[jboss-cvs] JBossAS SVN: r59050 - in trunk/server/src/main/org/jboss/deployment: . security
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Dec 14 11:53:08 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-12-14 11:53:07 -0500 (Thu, 14 Dec 2006)
New Revision: 59050
Added:
trunk/server/src/main/org/jboss/deployment/security/
trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java
trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java
trunk/server/src/main/org/jboss/deployment/security/JaccPolicyUtil.java
trunk/server/src/main/org/jboss/deployment/security/SecurityDeployer.java
Log:
JBAS-3932: security deployer
Added: trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java 2006-12-14 16:52:21 UTC (rev 59049)
+++ trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java 2006-12-14 16:53:07 UTC (rev 59050)
@@ -0,0 +1,179 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.deployers.spi.deployer.DeploymentUnit;
+import org.jboss.ejb.EJBPermissionMapping;
+import org.jboss.logging.Logger;
+import org.jboss.metadata.BeanMetaData;
+import org.jboss.metadata.MetaData;
+import org.jboss.metadata.WebMetaData;
+import org.jboss.web.WebPermissionMapping;
+
+//$Id$
+
+/**
+ * A Service Bean representing the JACC Policy for the top level deployment
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 11, 2006
+ * @version $Revision$
+ */
+public class JaccPolicy implements JaccPolicyMBean
+{
+ private static Logger log = Logger.getLogger(JaccPolicy.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private PolicyConfiguration parentPC = null;
+ private String contextID = null;
+
+ private List<String> subDeployments = new ArrayList<String>();
+
+ public static String BASE_OBJECT_NAME = "jboss:service=jacc,id=";
+
+ /**
+ * Ctr
+ * @param id Jacc Context Id for the top level deployment
+ * @throws IllegalArgumentException if id passed is null
+ */
+ public JaccPolicy(String id, DeploymentUnit unit, Collection<String> ignoreSuffix)
+ {
+ if(id == null)
+ throw new IllegalArgumentException("Jacc Context Id passed is null");
+ this.contextID = id;
+ subDeployments.addAll(JaccPolicyUtil.getJaccDeployments(unit, ignoreSuffix));
+ }
+
+ /**
+ * @see JaccPolicyMBean#create()
+ */
+ public void create()
+ {
+ try
+ {
+ PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ parentPC = pcf.getPolicyConfiguration(contextID, true);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException("Cannot initialize policy configuration:",e);
+ }
+ }
+
+ /**
+ * @see JaccPolicyMBean#destroy()
+ */
+ public void destroy()
+ {
+ }
+
+ /**
+ * @see JaccPolicyMBean#start()
+ */
+ public void start()
+ {
+ /**
+ * We cannot start the policy configuration until all the subdeployments
+ * have linked
+ */
+ }
+
+ /**
+ * @see JaccPolicyMBean#stop()
+ */
+ public void stop()
+ {
+ }
+
+ /**
+ * @see JaccPolicyMBean#createPermissions(MetaData, String, PolicyConfiguration)
+ */
+ public PolicyConfiguration createPermissions(MetaData metadata, String jaccID,
+ PolicyConfiguration pc)
+ throws PolicyContextException
+ {
+ if(metadata instanceof WebMetaData)
+ {
+ WebMetaData wmd = (WebMetaData)metadata;
+ if(pc == null)
+ pc = createPolicyConfiguration(jaccID, true);
+ WebPermissionMapping.createPermissions(wmd, pc);
+ }
+ else
+ if(metadata instanceof BeanMetaData)
+ {
+ BeanMetaData bmd = (BeanMetaData)metadata;
+ if(pc == null)
+ pc = createPolicyConfiguration(jaccID, true);
+ EJBPermissionMapping.createPermissions(bmd, pc);
+ }
+ else
+ throw new IllegalStateException("Unknown metadata");
+ return pc;
+ }
+
+
+ /**
+ * @see JaccPolicyMBean#link(PolicyConfiguration)
+ */
+ public void link(PolicyConfiguration pc) throws PolicyContextException
+ {
+ if(trace)
+ log.trace("Linking " + pc + " to parent pc=" + parentPC);
+ parentPC.linkConfiguration(pc);
+ this.subDeployments.remove(pc.getContextID());
+ if(this.subDeployments.size() == 0)
+ parentPC.commit(); //Ready to be inService
+ }
+
+ /**
+ * Create a Policy Configuration from the factory
+ * @param jaccid Jacc Context ID
+ * @param removeAllPerms Whether the policy configuration that is obtained
+ * needs to be a fresh one (such that old permissions are removed)
+ * @return policy configuration
+ * @throws RuntimeException initialization of PC fails
+ */
+ private PolicyConfiguration createPolicyConfiguration(String jaccid, boolean removeAllPerms)
+ {
+ if(jaccid == null)
+ throw new IllegalArgumentException("Jacc id is null");
+ PolicyConfiguration pc = null;
+ try
+ {
+ PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ pc = pcf.getPolicyConfiguration(jaccid, removeAllPerms);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException("Cannot initialize policy configuration:",e);
+ }
+ return pc;
+ }
+}
Added: trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java 2006-12-14 16:52:21 UTC (rev 59049)
+++ trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java 2006-12-14 16:53:07 UTC (rev 59050)
@@ -0,0 +1,62 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.metadata.MetaData;
+
+//$Id$
+
+/**
+ * Service contract for the JaccPolicy
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 11, 2006
+ * @version $Revision$
+ */
+public interface JaccPolicyMBean
+{
+ public void create();
+ public void destroy();
+ public void start();
+ public void stop();
+
+ /**
+ * Create the permissions from the metadata passed
+ * @param metadata WebMetaData,BeanMetaData etc
+ * @param jaccID Jacc Context ID
+ * @param pc Prebuilt policy configuration or pass null to create a fresh one
+ * @return Policy Configuration that is populated with the permissions
+ * @throws PolicyContextException
+ * @throws RuntimeException if the metadata is unknown
+ */
+ public PolicyConfiguration createPermissions(MetaData metadata, String jaccID,
+ PolicyConfiguration pc) throws PolicyContextException;
+
+ /**
+ * Link the policy Configuration with the top-level policy configuration
+ * @param pc
+ * @throws PolicyContextException
+ */
+ public void link(PolicyConfiguration pc) throws PolicyContextException;
+}
Added: trunk/server/src/main/org/jboss/deployment/security/JaccPolicyUtil.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/JaccPolicyUtil.java 2006-12-14 16:52:21 UTC (rev 59049)
+++ trunk/server/src/main/org/jboss/deployment/security/JaccPolicyUtil.java 2006-12-14 16:53:07 UTC (rev 59050)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Set;
+
+import org.jboss.deployers.spi.deployer.DeploymentUnit;
+import org.jboss.deployers.spi.structure.DeploymentContext;
+import org.jboss.system.metadata.ServiceAttributeMetaData;
+import org.jboss.system.metadata.ServiceDependencyValueMetaData;
+
+//$Id$
+
+/**
+ * Static class with common methods used for jacc deployment processing
+ * TODO: Remove this class when the MC has the util methods
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 11, 2006
+ * @version $Revision$
+ */
+public class JaccPolicyUtil
+{
+ /**
+ * Given the current deployment, get the object name of the jaccpolicy
+ * that is driving the top-level deployment
+ * @param unit
+ * @return
+ */
+ public static String getJaccPolicyServiceName(DeploymentUnit unit)
+ {
+ DeploymentUnit du = getTopLevelDeployment(unit);
+ return JaccPolicy.BASE_OBJECT_NAME + du.getSimpleName();
+ }
+
+ public static boolean isTopLevelDeployment(DeploymentUnit unit)
+ {
+ return unit.getDeploymentContext().isTopLevel();
+ }
+
+ /**
+ * Given a deployment unit, get all the deployments underneath
+ * that are valid Jacc deployments (ejbs,wars)
+ * @param unit
+ * @param ignoreSuffix (ignore "xml","beans", "deployer" etc)
+ * @return
+ */
+ public static List<String> getJaccDeployments(DeploymentUnit unit,
+ Collection<String> ignoreSuffix)
+ {
+ ArrayList<String> list = new ArrayList<String>();
+ DeploymentContext dc = unit.getDeploymentContext();
+ Set<DeploymentContext> dcset = dc.getChildren();
+ for(DeploymentContext childDC: dcset)
+ {
+ String childName = childDC.getSimpleName();
+ boolean tobeIgnored = false;
+ //Go through the ignore list
+ for(String ignoreStr: ignoreSuffix)
+ {
+ tobeIgnored = false;
+ if(childName.endsWith(ignoreStr))
+ {
+ tobeIgnored = true;
+ break;
+ }
+ }
+ //Check if it is a "jar" file, then it must be ejb deployment to consider
+ if(childName.endsWith("jar") && !tobeIgnored
+ && !isEJBDeployment(childDC.getDeploymentUnit()))
+ continue;
+ if(!tobeIgnored)
+ list.add(childName);
+ }
+ return list;
+ }
+
+ /**
+ * Get the service attribute metadata that will add dependence on the JaccPolicy
+ * @param unit
+ * @return
+ */
+ public static ServiceAttributeMetaData getServiceAttributeMetaData(DeploymentUnit unit)
+ {
+ ServiceAttributeMetaData jaccAttr = new ServiceAttributeMetaData();
+ jaccAttr.setName("JaccPolicy");
+ ServiceDependencyValueMetaData jaccDepends = new ServiceDependencyValueMetaData();
+ jaccDepends.setDependency(getJaccPolicyServiceName(unit));
+ jaccDepends.setProxyType("attribute");
+ jaccAttr.setValue(jaccDepends);
+ return jaccAttr;
+ }
+
+ //TODO:Replace with ejb3 deployment logic
+ private static boolean isEJBDeployment(DeploymentUnit du)
+ {
+ boolean ejbxml = du.getMetaDataFile("ejb-jar.xml") != null;
+ boolean jbossxml = du.getMetaDataFile("jboss.xml") != null;
+ return ejbxml || jbossxml;
+ }
+
+ /**
+ * Given a deployment unit, return the top-level deployment unit
+ * @param unit
+ * @return
+ */
+ private static DeploymentUnit getTopLevelDeployment(DeploymentUnit unit)
+ {
+ //TODO: Use the unit.getParent when available
+ DeploymentContext parentContext = unit.getDeploymentContext();
+ while(parentContext.isTopLevel() == false)
+ parentContext = parentContext.getParent();
+ return parentContext.getDeploymentUnit();
+ }
+}
Added: trunk/server/src/main/org/jboss/deployment/security/SecurityDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/SecurityDeployer.java 2006-12-14 16:52:21 UTC (rev 59049)
+++ trunk/server/src/main/org/jboss/deployment/security/SecurityDeployer.java 2006-12-14 16:53:07 UTC (rev 59050)
@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import java.util.Collection;
+import java.util.HashSet;
+
+import javax.management.ObjectName;
+
+import org.jboss.deployers.plugins.deployer.AbstractSimpleDeployer;
+import org.jboss.deployers.spi.DeploymentException;
+import org.jboss.deployers.spi.deployer.DeploymentUnit;
+import org.jboss.system.metadata.ServiceConstructorMetaData;
+import org.jboss.system.metadata.ServiceMetaData;
+
+//$Id$
+
+/**
+ * Security Deployer that does Jacc initialization
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Dec 11, 2006
+ * @version $Revision$
+ */
+public class SecurityDeployer extends AbstractSimpleDeployer
+{
+ private HashSet<String> ignoreSuffixes = null;
+
+ public SecurityDeployer()
+ {
+ this.setRelativeOrder(this.COMPONENT_DEPLOYER - 1);
+ }
+
+ public void setIgnoreSuffixes(HashSet<String> suffixSet)
+ {
+ this.ignoreSuffixes = suffixSet;
+ }
+
+ @Override
+ public void deploy(DeploymentUnit unit ) throws DeploymentException
+ {
+ if(JaccPolicyUtil.isTopLevelDeployment(unit) == false)
+ return;
+
+ //Ignore some of the extensions
+ String contextId = unit.getSimpleName();
+ if(contextId.endsWith("xml"))
+ return;
+ //Create a Service Bean for the JACC Policy
+ ServiceMetaData jaccPolicy = new ServiceMetaData();
+ jaccPolicy.setCode(JaccPolicy.class.getName());
+ try
+ {
+ jaccPolicy.setObjectName(new ObjectName(JaccPolicy.BASE_OBJECT_NAME + contextId));
+ }
+ catch (Exception e)
+ {
+ }
+
+ //Provide a constructor for the service bean
+ ServiceConstructorMetaData constructor = new ServiceConstructorMetaData();
+ constructor.setSignature(new String[] { String.class.getName(),
+ DeploymentUnit.class.getName(), Collection.class.getName()});
+ constructor.setParameters(new Object[] {contextId, unit, ignoreSuffixes});
+ jaccPolicy.setConstructor(constructor);
+
+ //Now add this service bean to the unit
+ unit.addAttachment("jboss.jaccpolicy",jaccPolicy, ServiceMetaData.class);
+ }
+
+ @Override
+ public void undeploy(DeploymentUnit unit )
+ {
+ unit.removeAttachment("jboss.jaccpolicy", ServiceMetaData.class);
+ }
+}
More information about the jboss-cvs-commits
mailing list