[jboss-cvs] JBossAS SVN: r61914 - in trunk/ejb3/src/main/org/jboss: ejb3 and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Mar 30 16:55:27 EDT 2007
Author: bdecoste
Date: 2007-03-30 16:55:27 -0400 (Fri, 30 Mar 2007)
New Revision: 61914
Added:
trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java
Modified:
trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java
trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java
trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
Log:
[JBCTS-555] we were deploying beans from app client jars, which was causing all sorts of problems. Also some minor changes for supporting run-as-principal
Modified: trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java 2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java 2007-03-30 20:55:27 UTC (rev 61914)
@@ -46,4 +46,9 @@
{
return org.jboss.annotation.security.RunAsPrincipal.class;
}
+
+ public String toString()
+ {
+ return annotationType().getName() + " value=" + value;
+ }
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java 2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java 2007-03-30 20:55:27 UTC (rev 61914)
@@ -181,36 +181,14 @@
Principal principal = null;
RunAsIdentity runAsIdentity = SecurityActions.peekRunAsIdentity(1);
- log.info("--- getCallerPrincipal peek " + runAsIdentity);
+
+ principal = SecurityAssociation.getCallerPrincipal();
- // Don't use RunAsIdentity to establish the principal when the RunAsIdentity came
- // from the current bean.
-
-/* if (runAsIdentity != null)
- {
- java.util.Set principals = runAsIdentity.getPrincipalsSet();
- if (principals.size() > 0)
- {
- RunAsPrincipal annotation = (RunAsPrincipal)container.resolveAnnotation(RunAsPrincipal.class);
- Principal tmp = (Principal)principals.iterator().next();
- log.info("--- getCallerPrincipal annotation " + annotation + " " + tmp.getName());
- if (annotation == null || !annotation.value().equals(tmp.getName()))
- principal = tmp;
-
- }
- }
- log.info("--- getCallerPrincipal RunAsIdentity " + principal);
- if (principal == null)*/
- principal = SecurityAssociation.getCallerPrincipal();
- log.info("--- getCallerPrincipal SecurityAssociation " + principal);
-
if (getRm() != null)
{
principal = getRm().getPrincipal(principal);
}
- log.info("--- getCallerPrincipal " + principal);
-
// This method never returns null.
if (principal == null)
throw new java.lang.IllegalStateException("No valid security context for the caller identity");
@@ -264,17 +242,12 @@
boolean doesUserHaveRole = false;
if (runAsIdentity != null)
doesUserHaveRole = runAsIdentity.doesUserHaveRole(set);
-
- log.info("--- isCallerInRole runAsIdentity " + runAsIdentity + " " + doesUserHaveRole);
-
+
if (!doesUserHaveRole)
doesUserHaveRole = getRm().doesUserHaveRole(principal, set);
java.util.Set roles = getRm().getUserRoles(principal);
- log.info("--- isCallerInRole roles " + roles + " " + SecurityActions.getActiveSubject());
-
- log.info("--- isCallerInRole " + roleName + " " + principal + " " + doesUserHaveRole);
-
+
return doesUserHaveRole;
}
Added: trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java (rev 0)
+++ trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java 2007-03-30 20:55:27 UTC (rev 61914)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3;
+
+import org.jboss.virtual.VirtualFileFilter;
+import org.jboss.virtual.VirtualFile;
+
+import java.io.IOException;
+
+/**
+ * @author <a href="mailto:bdecoste at jboss.com">William DeCoste</a>
+ */
+public class ClientDescriptorFileFilter implements VirtualFileFilter
+{
+ public boolean accepts(VirtualFile file)
+ {
+ try
+ {
+ if (file.isLeaf())
+ {
+ if (file.getName().equals("application-client.xml") || file.getName().equals("jboss-client.xml"))
+ {
+ VirtualFile parent = file.getParent();
+ if (parent != null && parent.getName().equals("META-INF"))
+ return true;
+ }
+ }
+
+ return false;
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java 2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java 2007-03-30 20:55:27 UTC (rev 61914)
@@ -382,6 +382,12 @@
protected void deployUrl(Ejb3HandlerFactory factory)
throws Exception
{
+ // make sure we are not deploying ejbs from client jar
+ List<VirtualFile> clientDescriptors = unit.getResources(new org.jboss.ejb3.ClientDescriptorFileFilter());
+
+ if (clientDescriptors.size() > 0)
+ return;
+
InitialContext ctx = initialContext;
// need to look into every entry in the archive to see if anybody has tags
// defined.
@@ -446,7 +452,7 @@
protected void deployElement(Ejb3HandlerFactory factory, ClassFile cf, InitialContext ctx)
throws Exception
- {
+ {
Ejb3Handler handler = factory.createHandler(cf);
handler.setCtxProperties(unit.getJndiProperties());
Modified: trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java 2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java 2007-03-30 20:55:27 UTC (rev 61914)
@@ -1818,8 +1818,6 @@
{
log.debug("adding class annotation " + annotationClass.getName() + " to "
+ ejbClass.getName() + " " + annotation);
- log.debug("adding class annotation " + annotationClass.getName() + " to "
- + ejbClass.getName() + " " + annotation);
container.getAnnotations()
.addClassAnnotation(annotationClass, annotation);
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java 2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java 2007-03-30 20:55:27 UTC (rev 61914)
@@ -52,7 +52,6 @@
protected RunAsIdentity getRunAsIdentity(Invocation invocation)
{
MethodInvocation mi = (MethodInvocation)invocation;
- log.info("--- getRunAsIdentity " + runAsIdentity + " " + mi.getActualMethod());
return runAsIdentity;
}
@@ -65,12 +64,10 @@
SecurityActions.pushRunAsIdentity(runAsIdentity);
runAsIdentity = SecurityActions.peekRunAsIdentity(1);
- log.info("--- invoke " + runAsIdentity);
if (runAsIdentity != null)
{
previousSubject = SecurityActions.getActiveSubject();
java.util.Set newPrincipals = runAsIdentity.getPrincipalsSet();
- log.info("--- invoke " + previousSubject + " " + newPrincipals);
Subject newSubject = new Subject(false, newPrincipals, new java.util.HashSet(), new java.util.HashSet());
SecurityAssociation.setSubject(newSubject);
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2007-03-30 20:55:27 UTC (rev 61914)
@@ -28,6 +28,7 @@
import javax.naming.NamingException;
import org.jboss.annotation.security.RunAsPrincipal;
+import org.jboss.annotation.security.SecurityDomain;
import org.jboss.aop.Advisor;
import org.jboss.aop.InstanceAdvisor;
import org.jboss.aop.advice.AspectFactory;
@@ -57,16 +58,11 @@
if (runAs == null)
return null;
- if (container.getXml() != null && container.getXml().getSecurityIdentity() != null)
- {
- if (container.getXml().getSecurityIdentity().isUseCallerIdentity()) return null;
- }
-
RunAsPrincipal rap = (RunAsPrincipal) container.resolveAnnotation(RunAsPrincipal.class);
String runAsPrincipal = null;
if (rap != null)
runAsPrincipal = rap.value();
-
+
HashSet extraRoles = new HashSet();
AssemblyDescriptor ad = container.getAssemblyDescriptor();
if(ad != null)
@@ -89,10 +85,10 @@
try
{
InitialContext ctx = container.getInitialContext();
- org.jboss.annotation.security.SecurityDomain anSecurityDomain = (org.jboss.annotation.security.SecurityDomain) advisor.resolveAnnotation(org.jboss.annotation.security.SecurityDomain.class);
- if (anSecurityDomain != null)
+ SecurityDomain securityDomain = (SecurityDomain) advisor.resolveAnnotation(org.jboss.annotation.security.SecurityDomain.class);
+ if (securityDomain != null)
{
- String domainName = anSecurityDomain.value();
+ String domainName = securityDomain.value();
domain = SecurityDomainManager.getSecurityManager(domainName, ctx);
}
}
More information about the jboss-cvs-commits
mailing list