[jboss-cvs] JBossAS SVN: r72313 - in projects/ejb3/trunk: core/src/main/java/org/jboss/ejb3 and 8 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Apr 16 16:12:25 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-16 16:12:25 -0400 (Wed, 16 Apr 2008)
New Revision: 72313
Added:
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/embedded/
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/embedded/plugins/
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/embedded/plugins/SecurityDomainContext.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityHelper.java
Modified:
projects/ejb3/trunk/core/.classpath
projects/ejb3/trunk/core/pom.xml
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/embedded/JaasSecurityManagerService.java
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/test/security/unit/EJBSpecUnitTestCase.java
projects/ejb3/trunk/security/pom.xml
Log:
EJBTHREE-1296: Intermediate step to get EJB3 core independent of JBossAS/security
Modified: projects/ejb3/trunk/core/.classpath
===================================================================
--- projects/ejb3/trunk/core/.classpath 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/.classpath 2008-04-16 20:12:25 UTC (rev 72313)
@@ -13,7 +13,6 @@
<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/asm/asm/1.5.3/asm-1.5.3.jar"/>
<classpathentry kind="var" path="M2_REPO/asm/asm-attrs/1.5.3/asm-attrs-1.5.3.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/authorization-spi/2.0.2.Beta5/authorization-spi-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/authorization-spi/2.0.2.Beta5/authorization-spi-2.0.2.Beta5-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/apache-avalon/avalon-framework/4.1.5/avalon-framework-4.1.5.jar"/>
<classpathentry kind="var" path="M2_REPO/bcel/bcel/5.1/bcel-5.1.jar" sourcepath="M2_REPO/bcel/bcel/5.1/bcel-5.1-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/bsh/bsh/1.3.0/bsh-1.3.0.jar"/>
@@ -31,8 +30,6 @@
<classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-commons-annotations/3.0.0.ga/hibernate-commons-annotations-3.0.0.ga.jar"/>
<classpathentry kind="var" path="M2_REPO/org/hibernate/hibernate-entitymanager/3.3.2.GA/hibernate-entitymanager-3.3.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.7/hsqldb-1.8.0.7.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-impl/2.0.2.Beta5/identity-impl-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/identity-impl/2.0.2.Beta5/identity-impl-2.0.2.Beta5-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/identity-spi/2.0.2.Beta5/identity-spi-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/identity-spi/2.0.2.Beta5/identity-spi-2.0.2.Beta5-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/security/jaas/1.0.01/jaas-1.0.01.jar"/>
<classpathentry kind="var" path="M2_REPO/javax/security/jacc/1.0/jacc-1.0.jar"/>
<classpathentry kind="var" path="M2_REPO/jacorb/jacorb/2.3.0jboss.patch5-brew/jacorb-2.3.0jboss.patch5-brew.jar"/>
@@ -57,7 +54,6 @@
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-mbeans/5.0.0-SNAPSHOT/jboss-as-mbeans-5.0.0-SNAPSHOT.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-naming/5.0.0-SNAPSHOT/jboss-as-naming-5.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/jbossas/jboss-as-naming/5.0.0-SNAPSHOT/jboss-as-naming-5.0.0-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-profileservice/5.0.0-SNAPSHOT/jboss-as-profileservice-5.0.0-SNAPSHOT.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-security/5.0.0-SNAPSHOT/jboss-as-security-5.0.0-SNAPSHOT.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-server/5.0.0-SNAPSHOT/jboss-as-server-5.0.0-SNAPSHOT.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-server/5.0.0-SNAPSHOT/jboss-as-server-5.0.0-SNAPSHOT-client.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossas/jboss-as-server-manager/0.1.0-SNAPSHOT/jboss-as-server-manager-0.1.0-SNAPSHOT.jar"/>
@@ -117,7 +113,6 @@
<classpathentry kind="var" path="M2_REPO/jboss/jbossws/jboss-saaj/3.0.1-native-2.0.4.GA/jboss-saaj-3.0.1-native-2.0.4.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/aspects/jboss-security-aspects/1.0.0-SNAPSHOT/jboss-security-aspects-1.0.0-SNAPSHOT.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2.Beta5/jboss-security-spi-bare-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2.Beta5/jboss-security-spi-bare-2.0.2.Beta5-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jboss-serialization/1.0.3.GA/jboss-serialization-1.0.3.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0-SNAPSHOT/jboss-servlet-api-2.5.0-SNAPSHOT.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/aop/jboss-standalone-aspect-library-jdk50/2.0.0.CR8/jboss-standalone-aspect-library-jdk50-2.0.0.CR8.jar"/>
@@ -128,7 +123,7 @@
<classpathentry kind="var" path="M2_REPO/org/jboss/jboss-transaction-spi/5.0.0.Beta4/jboss-transaction-spi-5.0.0.Beta4.jar" sourcepath="M2_REPO/org/jboss/jboss-transaction-spi/5.0.0.Beta4/jboss-transaction-spi-5.0.0.Beta4-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jboss-vfs/2.0.0.Beta8/jboss-vfs-2.0.0.Beta8.jar" sourcepath="M2_REPO/org/jboss/jboss-vfs/2.0.0.Beta8/jboss-vfs-2.0.0.Beta8-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/cache/jbosscache-core/2.1.0.CR4/jbosscache-core-2.1.0.CR4.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx-client/2.0.2.Beta5/jbosssx-client-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx-client/2.0.2.Beta5/jbosssx-client-2.0.2.Beta5-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta5/jbosssx-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta5/jbosssx-2.0.2.Beta5-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.0.2.GA/jbossws-spi-1.0.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8.jar" sourcepath="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/jgroups/jgroups/2.6.1/jgroups-2.6.1.jar"/>
Modified: projects/ejb3/trunk/core/pom.xml
===================================================================
--- projects/ejb3/trunk/core/pom.xml 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/pom.xml 2008-04-16 20:12:25 UTC (rev 72313)
@@ -423,12 +423,12 @@
</dependency>
<dependency>
<groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi-bare</artifactId>
+ <artifactId>jboss-security-spi</artifactId>
<version>2.0.2.Beta5</version>
</dependency>
<dependency>
<groupId>org.jboss.security</groupId>
- <artifactId>jbosssx-client</artifactId>
+ <artifactId>jbosssx</artifactId>
<version>2.0.2.Beta5</version>
</dependency>
<dependency>
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -43,6 +43,7 @@
import javax.transaction.UserTransaction;
import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.ejb3.security.helpers.AuthorizationHelper;
import org.jboss.ejb3.tx.TxUtil;
import org.jboss.ejb3.tx.UserTransactionImpl;
import org.jboss.logging.Logger;
@@ -52,8 +53,6 @@
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRoleRef;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
-import org.jboss.security.plugins.SecurityContextAssociation;
/**
* EJB3 Enterprise Context Implementation
@@ -169,7 +168,7 @@
RealmMapping rm = container.getSecurityManager(RealmMapping.class);
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ SecurityContext sc = SecurityActions.getSecurityContext();
if(sc == null)
{
SecurityDomain domain =(SecurityDomain)ec.resolveAnnotation(SecurityDomain.class);
@@ -180,7 +179,7 @@
}
else
{
- EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
+ AuthorizationHelper helper = new AuthorizationHelper(sc);
callerPrincipal = helper.getCallerPrincipal(rm);
}
@@ -220,7 +219,7 @@
public boolean isCallerInRole(String roleName)
{
EJBContainer ejbc = (EJBContainer)container;
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ SecurityContext sc = SecurityActions.getSecurityContext();
if(sc == null)
{
SecurityDomain domain =(SecurityDomain)ejbc.resolveAnnotation(SecurityDomain.class);
@@ -250,63 +249,14 @@
srset.add(new SecurityRoleRef(srmd.getRoleName(),srmd.getRoleLink(),null));
}
Principal principal = getCallerPrincipal();
- EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
+ AuthorizationHelper helper = new AuthorizationHelper(sc);
return helper.isCallerInRole(roleName,
ejbc.getEjbName(),
principal,
srset);
}
+
- /*public boolean isCallerInRole(String roleName)
- {
- // TODO revert to aspects.security.SecurityContext impl when JBoss AOP 1.1 is out.
- Principal principal = getCallerPrincipal();
-
- // Check the caller of this beans run-as identity
- // todo use priveleged stuff in ejb class
- RunAsIdentity runAsIdentity = SecurityActions.peekRunAsIdentity(1);
-
- if (principal == null && runAsIdentity == null)
- return false;
-
- if (getRm() == null)
- {
- String msg = "isCallerInRole() called with no security context. "
- + "Check that a security-domain has been set for the application.";
- throw new IllegalStateException(msg);
- }
-
- //Ensure that you go through the security role references that may be configured
- EJBContainer ejbc = (EJBContainer)container;
- if(ejbc.getXml() != null)
- {
- Collection<SecurityRoleRef> securityRoleRefs = ejbc.getXml().getSecurityRoleRefs();
- for(SecurityRoleRef roleRef: securityRoleRefs)
- {
- String refName = roleRef.getRoleName();
- if(roleName.equals(refName))
- roleName = roleRef.getRoleLink();
- }
- }
-
- HashSet set = new HashSet();
- set.add(new SimplePrincipal(roleName));
-
- // This is work in progress - currently, getRm().doesUserHaveRole(principal, set)
- // and getRm().getUserRoles(principal) ignores the principal parameter and is not
- // using the principal from the pushed RunAsIdentity
- boolean doesUserHaveRole = false;
- if (runAsIdentity != null)
- doesUserHaveRole = runAsIdentity.doesUserHaveRole(set);
-
- if (!doesUserHaveRole)
- doesUserHaveRole = getRm().doesUserHaveRole(principal, set);
-
- java.util.Set roles = getRm().getUserRoles(principal);
-
- return doesUserHaveRole;
- }*/
-
public TimerService getTimerService() throws IllegalStateException
{
return getContainer().getTimerService();
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/embedded/JaasSecurityManagerService.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/embedded/JaasSecurityManagerService.java 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/embedded/JaasSecurityManagerService.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -24,12 +24,12 @@
import org.jboss.ejb3.InitialContextFactory;
import org.jboss.ejb3.naming.BrainlessContext;
+import org.jboss.ejb3.security.embedded.plugins.SecurityDomainContext;
import org.jboss.logging.Logger;
import org.jboss.security.auth.callback.SecurityAssociationHandler;
import org.jboss.security.auth.login.XMLLoginConfigImpl;
import org.jboss.security.plugins.JBossAuthorizationManager;
-import org.jboss.security.plugins.JaasSecurityManager;
-import org.jboss.security.plugins.SecurityDomainContext;
+import org.jboss.security.plugins.auth.JaasSecurityManagerBase;
import javax.naming.*;
import javax.naming.spi.ObjectFactory;
@@ -44,11 +44,12 @@
public class JaasSecurityManagerService
{
@SuppressWarnings("unused")
- private static final Logger log = Logger.getLogger(JaasSecurityManager.class);
+ private static final Logger log = Logger.getLogger(JaasSecurityManagerBase.class);
private static final String SECURITY_MGR_PATH = "java:/jaas";
- private static Map<String, JaasSecurityManager> cache = new HashMap<String, JaasSecurityManager>();
+ private static Map<String, JaasSecurityManagerBase> cache =
+ new HashMap<String, JaasSecurityManagerBase>();
private Hashtable initialContextProperties;
@@ -82,9 +83,9 @@
ctx.rebind(SECURITY_MGR_PATH, ref);
}
- private static JaasSecurityManager getSecurityManager(String name)
+ private static JaasSecurityManagerBase getSecurityManager(String name)
{
- JaasSecurityManager manager = cache.get(name);
+ JaasSecurityManagerBase manager = cache.get(name);
if (manager != null)
{
//log.info("cache hit");
@@ -95,7 +96,7 @@
if (manager != null)
return manager;
- manager = new JaasSecurityManager(name, new SecurityAssociationHandler());
+ manager = new JaasSecurityManagerBase(name, new SecurityAssociationHandler());
cache.put(name, manager);
}
return manager;
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -32,15 +32,12 @@
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.ejb3.security.helpers.AuthenticationHelper;
import org.jboss.logging.Logger;
-import org.jboss.security.RunAs;
+import org.jboss.security.ISecurityManagement;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityUtil;
-import org.jboss.security.integration.JNDIBasedSecurityManagement;
-import org.jboss.security.integration.ejb.EJBAuthenticationHelper;
-//$Id$
-
/**
* Authentication Interceptor
* @author <a href="mailto:bill at jboss.org">Bill Burke</a>
@@ -116,10 +113,10 @@
SecurityActions.setSecurityContext(sc);
//TODO: Need to get the SecurityManagement instance
- sc.setSecurityManagement(new JNDIBasedSecurityManagement());
+ sc.setSecurityManagement(getSecurityManagement());
//Check if there is a RunAs configured and can be trusted
- EJBAuthenticationHelper helper = new EJBAuthenticationHelper(sc);
+ AuthenticationHelper helper = new AuthenticationHelper(sc);
boolean trustedCaller = helper.isTrusted();
if(!trustedCaller)
{
@@ -166,4 +163,14 @@
SecurityActions.setSubjectInfo(to, from.getSubjectInfo());
SecurityActions.setIncomingRunAs(to, from.getOutgoingRunAs());
}
+
+ /**
+ * TODO: This needs to be injectable
+ * @return
+ * @throws Exception
+ */
+ private ISecurityManagement getSecurityManagement() throws Exception
+ {
+ Class<?> clazz = SecurityActions.loadClass("org.jboss.security.integration.JNDIBasedSecurityManagement");
+ return (ISecurityManagement) clazz.newInstance(); }
}
\ No newline at end of file
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -40,6 +40,7 @@
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.ejb3.security.helpers.AuthorizationHelper;
import org.jboss.logging.Logger;
import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
import org.jboss.remoting.InvokerLocator;
@@ -48,8 +49,7 @@
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
+import org.jboss.security.SimplePrincipal;
/**
* The RoleBasedAuthorizationInterceptor checks that the caller principal is
@@ -137,7 +137,7 @@
try
{
- SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
+ SecurityDomain domain = (SecurityDomain)container.getAnnotation(SecurityDomain.class);
boolean domainExists = domain != null && domain.value() != null
&& domain.value().length() > 0;
@@ -175,7 +175,7 @@
RunAs callerRunAs = SecurityActions.peekRunAs();
- EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
+ AuthorizationHelper helper = new AuthorizationHelper(sc);
boolean isAuthorized = helper.authorize(ejbName,
mi.getMethod(),
sc.getUtil().getUserPrincipal(),
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -392,4 +392,16 @@
}
});
}
+
+ static Class<?> loadClass(final String fqn) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ return tcl.loadClass(fqn);
+ }
+ });
+ }
}
Modified: projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/test/security/unit/EJBSpecUnitTestCase.java
===================================================================
--- projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/test/security/unit/EJBSpecUnitTestCase.java 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/test/security/unit/EJBSpecUnitTestCase.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -48,8 +48,7 @@
import org.jboss.ejb3.test.security.StatelessSession;
import org.jboss.logging.Logger;
import org.jboss.security.SimplePrincipal;
-import org.jboss.security.auth.login.XMLLoginConfigImpl;
-import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
+import org.jboss.security.auth.login.XMLLoginConfigImpl;
import org.jboss.test.JBossTestCase;
@@ -88,6 +87,8 @@
public void testSecurityDomain() throws Exception
{
log.info("+++ testSecurityDomain, domain=spec-test");
+ fail("THINK ABOUT THE AS DEPENDENCIES");
+ /**
MBeanServerConnection conn = (MBeanServerConnection) getServer();
ObjectName secMgrName = new ObjectName("jboss.security:service=JaasSecurityManager");
JaasSecurityManagerServiceMBean secMgr = (JaasSecurityManagerServiceMBean)
@@ -133,6 +134,7 @@
isValid = secMgr.isValid(domain, user, "badpass".toCharArray());
assertTrue("badpass is an invalid password for scott", isValid == false);
+ */
}
/** Test that:
Modified: projects/ejb3/trunk/security/pom.xml
===================================================================
--- projects/ejb3/trunk/security/pom.xml 2008-04-16 18:34:38 UTC (rev 72312)
+++ projects/ejb3/trunk/security/pom.xml 2008-04-16 20:12:25 UTC (rev 72313)
@@ -51,6 +51,13 @@
<artifactId>jboss-jacc-api</artifactId>
</dependency>
+ <!-- JASPI API -->
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jaspi-api</artifactId>
+ <version>1.0.0.Beta3Update1</version>
+ </dependency>
+
<dependency>
<groupId>org.jboss.ejb3</groupId>
<artifactId>jboss-ejb3-ext-api</artifactId>
Added: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/embedded/plugins/SecurityDomainContext.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/embedded/plugins/SecurityDomainContext.java (rev 0)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/embedded/plugins/SecurityDomainContext.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -0,0 +1,180 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ejb3.security.embedded.plugins;
+
+import javax.naming.InvalidNameException;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
+import org.jboss.util.CachePolicy;
+
+/** An encapsulation of the JNDI security context infomation
+ *
+ * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at jboss.org
+ * @version
+ */
+public class SecurityDomainContext
+{
+ static final String ACTIVE_SUBJECT = "subject";
+ static final String AUTHENTICATION_MGR = "authenticationMgr";
+ static final String SECURITY_MGR = "securityMgr";
+ static final String REALM_MAPPING = "realmMapping";
+ static final String AUTHORIZATION_MGR = "authorizationMgr";
+ static final String AUDIT_MGR = "auditMgr";
+ static final String MAPPING_MGR = "mappingMgr";
+ static final String IDENTITY_TRUST_MGR = "identityTrustMgr";
+ static final String AUTH_CACHE = "authenticationCache";
+ static final String DOMAIN_CONTEXT = "domainContext";
+
+ AuthenticationManager securityMgr;
+ AuthorizationManager authorizationMgr;
+ CachePolicy authenticationCache;
+ AuditManager auditMgr;
+ MappingManager mappingMgr;
+ IdentityTrustManager identityTrustMgr;
+
+ /** Creates new SecurityDomainContextHandler */
+ public SecurityDomainContext(AuthenticationManager securityMgr,
+ CachePolicy authenticationCache)
+ {
+ this.securityMgr = securityMgr;
+ this.authenticationCache = authenticationCache;
+ }
+
+ public Object lookup(String name) throws NamingException
+ {
+ Object binding = null;
+ if( name == null || name.length() == 0 )
+ throw new InvalidNameException("name cannot be null or empty");
+
+ if( name.equals(ACTIVE_SUBJECT) )
+ binding = getSubject();
+ else if( name.equals(AUTHENTICATION_MGR) || name.equals(SECURITY_MGR))
+ binding = securityMgr;
+ else if( name.equals(REALM_MAPPING) )
+ binding = getRealmMapping();
+ else if( name.equals(AUTHORIZATION_MGR) )
+ binding = getAuthorizationManager();
+ else if( name.equals(AUDIT_MGR) )
+ binding = this.getAuditMgr();
+ else if( name.equals(MAPPING_MGR) )
+ binding = this.getMappingMgr();
+ else if( name.equals(IDENTITY_TRUST_MGR) )
+ binding = this.getIdentityTrustMgr();
+ else if( name.equals(AUTH_CACHE) )
+ binding = authenticationCache;
+ else if( name.equals(DOMAIN_CONTEXT) )
+ binding = this;
+
+ return binding;
+ }
+ public Subject getSubject()
+ {
+ Subject subject = null;
+ if( securityMgr instanceof SubjectSecurityManager )
+ {
+ subject = ((SubjectSecurityManager)securityMgr).getActiveSubject();
+ }
+ return subject;
+ }
+ public AuthenticationManager getSecurityManager()
+ {
+ return securityMgr;
+ }
+ public RealmMapping getRealmMapping()
+ {
+ RealmMapping realmMapping = null;
+ if(authorizationMgr != null && authorizationMgr instanceof RealmMapping)
+ {
+ realmMapping = (RealmMapping)authorizationMgr;
+ }
+ else
+ if( securityMgr instanceof RealmMapping )
+ {
+ realmMapping = (RealmMapping)securityMgr;
+ }
+ return realmMapping;
+ }
+
+ public void setAuthenticationManager(AuthenticationManager aum)
+ {
+ this.securityMgr = aum;
+ }
+
+ public void setAuthorizationManager(AuthorizationManager am)
+ {
+ this.authorizationMgr = am;
+ }
+
+ public AuthorizationManager getAuthorizationManager()
+ {
+ return authorizationMgr;
+ }
+
+ public void setAuthenticationCache(CachePolicy cp)
+ {
+ this.authenticationCache = cp;
+ }
+
+ public CachePolicy getAuthenticationCache()
+ {
+ return authenticationCache;
+ }
+
+ public AuditManager getAuditMgr()
+ {
+ return auditMgr;
+ }
+
+ public void setAuditMgr(AuditManager auditMgr)
+ {
+ this.auditMgr = auditMgr;
+ }
+
+ public MappingManager getMappingMgr()
+ {
+ return mappingMgr;
+ }
+
+ public void setMappingMgr(MappingManager mappingMgr)
+ {
+ this.mappingMgr = mappingMgr;
+ }
+
+ public IdentityTrustManager getIdentityTrustMgr()
+ {
+ return identityTrustMgr;
+ }
+
+ public void setIdentityTrustMgr(IdentityTrustManager identityTrustMgr)
+ {
+ this.identityTrustMgr = identityTrustMgr;
+ }
+}
\ No newline at end of file
Added: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java (rev 0)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -0,0 +1,100 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.security.helpers;
+
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.identitytrust.IdentityTrustException;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+/**
+ * Authentication Helper
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 16, 2008
+ * @version $Revision$
+ */
+public class AuthenticationHelper extends SecurityHelper
+{
+ public AuthenticationHelper(SecurityContext sc)
+ {
+ super(sc);
+ }
+
+ public boolean isTrusted() throws IdentityTrustException
+ {
+ TrustDecision td = TrustDecision.NotApplicable;
+ IdentityTrustManager itm = securityContext.getIdentityTrustManager();
+ if(itm != null)
+ {
+ td = itm.isTrusted(securityContext);
+ if(td == TrustDecision.Deny)
+ throw new IdentityTrustException("Caller denied by identity trust framework");
+ }
+ return td == TrustDecision.Permit;
+ }
+
+ /**
+ * Authenticate the caller
+ * @param p
+ * @param cred
+ * @return
+ */
+ public boolean isValid(Subject subject, String methodName)
+ {
+ Principal p = securityContext.getUtil().getUserPrincipal();
+ Object cred = securityContext.getUtil().getCredential();
+
+ Map<String,Object> cMap = getContextMap(p, methodName);
+
+ boolean auth = securityContext.getAuthenticationManager().isValid(p, cred, subject);
+ if(auth == false)
+ {
+ // Check for the security association exception
+ Exception ex = SecurityActions.getContextException();
+ audit(AuditLevel.ERROR, cMap ,ex);
+ if(ex == null)
+ {
+ audit(AuditLevel.FAILURE,cMap,null);
+ }
+ }
+ else
+ {
+ audit(AuditLevel.SUCCESS,cMap,null);
+ }
+ return auth;
+ }
+
+ /**
+ * Push the authenticated subject onto the security context
+ * IMPORTANT - this needs to be done after the isValid call
+ */
+ public void pushSubjectContext(Subject subject)
+ {
+ securityContext.getSubjectInfo().setAuthenticatedSubject(subject);
+ }
+}
\ No newline at end of file
Added: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java (rev 0)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -0,0 +1,196 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.security.helpers;
+
+import java.lang.reflect.Method;
+import java.security.CodeSource;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.RunAs;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRoleRef;
+import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.callbacks.SecurityContextCallbackHandler;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+
+/**
+ * Authorization Helper
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 16, 2008
+ * @version $Revision$
+ */
+public class AuthorizationHelper extends SecurityHelper
+{
+ public AuthorizationHelper(SecurityContext sc)
+ {
+ super(sc);
+ }
+
+ /**
+ * Authorize an EJB Invocation
+ * @param ejbName Name of the EJB
+ * @param ejbMethod EJB Method
+ * @param ejbPrincipal Calling Principal
+ * @param invocationInterfaceString Invocation String("remote", "local")
+ * @param ejbCS EJB CodeSource
+ * @param callerSubject Authenticated Caller Subject
+ * @param callerRunAs Configured RunAs for the caller
+ * @param methodRoles a set of Principal objects authorized for the method
+ * @return true - if caller is authorized
+ */
+ public boolean authorize(String ejbName,
+ Method ejbMethod,
+ Principal ejbPrincipal,
+ String invocationInterfaceString,
+ CodeSource ejbCS,
+ Subject callerSubject,
+ RunAs callerRunAs,
+ Set<Principal> methodRoles )
+ {
+ AuthorizationManager am = securityContext.getAuthorizationManager();
+
+ HashMap<String,Object> map = new HashMap<String,Object>();
+ map.put(ResourceKeys.POLICY_REGISTRATION, am);
+
+ String contextID = PolicyContext.getContextID();
+ if(contextID == null)
+ throw new IllegalStateException("ContextID is null");
+
+ EJBResource ejbResource = new EJBResource(map);
+ ejbResource.setPolicyContextID(contextID);
+ ejbResource.setCallerRunAsIdentity(callerRunAs);
+ ejbResource.setEjbName(ejbName);
+ ejbResource.setEjbMethod(ejbMethod);
+ ejbResource.setPrincipal(ejbPrincipal);
+ ejbResource.setEjbMethodInterface(invocationInterfaceString);
+ ejbResource.setCodeSource(ejbCS);
+ ejbResource.setCallerRunAsIdentity(callerRunAs);
+ ejbResource.setCallerSubject(callerSubject);
+ //ejbResource.setMethodRoles(methodRoles);
+ ejbResource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
+
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);
+
+ boolean isAuthorized = false;
+ try
+ {
+ int check = am.authorize(ejbResource, callerSubject, callerRoles);
+ isAuthorized = (check == AuthorizationContext.PERMIT);
+ authorizationAudit((isAuthorized ? AuditLevel.SUCCESS : AuditLevel.FAILURE)
+ ,ejbResource, null);
+ }
+ catch (Exception e)
+ {
+ isAuthorized = false;
+ if(log.isTraceEnabled())
+ log.trace("Error in authorization:",e);
+ authorizationAudit(AuditLevel.ERROR,ejbResource,e);
+ }
+
+ return isAuthorized;
+ }
+
+ public Principal getCallerPrincipal(RealmMapping rm)
+ {
+ /* Get the run-as user or authenticated user. The run-as user is
+ returned before any authenticated user.
+ */
+ Principal caller = SecurityActions.getCallerPrincipal(securityContext);
+
+ /* Apply any domain caller mapping. This should really only be
+ done for non-run-as callers.
+ */
+ if (rm != null)
+ caller = rm.getPrincipal(caller);
+ return caller;
+ }
+
+ public boolean isCallerInRole(String roleName,String ejbName, Principal ejbPrincipal,
+ Set<SecurityRoleRef> securityRoleRefs )
+ {
+ boolean isAuthorized = false;
+ AuthorizationManager am = securityContext.getAuthorizationManager();
+
+ if(am == null)
+ throw new IllegalStateException("AuthorizationManager is null");
+
+ HashMap<String,Object> map = new HashMap<String,Object>();
+
+ map.put(ResourceKeys.POLICY_REGISTRATION,am);
+ map.put(ResourceKeys.ROLENAME, roleName);
+ map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
+
+
+ EJBResource ejbResource = new EJBResource(map);
+ ejbResource.setPolicyContextID(PolicyContext.getContextID());
+
+ RunAs callerRunAs = securityContext.getIncomingRunAs();
+
+ ejbResource.setEjbName(ejbName);
+ ejbResource.setPrincipal(ejbPrincipal);
+ ejbResource.setCallerRunAsIdentity(callerRunAs);
+ ejbResource.setSecurityRoleReferences(securityRoleRefs);
+
+ //Get the authenticated subject
+ Subject subject = null;
+ try
+ {
+ subject = SecurityActions.getActiveSubject();
+ }
+ catch( Exception e)
+ {
+ log.trace("Exception in getting subject:",e);
+ subject = securityContext.getUtil().getSubject();
+ }
+
+ ejbResource.setCallerSubject(subject);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = am.getSubjectRoles(subject, sch);
+
+ try
+ {
+ int check = am.authorize(ejbResource, subject, callerRoles);
+ isAuthorized = (check == AuthorizationContext.PERMIT);
+ }
+ catch (Exception e)
+ {
+ isAuthorized = false;
+ if(log.isTraceEnabled())
+ log.trace(roleName + "::isCallerInRole check failed:"+e.getLocalizedMessage());
+ authorizationAudit(AuditLevel.ERROR,ejbResource,e);
+ }
+ return isAuthorized;
+ }
+
+}
\ No newline at end of file
Added: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java (rev 0)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -0,0 +1,104 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.security.helpers;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since May 19, 2007
+ * @version $Revision$
+ */
+class SecurityActions
+{
+
+ static Principal getCallerPrincipal(final SecurityContext securityContext)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Principal>()
+ {
+
+ public Principal run()
+ {
+ Principal caller = null;
+
+ if(securityContext != null)
+ {
+ caller = securityContext.getIncomingRunAs();
+ //If there is no caller run as, use the call principal
+ if(caller == null)
+ caller = securityContext.getUtil().getUserPrincipal();
+ }
+ return caller;
+ }
+ });
+ }
+
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
+
+ static Exception getContextException()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Exception>()
+ {
+ static final String EX_KEY = "org.jboss.security.exception";
+ public Exception run()
+ {
+ SecurityContext sc = getSecurityContext();
+ return (Exception) sc.getData().get(EX_KEY);
+ }
+ });
+ }
+
+ static Subject getActiveSubject() throws PolicyContextException, PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Subject>()
+ {
+ public Subject run() throws Exception
+ {
+ return (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY);
+ }
+ });
+ }
+}
\ No newline at end of file
Added: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityHelper.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityHelper.java (rev 0)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityHelper.java 2008-04-16 20:12:25 UTC (rev 72313)
@@ -0,0 +1,91 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.security.helpers;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.audit.AuditEvent;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.authorization.Resource;
+
+/**
+ * Base Class for helpers
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 16, 2008
+ * @version $Revision$
+ */
+public class SecurityHelper
+{
+ protected static Logger log = null;
+
+ protected SecurityContext securityContext = null;
+
+ public SecurityHelper(SecurityContext sc)
+ {
+ log = Logger.getLogger(getClass());
+ if(sc == null)
+ sc = SecurityActions.getSecurityContext();
+ this.securityContext = sc;
+ }
+
+
+ //******************************************************
+ // Audit Methods
+ //******************************************************
+ protected void authorizationAudit(String level, Resource resource, Exception e)
+ {
+ if(securityContext.getAuditManager() == null)
+ return;
+ //Authorization Exception stacktrace is huge. Scale it down
+ //as the original stack trace can be seen in server.log (if needed)
+ String exceptionMessage = e != null ? e.getLocalizedMessage() : "";
+ Map<String,Object> cmap = new HashMap<String,Object>();
+ cmap.putAll(resource.getMap());
+ cmap.put("Resource:", resource.toString());
+ cmap.put("Exception:", exceptionMessage);
+ audit(level,cmap,null);
+ }
+
+ protected void audit(String level,
+ Map<String,Object> contextMap, Exception e)
+ {
+ AuditManager am = securityContext.getAuditManager();
+ if(am == null)
+ return;
+ contextMap.put("Source", getClass().getName());
+ AuditEvent ae = new AuditEvent(level,contextMap,e);
+ am.audit(ae);
+ }
+
+ protected Map<String,Object> getContextMap(Principal principal, String methodName)
+ {
+ Map<String,Object> cmap = new HashMap<String,Object>();
+ cmap.put("principal", principal);
+ cmap.put("method", methodName);
+ return cmap;
+ }
+
+}
More information about the jboss-cvs-commits
mailing list