[jboss-cvs] JBossAS SVN: r61757 - in trunk/ejb3/src/main/org/jboss/ejb3: metamodel and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Mar 27 16:14:01 EDT 2007
Author: bdecoste
Date: 2007-03-27 16:14:00 -0400 (Tue, 27 Mar 2007)
New Revision: 61757
Modified:
trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
trunk/ejb3/src/main/org/jboss/ejb3/metamodel/SecurityIdentity.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
Log:
fixes for tests that mimic failed TCK EJB3 security tests for @RunAsPrincipal
Modified: trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java 2007-03-27 19:20:48 UTC (rev 61756)
+++ trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java 2007-03-27 20:14:00 UTC (rev 61757)
@@ -48,6 +48,7 @@
import javax.transaction.UserTransaction;
import javax.xml.rpc.handler.MessageContext;
+import org.jboss.annotation.security.RunAsPrincipal;
import org.jboss.annotation.security.SecurityDomain;
import org.jboss.aop.Advisor;
import org.jboss.ejb3.security.SecurityDomainManager;
@@ -72,7 +73,7 @@
private static final long serialVersionUID = -2485139227124937217L;
private static final Logger log = Logger.getLogger(BaseSessionContext.class);
- protected transient Container container;
+ protected transient EJBContainer container;
protected transient RealmMapping rm;
protected BaseContext baseContext;
@@ -92,7 +93,7 @@
public void setContainer(Container container)
{
- this.container = container;
+ this.container = (EJBContainer)container;
try
{
InitialContext ctx = container.getInitialContext();
@@ -125,7 +126,7 @@
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException
{
- container = Ejb3Registry.getContainer(in.readUTF());
+ container = (EJBContainer)Ejb3Registry.getContainer(in.readUTF());
InitialContext ctx = container.getInitialContext();
try
{
@@ -177,11 +178,38 @@
public Principal getCallerPrincipal()
{
- Principal principal = SecurityAssociation.getCallerPrincipal();
+ Principal principal = null;
+
+ RunAsIdentity runAsIdentity = SecurityActions.peekRunAsIdentity(0);
+ log.info("--- getCallerPrincipal peek " + runAsIdentity);
+
+ // Don't use RunAsIdentity to establish the principal when the RunAsIdentity came
+ // from the current bean.
+
+ if (runAsIdentity != null)
+ {
+ java.util.Set principals = runAsIdentity.getPrincipalsSet();
+ if (principals.size() > 0)
+ {
+ RunAsPrincipal annotation = (RunAsPrincipal)container.resolveAnnotation(RunAsPrincipal.class);
+ Principal tmp = (Principal)principals.iterator().next();
+ log.info("--- getCallerPrincipal annotation " + annotation + " " + tmp.getName());
+ if (annotation == null || !annotation.value().equals(tmp.getName()))
+ principal = tmp;
+
+ }
+ }
+ log.info("--- getCallerPrincipal RunAsIdentity " + principal);
+ if (principal == null)
+ principal = SecurityAssociation.getCallerPrincipal();
+ log.info("--- getCallerPrincipal SecurityAssociation " + principal);
+
if (getRm() != null)
{
principal = getRm().getPrincipal(principal);
}
+
+ log.info("--- getCallerPrincipal " + principal);
// This method never returns null.
if (principal == null)
@@ -199,10 +227,11 @@
{
// TODO revert to aspects.security.SecurityContext impl when JBoss AOP 1.1 is out.
Principal principal = getCallerPrincipal();
+
// Check the caller of this beans run-as identity
// todo use priveleged stuff in ejb class
RunAsIdentity runAsIdentity = SecurityActions.peekRunAsIdentity(1);
-
+
if (principal == null && runAsIdentity == null)
return false;
@@ -229,10 +258,21 @@
HashSet set = new HashSet();
set.add(new SimplePrincipal(roleName));
+ // This is work in progress - currently, getRm().doesUserHaveRole(principal, set)
+ // and getRm().getUserRoles(principal) ignores the principal parameter and is not
+ // using the principal from the pushed RunAsIdentity
+ boolean doesUserHaveRole;
if (runAsIdentity == null)
- return getRm().doesUserHaveRole(principal, set);
+ doesUserHaveRole = getRm().doesUserHaveRole(principal, set);
else
- return runAsIdentity.doesUserHaveRole(set);
+ doesUserHaveRole = runAsIdentity.doesUserHaveRole(set);
+
+ java.util.Set roles = getRm().getUserRoles(principal);
+ log.info("--- isCallerInRole roles " + roles);
+
+ log.info("--- isCallerInRole " + roleName + " " + principal + " " + doesUserHaveRole + " " + runAsIdentity);
+
+ return doesUserHaveRole;
}
public TimerService getTimerService() throws IllegalStateException
Modified: trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java 2007-03-27 19:20:48 UTC (rev 61756)
+++ trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java 2007-03-27 20:14:00 UTC (rev 61757)
@@ -72,6 +72,7 @@
import org.jboss.annotation.ejb.cache.simple.PersistenceManagerImpl;
import org.jboss.annotation.internal.DefaultInterceptorMarker;
import org.jboss.annotation.internal.DefaultInterceptorMarkerImpl;
+import org.jboss.annotation.security.RunAsPrincipal;
import org.jboss.annotation.security.RunAsPrincipalImpl;
import org.jboss.annotation.security.SecurityDomain;
import org.jboss.annotation.security.SecurityDomainImpl;
@@ -1768,21 +1769,21 @@
if (identity != null && !identity.isUseCallerIdentity())
{
RunAs runAs = identity.getRunAs();
+ RunAsImpl annotation = null;
if (runAs != null)
{
- RunAsImpl annotation = new RunAsImpl(runAs.getRoleName());
+ annotation = new RunAsImpl(runAs.getRoleName());
addClassAnnotation(container, annotation.annotationType(),
annotation);
-
- String runAsPrincipal = identity.getRunAsPrincipal();
- if (runAsPrincipal != null)
- {
- RunAsPrincipalImpl principalAnnotation = new RunAsPrincipalImpl(
- runAs.getRoleName());
- addClassAnnotation(container, principalAnnotation
- .annotationType(), principalAnnotation);
- }
}
+
+ String runAsPrincipal = identity.getRunAsPrincipal();
+ if (runAsPrincipal != null)
+ {
+ RunAsPrincipalImpl principalAnnotation = new RunAsPrincipalImpl(runAsPrincipal);
+ addClassAnnotation(container, principalAnnotation
+ .annotationType(), principalAnnotation);
+ }
}
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/metamodel/SecurityIdentity.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/metamodel/SecurityIdentity.java 2007-03-27 19:20:48 UTC (rev 61756)
+++ trunk/ejb3/src/main/org/jboss/ejb3/metamodel/SecurityIdentity.java 2007-03-27 20:14:00 UTC (rev 61757)
@@ -84,7 +84,9 @@
{
StringBuffer sb = new StringBuffer(100);
sb.append("[");
- sb.append("ejbName=").append(id);
+ sb.append("runAsPrincipal=").append(runAsPrincipal);
+ sb.append(", runAs=").append(runAs);
+ sb.append(", useCallerIdentity=").append(useCallerIdentity);
sb.append("]");
return sb.toString();
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java 2007-03-27 19:20:48 UTC (rev 61756)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java 2007-03-27 20:14:00 UTC (rev 61757)
@@ -52,6 +52,6 @@
public Object invoke(Invocation invocation) throws Throwable
{
return super.invoke(invocation);
- }
+ }
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2007-03-27 19:20:48 UTC (rev 61756)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2007-03-27 20:14:00 UTC (rev 61757)
@@ -63,20 +63,12 @@
String runAsPrincipal = null;
if (rap != null)
runAsPrincipal = rap.value();
- else
- {
- //Check if jboss.xml has it
- if(container.getXml() != null && container.getXml().getSecurityIdentity() != null)
- {
- runAsPrincipal = container.getXml().getSecurityIdentity().getRunAsPrincipal();
- }
- }
HashSet extraRoles = new HashSet();
AssemblyDescriptor ad = container.getAssemblyDescriptor();
if(ad != null)
extraRoles.addAll(ad.getSecurityRolesGivenPrincipal(runAsPrincipal));
-
+
return new RunAsIdentity(runAs.value(), runAsPrincipal, extraRoles);
}
More information about the jboss-cvs-commits
mailing list