[jboss-cvs] JBossAS SVN: r80401 - in trunk: security/src/etc/deploy and 18 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Nov 3 15:13:06 EST 2008
Author: sguilhen at redhat.com
Date: 2008-11-03 15:13:06 -0500 (Mon, 03 Nov 2008)
New Revision: 80401
Added:
trunk/testsuite/src/main/org/jboss/test/security/ejb/ACLSessionImpl.java
trunk/testsuite/src/main/org/jboss/test/security/interfaces/ACLSession.java
trunk/testsuite/src/main/org/jboss/test/security/resources/
trunk/testsuite/src/main/org/jboss/test/security/resources/TestResource.java
trunk/testsuite/src/main/org/jboss/test/security/test/authorization/ACLIntegrationUnitTestCase.java
trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTestCase.java
trunk/testsuite/src/main/org/jboss/test/web/servlets/ACLServlet.java
trunk/testsuite/src/resources/security/authorization/acl-ejb/
trunk/testsuite/src/resources/security/authorization/acl-ejb/META-INF/
trunk/testsuite/src/resources/security/authorization/acl-ejb/META-INF/jboss-acl-policy.xml
trunk/testsuite/src/resources/security/authorization/aclpolicy-jboss-beans.xml
trunk/testsuite/src/resources/web/acl/
trunk/testsuite/src/resources/web/acl/WEB-INF/
trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-acl-policy.xml
trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-web.xml
trunk/testsuite/src/resources/web/acl/WEB-INF/web.xml
Removed:
trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTest.java
Modified:
trunk/component-matrix/pom.xml
trunk/security/src/etc/deploy/security-jboss-beans.xml
trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml
trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java
trunk/server/src/main/org/jboss/ejb/EjbModule.java
trunk/testsuite/build.xml
trunk/testsuite/imports/sections/security.xml
trunk/testsuite/imports/sections/web.xml
trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java
trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java
trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java
Log:
JBAS-4370: Moved XACML and ACL policies registration code from TomcatDeployment and EjbModule to AbstractSecurityDeployer.
- Concrete security deployers now inject PolicyRegistration.
- ACL Integration tests have also been added to the testsuite to verify that AbstractSecurityDeployer is correctly installing/removing ACL policies.
Modified: trunk/component-matrix/pom.xml
===================================================================
--- trunk/component-matrix/pom.xml 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/component-matrix/pom.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -70,7 +70,7 @@
<version.org.jboss.metadata>1.0.0.CR5</version.org.jboss.metadata>
<version.org.jboss.naming>5.0.0.CR3</version.org.jboss.naming>
<version.org.jboss.remoting>2.5.0.SP1</version.org.jboss.remoting>
- <version.org.jboss.security>2.0.2.CR9</version.org.jboss.security>
+ <version.org.jboss.security>2.0.2.CR12</version.org.jboss.security>
<version.oswego-concurrent.concurrent>1.3.4-jboss-update1</version.oswego-concurrent.concurrent>
<version.suffix.org.jboss.javaee>.GA</version.suffix.org.jboss.javaee>
<version.org.springframework>2.5.5</version.org.springframework>
Modified: trunk/security/src/etc/deploy/security-jboss-beans.xml
===================================================================
--- trunk/security/src/etc/deploy/security-jboss-beans.xml 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/security/src/etc/deploy/security-jboss-beans.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -26,10 +26,6 @@
<bean name="JNDIBasedSecurityManagement"
class="org.jboss.security.integration.JNDIBasedSecurityManagement"/>
- <!-- Instance of Policy Registration -->
- <bean name="JBossSecurityPolicyRegistration"
- class="org.jboss.security.plugins.JBossPolicyRegistration" />
-
<!-- Instance of JBoss Security Subject Factory -->
<bean name="JBossSecuritySubjectFactory"
class="org.jboss.security.integration.JBossSecuritySubjectFactory">
Modified: trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -5,9 +5,17 @@
-->
<deployment xmlns="urn:jboss:bean-deployer:2.0">
+ <!-- Instance of Policy Registration -->
+ <bean name="JBossSecurityPolicyRegistration"
+ class="org.jboss.security.plugins.JBossPolicyRegistration" />
+
<bean name="EARSecurityDeployer" class="org.jboss.deployment.EarSecurityDeployer"/>
- <bean name="EJBSecurityDeployer" class="org.jboss.ejb.deployers.EjbSecurityDeployer"/>
- <bean name="WARSecurityDeployer" class="org.jboss.web.deployers.WarSecurityDeployer"/>
+ <bean name="EJBSecurityDeployer" class="org.jboss.ejb.deployers.EjbSecurityDeployer">
+ <property name="policyRegistration"><inject bean="JBossSecurityPolicyRegistration"/></property>
+ </bean>
+ <bean name="WARSecurityDeployer" class="org.jboss.web.deployers.WarSecurityDeployer">
+ <property name="policyRegistration"><inject bean="JBossSecurityPolicyRegistration"/></property>
+ </bean>
<bean name="SecurityParser" class="org.jboss.deployers.vfs.spi.deployer.SchemaResolverDeployer">
<constructor>
Modified: trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -1,24 +1,24 @@
/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.deployment.security;
import java.util.ArrayList;
@@ -29,176 +29,231 @@
import org.jboss.deployers.spi.deployer.DeploymentStages;
import org.jboss.deployers.spi.deployer.helpers.AbstractDeployer;
import org.jboss.deployers.structure.spi.DeploymentUnit;
+import org.jboss.deployers.vfs.spi.structure.VFSDeploymentUnit;
import org.jboss.metadata.javaee.support.IdMetaData;
+import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.system.metadata.ServiceAttributeMetaData;
import org.jboss.system.metadata.ServiceConstructorMetaData;
import org.jboss.system.metadata.ServiceDependencyMetaData;
import org.jboss.system.metadata.ServiceDependencyValueMetaData;
import org.jboss.system.metadata.ServiceMetaData;
+import org.jboss.virtual.VirtualFile;
-
/**
- * Abstract Security Deployer
- * Sets up the top level JaccPolicy service beans
- * @author Anil.Saldhana at redhat.com
- * @since Feb 18, 2008
- * @version $Revision$
+ * Abstract Security Deployer Sets up the top level JaccPolicy service beans
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
*/
-public abstract class AbstractSecurityDeployer<T extends IdMetaData>
-extends AbstractDeployer
+public abstract class AbstractSecurityDeployer<T extends IdMetaData> extends AbstractDeployer
{
- static final String JACC_ATTACHMENT_NAME = "jboss.jacc";
- static final String BASE_OBJECT_NAME = "jboss.jacc:service=jacc,id=";
-
+ private static final String JACC_ATTACHMENT_NAME = "jboss.jacc";
+
+ private static final String BASE_OBJECT_NAME = "jboss.jacc:service=jacc,id=";
+
+ private static final String XACML_POLICY_FILE_NAME = "jboss-xacml-policy.xml";
+
+ private static final String ACL_POLICY_FILE_NAME = "jboss-acl-policy.xml";
+
+ private PolicyRegistration policyRegistration;
+
+ /**
+ *
+ * @return
+ */
+ public PolicyRegistration getPolicyRegistration()
+ {
+ return this.policyRegistration;
+ }
+
+ /**
+ *
+ * @param policyRegistration
+ */
+ public void setPolicyRegistration(PolicyRegistration policyRegistration)
+ {
+ this.policyRegistration = policyRegistration;
+ }
+
public AbstractSecurityDeployer()
{
- setStage(DeploymentStages.POST_CLASSLOADER);
+ setStage(DeploymentStages.POST_CLASSLOADER);
setInput(getMetaDataClassType());
setOutput(ServiceMetaData.class);
- addOutput(JACC_ATTACHMENT_NAME);
- }
-
+ addOutput(JACC_ATTACHMENT_NAME);
+ }
+
public void deploy(DeploymentUnit unit) throws DeploymentException
{
T metaData = unit.getAttachment(getMetaDataClassType());
-
- if(metaData == null)
+
+ if (metaData == null)
return;
String contextId = unit.getSimpleName();
- //Is the war the top level deployment?
- //DeploymentUnit topUnit = unit.getTopLevel();
- if(unit.getParent() == null || getParentJaccPolicyBean(unit) == null)
+ // Is the war the top level deployment?
+ // DeploymentUnit topUnit = unit.getTopLevel();
+ if (unit.getParent() == null || getParentJaccPolicyBean(unit) == null)
{
createTopLevelServiceBeanWithMetaData(contextId, unit, metaData);
- }
+ }
else
- {
- ServiceMetaData subjaccPolicy = getServiceMetaData();
+ {
+ ServiceMetaData subjaccPolicy = getServiceMetaData();
String deploymentName = unit.getSimpleName();
-
+
try
{
subjaccPolicy.setObjectName(new ObjectName(getObjectName(unit)));
}
catch (Exception e)
- {
+ {
throw new RuntimeException(e);
}
- //Provide a constructor for the service bean
+ // Provide a constructor for the service bean
ServiceConstructorMetaData serviceConstructor = new ServiceConstructorMetaData();
- serviceConstructor.setSignature(new String[] { String.class.getName(),
- getMetaDataClassType().getName()});
- serviceConstructor.setParameters(new Object[] {deploymentName, metaData});
+ serviceConstructor.setSignature(new String[]{String.class.getName(), getMetaDataClassType().getName()});
+ serviceConstructor.setParameters(new Object[]{deploymentName, metaData});
subjaccPolicy.setConstructor(serviceConstructor);
ArrayList<ServiceMetaData> services = new ArrayList<ServiceMetaData>();
- services.add(subjaccPolicy);
- unit.addAttachment(JACC_ATTACHMENT_NAME, subjaccPolicy, ServiceMetaData.class );
+ services.add(subjaccPolicy);
+ unit.addAttachment(JACC_ATTACHMENT_NAME, subjaccPolicy, ServiceMetaData.class);
- //Add a dependence into the parent JaccPolicy
+ // Add a dependence into the parent JaccPolicy
ServiceMetaData parentServiceMetaData = this.getParentJaccPolicyBean(unit);
- if(parentServiceMetaData != null)
+ if (parentServiceMetaData != null)
{
ServiceDependencyMetaData serviceDependencyMetaData = new ServiceDependencyMetaData();
serviceDependencyMetaData.setIDependOnObjectName(subjaccPolicy.getObjectName());
- parentServiceMetaData.addDependency(serviceDependencyMetaData);
-
- //Add an attribute in the parent service
+ parentServiceMetaData.addDependency(serviceDependencyMetaData);
+
+ // Add an attribute in the parent service
ServiceAttributeMetaData serviceAttributeMetaData = new ServiceAttributeMetaData();
serviceAttributeMetaData.setName("PolicyConfigurationFacadeMBean");
ServiceDependencyValueMetaData dependencyValue = new ServiceDependencyValueMetaData();
dependencyValue.setDependency(subjaccPolicy.getObjectName().toString());
dependencyValue.setProxyType("attribute");
serviceAttributeMetaData.setValue(dependencyValue);
- parentServiceMetaData.addAttribute(serviceAttributeMetaData);
- }
- }
+ parentServiceMetaData.addAttribute(serviceAttributeMetaData);
+ }
+ }
+
+ // if policy registration has been set, check the deployments for XACML and ACL configuration files.
+ if (this.policyRegistration != null)
+ {
+ VFSDeploymentUnit deploymentUnit = (VFSDeploymentUnit) unit;
+ try
+ {
+ VirtualFile xacmlFile = deploymentUnit.getMetaDataFile(XACML_POLICY_FILE_NAME);
+ if (xacmlFile != null)
+ {
+ this.policyRegistration.registerPolicy(contextId, PolicyRegistration.XACML, xacmlFile.toURL());
+ }
+ VirtualFile aclPolicyFile = deploymentUnit.getMetaDataFile(ACL_POLICY_FILE_NAME);
+ if (aclPolicyFile != null)
+ {
+ this.policyRegistration.registerPolicy(contextId, PolicyRegistration.ACL, aclPolicyFile.toURL());
+ }
+ }
+ catch (Exception e)
+ {
+ super.log.debug("Fail to process security configuration file", e);
+ }
+ }
}
+
@Override
public void undeploy(DeploymentUnit unit)
{
unit.removeAttachment(JACC_ATTACHMENT_NAME);
- }
+ // unregister any XACML or ACL policies associated with the deployment unit.
+ String contextId = unit.getSimpleName();
+ if (this.policyRegistration != null)
+ {
+ this.policyRegistration.deRegisterPolicy(contextId, PolicyRegistration.XACML);
+ this.policyRegistration.deRegisterPolicy(contextId, PolicyRegistration.ACL);
+ }
+ }
- private void createTopLevelServiceBeanWithMetaData(String contextId,
- DeploymentUnit unit, T deployment)
- {
- //Provide a constructor for the service bean
+ private void createTopLevelServiceBeanWithMetaData(String contextId, DeploymentUnit unit, T deployment)
+ {
+ // Provide a constructor for the service bean
ServiceConstructorMetaData serviceConstructor = new ServiceConstructorMetaData();
- serviceConstructor.setSignature(new String[] { String.class.getName(),
- this.getMetaDataClassType().getName(),Boolean.class.getName()});
- serviceConstructor.setParameters(new Object[] {contextId,deployment, Boolean.TRUE});
+ serviceConstructor.setSignature(new String[]{String.class.getName(), this.getMetaDataClassType().getName(),
+ Boolean.class.getName()});
+ serviceConstructor.setParameters(new Object[]{contextId, deployment, Boolean.TRUE});
createJaccPolicyBean(serviceConstructor, unit);
}
- private void createJaccPolicyBean(ServiceConstructorMetaData serviceConstructor,
- DeploymentUnit unit)
+ private void createJaccPolicyBean(ServiceConstructorMetaData serviceConstructor, DeploymentUnit unit)
{
- //Create a Service Bean for the JACC Policy
+ // Create a Service Bean for the JACC Policy
ServiceMetaData jaccPolicy = new ServiceMetaData();
- jaccPolicy.setCode(getJaccPolicyName());
+ jaccPolicy.setCode(getJaccPolicyName());
try
{
jaccPolicy.setObjectName(new ObjectName(getObjectName(unit)));
}
catch (Exception e)
- {
+ {
throw new RuntimeException(e);
}
- //Provide a constructor for the service bean
+ // Provide a constructor for the service bean
jaccPolicy.setConstructor(serviceConstructor);
ArrayList<ServiceMetaData> services = new ArrayList<ServiceMetaData>();
services.add(jaccPolicy);
- unit.addAttachment(JACC_ATTACHMENT_NAME, jaccPolicy, ServiceMetaData.class);
+ unit.addAttachment(JACC_ATTACHMENT_NAME, jaccPolicy, ServiceMetaData.class);
}
private ServiceMetaData getParentJaccPolicyBean(DeploymentUnit childDU)
{
DeploymentUnit parentDU = childDU.getParent();
- while(parentDU != null)
+ while (parentDU != null)
{
- ServiceMetaData parentJacc = (ServiceMetaData)parentDU.getAttachment(JACC_ATTACHMENT_NAME);
- if(parentJacc != null)
+ ServiceMetaData parentJacc = (ServiceMetaData) parentDU.getAttachment(JACC_ATTACHMENT_NAME);
+ if (parentJacc != null)
return parentJacc;
- parentDU = parentDU.getParent();
+ parentDU = parentDU.getParent();
}
return null;
}
-
+
/**
- * Get the name of the JaccPolicy subclass
- * (EjbJaccPolicy,WebJaccPolicy etc)
+ * Get the name of the JaccPolicy subclass (EjbJaccPolicy,WebJaccPolicy etc)
+ *
* @return
*/
protected abstract String getJaccPolicyName();
-
+
/**
* Return the type of metadata
+ *
* @return
*/
protected abstract Class<T> getMetaDataClassType();
-
+
/**
* Get the top level service bean meta data
+ *
* @return
*/
- protected abstract ServiceMetaData getServiceMetaData();
-
+ protected abstract ServiceMetaData getServiceMetaData();
+
/**
- * Qualify the object name with parent name just to avoid conflicts
- * with deployments with the same name in multiple archives
+ * Qualify the object name with parent name just to avoid conflicts with deployments with the same name in multiple
+ * archives
*/
private String getObjectName(DeploymentUnit unit)
{
String deploymentName = unit.getName();
- DeploymentUnit parentDU = unit.getParent();
- String parentDeploymentName = parentDU != null ?
- ",parent=\"" + parentDU.getSimpleName() + "\"" : "";
- return BASE_OBJECT_NAME + "\"" + deploymentName + "\"" + parentDeploymentName;
+ DeploymentUnit parentDU = unit.getParent();
+ String parentDeploymentName = parentDU != null ? ",parent=\"" + parentDU.getSimpleName() + "\"" : "";
+ return BASE_OBJECT_NAME + "\"" + deploymentName + "\"" + parentDeploymentName;
}
}
Modified: trunk/server/src/main/org/jboss/ejb/EjbModule.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -78,7 +78,6 @@
import org.jboss.system.ServiceMBeanSupport;
import org.jboss.tm.TransactionManagerFactory;
import org.jboss.util.loading.DelegatingClassLoader;
-import org.jboss.virtual.VirtualFile;
import org.jboss.web.WebClassLoader;
import org.jboss.web.WebClassLoaderFactory;
import org.jboss.web.WebServiceMBean;
@@ -463,26 +462,6 @@
Registry.bind(new Integer(jmxHash), jmxName);
log.debug("Bound jmxName=" + jmxName + ", hash=" + jmxHash + "into Registry");
}
-
- // Register any available XACML Policies
- String securityDomain = SecurityUtil.unprefixSecurityDomain(appMetaData.getSecurityDomain());
- if (securityDomain == null)
- securityDomain = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY; // Fallback
- VirtualFile xacmlFile = deploymentUnit.getMetaDataFile("jboss-xacml-policy.xml");
- if (xacmlFile != null)
- {
- if (policyRegistration != null)
- {
- policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, xacmlFile.toURL());
- }
- }
-
- // register any available ACL policies.
- VirtualFile aclPolicyFile = deploymentUnit.getMetaDataFile("jboss-acl-policy.xml");
- if (aclPolicyFile != null && this.policyRegistration != null)
- {
- this.policyRegistration.registerPolicy(contextID, PolicyRegistration.ACL, aclPolicyFile.toURL());
- }
}
catch (Exception e)
{
@@ -569,17 +548,6 @@
webServer = (WebServiceMBean) MBeanProxyExt.create(WebServiceMBean.class, webServiceName);
}
ListIterator iter = containerOrdering.listIterator(containerOrdering.size());
- // Unregister the permissions with the JACC layer
- String contextID = appMetaData.getJaccContextID();
- if (contextID == null)
- contextID = deploymentUnit.getSimpleName();
- // Unregister any xacml and acl policies
- if (this.policyRegistration != null)
- {
- this.policyRegistration.deRegisterPolicy(contextID, PolicyRegistration.XACML);
- this.policyRegistration.deRegisterPolicy(contextID, PolicyRegistration.ACL);
- }
-
while (iter.hasPrevious())
{
Container con = (Container) iter.previous();
Modified: trunk/testsuite/build.xml
===================================================================
--- trunk/testsuite/build.xml 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/testsuite/build.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -737,7 +737,7 @@
<include name="**/test/naming/test/Security*"/>
<include name="**/test/security/test/*UnitTestCase.class"/>
<include name="**/test/security/test/auth/*UnitTestCase.class"/>
- <include name="**/test/security/test/authorization/XACML*UnitTest.class"/>
+ <include name="**/test/security/test/authorization/*UnitTestCase.class"/>
<include name="**/test/security/test/mapping/**/*TestCase.class"/>
<include name="**/test/web/security/authorization/XACML*UnitTestCase.class"/>
<include name="**/test/jca/test/SecurityContextUnitTestCase.class"/>
Modified: trunk/testsuite/imports/sections/security.xml
===================================================================
--- trunk/testsuite/imports/sections/security.xml 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/testsuite/imports/sections/security.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -455,5 +455,17 @@
</zipfileset>
</ear>
+ <!-- acl-integration.jar -->
+ <jar destfile="${build.lib}/acl-integration.jar">
+ <metainf dir="${build.resources}/security/authorization/acl-ejb/META-INF">
+ <include name="jboss-acl-policy.xml" />
+ </metainf>
+ <fileset dir="${build.classes}">
+ <include name="org/jboss/test/security/ejb/ACLSessionImpl.class"/>
+ <include name="org/jboss/test/security/interfaces/ACLSession.class"/>
+ <include name="org/jboss/test/security/resources/TestResource.class"/>
+ </fileset>
+ </jar>
+
</target>
</project>
Modified: trunk/testsuite/imports/sections/web.xml
===================================================================
--- trunk/testsuite/imports/sections/web.xml 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/testsuite/imports/sections/web.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -865,5 +865,18 @@
</fileset>
</war>
+ <!-- war to test ACL integration -->
+ <war destfile="${build.lib}/acl-integration.war"
+ webxml="${build.resources}/web/acl/WEB-INF/web.xml">
+ <webinf dir="${build.resources}/web/acl/WEB-INF/">
+ <include name="jboss-acl-policy.xml"/>
+ <include name="jboss-web.xml"/>
+ </webinf>
+ <classes dir="${build.classes}">
+ <include name="org/jboss/test/web/servlets/ACLServlet.class"/>
+ <include name="org/jboss/test/security/resources/TestResource.class"/>
+ </classes>
+ </war>
+
</target>
</project>
Added: trunk/testsuite/src/main/org/jboss/test/security/ejb/ACLSessionImpl.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/security/ejb/ACLSessionImpl.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/security/ejb/ACLSessionImpl.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.ejb;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.ejb.Remote;
+import javax.ejb.Stateless;
+import javax.naming.InitialContext;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.acl.EntitlementEntry;
+import org.jboss.security.authorization.EntitlementHolder;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.identity.plugins.IdentityFactory;
+import org.jboss.test.security.interfaces.ACLSession;
+import org.jboss.test.security.resources.TestResource;
+
+/**
+ * <p>
+ * Implementation of the {@code ACLSession} interface used in the ACL integration tests.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+ at Stateless
+ at Remote(ACLSession.class)
+public class ACLSessionImpl implements ACLSession
+{
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.test.security.interfaces.ACLSession#getEntitlementsForIdentity(java.lang.String)
+ */
+ public Map<Integer, String> getEntitlementsForIdentity(String identity)
+ {
+ Map<Integer, String> entitlementsMap = new HashMap<Integer, String>();
+
+ try
+ {
+ // first retrieve the authorization manager for the acl-domain.
+ InitialContext ctx = new InitialContext();
+ AuthorizationManager manager = (AuthorizationManager) ctx.lookup("java:jaas/acl-domain/authorizationMgr");
+
+ // create a resource 10 that has resource 11 as a child.
+ TestResource resource10 = new TestResource(10);
+ TestResource resource11 = new TestResource(11);
+ Collection<Resource> childResources = new ArrayList<Resource>();
+ childResources.add(resource11);
+ resource10.getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
+ resource11.getMap().put(ResourceKeys.PARENT_RESOURCE, resource10);
+
+ // now call the getEntitlements method using created resource and identity objects.
+ EntitlementHolder<EntitlementEntry> holder = manager.getEntitlements(EntitlementEntry.class, resource10,
+ IdentityFactory.createIdentity(identity));
+
+ // for each entitlement entry, put the resource id and associated permission in the map to be returned.
+ for (EntitlementEntry entry : holder.getEntitled())
+ {
+ TestResource resource = (TestResource) entry.getResource();
+ entitlementsMap.put(resource.getId(), entry.getPermission().toString());
+ }
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Failed to obtain entitlements from authorization manager", e);
+ }
+ return entitlementsMap;
+ }
+}
Added: trunk/testsuite/src/main/org/jboss/test/security/interfaces/ACLSession.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/security/interfaces/ACLSession.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/security/interfaces/ACLSession.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.interfaces;
+
+import java.util.Map;
+
+/**
+ * <p>
+ * Stateless session test bean interface used in the ACL integration tests.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public interface ACLSession
+{
+
+ /**
+ * <p>
+ * Calls the {@code AuthorizationManager#getEntitlements} method to retrieve the resources (and associated
+ * permissions) available to the specified identity. It returns a map containing the resource id as key and the
+ * permissions assigned to the identity as value (e.g. <1,"CREATE,READ,DELETE">).
+ * </p>
+ *
+ * @param identity the identity for which the entitlements are to be retrieved.
+ * @return a {@code Map<Integer, String>} containing the ids of the resources available to the identity as keys and
+ * the permissions assigned to the identity as values.
+ */
+ public Map<Integer, String> getEntitlementsForIdentity(String identity);
+}
Added: trunk/testsuite/src/main/org/jboss/test/security/resources/TestResource.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/security/resources/TestResource.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/security/resources/TestResource.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.resources;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceType;
+
+/**
+ * <p>
+ * A implementation of {@code Resource} for testing purposes.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class TestResource implements Resource
+{
+
+ private final Map<String, Object> contextMap;
+
+ private final int id;
+
+ /**
+ * <p>
+ * Creates an instance of {@code TestResource} with the specified id.
+ * </p>
+ *
+ * @param id an {@code int} representing the unique id of the resource being built.
+ */
+ public TestResource(int id)
+ {
+ this.id = id;
+ this.contextMap = new HashMap<String, Object>();
+ }
+
+ /**
+ * <p>
+ * Obtains the id of this resource.
+ * </p>
+ *
+ * @return an {@code int} representing the resource's id.
+ */
+ public int getId()
+ {
+ return this.id;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.authorization.Resource#getLayer()
+ */
+ public ResourceType getLayer()
+ {
+ return ResourceType.ACL;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.authorization.Resource#getMap()
+ */
+ public Map<String, Object> getMap()
+ {
+ return this.contextMap;
+ }
+
+}
Added: trunk/testsuite/src/main/org/jboss/test/security/test/authorization/ACLIntegrationUnitTestCase.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/security/test/authorization/ACLIntegrationUnitTestCase.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/security/test/authorization/ACLIntegrationUnitTestCase.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,193 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.test.authorization;
+
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.rmi.PortableRemoteObject;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.commons.httpclient.HttpMethodBase;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+import org.jboss.test.security.interfaces.ACLSession;
+import org.jboss.test.util.web.HttpUtils;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the integration of the ACL layer with the application server. Modules define their ACL
+ * constraints in the {@code jboss-acl-policy.xml} configuration file and then call the {@code AuthorizationManager} at
+ * runtime to enforce their ACL policies.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLIntegrationUnitTestCase extends JBossTestCase
+{
+
+ /**
+ * <p>
+ * Creates an instance of {@code ACLIntegrationUnitTestCase} with the specified name.
+ * </p>
+ *
+ * @param name a {@code String} representing the name of the {@code TestCase}.
+ */
+ public ACLIntegrationUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+ /**
+ * <p>
+ * Tests the results of calling {@code AuthorizationManager#getEntitlements} from within a web component (a servlet).
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testGetEntitlementsFromServlet() throws Exception
+ {
+ // call the ACLServlet using the identity "Administrator" as a parameter.
+ URL url = new URL(HttpUtils.getBaseURL() + "acl-integration/acl?identity=Administrator");
+ HttpMethodBase response = HttpUtils.accessURL(url, "JBoss ACL Test", HttpURLConnection.HTTP_OK);
+ // each line of the response has the following format: resource_id:permissions
+ List<String> entitlements = this.readEntitlementsFromResponse(response);
+ assertEquals("ACLServlet retrieved an invalid number of entitlement entries", 2, entitlements.size());
+ // Administrator should have CREATE,READ,UPDATE and DELETE permissions on both resources (id=1 and id=2).
+ assertTrue("Invalid entitlement entry found", entitlements.contains("1:CREATE,READ,UPDATE,DELETE"));
+ assertTrue("Invalid entitlement entry found", entitlements.contains("2:CREATE,READ,UPDATE,DELETE"));
+
+ // now repeat the process, this time using the identity "Guest".
+ url = new URL(HttpUtils.getBaseURL() + "acl-integration/acl?identity=Guest");
+ response = HttpUtils.accessURL(url, "JBoss ACL Test", HttpURLConnection.HTTP_OK);
+ entitlements = this.readEntitlementsFromResponse(response);
+ assertEquals("ACLServlet retrieved an invalid number of entitlement entries", 2, entitlements.size());
+ // Guest should have READ permission on resource 1 and READ,UPDATE permissions on resource 2.
+ assertTrue("Invalid entitlement entry found", entitlements.contains("1:READ"));
+ assertTrue("Invalid entitlement entry found", entitlements.contains("2:READ,UPDATE"));
+ }
+
+ /**
+ * <p>
+ * Tests the results of calling {@code AuthorizationManager#getEntitlements} from within an EJB3 component.
+ * </p>
+ *
+ * @throws Exception
+ */
+ public void testGetEntitlementsFromEJB() throws Exception
+ {
+ // lookup the test session.
+ Object obj = getInitialContext().lookup("ACLSessionImpl/remote");
+ ACLSession session = (ACLSession) PortableRemoteObject.narrow(obj, ACLSession.class);
+
+ // get the entitlements for the Administrator identity.
+ Map<Integer, String> entitlementsMap = session.getEntitlementsForIdentity("Administrator");
+ assertEquals("ACLSession retrieved an invalid number of entitlement entries", 2, entitlementsMap.size());
+ // Administrator should have CREATE,READ and UPDATE permissions on both resources (id=10 and id=11).
+ assertEquals("Invalid entitlement entry found", "CREATE,READ,UPDATE", entitlementsMap.get(10));
+ assertEquals("Invalid entitlement entry found", "CREATE,READ,UPDATE", entitlementsMap.get(11));
+
+ // now repeat the process, this time using the identity "Guest".
+ entitlementsMap = session.getEntitlementsForIdentity("Guest");
+ assertEquals("ACLSession retrieved an invalid number of entitlement entries", 2, entitlementsMap.size());
+ // Guest should have CREATE, READ and UPDATE permissions on resource 10 and READ permission on resource 11.
+ assertEquals("Invalid entitlement entry found", "CREATE,READ,UPDATE", entitlementsMap.get(10));
+ assertEquals("Invalid entitlement entry found", "READ", entitlementsMap.get(11));
+ }
+
+ /**
+ * <p>
+ * Reads the response contents and create a {@code List<String>} where each component corresponds to one line of the
+ * response body.
+ * </p>
+ *
+ * @param response the {@code HttpServletResponse} that contains the response from the {@code ACLServlet}.
+ * @return a {@code List<String>}, where each element corresponds to one line of the response body.
+ * @throws Exception
+ */
+ private List<String> readEntitlementsFromResponse(HttpMethodBase response) throws Exception
+ {
+ BufferedReader reader = new BufferedReader(new InputStreamReader(response.getResponseBodyAsStream()));
+ List<String> entitlements = new ArrayList<String>();
+ String line = reader.readLine();
+ while (line != null)
+ {
+ entitlements.add(line);
+ line = reader.readLine();
+ }
+ return entitlements;
+ }
+
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(ACLIntegrationUnitTestCase.class));
+
+ TestSetup wrapper = new JBossTestSetup(suite)
+ {
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.test.JBossTestSetup#setUp()
+ */
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ // deploy the application policy that specifies an ACL module.
+ String url = getResourceURL("security/authorization/aclpolicy-jboss-beans.xml");
+ deploy(url);
+ // deploy the web application that calls the ACL module.
+ deploy("acl-integration.war");
+ // deploy the ejb application that calls the ACL module.
+ deploy("acl-integration.jar");
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.test.JBossTestSetup#tearDown()
+ */
+ @Override
+ protected void tearDown() throws Exception
+ {
+ // undeploy the test ejb application.
+ undeploy("acl-integration.jar");
+ // undeploy the test web application.
+ undeploy("acl-integration.war");
+ // undeploy the application policy.
+ String url = getResourceURL("security/authorization/aclpolicy-jboss-beans.xml");
+ undeploy(url);
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+}
Deleted: trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTest.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTest.java 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTest.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -1,167 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.security.test.authorization;
-
-import java.rmi.RemoteException;
-
-import javax.rmi.PortableRemoteObject;
-import javax.security.auth.login.LoginContext;
-
-import junit.extensions.TestSetup;
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
-import org.jboss.test.JBossTestCase;
-import org.jboss.test.JBossTestSetup;
-import org.jboss.test.security.interfaces.StatelessSession;
-import org.jboss.test.security.interfaces.StatelessSessionHome;
-import org.jboss.test.util.AppCallbackHandler;
-
-//$Id$
-
-/**
- * Unit tests for the XACML Integration of the EJB Layer
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class XACMLEJBIntegrationUnitTest extends JBossTestCase
-{
-
- static String username = "scott";
- static char[] password = "echoman".toCharArray();
-
- LoginContext lc;
- boolean loggedIn;
-
- private static String login_config = "security/authorization/xacml-ejb/app-policy-service.xml";
-
- public XACMLEJBIntegrationUnitTest(String name)
- {
- super(name);
- }
-
- public static Test suite() throws Exception
- {
- TestSuite suite = new TestSuite();
- suite.addTest(new TestSuite(XACMLEJBIntegrationUnitTest.class));
- // Create an initializer for the test suite
- TestSetup wrapper = new JBossTestSetup(suite)
- {
- protected void setUp() throws Exception
- {
- super.setUp();
- deploy("xacml-ejb.jar");
- deploy(getResourceURL(login_config));
- }
- protected void tearDown() throws Exception
- {
- undeploy(getResourceURL(login_config));
- undeploy("xacml-ejb.jar");
- super.tearDown();
- }
- };
- return wrapper;
- }
-
-
- /** Test that the echo method is accessible by an Echo
- role. Since the noop() method of the StatelessSession
- bean was not assigned any permissions it should be unchecked.
- */
- public void testMethodAccess() throws Exception
- {
- log.debug("+++ testMethodAccess");
- process();
- }
-
- /** Test that redeploying the deployment unit does not add
- * another policy. In other words, checks if undeploying removes the policy.
- * Does exactly what testMethodAccess() do.
- */
- public void testJBAS6067() throws Exception
- {
- undeploy(getResourceURL(login_config));
- undeploy("xacml-ejb.jar");
- deploy("xacml-ejb.jar");
- deploy(getResourceURL(login_config));
-
- log.debug("+++ testJBAS6067");
- process();
- }
-
- private void process() throws Exception
- {
- login();
- Object obj = getInitialContext().lookup("spec.StatelessSession");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- StatelessSessionHome home = (StatelessSessionHome) obj;
- log.debug("Found StatelessSessionHome");
- StatelessSession bean = home.create();
- log.debug("Created spec.StatelessSession");
- log.debug("Bean.echo('Hello') -> "+bean.echo("Hello"));
-
- try
- {
- // This should not be allowed
- bean.noop();
- fail("Was able to call StatelessSession.noop");
- }
- catch(RemoteException e)
- {
- log.debug("StatelessSession.noop failed as expected");
- }
- bean.remove();
- logout();
- }
-
- /** Login as user scott using the conf.name login config or
- 'spec-test' if conf.name is not defined.
- */
- private void login() throws Exception
- {
- login(username, password);
- }
- private void login(String username, char[] password) throws Exception
- {
- if( loggedIn )
- return;
-
- lc = null;
- String confName = System.getProperty("conf.name", "spec-test");
- AppCallbackHandler handler = new AppCallbackHandler(username, password);
- log.debug("Creating LoginContext("+confName+")");
- lc = new LoginContext(confName, handler);
- lc.login();
- log.debug("Created LoginContext, subject="+lc.getSubject());
- loggedIn = true;
- }
-
- private void logout() throws Exception
- {
- if( loggedIn )
- {
- loggedIn = false;
- lc.logout();
- }
- }
-}
Copied: trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTestCase.java (from rev 80314, trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTest.java)
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTestCase.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/security/test/authorization/XACMLEJBIntegrationUnitTestCase.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,173 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.test.authorization;
+
+import java.rmi.RemoteException;
+
+import javax.rmi.PortableRemoteObject;
+import javax.security.auth.login.LoginContext;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+import org.jboss.test.security.interfaces.StatelessSession;
+import org.jboss.test.security.interfaces.StatelessSessionHome;
+import org.jboss.test.util.AppCallbackHandler;
+
+// $Id$
+
+/**
+ * Unit tests for the XACML Integration of the EJB Layer
+ *
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jul 6, 2006
+ * @version $Revision$
+ */
+public class XACMLEJBIntegrationUnitTestCase extends JBossTestCase
+{
+
+ static String username = "scott";
+
+ static char[] password = "echoman".toCharArray();
+
+ LoginContext lc;
+
+ boolean loggedIn;
+
+ private static String login_config = "security/authorization/xacml-ejb/app-policy-service.xml";
+
+ public XACMLEJBIntegrationUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(XACMLEJBIntegrationUnitTestCase.class));
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossTestSetup(suite)
+ {
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ deploy("xacml-ejb.jar");
+ deploy(getResourceURL(login_config));
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ undeploy(getResourceURL(login_config));
+ undeploy("xacml-ejb.jar");
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+
+ /**
+ * Test that the echo method is accessible by an Echo role. Since the noop() method of the StatelessSession bean was
+ * not assigned any permissions it should be unchecked.
+ */
+ public void testMethodAccess() throws Exception
+ {
+ log.debug("+++ testMethodAccess");
+ process();
+ }
+
+ /**
+ * Test that redeploying the deployment unit does not add another policy. In other words, checks if undeploying
+ * removes the policy. Does exactly what testMethodAccess() do.
+ */
+ public void testJBAS6067() throws Exception
+ {
+ undeploy(getResourceURL(login_config));
+ undeploy("xacml-ejb.jar");
+ deploy("xacml-ejb.jar");
+ deploy(getResourceURL(login_config));
+
+ log.debug("+++ testJBAS6067");
+ process();
+ }
+
+ private void process() throws Exception
+ {
+ login();
+ Object obj = getInitialContext().lookup("spec.StatelessSession");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ log.debug("Found StatelessSessionHome");
+ StatelessSession bean = home.create();
+ log.debug("Created spec.StatelessSession");
+ log.debug("Bean.echo('Hello') -> " + bean.echo("Hello"));
+
+ try
+ {
+ // This should not be allowed
+ bean.noop();
+ fail("Was able to call StatelessSession.noop");
+ }
+ catch (RemoteException e)
+ {
+ log.debug("StatelessSession.noop failed as expected");
+ }
+ bean.remove();
+ logout();
+ }
+
+ /**
+ * Login as user scott using the conf.name login config or 'spec-test' if conf.name is not defined.
+ */
+ private void login() throws Exception
+ {
+ login(username, password);
+ }
+
+ private void login(String username, char[] password) throws Exception
+ {
+ if (loggedIn)
+ return;
+
+ lc = null;
+ String confName = System.getProperty("conf.name", "spec-test");
+ AppCallbackHandler handler = new AppCallbackHandler(username, password);
+ log.debug("Creating LoginContext(" + confName + ")");
+ lc = new LoginContext(confName, handler);
+ lc.login();
+ log.debug("Created LoginContext, subject=" + lc.getSubject());
+ loggedIn = true;
+ }
+
+ private void logout() throws Exception
+ {
+ if (loggedIn)
+ {
+ loggedIn = false;
+ lc.logout();
+ }
+ }
+}
Added: trunk/testsuite/src/main/org/jboss/test/web/servlets/ACLServlet.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/web/servlets/ACLServlet.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/web/servlets/ACLServlet.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,135 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.web.servlets;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Collection;
+
+import javax.naming.InitialContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.acl.EntitlementEntry;
+import org.jboss.security.authorization.EntitlementHolder;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.plugins.SimpleIdentity;
+import org.jboss.test.security.resources.TestResource;
+
+/**
+ * <p>
+ * A servlet implementation that looks up the authorization manager and call the getEntitlements method to obtain the
+ * resources (and associated permissions) that are available to the identity specified in the request.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class ACLServlet extends HttpServlet
+{
+
+ private static final long serialVersionUID = 511576053104979345L;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ this.processRequest(request, response);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ this.processRequest(request, response);
+ }
+
+ /**
+ * <p>
+ * This method calls the {@code AuthorizationManager#getEntitlements} method using the identity retrieved from the
+ * request and then writes the result in the response. Each line written to the response corresponds to one
+ * {@code EntitlementEntry} and has the following format: resource_id:permissions.
+ * </p>
+ *
+ * @param request the {@code HttpServletRequest} that contains the identity for which the entitlements are to be
+ * retrieved.
+ * @param response the {@code HttpServletResponse} object used to write the results of calling
+ * {@code getEntitlements} with the identity retrieved from the request.
+ * @throws ServletException if an error occurs while processing the request.
+ * @throws IOException if an input or output error is detected when the servlet handles the request.
+ */
+ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException,
+ IOException
+ {
+ try
+ {
+ // first retrieve the authorization manager for the acl-domain.
+ InitialContext ctx = new InitialContext();
+ AuthorizationManager manager = (AuthorizationManager) ctx.lookup("java:jaas/acl-domain/authorizationMgr");
+
+ // create a resource 1 that has resource 2 as a child.
+ TestResource resource1 = new TestResource(1);
+ TestResource resource2 = new TestResource(2);
+ Collection<Resource> childResources = new ArrayList<Resource>();
+ childResources.add(resource2);
+ resource1.getMap().put(ResourceKeys.CHILD_RESOURCES, childResources);
+ resource2.getMap().put(ResourceKeys.PARENT_RESOURCE, resource1);
+
+ // retrieve the identity name from the request.
+ String name = request.getParameter("identity");
+ Identity identity = new SimpleIdentity(name);
+
+ // now call the getEntitlements method using created resource and identity objects.
+ EntitlementHolder<EntitlementEntry> holder = manager.getEntitlements(EntitlementEntry.class, resource1,
+ identity);
+
+ // write the results in the response (resource id : permissions)
+ response.setContentType("text/html");
+ PrintWriter writer = response.getWriter();
+ for (EntitlementEntry entry : holder.getEntitled())
+ {
+ TestResource resource = (TestResource) entry.getResource();
+ writer.println(resource.getId() + ":" + entry.getPermission());
+ }
+ writer.close();
+ }
+ catch (Exception e)
+ {
+ throw new ServletException("Failed to obtain entitlements from authorization manager", e);
+ }
+ }
+}
Added: trunk/testsuite/src/resources/security/authorization/acl-ejb/META-INF/jboss-acl-policy.xml
===================================================================
--- trunk/testsuite/src/resources/security/authorization/acl-ejb/META-INF/jboss-acl-policy.xml (rev 0)
+++ trunk/testsuite/src/resources/security/authorization/acl-ejb/META-INF/jboss-acl-policy.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,30 @@
+<jboss-acl xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:jboss-acl-config:1.0"
+ xmlns="urn:jboss:jboss-acl-config:1.0"
+ xmlns:jbxb="urn:jboss:jboss-acl-config:1.0">
+
+ <acl-definition resource="org.jboss.test.security.resources.TestResource:10">
+ <entry>
+ <identity-name>Administrator</identity-name>
+ <permissions>CREATE,READ,UPDATE</permissions>
+ </entry>
+ <entry>
+ <identity-name>Guest</identity-name>
+ <permissions>CREATE,READ,UPDATE</permissions>
+ </entry>
+ </acl-definition>
+
+ <!-- An extends attribute allows an ACL to inherit all the entries from its parent ACL -->
+ <acl-definition resource="org.jboss.test.security.resources.TestResource:11" extends="org.jboss.test.security.resources.TestResource:10">
+ <entry>
+ <identity-name>Regular_User</identity-name>
+ <permissions>READ,UPDATE</permissions>
+ </entry>
+ <!-- This overrides the definition from the parent ACL -->
+ <entry>
+ <identity-name>Guest</identity-name>
+ <permissions>READ</permissions>
+ </entry>
+ </acl-definition>
+
+</jboss-acl>
\ No newline at end of file
Added: trunk/testsuite/src/resources/security/authorization/aclpolicy-jboss-beans.xml
===================================================================
--- trunk/testsuite/src/resources/security/authorization/aclpolicy-jboss-beans.xml (rev 0)
+++ trunk/testsuite/src/resources/security/authorization/aclpolicy-jboss-beans.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- acl application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0" name="acl-domain">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="optional"/>
+ </authentication>
+ <acl>
+ <acl-module code="org.jboss.security.acl.ACLProviderImpl" flag="optional">
+ <module-option name="persistenceStrategy">org.jboss.security.plugins.acl.PolicyRegistrationStrategy</module-option>
+ </acl-module>
+ </acl>
+ </application-policy>
+
+</deployment>
Added: trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-acl-policy.xml
===================================================================
--- trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-acl-policy.xml (rev 0)
+++ trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-acl-policy.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,30 @@
+<jboss-acl xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:jboss-acl-config:1.0"
+ xmlns="urn:jboss:jboss-acl-config:1.0"
+ xmlns:jbxb="urn:jboss:jboss-acl-config:1.0">
+
+ <acl-definition resource="org.jboss.test.security.resources.TestResource:1">
+ <entry>
+ <identity-name>Administrator</identity-name>
+ <permissions>CREATE,READ,UPDATE,DELETE</permissions>
+ </entry>
+ <entry>
+ <identity-name>Guest</identity-name>
+ <permissions>READ</permissions>
+ </entry>
+ </acl-definition>
+
+ <!-- An extends attribute allows an ACL to inherit all the entries from its parent ACL -->
+ <acl-definition resource="org.jboss.test.security.resources.TestResource:2" extends="org.jboss.test.security.resources.TestResource:1">
+ <entry>
+ <identity-name>Regular_User</identity-name>
+ <permissions>READ,UPDATE</permissions>
+ </entry>
+ <!-- This overrides the definition from the parent ACL -->
+ <entry>
+ <identity-name>Guest</identity-name>
+ <permissions>READ,UPDATE</permissions>
+ </entry>
+ </acl-definition>
+
+</jboss-acl>
\ No newline at end of file
Added: trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-web.xml
===================================================================
--- trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-web.xml (rev 0)
+++ trunk/testsuite/src/resources/web/acl/WEB-INF/jboss-web.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,6 @@
+<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN"
+ "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
+
+<jboss-web>
+ <security-domain>java:/jaas/acl-domain</security-domain>
+</jboss-web>
Added: trunk/testsuite/src/resources/web/acl/WEB-INF/web.xml
===================================================================
--- trunk/testsuite/src/resources/web/acl/WEB-INF/web.xml (rev 0)
+++ trunk/testsuite/src/resources/web/acl/WEB-INF/web.xml 2008-11-03 20:13:06 UTC (rev 80401)
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+ <description>Web Application that tests ACL Integration with the web container</description>
+ <servlet>
+ <servlet-name>ACLServlet</servlet-name>
+ <servlet-class>org.jboss.test.web.servlets.ACLServlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>ACLServlet</servlet-name>
+ <url-pattern>/acl</url-pattern>
+ </servlet-mapping>
+</web-app>
\ No newline at end of file
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -21,8 +21,6 @@
*/
package org.jboss.web.tomcat.service.deployers;
-import java.net.URL;
-
import javax.management.ObjectName;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
@@ -122,11 +120,6 @@
/** FQN of the SecurityContext Class */
private String securityContextClassName;
- private URL xacmlPolicyURL = null;
-
- /** URL of the ACL configuration file that might have been specified for the web-app. */
- private URL aclPolicyURL = null;
-
public ClassLoader getServiceClassLoader()
{
return serviceClassLoader;
@@ -309,40 +302,6 @@
this.filteredPackages = filteredPackages;
}
- public URL getXacmlPolicyURL()
- {
- return xacmlPolicyURL;
- }
-
- public void setXacmlPolicyURL(URL xacmlPolicyURL)
- {
- this.xacmlPolicyURL = xacmlPolicyURL;
- }
-
- /**
- * <p>
- * Retrieves the {@code URL} of the ACL policy configuration file, if present.
- * </p>
- *
- * @return the {@code URL} of the policy file, or {@code null} if no ACL policy file has been defined.
- */
- public URL getACLPolicyURL()
- {
- return this.aclPolicyURL;
- }
-
- /**
- * <p>
- * Sets the {@code URL} of the ACL policy configuration file.
- * </p>
- *
- * @param aclPolicyURL the {@code URL} of the ACL policy file.
- */
- public void setACLPolicyURL(URL aclPolicyURL)
- {
- this.aclPolicyURL = aclPolicyURL;
- }
-
public JBossWebMetaData getSharedMetaData()
{
return sharedMetaData;
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -35,7 +35,6 @@
import org.jboss.metadata.web.spec.WebMetaData;
import org.jboss.mx.util.ObjectNameFactory;
import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
-import org.jboss.virtual.VirtualFile;
import org.jboss.web.deployers.AbstractWarDeployer;
import org.jboss.web.deployers.AbstractWarDeployment;
import org.jboss.web.tomcat.service.session.SessionIDGenerator;
@@ -466,16 +465,6 @@
deployment.setSecurityManagementName(securityManagement);
deployment.setPolicyRegistrationName(policyRegistrationName);
- // Check if there are any xacml policy files
- VirtualFile vf = unit.getMetaDataFile("jboss-xacml-policy.xml");
- if (vf != null)
- config.setXacmlPolicyURL(vf.toURL());
-
- // check if there is an acl configuration file.
- vf = unit.getMetaDataFile("jboss-acl-policy.xml");
- if (vf != null)
- config.setACLPolicyURL(vf.toURL());
-
// Add a dependency on the webserver itself
List<String> depends = metaData.getDepends();
if (depends == null)
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java 2008-11-03 20:08:12 UTC (rev 80400)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java 2008-11-03 20:13:06 UTC (rev 80401)
@@ -57,7 +57,6 @@
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.naming.NonSerializableFactory;
import org.jboss.security.SecurityUtil;
-import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.virtual.VirtualFile;
import org.jboss.web.WebApplication;
import org.jboss.web.deployers.AbstractWarDeployment;
@@ -449,29 +448,6 @@
* di.mbeans.add(((ObjectInstance)iterator.next()).getObjectName()); }
*/
- if (metaData.getSecurityDomain() != null)
- {
- // Associate the Context Id with the Security Domain
- String contextID = metaData.getJaccContextID();
-
- // Check if an xacml policy file is present
- URL xacmlPolicyFile = this.config.getXacmlPolicyURL();
- if (xacmlPolicyFile != null)
- {
- if (this.policyRegistration != null)
- {
- policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, xacmlPolicyFile);
- }
- }
-
- // check if an acl policy file is present.
- URL aclPolicyFileURL = this.config.getACLPolicyURL();
- if (aclPolicyFileURL != null && this.policyRegistration != null)
- {
- this.policyRegistration.registerPolicy(contextID, PolicyRegistration.ACL, aclPolicyFileURL);
- }
- }
-
log.debug("Initialized: " + webApp + " " + objectName);
}
@@ -690,23 +666,6 @@
// Contexts should be stopped by the host already
server.invoke(objectName, "destroy", new Object[]{}, new String[]{});
}
-
- // Deregister xacml policies
- URL xacmlPolicyFile = this.config.getXacmlPolicyURL();
- if (xacmlPolicyFile != null)
- {
- if (this.policyRegistration != null)
- {
- policyRegistration.deRegisterPolicy(metaData.getJaccContextID(), PolicyRegistration.XACML);
- }
- }
-
- // deregister the acl policies.
- URL aclPolicyFileURL = this.config.getACLPolicyURL();
- if (aclPolicyFileURL != null && this.policyRegistration != null)
- {
- this.policyRegistration.deRegisterPolicy(metaData.getJaccContextID(), PolicyRegistration.ACL);
- }
}
/**
More information about the jboss-cvs-commits
mailing list