[Design the new POJO MicroContainer] - AbstractDeploymentClassLoaderPolicyModule is mossing reset
by alesj
Deployers's AbstractDeploymentClassLoaderPolicyModule is not removing alias if one was added at AbstractDeploymentClassLoaderPolicyModule construction.
I've added the following code:
| public abstract class AbstractDeploymentClassLoaderPolicyModule extends ClassLoaderPolicyModule
| @@ -64,12 +66,14 @@
| * Determine the classloading metadata for the deployment unit
| *
| * @param unit the deployment unit
| + * @param addAlias should we add alias or remove
| * @return the classloading metadata
| */
| - private static String determineContextName(DeploymentUnit unit)
| + private static String determineContextName(DeploymentUnit unit, boolean addAlias)
| {
| if (unit == null)
| throw new IllegalArgumentException("Null unit");
| +
| ControllerContext context = unit.getTopLevel().getAttachment(ControllerContext.class);
| if (context == null)
| throw new IllegalStateException("Deployment has no controller context");
| @@ -83,13 +87,21 @@
| Set<Object> aliases = context.getAliases();
| if (aliases != null && aliases.contains(contextName) == false)
| {
| - try
| + Controller controller = context.getController();
| + if (addAlias)
| {
| - context.getController().addAlias(contextName, context.getName());
| + try
| + {
| + controller.addAlias(contextName, context.getName());
| + }
| + catch (Throwable t)
| + {
| + throw new RuntimeException("Error adding deployment alias " + contextName + " to " + context, t);
| + }
| }
| - catch (Throwable t)
| + else
| {
| - throw new RuntimeException("Error adding deployment alias " + contextName + " to " + context, t);
| + controller.removeAlias(contextName);
| }
| }
| }
| @@ -105,7 +117,7 @@
| */
| public AbstractDeploymentClassLoaderPolicyModule(DeploymentUnit unit)
| {
| - super(determineClassLoadingMetaData(unit), determineContextName(unit));
| + super(determineClassLoadingMetaData(unit), determineContextName(unit, true));
| this.unit = unit;
| ControllerContext context = unit.getTopLevel().getAttachment(ControllerContext.class);
| setControllerContext(context);
| @@ -126,4 +138,11 @@
| {
| return CLASSLOADER_STATE;
| }
| +
| + @Override
| + public void reset()
| + {
| + super.reset();
| + determineContextName(unit, false);
| + }
| }
|
Should this be part of new release for JBoss5 GA?
I still need to write some tests, checking if it was successfully removed from Controller (in case it was added).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193129#4193129
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4193129
16 years
[Design of Security on JBoss] - Security aspect updates
by scott.stark@jboss.org
In going through the current jboss-aspects/security aspects and applying them to the profileservice, I see a few issues we should work on updating to be better mc/pojo citizens.
1. The jndi based dynamic security makes it a little awkward to setup a bean/interceptor that depends on an AuthenticationManager instance. We should create an AuthenticationManagerBean or some such that simplifies this. Right now you can do something like the following to create an instance that uses the security-jboss-beans.xml JNDIBasedSecurityManagement as a factory. The ProfileServiceAuthenticationManager bean can then be injected into the AuthenticationInterceptor:
| <bean name="ProfileServiceAuthenticationManager" class="org.jboss.security.AuthenticationManager">
| <constructor factoryMethod="getAuthenticationManager">
| <factory bean="JNDIBasedSecurityManagement"/>
| <parameter>profileservice</parameter>
| </constructor>
| </bean>
| <interceptor xmlns="urn:jboss:aop-beans:1.0" class="org.jboss.aspects.security.AuthenticationInterceptor">
| <constructor>
| <parameter><inject bean="ProfileServiceAuthenticationManager"/></parameter>
| </constructor>
| </interceptor>
|
2. The RoleBasedAuthorizationInterceptor depends on the older RealmMapping interface, and nothing directly provides access to this. I was able to use the JNDIBasedSecurityManagement.getAuthorizationManager instance as a RealmMapping instance using:
| <bean name="ProfileServiceAuthorizationManager" class="org.jboss.security.AuthorizationManager">
| <constructor factoryMethod="getAuthorizationManager">
| <factory bean="JNDIBasedSecurityManagement"/>
| <parameter>profileservice</parameter>
| </constructor>
| </bean>
| <interceptor xmlns="urn:jboss:aop-beans:1.0" class="org.jboss.aspects.security.RoleBasedAuthorizationInterceptor">
| <constructor>
| <parameter><inject bean="ProfileServiceAuthenticationManager"/></parameter>
| <parameter><inject bean="ProfileServiceAuthorizationManager"/></parameter>
| </constructor>
| </interceptor>
|
but this relies on the implementation details of the AuthorizationManager. We need a new RoleBasedAuthorizationInterceptor that uses the AuthorizationManager spi.
3. All of the *InterceptorFactory rely on hard-coded lookups of metadata from the advisor metadata api with fallbacks to jndi lookups. Because of the mc capabilities with specifying how a bean is created, these are probably all obsolete, but we should review them.
Generally we should just review what the current spis are and their associated beans and make sure the beans expose sufficient pojo based configuration, and that the aspects cover the use cases we want.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193084#4193084
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4193084
16 years