[jboss-cvs] JBossAS SVN: r67969 - trunk/ejb3/src/main/org/jboss/ejb3/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Dec 5 18:23:30 EST 2007
Author: anil.saldhana at jboss.com
Date: 2007-12-05 18:23:30 -0500 (Wed, 05 Dec 2007)
New Revision: 67969
Modified:
trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java
Log:
Handle the case when a call comes with no security context such as with MDB calls
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2007-12-05 23:16:50 UTC (rev 67968)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2007-12-05 23:23:30 UTC (rev 67969)
@@ -37,7 +37,6 @@
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityIdentity;
import org.jboss.security.SecurityUtil;
-import org.jboss.security.SimplePrincipal;
import org.jboss.security.integration.JNDIBasedSecurityManagement;
import org.jboss.security.integration.ejb.EJBAuthenticationHelper;
@@ -72,7 +71,8 @@
MethodInvocation mi = (MethodInvocation) invocation;
Method method = mi.getMethod();
if(shelper.isEJBTimeOutCallback(method) ||
- shelper.containsTimeoutAnnotation(container, method))
+ shelper.containsTimeoutAnnotation(container, method) ||
+ shelper.isMDB(container))
return invocation.invokeNext();
SecurityIdentity si = null;
@@ -93,6 +93,13 @@
Principal p = null;
Object cred = null;
+ //There is no security context at all
+ if(sc == null && invSC == null)
+ {
+ sc = SecurityActions.createSecurityContext(domain.value());
+ SecurityActions.setSecurityContext(sc);
+ }
+
if(shelper.isLocalCall(mi))
{
if(sc == null)
@@ -130,24 +137,9 @@
if(!trustedCaller)
{
Subject subject = new Subject();
- /**
- * Special Case: Invocation has no principal set,
- * but an unauthenticatedPrincipal has been configured in JBoss DD
- */
- String unauthenticatedPrincipal = domain.unauthenticatedPrincipal();
- if(sc.getUtil().getUserPrincipal() == null && unauthenticatedPrincipal !=null &&
- unauthenticatedPrincipal.length() > 0)
- {
- Principal uPrincipal = new SimplePrincipal(unauthenticatedPrincipal);
- sc.getSubjectInfo().setAuthenticationPrincipal(uPrincipal);
- subject.getPrincipals().add(uPrincipal);
- }
- else
- {
- //Authenticate the caller now
- if(!helper.isValid(subject, method.getName()))
- throw new EJBAccessException("Invalid User");
- }
+ //Authenticate the caller now
+ if(!helper.isValid(subject, method.getName()))
+ throw new EJBAccessException("Invalid User");
helper.pushSubjectContext(subject);
}
else
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2007-12-05 23:16:50 UTC (rev 67968)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2007-12-05 23:23:30 UTC (rev 67969)
@@ -23,6 +23,7 @@
import java.lang.reflect.Method;
import java.security.CodeSource;
+import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -77,11 +78,11 @@
this.ejbName = ejbName;
}
- protected Set getRoleSet(Invocation invocation)
+ protected Set<Principal> getRoleSet(Invocation invocation)
{
Method method = ((MethodInvocation)invocation).getActualMethod();
- Class[] classes = new Class[]{DenyAll.class, PermitAll.class, RolesAllowed.class};
+ Class<?>[] classes = new Class[]{DenyAll.class, PermitAll.class, RolesAllowed.class};
Object annotation = container.resolveAnnotation(method, classes);
@@ -91,7 +92,7 @@
annotation = container.resolveAnnotation(classes[classIndex++]);
}
- HashSet set = new HashSet();
+ HashSet<Principal> set = new HashSet<Principal>();
if (annotation != null)
{
if (annotation instanceof DenyAll)
@@ -126,19 +127,23 @@
SecurityHelper shelper = new SecurityHelper();
Method method = mi.getMethod();
if(shelper.isEJBTimeOutCallback(method) ||
- shelper.containsTimeoutAnnotation(container, method))
+ shelper.containsTimeoutAnnotation(container, method) ||
+ shelper.isMDB(container))
return invocation.invokeNext();
try
{
SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
- if(domain != null)
+ boolean domainExists = domain != null && domain.value() != null
+ && domain.value().length() > 0;
+
+ if(domainExists)
{
SecurityContext sc = SecurityActions.getSecurityContext();
if(sc == null)
throw new IllegalStateException("Security Context has not been set");
- Set methodRoles = getRoleSet(invocation);
+ Set<Principal> methodRoles = getRoleSet(invocation);
if (methodRoles == null)
{
/*
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java 2007-12-05 23:16:50 UTC (rev 67968)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java 2007-12-05 23:23:30 UTC (rev 67969)
@@ -28,10 +28,10 @@
import javax.ejb.Timer;
import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
+import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
+import org.jboss.ejb3.mdb.MessagingContainer;
import org.jboss.ejb3.remoting.IsLocalInterceptor;
-import org.jboss.remoting.InvokerLocator;
//$Id$
@@ -49,7 +49,7 @@
* @return true - local call
*/
public boolean isLocalCall(MethodInvocation mi)
- {
+ {
return mi.getMetaData().hasTag(IsLocalInterceptor.IS_LOCAL);
}
@@ -84,4 +84,14 @@
{
return (Timeout) container.resolveAnnotation(meth, Timeout.class) != null;
}
+
+ /**
+ * Determine if the container is a MDB
+ * @param container
+ * @return
+ */
+ public boolean isMDB(Container container)
+ {
+ return container instanceof MessagingContainer;
+ }
}
More information about the jboss-cvs-commits
mailing list