[Jboss-cvs] JBossAS SVN: r56199 - in trunk/ejb3/src: main/org/jboss/ejb3 main/org/jboss/ejb3/security test/org/jboss/ejb3/test/mdb
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Aug 23 17:37:13 EDT 2006
Author: bill.burke at jboss.com
Date: 2006-08-23 17:37:11 -0400 (Wed, 23 Aug 2006)
New Revision: 56199
Modified:
trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
trunk/ejb3/src/test/org/jboss/ejb3/test/mdb/QueueTestMDB.java
Log:
refactor of RunAs so that it works correctly with run-as-principal.
Modified: trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java 2006-08-23 21:05:36 UTC (rev 56198)
+++ trunk/ejb3/src/main/org/jboss/ejb3/Ejb3DescriptorHandler.java 2006-08-23 21:37:11 UTC (rev 56199)
@@ -1633,7 +1633,7 @@
private void addSecurityIdentityAnnotation(EJBContainer container,
SecurityIdentity identity)
{
- if (identity != null)
+ if (identity != null && !identity.isUseCallerIdentity())
{
RunAs runAs = identity.getRunAs();
if (runAs != null)
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java 2006-08-23 21:05:36 UTC (rev 56198)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptor.java 2006-08-23 21:37:11 UTC (rev 56199)
@@ -45,46 +45,22 @@
public class RunAsSecurityInterceptor extends org.jboss.aspects.security.RunAsSecurityInterceptor
{
private static final Logger log = Logger.getLogger(RunAsSecurityInterceptor.class);
-
- public RunAsSecurityInterceptor(AuthenticationManager manager, RealmMapping realmMapping)
+ private RunAsIdentity runAsIdentity;
+
+ public RunAsSecurityInterceptor(AuthenticationManager manager, RealmMapping realmMapping, RunAsIdentity id)
{
super(manager, realmMapping);
+ this.runAsIdentity = id;
}
-
+
protected RunAsIdentity getRunAsIdentity(Invocation invocation)
{
- RunAsIdentity runAsRole = null;
- RunAs runAs = (RunAs) invocation.resolveClassAnnotation(RunAs.class);
- if (runAs == null) return null;
- Principal principal = SecurityAssociation.getPrincipal();
- Set extraRoles = realmMapping.getUserRoles(principal);
- if (extraRoles != null)
- {
- Iterator roles = extraRoles.iterator();
- Set extraRoleNames = new HashSet();
- while (roles.hasNext())
- {
- extraRoleNames.add( ((Principal)roles.next()).getName());
- }
- if (principal == null)
- runAsRole = new RunAsIdentity(runAs.value(), null, extraRoleNames);
- else
- runAsRole = new RunAsIdentity(runAs.value(), principal.getName(), extraRoleNames);
- } else
- {
- runAsRole = new RunAsIdentity(runAs.value(), null);
- }
-
- return runAsRole;
+ return runAsIdentity;
}
-
+
public Object invoke(Invocation invocation) throws Throwable
{
- try
- {
- return super.invoke(invocation);
- } finally {
- }
+ return super.invoke(invocation);
}
}
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2006-08-23 21:05:36 UTC (rev 56198)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2006-08-23 21:37:11 UTC (rev 56199)
@@ -23,30 +23,67 @@
import javax.naming.InitialContext;
import javax.naming.NamingException;
+import javax.annotation.security.RunAs;
+
import org.jboss.aop.Advisor;
import org.jboss.aop.InstanceAdvisor;
import org.jboss.aop.advice.AspectFactory;
import org.jboss.aop.joinpoint.Joinpoint;
+import org.jboss.aop.joinpoint.Invocation;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityAssociation;
import org.jboss.ejb3.Container;
+import org.jboss.ejb3.EJBContainer;
+import org.jboss.ejb3.tx.NullInterceptor;
+import org.jboss.annotation.security.RunAsPrincipal;
+import java.security.Principal;
+import java.util.Set;
+import java.util.Iterator;
+import java.util.HashSet;
+
public class RunAsSecurityInterceptorFactory implements AspectFactory
{
private static final Logger log = Logger.getLogger(RunAsSecurityInterceptorFactory.class);
-
+
public Object createPerVM()
{
throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
}
+
+ protected RunAsIdentity getRunAsIdentity(EJBContainer container)
+ {
+ RunAs runAs = (RunAs) container.resolveAnnotation(RunAs.class);
+ if (runAs == null) return null;
+ if (container.getXml() != null && container.getXml().getSecurityIdentity() != null)
+ {
+ if (container.getXml().getSecurityIdentity().isUseCallerIdentity()) return null;
+ }
+ RunAsPrincipal rap = (RunAsPrincipal) container.resolveAnnotation(RunAsPrincipal.class);
+ String runAsPrincipal = null;
+ if (rap != null) runAsPrincipal = rap.value();
+
+ HashSet extraRoles = new HashSet(); // todo get extra mapped roles.
+
+ return new RunAsIdentity(runAs.value(), runAsPrincipal, extraRoles);
+ }
+
+
public Object createPerClass(Advisor advisor)
{
Object domain = null;
+ EJBContainer container = (EJBContainer)advisor;
+ RunAsIdentity runAsIdentity = getRunAsIdentity(container);
+ if (runAsIdentity == null)
+ {
+ return new NullInterceptor();
+ }
try
{
- Container container = (Container)advisor;
InitialContext ctx = container.getInitialContext();
org.jboss.annotation.security.SecurityDomain securityAnnotation = (org.jboss.annotation.security.SecurityDomain) advisor.resolveAnnotation(org.jboss.annotation.security.SecurityDomain.class);
domain = ctx.lookup("java:/jaas/" + securityAnnotation.value());
@@ -58,7 +95,7 @@
AuthenticationManager manager = (AuthenticationManager) domain;
RealmMapping mapping = (RealmMapping) domain;
if (manager == null) throw new RuntimeException("Unable to find Security Domain");
- return new RunAsSecurityInterceptor(manager, mapping);
+ return new RunAsSecurityInterceptor(manager, mapping, getRunAsIdentity(container));
}
public Object createPerInstance(Advisor advisor, InstanceAdvisor instanceAdvisor)
Modified: trunk/ejb3/src/test/org/jboss/ejb3/test/mdb/QueueTestMDB.java
===================================================================
--- trunk/ejb3/src/test/org/jboss/ejb3/test/mdb/QueueTestMDB.java 2006-08-23 21:05:36 UTC (rev 56198)
+++ trunk/ejb3/src/test/org/jboss/ejb3/test/mdb/QueueTestMDB.java 2006-08-23 21:37:11 UTC (rev 56199)
@@ -70,7 +70,7 @@
++TestStatusBean.queueRan;
TestStatusBean.messageCount = count;
- System.out.println("*** QueueTestMDB onMessage " + TestStatusBean.queueRan + " " + count + " " + this);
+ System.out.println("+++ QueueTestMDB onMessage " + TestStatusBean.queueRan + " " + count + " " + this);
testInjections();
@@ -82,6 +82,8 @@
{
e.printStackTrace();
}
+ System.out.println("--- QueueTestMDB onMessage " + TestStatusBean.queueRan + " " + count + " " + this);
+
}
protected void testInjections()
More information about the jboss-cvs-commits
mailing list