[jboss-cvs] JBossAS SVN: r58045 - branches/JEE5_TCK/server/src/main/org/jboss/ejb/plugins
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Nov 2 23:52:27 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-11-02 23:52:26 -0500 (Thu, 02 Nov 2006)
New Revision: 58045
Modified:
branches/JEE5_TCK/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
Log:
JBAS-3815: pass the deployment level role mapping to authorization manager
Modified: branches/JEE5_TCK/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- branches/JEE5_TCK/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-11-03 04:48:36 UTC (rev 58044)
+++ branches/JEE5_TCK/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-11-03 04:52:26 UTC (rev 58045)
@@ -26,14 +26,14 @@
import org.jboss.metadata.ApplicationMetaData;
import org.jboss.metadata.AssemblyDescriptorMetaData;
import org.jboss.metadata.BeanMetaData;
-import org.jboss.metadata.SecurityIdentityMetaData;
+import org.jboss.metadata.SecurityIdentityMetaData;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SimpleGroup;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SecurityContext.SubjectInfo;
import org.jboss.security.audit.AuditContext;
import org.jboss.security.audit.AuditEvent;
@@ -46,9 +46,8 @@
import org.jboss.system.Registry;
import java.security.CodeSource;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.HashMap;
+import java.security.Principal;
+import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.lang.reflect.Method;
@@ -93,6 +92,9 @@
// A map of SecurityRolesMetaData from jboss.xml
protected Map securityRoles;
+
+ //A map of principal versus roles from jboss-app.xml/jboss.xml
+ protected Map deploymentRoles;
// The observer to be notified when principal authentication fails.
// This is a hook for the CSIv2 code. The authenticationObserver may
@@ -122,7 +124,8 @@
ApplicationMetaData applicationMetaData = beanMetaData.getApplicationMetaData();
AssemblyDescriptorMetaData assemblyDescriptor = applicationMetaData.getAssemblyDescriptor();
securityRoles = assemblyDescriptor.getSecurityRoles();
-
+ deploymentRoles = assemblyDescriptor.getPrincipalVersusRolesMap();
+
SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData();
if (secMetaData != null && secMetaData.getUseCallerIdentity() == false)
{
@@ -284,6 +287,9 @@
return;
// Get the caller
Subject caller = getContextCallerSubject();
+
+ //Establish the deployment rolename-principalset custom mapping(if available)
+ SecurityRolesAssociation.setSecurityRoles(this.deploymentRoles);
final HashMap map = new HashMap();
map.put(ResourceKeys.EJB_NAME ,this.ejbName);
@@ -294,7 +300,8 @@
map.put(ResourceKeys.CALLER_SUBJECT, caller);
map.put(ResourceKeys.AUTHORIZATION_MANAGER,authorizationManager);
map.put(ResourceKeys.RUNASIDENTITY, callerRunAsIdentity);
- map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
+ map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
+
EJBResource ejbResource = new EJBResource(map);
boolean isAuthorized = false;
try
More information about the jboss-cvs-commits
mailing list