[jboss-cvs] JBossAS SVN: r59052 - trunk/server/src/main/org/jboss/web/deployers
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Dec 14 11:57:44 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-12-14 11:57:43 -0500 (Thu, 14 Dec 2006)
New Revision: 59052
Modified:
trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployer.java
trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
trunk/server/src/main/org/jboss/web/deployers/WebModule.java
trunk/server/src/main/org/jboss/web/deployers/WebModuleMBean.java
Log:
JBAS-3932: security deployer with permission creation delegated to JaccPolicy service bean and dependence of component deployers on JaccPolicy service bean
Modified: trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployer.java 2006-12-14 16:55:42 UTC (rev 59051)
+++ trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployer.java 2006-12-14 16:57:43 UTC (rev 59052)
@@ -34,17 +34,16 @@
import javax.management.MBeanServer;
import javax.management.ObjectName;
-import org.jboss.deployers.plugins.deployers.helpers.AbstractSimpleRealDeployer;
-import org.jboss.deployers.plugins.deployers.helpers.AttachmentLocator;
+import org.jboss.deployers.plugins.deployers.helpers.AbstractSimpleRealDeployer;
import org.jboss.deployers.spi.DeploymentException;
import org.jboss.deployers.spi.deployer.DeploymentUnit;
-import org.jboss.deployers.spi.structure.DeploymentContext;
-import org.jboss.deployment.J2eeApplicationMetaData;
-import org.jboss.deployment.J2eeModuleMetaData;
+import org.jboss.deployers.spi.structure.DeploymentContext;
+import org.jboss.deployment.security.JaccPolicyUtil;
import org.jboss.metadata.WebMetaData;
import org.jboss.mx.util.MBeanServerLocator;
+import org.jboss.system.metadata.ServiceAttributeMetaData;
import org.jboss.system.metadata.ServiceConstructorMetaData;
-import org.jboss.system.metadata.ServiceDependencyMetaData;
+import org.jboss.system.metadata.ServiceDependencyMetaData;
import org.jboss.system.metadata.ServiceMetaData;
import org.jboss.system.server.ServerConfig;
import org.jboss.system.server.ServerConfigLocator;
@@ -100,7 +99,7 @@
/** The request attribute name under which the JAAS Subject is store */
private String subjectAttributeName = null;
/** Legacy support for MBeanServer */
- private MBeanServer server;
+ private MBeanServer server;
/**
* Set the relative order to COMPONENT_DEPLOYER+1 by default
@@ -234,7 +233,7 @@
public void setSubjectAttributeName(String subjectAttributeName)
{
this.subjectAttributeName = subjectAttributeName;
- }
+ }
public void start() throws Exception
{
@@ -295,6 +294,13 @@
* the root url.
*/
String warName = unit.getName();
+
+ /**
+ * Ignore the jacc policy service bean
+ */
+ if(warName.startsWith("jboss:") && warName.contains("id="))
+ return;
+
URL expWarUrl = unit.getDeploymentContext().getRoot().toURL();
if (warName.endsWith("/") == false
// Hack for jar urls being exposed
@@ -599,6 +605,15 @@
sdmd.setIDependOn(iDependOn);
}
webModule.setDependencies(dependencies);
+
+ //Add a dependence on the jacc policy only if we are not the top-level deployment
+ if(!JaccPolicyUtil.isTopLevelDeployment(unit))
+ {
+ //set attributes
+ List<ServiceAttributeMetaData> attrs = new ArrayList<ServiceAttributeMetaData>();
+ attrs.add(JaccPolicyUtil.getServiceAttributeMetaData(unit));
+ webModule.setAttributes(attrs);
+ }
// TODO could create multiple components for the deployment
unit.addAttachment(ServiceMetaData.class, webModule);
@@ -606,7 +621,6 @@
catch (Exception e)
{
throw DeploymentException.rethrowAsDeploymentException("Error creating rar deployment " + unit.getName(), e);
- }
-
- }
+ }
+ }
}
Modified: trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2006-12-14 16:55:42 UTC (rev 59051)
+++ trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2006-12-14 16:57:43 UTC (rev 59052)
@@ -37,11 +37,10 @@
import javax.naming.LinkRef;
import javax.naming.NamingException;
import javax.security.jacc.PolicyConfiguration;
-import javax.security.jacc.PolicyConfigurationFactory;
-import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.PolicyConfigurationFactory;
-import org.jboss.deployers.spi.deployer.DeploymentUnit;
-import org.jboss.deployers.spi.structure.DeploymentContext;
+import org.jboss.deployers.spi.deployer.DeploymentUnit;
+import org.jboss.deployment.security.JaccPolicyMBean;
import org.jboss.ejb.EjbUtil50;
import org.jboss.logging.Logger;
import org.jboss.metadata.EjbLocalRefMetaData;
@@ -57,8 +56,7 @@
import org.jboss.naming.Util;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.web.WebApplication;
-import org.jboss.web.WebPermissionMapping;
+import org.jboss.web.WebApplication;
import org.omg.CORBA.ORB;
/**
@@ -110,33 +108,15 @@
* The default security-domain name to use
*/
protected String defaultSecurityDomain;
+
+ protected JaccPolicyMBean jaccPolicy;
public AbstractWarDeployment()
{
log = Logger.getLogger(getClass());
}
-
+
/**
- * A utility method that takes a deployment unit name and strips it down to the base war
- * name without the .war suffix.
- * @param name - the DeploymentUnit name.
- */
- public static String shortNameFromDeploymentName(String name)
- {
- String shortName = name.trim();
- String[] parts = name.split("/|\\.|\\!");
- if( parts.length > 1 )
- {
- // If it ends in .war, use the previous part
- if( parts[parts.length-1].equals("war") )
- shortName = parts[parts.length-2];
- // else use the last part
- else
- shortName = parts[parts.length-1];
- }
- return shortName;
- }
- /**
* Utility method that builds a string url based on the ServerConfig.SERVER_HOME_URL system
* property and the input url. If the input url is under the SERVER_HOME_URL, the SERVER_HOME_URL
* prefix is replaced with ".../".
@@ -265,6 +245,17 @@
this.defaultSecurityDomain = defaultSecurityDomain;
}
+
+ public JaccPolicyMBean getJaccPolicy()
+ {
+ return jaccPolicy;
+ }
+
+ public void setJaccPolicy(JaccPolicyMBean jaccPolicy)
+ {
+ this.jaccPolicy = jaccPolicy;
+ }
+
/**
* A template pattern implementation of the deploy() method. This method
* calls the {@link #performDeploy(WebApplication, String,
@@ -330,22 +321,34 @@
// Register the permissions with the JACC layer
String contextID = metaData.getJaccContextID();
if( contextID == null )
- contextID = shortNameFromDeploymentName(di.getName());
+ contextID = di.getSimpleName();
metaData.setJaccContextID(contextID);
- PolicyConfigurationFactory pcFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ /*PolicyConfigurationFactory pcFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
PolicyConfiguration pc = pcFactory.getPolicyConfiguration(contextID, true);
- createPermissions(metaData, pc);
+ createPermissions(metaData, pc);*/
// Link this to the parent PC
- DeploymentContext current = di.getDeploymentContext();
+ /*DeploymentContext current = di.getDeploymentContext();
while (current.getParent() != null)
current = current.getParent();
PolicyConfiguration parentPC =
current.getTransientAttachments().getAttachment(PolicyConfiguration.class);
if (parentPC != null && parentPC != pc)
- parentPC.linkConfiguration(pc);
+ parentPC.linkConfiguration(pc);*/
+
+ //Link it to the top-level deployment parent policy configuration
+ if(log.isTraceEnabled())
+ log.trace("Jacc Policy injected="+jaccPolicy != null);
+ PolicyConfiguration pc = null;
+ if(jaccPolicy != null)
+ {
+ if(log.isTraceEnabled())
+ log.trace("Jacc Policy linking to top-level policyConfiguration");
+ pc = jaccPolicy.createPermissions(metaData, contextID, pc);
+ jaccPolicy.link(pc);
+ // Commit the policy configuration
+ pc.commit();
+ }
- // Commit the policy configuration
- pc.commit();
// Allow the policy to incorporate the policy configs
Policy.getPolicy().refresh();
@@ -823,19 +826,5 @@
URL url = urls[u];
urlSet.add(url.toExternalForm());
}
- }
-
- /**
- * Create the JACC permission based on the security constraints obtained from
- * the web.xml metadata.
- * @param metaData
- * @param pc
- * @throws PolicyContextException
- */
- protected void createPermissions(WebMetaData metaData, PolicyConfiguration pc)
- throws PolicyContextException
- {
- WebPermissionMapping.createPermissions(metaData, pc);
- }
-
+ }
}
Modified: trunk/server/src/main/org/jboss/web/deployers/WebModule.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/WebModule.java 2006-12-14 16:55:42 UTC (rev 59051)
+++ trunk/server/src/main/org/jboss/web/deployers/WebModule.java 2006-12-14 16:57:43 UTC (rev 59052)
@@ -22,7 +22,8 @@
package org.jboss.web.deployers;
import org.jboss.deployers.spi.deployer.DeploymentUnit;
-import org.jboss.deployment.DeploymentException;
+import org.jboss.deployment.DeploymentException;
+import org.jboss.deployment.security.JaccPolicyMBean;
import org.jboss.logging.Logger;
import org.jboss.metadata.WebMetaData;
import org.jboss.web.WebApplication;
@@ -48,6 +49,9 @@
private DeploymentUnit di;
private AbstractWarDeployer container;
private AbstractWarDeployment deployment;
+
+ /** Jacc Policy for top-level deployment */
+ private JaccPolicyMBean jaccPolicy;
public WebModule(DeploymentUnit di, AbstractWarDeployer container,
AbstractWarDeployment deployment)
@@ -55,7 +59,17 @@
this.di = di;
this.container = container;
this.deployment = deployment;
- }
+ }
+
+ public JaccPolicyMBean getJaccPolicy()
+ {
+ return jaccPolicy;
+ }
+
+ public void setJaccPolicy(JaccPolicyMBean jaccPolicy)
+ {
+ this.jaccPolicy = jaccPolicy;
+ }
public void create()
{
@@ -85,6 +99,8 @@
{
// Get the war URL
WebMetaData metaData = di.getAttachment(WebMetaData.class);
+ //Add the jacc policy
+ deployment.setJaccPolicy(jaccPolicy);
WebApplication webApp = deployment.start(di, metaData);
String warURL = di.getName();
container.addDeployedApp(warURL, webApp);
Modified: trunk/server/src/main/org/jboss/web/deployers/WebModuleMBean.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/WebModuleMBean.java 2006-12-14 16:55:42 UTC (rev 59051)
+++ trunk/server/src/main/org/jboss/web/deployers/WebModuleMBean.java 2006-12-14 16:57:43 UTC (rev 59052)
@@ -20,6 +20,8 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.web.deployers;
+
+import org.jboss.deployment.security.JaccPolicyMBean;
/** The standard mbean service interface for the WebModule
* @author Scott.Stark at jboss.org
@@ -31,4 +33,8 @@
public void start() throws Exception;
public void stop() throws Exception;
public void destroy() throws Exception;
+
+ /** For top-level jacc policy */
+ public JaccPolicyMBean getJaccPolicy();
+ public void setJaccPolicy(JaccPolicyMBean jp);
}
More information about the jboss-cvs-commits
mailing list