006
User: asaldhana
Date: 06/07/25 22:26:10
Modified: src/main/org/jboss/ejb/plugins
SecurityAuthorizationInterceptor.java
SecurityInterceptor.java
Log:
JBAS-3374: Use the authorization manager as part of the container
Revision Changes Path
1.4 +8 -7 jboss/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityAuthorizationInterceptor.java
===================================================================
RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- SecurityAuthorizationInterceptor.java 19 Jul 2006 18:22:41 -0000 1.3
+++ SecurityAuthorizationInterceptor.java 26 Jul 2006 02:26:10 -0000 1.4
@@ -29,7 +29,6 @@
import org.jboss.ejb.Container;
import org.jboss.invocation.Invocation;
-import org.jboss.logging.Logger;
import org.jboss.metadata.BeanMetaData;
import org.jboss.mx.util.MBeanProxyExt;
import org.jboss.mx.util.MBeanServerLocator;
@@ -41,19 +40,18 @@
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.plugins.AuthorizationManagerServiceMBean;
-//$Id: SecurityAuthorizationInterceptor.java,v 1.3 2006/07/19 18:22:41 asaldhana Exp $
+//$Id: SecurityAuthorizationInterceptor.java,v 1.4 2006/07/26 02:26:10 asaldhana Exp $
/**
* Authorization Interceptor that makes use of the Authorization
* Framework for access control decisions
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jul 6, 2006
- * @version $Revision: 1.3 $
+ * @version $Revision: 1.4 $
*/
public class SecurityAuthorizationInterceptor extends AbstractInterceptor
{
- protected static Logger log = Logger.getLogger(SecurityAuthorizationInterceptor.class);
- protected boolean trace = log.isTraceEnabled();
+ protected boolean trace = false;
protected String ejbName = null;
protected CodeSource ejbCS = null;
protected AuthorizationManagerServiceMBean authorizationManagerService = null;
@@ -64,6 +62,7 @@
public SecurityAuthorizationInterceptor()
{
+ trace = log.isTraceEnabled();
authorizationManagerService = (AuthorizationManagerServiceMBean)
MBeanProxyExt.create(AuthorizationManagerServiceMBean.class,
AuthorizationManagerServiceMBean.OBJECT_NAME,
@@ -128,6 +127,8 @@
map.put(ResourceKeys.EJB_CODESOURCE, ejbCS);
map.put(ResourceKeys.CALLER_SUBJECT, caller);
map.put(ResourceKeys.AUTHORIZATION_MANAGER,authzManager);
+ map.put(ResourceKeys.RUNASIDENTITY, SecurityActions.peekRunAsIdentity());
+ map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
EJBResource ejbResource = new EJBResource(map);
boolean isAuthorized = false;
try
1.58 +12 -36 jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityInterceptor.java
===================================================================
RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -b -r1.57 -r1.58
--- SecurityInterceptor.java 25 Jul 2006 17:21:33 -0000 1.57
+++ SecurityInterceptor.java 26 Jul 2006 02:26:10 -0000 1.58
@@ -27,18 +27,14 @@
import org.jboss.metadata.AssemblyDescriptorMetaData;
import org.jboss.metadata.BeanMetaData;
import org.jboss.metadata.SecurityIdentityMetaData;
-import org.jboss.mx.util.MBeanProxyExt;
-import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.Util;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.EJBResource;
import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.plugins.AuthorizationManagerServiceMBean;
import org.jboss.system.Registry;
import java.security.CodeSource;
@@ -59,7 +55,7 @@
* @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>.
* @author <a href="mailto:Thomas.Diesler at jboss.org">Thomas Diesler</a>.
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @version $Revision: 1.57 $
+ * @version $Revision: 1.58 $
*/
public class SecurityInterceptor extends AbstractInterceptor
{
@@ -76,6 +72,8 @@
*/
protected AuthenticationManager securityManager;
+ protected AuthorizationManager authorizationManager;
+
/** The authorization manager plugin
*/
protected RealmMapping realmMapping;
@@ -95,7 +93,6 @@
//Authorization Framework changes
protected String ejbName = null;
protected CodeSource ejbCS = null;
- protected AuthorizationManagerServiceMBean authorizationManagerService = null;
/**
* Security Domain configured as part of the application
*/
@@ -129,6 +126,7 @@
securityManager = container.getSecurityManager();
realmMapping = container.getRealmMapping();
+ authorizationManager = container.getAuthorizationManager();
try
{
@@ -268,7 +266,6 @@
// Get the caller
Subject caller = SecurityActions.getContextSubject();
- AuthorizationManager authzManager = this.getAuthorizationManager();
final HashMap map = new HashMap();
map.put(ResourceKeys.EJB_NAME ,this.ejbName);
map.put(ResourceKeys.EJB_METHOD,ejbMethod);
@@ -276,14 +273,14 @@
map.put(ResourceKeys.EJB_METHODINTERFACE, mi.getType().toInterfaceString());
map.put(ResourceKeys.EJB_CODESOURCE, ejbCS);
map.put(ResourceKeys.CALLER_SUBJECT, caller);
- map.put(ResourceKeys.AUTHORIZATION_MANAGER,authzManager);
+ map.put(ResourceKeys.AUTHORIZATION_MANAGER,authorizationManager);
map.put(ResourceKeys.RUNASIDENTITY, SecurityActions.peekRunAsIdentity());
map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
EJBResource ejbResource = new EJBResource(map);
boolean isAuthorized = false;
try
{
- int check = authzManager.authorize(ejbResource);
+ int check = authorizationManager.authorize(ejbResource);
isAuthorized = (check == AuthorizationContext.PERMIT);
}
catch (Exception e)
@@ -298,25 +295,4 @@
if(!isAuthorized)
throw new SecurityException(msg);
}
-
- /**
- * Get the Authorization Manager for the security domain
- * @see SecurityConstants#DEFAULT_EJB_APPLICATION_POLICY
- * @return authorization manager
- * @throws Exception
- */
- private AuthorizationManager getAuthorizationManager() throws Exception
- {
- String tempSecurityDomain = appSecurityDomain != null ? Util.unprefixSecurityDomain(appSecurityDomain) :
- defaultAuthorizationSecurityDomain;
- if(authorizationManagerService == null)
- authorizationManagerService = (AuthorizationManagerServiceMBean)
- MBeanProxyExt.create(AuthorizationManagerServiceMBean.class,
- AuthorizationManagerServiceMBean.OBJECT_NAME,
- MBeanServerLocator.locateJBoss());
- AuthorizationManager am = authorizationManagerService.getAuthorizationManager(tempSecurityDomain);
- if(log.isTraceEnabled())
- log.trace(am.toString());
- return am;
- }
}
More information about the jboss-cvs-commits
mailing list