[jboss-cvs] JBossAS SVN: r58441 - in trunk/server/src/main/org/jboss: ejb/plugins metadata
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Nov 16 01:27:30 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-11-16 01:27:24 -0500 (Thu, 16 Nov 2006)
New Revision: 58441
Modified:
trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java
trunk/server/src/main/org/jboss/metadata/AssemblyDescriptorMetaData.java
trunk/server/src/main/org/jboss/metadata/WebMetaData.java
Log:
merge from JEE_TCK branch -r 57088:HEAD
Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-11-16 06:24:51 UTC (rev 58440)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-11-16 06:27:24 UTC (rev 58441)
@@ -26,13 +26,14 @@
import org.jboss.metadata.ApplicationMetaData;
import org.jboss.metadata.AssemblyDescriptorMetaData;
import org.jboss.metadata.BeanMetaData;
-import org.jboss.metadata.SecurityIdentityMetaData;
+import org.jboss.metadata.SecurityIdentityMetaData;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SecurityContext.SubjectInfo;
import org.jboss.security.audit.AuditContext;
import org.jboss.security.audit.AuditEvent;
@@ -45,8 +46,8 @@
import org.jboss.system.Registry;
import java.security.CodeSource;
-import java.security.Principal;
-import java.util.HashMap;
+import java.security.Principal;
+import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.lang.reflect.Method;
@@ -91,6 +92,9 @@
// A map of SecurityRolesMetaData from jboss.xml
protected Map securityRoles;
+
+ //A map of principal versus roles from jboss-app.xml/jboss.xml
+ protected Map deploymentRoles;
// The observer to be notified when principal authentication fails.
// This is a hook for the CSIv2 code. The authenticationObserver may
@@ -120,7 +124,8 @@
ApplicationMetaData applicationMetaData = beanMetaData.getApplicationMetaData();
AssemblyDescriptorMetaData assemblyDescriptor = applicationMetaData.getAssemblyDescriptor();
securityRoles = assemblyDescriptor.getSecurityRoles();
-
+ deploymentRoles = assemblyDescriptor.getPrincipalVersusRolesMap();
+
SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData();
if (secMetaData != null && secMetaData.getUseCallerIdentity() == false)
{
@@ -179,6 +184,8 @@
{
SecurityActions.popRunAsIdentity();
SecurityActions.popSubjectContext();
+ //Clear the SecurityContext
+ SecurityActions.clearSecurityContext(appSecurityDomain);
}
}
@@ -203,6 +210,8 @@
{
SecurityActions.popRunAsIdentity();
SecurityActions.popSubjectContext();
+ //Clear the SecurityContext
+ SecurityActions.clearSecurityContext(appSecurityDomain);
}
}
@@ -278,6 +287,9 @@
return;
// Get the caller
Subject caller = getContextCallerSubject();
+
+ //Establish the deployment rolename-principalset custom mapping(if available)
+ SecurityRolesAssociation.setSecurityRoles(this.deploymentRoles);
final HashMap map = new HashMap();
map.put(ResourceKeys.EJB_NAME ,this.ejbName);
@@ -288,7 +300,8 @@
map.put(ResourceKeys.CALLER_SUBJECT, caller);
map.put(ResourceKeys.AUTHORIZATION_MANAGER,authorizationManager);
map.put(ResourceKeys.RUNASIDENTITY, callerRunAsIdentity);
- map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
+ map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
+
EJBResource ejbResource = new EJBResource(map);
boolean isAuthorized = false;
try
@@ -397,5 +410,5 @@
si.setAuthenticationPrincipal(p);
jsc.setSubjectInfo(si);
SecurityActions.setSecurityContext(jsc, domain);
- }
+ }
}
Modified: trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java 2006-11-16 06:24:51 UTC (rev 58440)
+++ trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java 2006-11-16 06:27:24 UTC (rev 58441)
@@ -225,7 +225,8 @@
of the ejb spec requirement that runtime exceptions should invalidate
the session.
*/
- SecurityActions.pushSubjectContext(mi.getPrincipal(), mi.getCredential(), null);
+ if(SecurityActions.peekRunAsIdentity() == null)
+ SecurityActions.pushSubjectContext(mi.getPrincipal(), mi.getCredential(), null);
lock.sync();
try
Modified: trunk/server/src/main/org/jboss/metadata/AssemblyDescriptorMetaData.java
===================================================================
--- trunk/server/src/main/org/jboss/metadata/AssemblyDescriptorMetaData.java 2006-11-16 06:24:51 UTC (rev 58440)
+++ trunk/server/src/main/org/jboss/metadata/AssemblyDescriptorMetaData.java 2006-11-16 06:27:24 UTC (rev 58441)
@@ -21,6 +21,7 @@
*/
package org.jboss.metadata;
+import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -32,6 +33,7 @@
* This implementation only contains the security-role meta data
*
* @author Thomas.Diesler at jboss.org
+ * @author Anil.Saldhana at jboss.org
* @version $Revision$
*/
public class AssemblyDescriptorMetaData extends MetaData
@@ -40,11 +42,11 @@
private HashMap securityRoles = new HashMap();
/** The message destinations */
- private HashMap messageDestinations = new HashMap();
+ private HashMap messageDestinations = new HashMap();
public void addSecurityRoleMetaData(SecurityRoleMetaData srMetaData)
{
- securityRoles.put(srMetaData.getRoleName(), srMetaData);
+ securityRoles.put(srMetaData.getRoleName(), srMetaData);
}
public Map getSecurityRoles()
@@ -74,7 +76,7 @@
{
securityRoles.put(roleName, entry.getValue());
}
- }
+ }
}
public SecurityRoleMetaData getSecurityRoleByName(String roleName)
@@ -95,6 +97,36 @@
return roleNames;
}
+ /**
+ * Generate a Map of Principal keyed against a set of role names
+ * @return
+ */
+ public Map getPrincipalVersusRolesMap()
+ {
+ Map principalRolesMap = null;
+
+ Iterator iter = securityRoles.keySet().iterator();
+ while(iter.hasNext())
+ {
+ if(principalRolesMap == null)
+ principalRolesMap = new HashMap();
+ String rolename = (String)iter.next();
+ SecurityRoleMetaData srm = (SecurityRoleMetaData) securityRoles.get(rolename);
+ Iterator principalIter = srm.getPrincipals().iterator();
+ while(principalIter.hasNext())
+ {
+ String pr = (String)principalIter.next();
+ Set roleset = (Set)principalRolesMap.get(pr);
+ if(roleset == null)
+ roleset = new HashSet();
+ if(!roleset.contains(rolename))
+ roleset.add(rolename);
+ principalRolesMap.put(pr, roleset);
+ }
+ }
+ return principalRolesMap;
+ }
+
public void addMessageDestinationMetaData(MessageDestinationMetaData metaData)
{
messageDestinations.put(metaData.getName(), metaData);
@@ -103,5 +135,5 @@
public MessageDestinationMetaData getMessageDestinationMetaData(String name)
{
return (MessageDestinationMetaData) messageDestinations.get(name);
- }
+ }
}
Modified: trunk/server/src/main/org/jboss/metadata/WebMetaData.java
===================================================================
--- trunk/server/src/main/org/jboss/metadata/WebMetaData.java 2006-11-16 06:24:51 UTC (rev 58440)
+++ trunk/server/src/main/org/jboss/metadata/WebMetaData.java 2006-11-16 06:27:24 UTC (rev 58441)
@@ -835,6 +835,37 @@
}
return roleNames;
}
+
+ /**
+ * Get a map of principals versus set of roles
+ * that may be configured by the user at the deployment level
+ * @return
+ */
+ public Map getPrincipalVersusRolesMap()
+ {
+ Map principalRolesMap = null;
+
+ Iterator iter = securityRoles.keySet().iterator();
+ while(iter.hasNext())
+ {
+ if(principalRolesMap == null)
+ principalRolesMap = new HashMap();
+ String rolename = (String)iter.next();
+ SecurityRoleMetaData srm = (SecurityRoleMetaData) securityRoles.get(rolename);
+ Iterator principalIter = srm.getPrincipals().iterator();
+ while(principalIter.hasNext())
+ {
+ String pr = (String)principalIter.next();
+ Set roleset = (Set)principalRolesMap.get(pr);
+ if(roleset == null)
+ roleset = new HashSet();
+ if(!roleset.contains(rolename))
+ roleset.add(rolename);
+ principalRolesMap.put(pr, roleset);
+ }
+ }
+ return principalRolesMap;
+ }
/**
* Access the RunAsIdentity associated with the given servlet
More information about the jboss-cvs-commits
mailing list