[jboss-cvs] JBossAS SVN: r91182 - in branches/JBPAPP_5_0: profileservice/src/main/org/jboss/profileservice/management and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jul 13 17:56:54 EDT 2009
Author: scott.stark at jboss.org
Date: 2009-07-13 17:56:53 -0400 (Mon, 13 Jul 2009)
New Revision: 91182
Added:
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/BasicInvocation.java
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/InstanceInterceptor.java
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/PojiMethodInvocation.java
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/SecurityContainer.java
Modified:
branches/JBPAPP_5_0/build/build-distr.xml
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/ManagementViewImpl.java
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java
branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java
branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml
branches/JBPAPP_5_0/system/src/main/org/jboss/system/server/profileservice/repository/AbstractProfileService.java
Log:
JBAS-7085, Replace ejb3 secured profile service facade with secured remoting proxy
Modified: branches/JBPAPP_5_0/build/build-distr.xml
===================================================================
--- branches/JBPAPP_5_0/build/build-distr.xml 2009-07-13 21:46:54 UTC (rev 91181)
+++ branches/JBPAPP_5_0/build/build-distr.xml 2009-07-13 21:56:53 UTC (rev 91182)
@@ -1884,12 +1884,6 @@
<!-- Copy the profileservice beans to deploy -->
<copy todir="${install.server}/all/deploy/"
file="${_module.output}/resources/profileservice-jboss-beans.xml" />
- <!-- Copy the profileservice secured ejb facade to deploy -->
- <unzip dest="${install.server}/all/deploy/profileservice-secured.jar">
- <fileset dir="${_module.output}/lib">
- <include name="profileservice-secured.jar"/>
- </fileset>
- </unzip>
</target>
<!-- ============ -->
Modified: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/ManagementViewImpl.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/ManagementViewImpl.java 2009-07-13 21:46:54 UTC (rev 91181)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/management/ManagementViewImpl.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -114,6 +114,7 @@
properties = ManagementProperties.EXPLICIT, description = "The ProfileService ManagementView")
public class ManagementViewImpl extends AbstractTemplateCreator implements ManagementView
{
+ private static RuntimePermission MV_RUNTIME_PERMISSION = new RuntimePermission(ManagementView.class.getName());
/** The logger. */
private static Logger log = Logger.getLogger(ManagementViewImpl.class);
@@ -230,6 +231,10 @@
public synchronized boolean load()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
// If the profile is not modified do nothing
if(isReload() == false)
{
@@ -457,6 +462,10 @@
public void reload()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
forceReload = true;
load();
}
@@ -1072,6 +1081,10 @@
*/
public Set<String> getDeploymentNames()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
return new TreeSet<String>(this.managedDeployments.keySet());
}
@@ -1083,7 +1096,11 @@
*/
public Set<String> getDeploymentNamesForType(String type)
{
- Set<String> matches = new TreeSet<String>();
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
+ Set<String> matches = new TreeSet<String>();
for(ManagedDeployment md : managedDeployments.values())
{
String name = md.getName();
@@ -1104,6 +1121,10 @@
public Set<String> getMatchingDeploymentName(String regex)
throws NoSuchDeploymentException
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
Set<String> names = getDeploymentNames();
HashSet<String> matches = new HashSet<String>();
Pattern p = Pattern.compile(regex);
@@ -1125,6 +1146,10 @@
public Set<ManagedDeployment> getMatchingDeployments(String name, NameMatcher<ManagedDeployment> matcher)
throws NoSuchDeploymentException, Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
Set<ManagedDeployment> matches = new HashSet<ManagedDeployment>();
// TODO
return matches;
@@ -1132,6 +1157,10 @@
public Set<String> getTemplateNames()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
return new HashSet<String>(templates.keySet());
}
@@ -1169,6 +1198,10 @@
*/
public ManagedDeployment getDeployment(String name) throws NoSuchDeploymentException
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
if(name == null)
throw new IllegalArgumentException("Null deployment name");
@@ -1213,6 +1246,10 @@
public Set<ManagedDeployment> getDeploymentsForType(String type)
throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
Set<String> names = getDeploymentNamesForType(type);
HashSet<ManagedDeployment> mds = new HashSet<ManagedDeployment>();
for(String name : names)
@@ -1229,6 +1266,10 @@
*/
public Set<ComponentType> getComponentTypes()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
HashSet<ComponentType> types = new HashSet<ComponentType>(compByCompType.keySet());
return types;
}
@@ -1243,7 +1284,11 @@
public Set<ManagedComponent> getComponentsForType(ComponentType type)
throws Exception
{
- Set<ManagedComponent> comps = null;
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
+ Set<ManagedComponent> comps = null;
// Check the any component type
if(type.equals(KnownComponentTypes.ANY_TYPE))
{
@@ -1269,6 +1314,10 @@
public ManagedComponent getComponent(String name, ComponentType type)
throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
Set<ManagedComponent> components = compByCompType.get(type);
ManagedComponent comp = null;
if(components != null)
@@ -1299,6 +1348,10 @@
NameMatcher<ManagedComponent> matcher)
throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
Set<ManagedComponent> components = compByCompType.get(type);
Set<ManagedComponent> matched = new HashSet<ManagedComponent>();
if(components != null)
@@ -1320,6 +1373,10 @@
public DeploymentTemplateInfo getTemplate(String name)
throws NoSuchDeploymentException
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
DeploymentTemplate template = templates.get(name);
if( template == null )
{
@@ -1340,6 +1397,10 @@
public void applyTemplate(String deploymentBaseName, DeploymentTemplateInfo info)
throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
if(deploymentBaseName == null)
throw new IllegalArgumentException("Null deployment base name.");
if(info == null)
@@ -1377,6 +1438,10 @@
public void updateComponent(ManagedComponent comp)
throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
if(comp == null)
throw new IllegalArgumentException("Null managed component.");
// Find the comp deployment
@@ -1495,6 +1560,10 @@
public void removeComponent(ManagedComponent comp) throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(MV_RUNTIME_PERMISSION);
+
if(comp == null)
throw new IllegalArgumentException("null managed component.");
//
Added: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/BasicInvocation.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/BasicInvocation.java (rev 0)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/BasicInvocation.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.remoting;
+
+import org.jboss.aop.advice.Interceptor;
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.aop.joinpoint.InvocationBase;
+
+/**
+ * @author Scott.Stark at jboss.org
+ * @version $Revision:$
+ */
+public class BasicInvocation extends InvocationBase
+{
+
+ public Invocation copy()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public Invocation getWrapper(Interceptor[] newchain)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
Added: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/InstanceInterceptor.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/InstanceInterceptor.java (rev 0)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/InstanceInterceptor.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.remoting;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import org.jboss.aop.advice.Interceptor;
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.aop.joinpoint.MethodInvocation;
+
+/**
+ * @author Scott.Stark at jboss.org
+ * @version $Revision:$
+ */
+public class InstanceInterceptor implements Interceptor
+{
+ private String name;
+ private Object target;
+
+ InstanceInterceptor(String name, Object target)
+ {
+ this.name = name;
+ this.target = target;
+ }
+ public String getName()
+ {
+ return name;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.aop.advice.Interceptor#invoke(org.jboss.aop.joinpoint.Invocation)
+ */
+ public Object invoke(Invocation invocation) throws Throwable
+ {
+ MethodInvocation mi = (MethodInvocation) invocation;
+ Method m = mi.getActualMethod();
+ Object[] args = mi.getArguments();
+
+ Object value = null;
+ try
+ {
+ m.invoke(target, args);
+ }
+ catch(InvocationTargetException ite)
+ {
+ throw ite.getCause();
+ }
+ return value;
+ }
+
+}
Added: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/PojiMethodInvocation.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/PojiMethodInvocation.java (rev 0)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/PojiMethodInvocation.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -0,0 +1,276 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.remoting;
+
+import java.io.IOException;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.util.Map;
+
+import org.jboss.aop.Advisor;
+import org.jboss.aop.advice.Interceptor;
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.aop.joinpoint.MethodInvocation;
+import org.jboss.aop.metadata.MetaDataResolver;
+import org.jboss.aop.metadata.SimpleMetaData;
+
+
+/**
+ * @author Scott.Stark at jboss.org
+ * @version $Revision:$
+ */
+public class PojiMethodInvocation extends MethodInvocation
+{
+ private MethodInvocation delegate;
+ private Method method;
+
+ public PojiMethodInvocation(MethodInvocation delegate, Method method)
+ {
+ super();
+ this.delegate = delegate;
+ this.method = method;
+ }
+
+ public void addResponseAttachment(Object key, Object val)
+ {
+ delegate.addResponseAttachment(key, val);
+ }
+
+ public Invocation copy()
+ {
+ return delegate.copy();
+ }
+
+ public boolean equals(Object obj)
+ {
+ return delegate.equals(obj);
+ }
+
+ public Method getActualMethod()
+ {
+ return method;
+ }
+
+ public Advisor getAdvisor()
+ {
+ return delegate.getAdvisor();
+ }
+
+ public Object[] getArguments()
+ {
+ return delegate.getArguments();
+ }
+
+ public int getCurrentInterceptor()
+ {
+ return delegate.getCurrentInterceptor();
+ }
+
+ public MetaDataResolver getInstanceResolver()
+ {
+ return delegate.getInstanceResolver();
+ }
+
+ public Interceptor[] getInterceptors()
+ {
+ return delegate.getInterceptors();
+ }
+
+ public SimpleMetaData getMetaData()
+ {
+ return delegate.getMetaData();
+ }
+
+ public Object getMetaData(Object group, Object attr)
+ {
+ return delegate.getMetaData(group, attr);
+ }
+
+ public Method getMethod()
+ {
+ return method;
+ }
+
+ public long getMethodHash()
+ {
+ return delegate.getMethodHash();
+ }
+
+ public Object getResponseAttachment(Object key)
+ {
+ return delegate.getResponseAttachment(key);
+ }
+
+ public Map<Object, Object> getResponseContextInfo()
+ {
+ return delegate.getResponseContextInfo();
+ }
+
+ public Object getTargetObject()
+ {
+ return delegate.getTargetObject();
+ }
+
+ public Invocation getWrapper(Interceptor[] newchain)
+ {
+ return delegate.getWrapper(newchain);
+ }
+
+ public int hashCode()
+ {
+ return delegate.hashCode();
+ }
+
+ public Object invokeNext() throws Throwable
+ {
+ interceptors = delegate.getInterceptors();
+ currentInterceptor = delegate.getCurrentInterceptor();
+ if (interceptors != null && currentInterceptor < interceptors.length)
+ {
+ try
+ {
+ return interceptors[currentInterceptor++].invoke(this);
+ }
+ finally
+ {
+ // so that interceptors like clustering can reinvoke down the chain
+ currentInterceptor--;
+ }
+ }
+
+ return invokeTarget();
+ }
+
+ public Object invokeNext(Interceptor[] newInterceptors) throws Throwable
+ {
+ // Save the old stack position
+ Interceptor[] oldInterceptors = interceptors;
+ int oldCurrentInterceptor = currentInterceptor;
+
+ // Start the new stack
+ interceptors = newInterceptors;
+ currentInterceptor = 0;
+
+ // Invoke the new stack
+ try
+ {
+ return invokeNext();
+ }
+ finally
+ {
+ // Restore the old stack
+ interceptors = oldInterceptors;
+ currentInterceptor = oldCurrentInterceptor;
+ }
+ }
+
+ public Object invokeTarget() throws Throwable
+ {
+ return null;
+ }
+
+ public void readExternal(ObjectInput in) throws IOException,
+ ClassNotFoundException
+ {
+ delegate.readExternal(in);
+ }
+
+ public Object resolveAnnotation(Class<? extends Annotation> annotation)
+ {
+ return delegate.resolveAnnotation(annotation);
+ }
+
+ public Object resolveAnnotation(Class<? extends Annotation>[] annotations)
+ {
+ return delegate.resolveAnnotation(annotations);
+ }
+
+ public Object resolveClassAnnotation(Class<? extends Annotation> annotation)
+ {
+ return delegate.resolveClassAnnotation(annotation);
+ }
+
+ public Object resolveClassMetaData(Object key, Object attr)
+ {
+ return delegate.resolveClassMetaData(key, attr);
+ }
+
+ public <T extends Annotation> T resolveTypedAnnotation(Class<T> annotation)
+ {
+ return delegate.resolveTypedAnnotation(annotation);
+ }
+
+ public <T extends Annotation> T resolveTypedAnnotation(Class<T>[] annotations)
+ {
+ return delegate.resolveTypedAnnotation(annotations);
+ }
+
+ public <T extends Annotation> T resolveTypedClassAnnotation(
+ Class<T> annotation)
+ {
+ return delegate.resolveTypedClassAnnotation(annotation);
+ }
+
+ public void setAdvisor(Advisor advisor)
+ {
+ delegate.setAdvisor(advisor);
+ }
+
+ public void setArguments(Object[] arguments)
+ {
+ delegate.setArguments(arguments);
+ }
+
+ public void setInstanceResolver(MetaDataResolver instanceResolver)
+ {
+ delegate.setInstanceResolver(instanceResolver);
+ }
+
+ public void setMetaData(SimpleMetaData data)
+ {
+ delegate.setMetaData(data);
+ }
+
+ public void setResponseContextInfo(Map<Object, Object> responseContextInfo)
+ {
+ delegate.setResponseContextInfo(responseContextInfo);
+ }
+
+ public void setTargetObject(Object targetObject)
+ {
+ delegate.setTargetObject(targetObject);
+ }
+
+ public String toString()
+ {
+ return delegate.toString();
+ }
+
+ public void writeExternal(ObjectOutput out) throws IOException
+ {
+ delegate.writeExternal(out);
+ }
+
+
+}
Modified: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java 2009-07-13 21:46:54 UTC (rev 91181)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProfileServiceInvocationHandler.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -93,6 +93,8 @@
{
// Create a security context for the invocation
establishSecurityContext(invocation);
+ org.jboss.aop.joinpoint.Invocation inv =(org.jboss.aop.joinpoint.Invocation)invocation.getParameter();
+ SecurityContainer.setInvocation(inv);
InvocationResponse value = (InvocationResponse) super.invoke(invocation);
if( value.getResponse() instanceof ManagementView )
Modified: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java 2009-07-13 21:46:54 UTC (rev 91181)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/ProxyFactory.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -38,6 +38,7 @@
import org.jboss.logging.Logger;
import org.jboss.profileservice.spi.ProfileService;
import org.jboss.remoting.InvokerLocator;
+import org.jboss.util.id.GUID;
import org.jboss.util.naming.Util;
/**
@@ -55,13 +56,27 @@
private String mgtViewJndiName = "java:ManagementView";
private String deployMgrJndiName = "java:DeploymentManager";
private InvokerLocator locator;
+ /** The ProfileService bean the ps proxies delegate to */
private ProfileService ps;
+ /** The ManagementView bean the */
private ManagementView mgtView;
+ /** The DeploymentManager bean the */
private DeploymentManager deployMgr;
+ /** The remoting ProfileService proxy */
private Proxy psProxy;
+ /** The remoting ProfileService proxy */
private Proxy mgtViewProxy;
+ /** The remoting ProfileService proxy */
private Proxy deployMgrProxy;
+ /** The server side secured ProfileService proxy */
+ private ProfileService psProxySecure;
+
+ /** The secure server interceptor stack */
+ private List<Interceptor> serverProxyInterceptors;
+ /** The remoting client interceptor stack */
private List<Interceptor> proxyInterceptors;
+ /** Flag to create links to the old ejb3 facade proxy locations */
+ private boolean createEjb3Links;
public String getDispatchName()
{
@@ -167,15 +182,44 @@
this.proxyInterceptors = proxyInterceptors;
}
+ public List<Interceptor> getServerProxyInterceptors()
+ {
+ return serverProxyInterceptors;
+ }
+ public void setServerProxyInterceptors(List<Interceptor> serverProxyInterceptors)
+ {
+ this.serverProxyInterceptors = serverProxyInterceptors;
+ }
+
+ public boolean isCreateEjb3Links()
+ {
+ return createEjb3Links;
+ }
+
+ public void setCreateEjb3Links(boolean createEjb3Links)
+ {
+ this.createEjb3Links = createEjb3Links;
+ }
+
public void start()
throws Exception
{
ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class[] ifaces = {ProfileService.class};
+ Class<?>[] ifaces = {ProfileService.class};
- // Create the ProfileService proxy
- Dispatcher.singleton.registerTarget(dispatchName, ps);
+ // Create the server side secured proxy
+ if(this.serverProxyInterceptors == null)
+ {
+ serverProxyInterceptors = new ArrayList<Interceptor>();
+ }
+ // Add the instance interceptor which delegates to the injected ps
+ //serverProxyInterceptors.add(new InstanceInterceptor("ProfileService", ps));
+ SecurityContainer container = new SecurityContainer(serverProxyInterceptors, ps);
+ psProxySecure = (ProfileService) java.lang.reflect.Proxy.newProxyInstance(loader, ifaces, container);
+ // Create the remote ProfileService proxy using the secured proxy as the target
+ Dispatcher.singleton.registerTarget(dispatchName, psProxySecure);
+ // Create a default client proxy interceptor stack
if(proxyInterceptors == null)
{
proxyInterceptors = new ArrayList<Interceptor>();
@@ -184,15 +228,20 @@
proxyInterceptors.add(InvokeRemoteInterceptor.singleton);
}
+ // Create the remoting proxy that invokes back to the secured proxy target
psProxy = Remoting.createRemoteProxy(dispatchName, loader, ifaces, locator, proxyInterceptors, "ProfileService");
InitialContext ctx = new InitialContext();
Util.bind(ctx, jndiName, psProxy);
log.debug("Bound ProfileService proxy under: "+jndiName);
+ // A server side secured ManagementView proxy
+ SecurityContainer container2 = new SecurityContainer(serverProxyInterceptors, mgtView);
+ Class<?>[] ifaces2 = {ManagementView.class};
+ ManagementView mgtViewSecure = (ManagementView) java.lang.reflect.Proxy.newProxyInstance(loader, ifaces2, container2);
// Create the ManagementView proxy
Class[] mvIfaces = {ManagementView.class};
String mvDispatchName = dispatchName+".ManagementView";
- Dispatcher.singleton.registerTarget(mvDispatchName, mgtView);
+ Dispatcher.singleton.registerTarget(mvDispatchName, mgtViewSecure);
mgtViewProxy = Remoting.createRemoteProxy(mvDispatchName, loader, mvIfaces, locator, proxyInterceptors, "ProfileService");
log.debug("Created ManagementView proxy");
if(mgtViewJndiName != null && mgtViewJndiName.length() > 0)
@@ -201,10 +250,14 @@
log.debug("Bound ManagementView proxy under: "+mgtViewJndiName);
}
+ // A server side secured DeploymentManager proxy
+ SecurityContainer container3 = new SecurityContainer(serverProxyInterceptors, deployMgr);
+ Class<?>[] ifaces3 = {DeploymentManager.class};
+ DeploymentManager deployMgrSecure = (DeploymentManager) java.lang.reflect.Proxy.newProxyInstance(loader, ifaces3, container3);
// Create the DeploymentManager proxy
Class[] dmIfaces = {DeploymentManager.class};
String dmDispatchName = dispatchName+".DeploymentManager";
- Dispatcher.singleton.registerTarget(dmDispatchName, deployMgr);
+ Dispatcher.singleton.registerTarget(dmDispatchName, deployMgrSecure);
deployMgrProxy = Remoting.createRemoteProxy(dmDispatchName, loader, dmIfaces, locator, proxyInterceptors, "DeploymentManager");
log.debug("Created DeploymentManager proxy");
if(deployMgrJndiName != null && deployMgrJndiName.length() > 0)
@@ -212,6 +265,15 @@
Util.bind(ctx, deployMgrJndiName, deployMgrProxy);
log.debug("Bound DeploymentManager proxy under: "+deployMgrJndiName);
}
+
+ //
+ if(createEjb3Links)
+ {
+ Util.createLinkRef("SecureProfileService/remote", this.jndiName);
+ Util.createLinkRef("SecureManagementView/remote", mgtViewJndiName);
+ Util.createLinkRef("SecureDeploymentManager/remote", deployMgrJndiName);
+ log.debug("Bound links back to secure ejb names");
+ }
}
public void stop()
@@ -233,5 +295,13 @@
Util.unbind(ctx, deployMgrJndiName);
log.debug("Unbound DeploymentManager proxy");
}
+ //
+ if(createEjb3Links)
+ {
+ Util.unbind(ctx, "SecureProfileService/remote");
+ Util.unbind(ctx, "SecureManagementView/remote");
+ Util.unbind(ctx, "SecureDeploymentManager/remote");
+ log.debug("Unbound links back to secure ejb names");
+ }
}
}
Added: branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/SecurityContainer.java
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/SecurityContainer.java (rev 0)
+++ branches/JBPAPP_5_0/profileservice/src/main/org/jboss/profileservice/remoting/SecurityContainer.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.profileservice.remoting;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.List;
+
+import org.jboss.aop.advice.Interceptor;
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.aop.joinpoint.MethodInvocation;
+
+/**
+ * A poji proxy invocation handler that implements a simple security
+ * container using aop interceptors.
+ *
+ * @author Scott.Stark at jboss.org
+ * @version $Revision:$
+ */
+public class SecurityContainer implements InvocationHandler
+{
+ private static ThreadLocal<Invocation> activeInvocation
+ = new ThreadLocal<Invocation>();
+ private List<Interceptor> interceptors;
+ private Object target;
+
+ SecurityContainer(List<Interceptor> interceptors, Object target)
+ {
+ this.interceptors = interceptors;
+ this.target = target;
+ }
+
+ public static void setInvocation(Invocation inv)
+ {
+ activeInvocation.set(inv);
+ }
+
+ public Object invoke(Object proxy, Method method, Object[] args)
+ throws Throwable
+ {
+ // Get the invocation the handler set
+ Invocation inv = activeInvocation.get();
+ if(inv instanceof MethodInvocation)
+ {
+ // Need to set the target since this is not a true aop proxy
+ MethodInvocation mi = (MethodInvocation) inv;
+ mi.setTargetObject(target);
+ // Override the method to the poji proxy method to return the invocation method
+ inv = new PojiMethodInvocation(mi, method);
+ }
+
+ // run through the interceptors
+ for(Interceptor i : interceptors)
+ {
+ i.invoke(inv);
+ }
+
+ // Perform the invocation on the target
+ try
+ {
+ return method.invoke(target, args);
+ }
+ catch(InvocationTargetException ite)
+ {
+ throw ite.getTargetException();
+ }
+ }
+
+}
Modified: branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml
===================================================================
--- branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml 2009-07-13 21:46:54 UTC (rev 91181)
+++ branches/JBPAPP_5_0/profileservice/src/resources/profileservice-jboss-beans.xml 2009-07-13 21:56:53 UTC (rev 91182)
@@ -161,10 +161,42 @@
<bean name="ProfileServiceProxyFactory" class="org.jboss.profileservice.remoting.ProxyFactory">
<property name="dispatchName">ProfileService</property>
<property name="jndiName">ProfileService</property>
+ <property name="mgtViewJndiName">ManagementView</property>
+ <property name="deployMgrJndiName">DeploymentManager</property>
<property name="locator"><inject bean="ConnectorMBean" property="invokerLocator"/></property>
<property name="profileService"><inject bean="ProfileService"/></property>
<property name="viewManager"><inject bean="ManagementView"/></property>
<property name="deploymentManager"><inject bean="DeploymentManager"/></property>
+ <!-- Create links from secured proxies back to old secured ejb3 facades -->
+ <property name="createEjb3Links">true</property>
+ <!-- Server side security interceptor stack -->
+ <property name="serverProxyInterceptors">
+ <list>
+ <bean class="org.jboss.aspects.security.AuthenticationInterceptor">
+ <constructor>
+ <parameter>
+ <!-- AuthenticationManager -->
+ <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager"
+ parameter="jmx-console"/>
+ </parameter>
+ </constructor>
+ </bean>
+ <bean class="org.jboss.aspects.security.RoleBasedAuthorizationInterceptor">
+ <constructor>
+ <!-- AuthenticationManager -->
+ <parameter>
+ <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager"
+ parameter="jmx-console"/>
+ </parameter>
+ <!-- RealmMapping, the AuthenticationManager impl currently supports this -->
+ <parameter>
+ <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager"
+ parameter="jmx-console"/>
+ </parameter>
+ </constructor>
+ </bean>
+ </list>
+ </property>
<depends>ConnectorMBean</depends>
</bean>
<bean name="PlatformMBeanKernelRegistryPlugin" class="org.jboss.profileservice.management.PlatformMBeanKernelRegistryPlugin">
Modified: branches/JBPAPP_5_0/system/src/main/org/jboss/system/server/profileservice/repository/AbstractProfileService.java
===================================================================
--- branches/JBPAPP_5_0/system/src/main/org/jboss/system/server/profileservice/repository/AbstractProfileService.java 2009-07-13 21:46:54 UTC (rev 91181)
+++ branches/JBPAPP_5_0/system/src/main/org/jboss/system/server/profileservice/repository/AbstractProfileService.java 2009-07-13 21:56:53 UTC (rev 91182)
@@ -56,6 +56,8 @@
*/
public class AbstractProfileService implements ProfileService, ControllerContextActions
{
+ /** The RuntimePermission required for accessing PS methods */
+ private static RuntimePermission PS_RUNTIME_PERMISSION = new RuntimePermission(ProfileService.class.getName());
/** The default profile. */
private ProfileKey defaultProfile;
@@ -117,6 +119,10 @@
public DeploymentManager getDeploymentManager()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
return this.deploymentManager;
}
@@ -127,6 +133,10 @@
public ManagementView getViewManager()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
return this.managementView;
}
@@ -137,6 +147,10 @@
public String[] getDomains()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
// TODO do we need that ?
Collection<String> domains = new ArrayList<String>();
for(ProfileKey key : activeProfiles)
@@ -153,6 +167,10 @@
public Collection<ProfileKey> getProfileKeys()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
return Collections.unmodifiableCollection(this.profiles);
}
@@ -165,6 +183,10 @@
*/
public Profile getProfile(ProfileKey key) throws NoSuchProfileException
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
if(key == null)
throw new IllegalArgumentException("Null profile key.");
@@ -185,6 +207,10 @@
public Collection<ProfileKey> getActiveProfileKeys()
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
return Collections.unmodifiableCollection(this.activeProfiles);
}
@@ -197,6 +223,10 @@
*/
public Profile getActiveProfile(ProfileKey key) throws NoSuchProfileException
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
if(key == null)
throw new IllegalArgumentException("Null profile key.");
@@ -252,6 +282,10 @@
*/
public void registerProfile(Profile profile) throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
if(profile == null)
throw new IllegalArgumentException("Null profile.");
@@ -289,6 +323,10 @@
*/
public void activateProfile(ProfileKey key) throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
if(key == null)
throw new IllegalArgumentException("Null profile key.");
if(controller.isShutdown())
@@ -313,6 +351,10 @@
public void validateProfile(ProfileKey key) throws Exception
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
if(key == null)
throw new IllegalArgumentException("Null profile key.");
@@ -384,6 +426,10 @@
*/
public void deactivateProfile(ProfileKey key) throws NoSuchProfileException
{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission(PS_RUNTIME_PERMISSION);
+
if(key == null)
throw new IllegalArgumentException("Null profile key.");
More information about the jboss-cvs-commits
mailing list