[jboss-cvs] JBossAS SVN: r61914 - in trunk/ejb3/src/main/org/jboss: ejb3 and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Mar 30 16:55:27 EDT 2007 

Author: bdecoste
Date: 2007-03-30 16:55:27 -0400 (Fri, 30 Mar 2007)
New Revision: 61914

Added:
   trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java
Modified:
   trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java
   trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
   trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java
   trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
Log:
[JBCTS-555] we were deploying beans from app client jars, which was causing all sorts of problems. Also some minor changes for supporting run-as-principal 

Modified: trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java	2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/annotation/security/RunAsPrincipalImpl.java	2007-03-30 20:55:27 UTC (rev 61914)
@@ -46,4 +46,9 @@
    {
       return org.jboss.annotation.security.RunAsPrincipal.class;
    }
+   
+   public String toString()
+   {
+      return annotationType().getName() + " value=" + value;
+   }
 }

Modified: trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java	2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/BaseSessionContext.java	2007-03-30 20:55:27 UTC (rev 61914)
@@ -181,36 +181,14 @@
       Principal principal = null;
       
       RunAsIdentity runAsIdentity = SecurityActions.peekRunAsIdentity(1);
-      log.info("--- getCallerPrincipal peek " + runAsIdentity);
+    
+      principal = SecurityAssociation.getCallerPrincipal();
       
-      // Don't use RunAsIdentity to establish the principal when the RunAsIdentity came
-      // from the current bean. 
-      
-/*      if (runAsIdentity != null)
-      {
-         java.util.Set principals = runAsIdentity.getPrincipalsSet();
-         if (principals.size() > 0)
-         {
-            RunAsPrincipal annotation = (RunAsPrincipal)container.resolveAnnotation(RunAsPrincipal.class);
-            Principal tmp = (Principal)principals.iterator().next();
-            log.info("--- getCallerPrincipal annotation " + annotation + " " + tmp.getName());
-            if (annotation == null || !annotation.value().equals(tmp.getName()))
-               principal = tmp;
-            
-         }
-      }
-      log.info("--- getCallerPrincipal RunAsIdentity " + principal);
-      if (principal == null)*/
-         principal = SecurityAssociation.getCallerPrincipal();
-      log.info("--- getCallerPrincipal SecurityAssociation " + principal);
-      
       if (getRm() != null)
       {
          principal = getRm().getPrincipal(principal);
       }
       
-      log.info("--- getCallerPrincipal " + principal);
-
       // This method never returns null.
       if (principal == null)
          throw new java.lang.IllegalStateException("No valid security context for the caller identity");
@@ -264,17 +242,12 @@
       boolean doesUserHaveRole = false;
       if (runAsIdentity != null)
          doesUserHaveRole = runAsIdentity.doesUserHaveRole(set);
-      
-      log.info("--- isCallerInRole runAsIdentity " + runAsIdentity + " " + doesUserHaveRole);
-      
+       
       if (!doesUserHaveRole)
          doesUserHaveRole = getRm().doesUserHaveRole(principal, set);
       
       java.util.Set roles = getRm().getUserRoles(principal);
-      log.info("--- isCallerInRole roles " + roles + " " + SecurityActions.getActiveSubject());
-       
-      log.info("--- isCallerInRole " + roleName + " " + principal + " " + doesUserHaveRole);
-      
+    
       return doesUserHaveRole;
    }
 

Added: trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java	                        (rev 0)
+++ trunk/ejb3/src/main/org/jboss/ejb3/ClientDescriptorFileFilter.java	2007-03-30 20:55:27 UTC (rev 61914)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */ 
+package org.jboss.ejb3;
+
+import org.jboss.virtual.VirtualFileFilter;
+import org.jboss.virtual.VirtualFile;
+
+import java.io.IOException;
+
+/**
+ * @author <a href="mailto:bdecoste at jboss.com">William DeCoste</a>
+ */
+public class ClientDescriptorFileFilter implements VirtualFileFilter
+{
+   public boolean accepts(VirtualFile file)
+   {
+      try
+      {
+         if (file.isLeaf())
+         {
+            if (file.getName().equals("application-client.xml") || file.getName().equals("jboss-client.xml"))
+            {
+               VirtualFile parent = file.getParent();
+               if (parent != null && parent.getName().equals("META-INF"))
+                  return true;
+            }
+         }
+
+         return false;
+      }
+      catch (IOException e)
+      {
+         throw new RuntimeException(e);
+      }
+   }
+}

Modified: trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java	2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/Ejb3Deployment.java	2007-03-30 20:55:27 UTC (rev 61914)
@@ -382,6 +382,12 @@
    protected void deployUrl(Ejb3HandlerFactory factory)
            throws Exception
    {
+      // make sure we are not deploying ejbs from client jar
+      List<VirtualFile> clientDescriptors = unit.getResources(new org.jboss.ejb3.ClientDescriptorFileFilter());
+      
+      if (clientDescriptors.size() > 0)
+         return;
+      
       InitialContext ctx = initialContext;
       // need to look into every entry in the archive to see if anybody has tags
       // defined.
@@ -446,7 +452,7 @@
 
    protected void deployElement(Ejb3HandlerFactory factory, ClassFile cf, InitialContext ctx)
            throws Exception
-   {
+   {   
       Ejb3Handler handler = factory.createHandler(cf);
       handler.setCtxProperties(unit.getJndiProperties());
 

Modified: trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java	2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java	2007-03-30 20:55:27 UTC (rev 61914)
@@ -1818,8 +1818,6 @@
    {
       log.debug("adding class annotation " + annotationClass.getName() + " to "
             + ejbClass.getName() + " " + annotation);
-      log.debug("adding class annotation " + annotationClass.getName() + " to "
-            + ejbClass.getName() + " " + annotation);
       container.getAnnotations()
             .addClassAnnotation(annotationClass, annotation);
    }

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java	2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java	2007-03-30 20:55:27 UTC (rev 61914)
@@ -52,7 +52,6 @@
    protected RunAsIdentity getRunAsIdentity(Invocation invocation)
    {
       MethodInvocation mi = (MethodInvocation)invocation;
-      log.info("--- getRunAsIdentity " + runAsIdentity + " " + mi.getActualMethod());
       return runAsIdentity;
    }
 
@@ -65,12 +64,10 @@
          SecurityActions.pushRunAsIdentity(runAsIdentity);
          
          runAsIdentity = SecurityActions.peekRunAsIdentity(1);
-         log.info("--- invoke " + runAsIdentity);
          if (runAsIdentity != null)
          {
             previousSubject = SecurityActions.getActiveSubject();
             java.util.Set newPrincipals = runAsIdentity.getPrincipalsSet();
-            log.info("--- invoke " + previousSubject + " " + newPrincipals);
             Subject newSubject = new Subject(false, newPrincipals, new java.util.HashSet(), new java.util.HashSet());
             SecurityAssociation.setSubject(newSubject);
          }

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java	2007-03-30 20:16:33 UTC (rev 61913)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java	2007-03-30 20:55:27 UTC (rev 61914)
@@ -28,6 +28,7 @@
 import javax.naming.NamingException;
 
 import org.jboss.annotation.security.RunAsPrincipal;
+import org.jboss.annotation.security.SecurityDomain;
 import org.jboss.aop.Advisor;
 import org.jboss.aop.InstanceAdvisor;
 import org.jboss.aop.advice.AspectFactory;
@@ -57,16 +58,11 @@
       if (runAs == null)
          return null;
       
-      if (container.getXml() != null && container.getXml().getSecurityIdentity() != null)
-      {
-         if (container.getXml().getSecurityIdentity().isUseCallerIdentity()) return null;
-      }
-      
       RunAsPrincipal rap = (RunAsPrincipal) container.resolveAnnotation(RunAsPrincipal.class);
       String runAsPrincipal = null;
       if (rap != null) 
          runAsPrincipal = rap.value();
-
+      
       HashSet extraRoles = new HashSet();  
       AssemblyDescriptor ad = container.getAssemblyDescriptor();
       if(ad != null)
@@ -89,10 +85,10 @@
       try
       {
          InitialContext ctx = container.getInitialContext();
-         org.jboss.annotation.security.SecurityDomain anSecurityDomain = (org.jboss.annotation.security.SecurityDomain) advisor.resolveAnnotation(org.jboss.annotation.security.SecurityDomain.class);
-         if (anSecurityDomain != null)
+         SecurityDomain securityDomain = (SecurityDomain) advisor.resolveAnnotation(org.jboss.annotation.security.SecurityDomain.class);
+         if (securityDomain != null)
          {
-            String domainName = anSecurityDomain.value();
+            String domainName = securityDomain.value();
             domain = SecurityDomainManager.getSecurityManager(domainName, ctx);
          }
       }

More information about the jboss-cvs-commits mailing list