[jboss-cvs] JBossAS SVN: r57275 - in branches/JBoss_4_0_2_CP: connector/src/main/org/jboss/resource/security security security/src/main/org/jboss/security/plugins server/src/main/org/jboss/ejb server/src/main/org/jboss/ejb/plugins server/src/main/org/jboss/security testsuite/src/main/org/jboss/test/security/ejb testsuite/src/main/org/jboss/test/security/ejb/jbas1852 testsuite/src/main/org/jboss/test/security/test testsuite/src/resources/security-spec/META-INF
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Sep 28 23:21:35 EDT 2006
Author: ryan.campbell at jboss.com
Date: 2006-09-28 23:21:14 -0400 (Thu, 28 Sep 2006)
New Revision: 57275
Added:
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/CallerFacadeBean.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/FacadeTargetBean.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PrivateSessionBean.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionBean.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionFacade.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/Session.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacade.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacadeHome.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionHome.java
Removed:
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PrivateSessionBean.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionBean.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionFacade.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/Session.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacade.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacadeHome.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionHome.java
Modified:
branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java
branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java
branches/JBoss_4_0_2_CP/security/build.xml
branches/JBoss_4_0_2_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/EnterpriseContext.java
branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/JaasAuthenticationInterceptor.java
branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
branches/JBoss_4_0_2_CP/server/src/main/org/jboss/security/SecurityAssociation.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/CallerBean.java
branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/test/EJBSpecUnitTestCase.java
branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/ejb-jar.xml
branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/jboss.xml
Log:
ASPATCH-49: JBAS-1857: Patch request for: JBAS-1852 - Unexpected Principal (Security Identity) Propagation Switch
Modified: branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java
===================================================================
--- branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -141,9 +141,9 @@
+ " ThreadName: " + Thread.currentThread().getName());
}
// Check for a RunAsIdentity
- if( user instanceof RunAsIdentity )
+ RunAsIdentity runAs = GetPrincipalInfoAction.peekRunAsIdentity();
+ if( runAs != null )
{
- RunAsIdentity runAs = (RunAsIdentity) user;
runAsRoles = runAs.getRunAsRoles();
}
}
Modified: branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java
===================================================================
--- branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/connector/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,9 +1,9 @@
/*
-* JBoss, the OpenSource J2EE webOS
-*
-* Distributable under LGPL license.
-* See terms of license at gnu.org.
-*/
+ * JBoss, Home of Professional Open Source
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
package org.jboss.resource.security;
import java.security.AccessController;
@@ -12,6 +12,7 @@
import java.io.UnsupportedEncodingException;
import org.jboss.security.SecurityAssociation;
+import org.jboss.security.RunAsIdentity;
/** PrivilegedActions used by this package
*
@@ -20,59 +21,140 @@
*/
class GetPrincipalInfoAction
{
- private static class GetPrincipalAction implements PrivilegedAction
+ /* Obtain the password credential by trying char[], byte[],
+ and toString()
+ */
+ private static char[] getPassword()
{
- static PrivilegedAction ACTION = new GetPrincipalAction();
- public Object run()
- {
- Principal principal = SecurityAssociation.getPrincipal();
- return principal;
- }
- }
- private static class GetCredentialAction implements PrivilegedAction
- {
- static PrivilegedAction ACTION = new GetCredentialAction();
- public Object run()
- {
- Object credential = SecurityAssociation.getCredential();
- char[] password = null;
- /* Obtain the password credential by trying char[], byte[],
- and toString()
- */
- if( credential instanceof char[] )
+ Object credential = SecurityAssociation.getCredential();
+ char[] password = null;
+ if( credential instanceof char[] )
+ {
+ password = (char[]) credential;
+ }
+ else if( credential instanceof byte[] )
+ {
+ try
{
- password = (char[]) credential;
+ String tmp = new String((byte[]) credential, "UTF-8");
+ password = tmp.toCharArray();
}
- else if( credential instanceof byte[] )
+ catch (UnsupportedEncodingException e)
{
- try
- {
- String tmp = new String((byte[]) credential, "UTF-8");
- password = tmp.toCharArray();
- }
- catch (UnsupportedEncodingException e)
- {
- throw new SecurityException(e.getMessage());
- }
+ throw new SecurityException(e.getMessage());
}
- else if( credential != null )
- {
- String tmp = credential.toString();
- password = tmp.toCharArray();
- }
- return password;
- }
+ }
+ else if( credential != null )
+ {
+ String tmp = credential.toString();
+ password = tmp.toCharArray();
+ }
+ return password;
}
+ interface PrincipalActions
+ {
+ PrincipalActions PRIVILEGED = new PrincipalActions()
+ {
+ private final PrivilegedAction peekAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.peekRunAsIdentity();
+ }
+ };
+
+ private final PrivilegedAction getPrincipalAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.getPrincipal();
+ }
+ };
+
+ private final PrivilegedAction getCredentialAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return getPassword();
+ }
+ };
+
+ public RunAsIdentity peek()
+ {
+ return (RunAsIdentity)AccessController.doPrivileged(peekAction);
+ }
+
+ public Principal getPrincipal()
+ {
+ return (Principal)AccessController.doPrivileged(getPrincipalAction);
+ }
+
+ public char[] getCredential()
+ {
+ return (char[]) AccessController.doPrivileged(getCredentialAction);
+ }
+ };
+
+ PrincipalActions NON_PRIVILEGED = new PrincipalActions()
+ {
+ public RunAsIdentity peek()
+ {
+ return SecurityAssociation.peekRunAsIdentity();
+ }
+
+ public Principal getPrincipal()
+ {
+ return SecurityAssociation.getPrincipal();
+ }
+
+ public char[] getCredential()
+ {
+ return getPassword();
+ }
+ };
+
+ Principal getPrincipal();
+ char[] getCredential();
+ RunAsIdentity peek();
+ }
+
static Principal getPrincipal()
{
- Principal principal = (Principal) AccessController.doPrivileged(GetPrincipalAction.ACTION);
+ Principal principal;
+ if(System.getSecurityManager() == null)
+ {
+ principal = PrincipalActions.NON_PRIVILEGED.getPrincipal();
+ }
+ else
+ {
+ principal = PrincipalActions.PRIVILEGED.getPrincipal();
+ }
return principal;
}
static char[] getCredential()
{
- char[] credential = (char[]) AccessController.doPrivileged(GetCredentialAction.ACTION);
+ char[] credential;
+ if(System.getSecurityManager() == null)
+ {
+ credential = PrincipalActions.NON_PRIVILEGED.getCredential();
+ }
+ else
+ {
+ credential = PrincipalActions.PRIVILEGED.getCredential();
+ }
return credential;
}
+ static RunAsIdentity peekRunAsIdentity()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ return PrincipalActions.NON_PRIVILEGED.peek();
+ }
+ else
+ {
+ return PrincipalActions.PRIVILEGED.peek();
+ }
+ }
}
Modified: branches/JBoss_4_0_2_CP/security/build.xml
===================================================================
--- branches/JBoss_4_0_2_CP/security/build.xml 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/security/build.xml 2006-09-29 03:21:14 UTC (rev 57275)
@@ -259,8 +259,7 @@
<include name="org/jboss/security/auth/login/*"/>
<exclude name="org/jboss/security/auth/login/XMLLoginConfig.class"/>
<exclude name="org/jboss/security/auth/login/XMLLoginConfigMBean.class"/>
- <include name="org/jboss/security/jndi/LoginInitialContextFactory.class"/>
- <include name="org/jboss/security/jndi/JndiLoginInitialContextFactory.class"/>
+ <include name="org/jboss/security/jndi/*"/>
<include name="org/jboss/security/plugins/PBEUtils.class"/>
<include name="org/jboss/security/srp/PkgCategory.class"/>
<include name="org/jboss/security/srp/TracePriority.class"/>
Modified: branches/JBoss_4_0_2_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- branches/JBoss_4_0_2_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource webOS
+ * JBoss, Home of Professional Open Source
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -289,7 +289,7 @@
try
{
SecurityDomainContext sdc = lookupSecurityDomain(securityDomain);
- isValid = sdc.getSecurityManager().isValid(principal, credential);
+ isValid = sdc.getSecurityManager().isValid(principal, credential, null);
}
catch(NamingException e)
{
@@ -342,7 +342,7 @@
{
SecurityDomainContext sdc = lookupSecurityDomain(securityDomain);
// Must first validate the user
- sdc.getSecurityManager().isValid(principal, credential);
+ sdc.getSecurityManager().isValid(principal, credential, null);
// Now can query if the authenticated Subject has the role
userRoles = sdc.getRealmMapping().getUserRoles(principal);
}
Modified: branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/EnterpriseContext.java
===================================================================
--- branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/EnterpriseContext.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/EnterpriseContext.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource J2EE webOS
+ * JBoss, Home of Professional Open Source
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -348,8 +348,14 @@
beanPrincipal = principal;
}
else if (rm != null)
- { // Let the RealmMapping map the null principal
- beanPrincipal = rm.getPrincipal(principal);
+ {
+ // Check for the caller's run-as identity, not this bean's run-as
+ beanPrincipal = SecurityActions.peekRunAsIdentity(1);
+ if (beanPrincipal == null)
+ {
+ // Let the RealmMapping map the null principal
+ beanPrincipal = rm.getPrincipal(principal);
+ }
}
else
{ // Check for a unauthenticated principal value
@@ -359,8 +365,10 @@
beanPrincipal = new SimplePrincipal(name);
}
}
- if (beanPrincipal == null)
- throw new IllegalStateException("No security context set");
+ if( beanPrincipal == null )
+ {
+ throw new IllegalStateException("No valid security context for the caller identity");
+ }
return beanPrincipal;
}
Modified: branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/JaasAuthenticationInterceptor.java
===================================================================
--- branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/JaasAuthenticationInterceptor.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/JaasAuthenticationInterceptor.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource J2EE webOS
+ * JBoss, Home of Professional Open Source
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -133,7 +133,7 @@
{
Principal principal = mi.getPrincipal();
Object credential = mi.getCredential();
- boolean trace = log.isInfoEnabled();
+ boolean trace = log.isTraceEnabled();
// If there is not a security manager then there is no authentication required
if (mi.getMethod() == null || securityManager == null || container == null)
@@ -173,5 +173,11 @@
}
}
}
+ else
+ {
+ // Duplicate the current subject context on the stack since
+ SecurityActions.dupSubjectContext();
+ }
+
}
}
Modified: branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
===================================================================
--- branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityActions.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityActions.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,9 +1,9 @@
/*
-* JBoss, the OpenSource J2EE webOS
-*
-* Distributable under LGPL license.
-* See terms of license at gnu.org.
-*/
+ * JBoss, Home of Professional Open Source
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
package org.jboss.ejb.plugins;
import java.security.PrivilegedAction;
@@ -45,6 +45,19 @@
}
);
}
+ public void dup()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.dupSubjectContext();
+ return null;
+ }
+ }
+ );
+ }
public void pop()
{
AccessController.doPrivileged(
@@ -66,6 +79,10 @@
{
SecurityAssociation.pushSubjectContext(subject, principal, credential);
}
+ public void dup()
+ {
+ SecurityAssociation.dupSubjectContext();
+ }
public void pop()
{
SecurityAssociation.popSubjectContext();
@@ -73,6 +90,7 @@
};
void push(Principal principal, Object credential, Subject subject);
+ void dup();
void pop();
}
@@ -241,6 +259,17 @@
PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject);
}
}
+ static void dupSubjectContext()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.dup();
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.dup();
+ }
+ }
static void popSubjectContext()
{
if(System.getSecurityManager() == null)
Modified: branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -156,7 +156,7 @@
{
Principal principal = mi.getPrincipal();
Object credential = mi.getCredential();
- boolean trace = log.isInfoEnabled();
+ boolean trace = log.isTraceEnabled();
// If there is not a security manager then there is no authentication required
if (mi.getMethod() == null || securityManager == null || container == null)
@@ -200,6 +200,11 @@
}
}
}
+ else
+ {
+ // Duplicate the current subject context on the stack since
+ SecurityActions.dupSubjectContext();
+ }
// Get the method permissions
InvocationType iface = mi.getType();
Modified: branches/JBoss_4_0_2_CP/server/src/main/org/jboss/security/SecurityAssociation.java
===================================================================
--- branches/JBoss_4_0_2_CP/server/src/main/org/jboss/security/SecurityAssociation.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/server/src/main/org/jboss/security/SecurityAssociation.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource J2EE webOS
+ * JBoss, Home of Professional Open Source
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -162,9 +162,10 @@
}
/**
- * Get the current principal information. If a security manager is present,
- * then this method calls the security manager's <code>checkPermission</code>
- * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
+ * Get the current authentication principal information. If a security
+ * manager is present, then this method calls the security manager's
+ * <code>checkPermission</code> method with a
+ * <code>RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
* </code> permission to ensure it's ok to access principal information. If
* not, a <code>SecurityException</code> will be thrown.
* @return Principal, the current principal identity.
@@ -175,9 +176,6 @@
if (sm != null)
sm.checkPermission(getPrincipalInfoPermission);
- if (peekRunAsIdentity() != null)
- return peekRunAsIdentity();
-
if (server)
return (Principal) threadPrincipal.get();
else
@@ -185,11 +183,12 @@
}
/**
- * Get the caller's principal information. If a security manager is present,
+ * Get the caller's principal. If a security manager is present,
* then this method calls the security manager's <code>checkPermission</code>
* method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
* </code> permission to ensure it's ok to access principal information. If
* not, a <code>SecurityException</code> will be thrown.
+ *
* @return Principal, the current principal identity.
*/
public static Principal getCallerPrincipal()
@@ -207,7 +206,7 @@
}
/**
- * Get the current principal credential information. This can be of any type
+ * Get the current authentication credential information. This can be of any type
* including: a String password, a char[] password, an X509 cert, etc. If a
* security manager is present, then this method calls the security manager's
* <code>checkPermission</code> method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo")
@@ -221,9 +220,6 @@
if (sm != null)
sm.checkPermission(getPrincipalInfoPermission);
- if (peekRunAsIdentity() != null)
- return peekRunAsIdentity().getCredential();
-
if (server)
return threadCredential.get();
else
@@ -439,6 +435,23 @@
threadSubjectStacks.push(sc);
}
/**
+ * Push a duplicate of the current SubjectContext if one exists.
+ * When run under a security manager this requires the
+ * RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
+ * permission.
+ */
+ public static void dupSubjectContext()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(setPrincipalInfoPermission);
+
+ if (trace)
+ log.trace("dupSubjectContext");
+ threadSubjectStacks.dup();
+ }
+
+ /**
* Pop the current SubjectContext from the previous pushSubjectContext call
* and return the pushed SubjectContext ig there was one.
* When run under a security manager this requires the
@@ -681,6 +694,19 @@
stack.add(context);
}
+ SubjectContext dup()
+ {
+ ArrayList stack = (ArrayList) super.get();
+ SubjectContext context = null;
+ int lastIndex = stack.size() - 1;
+ if (lastIndex >= 0)
+ {
+ context = (SubjectContext) stack.get(lastIndex);
+ stack.add(context);
+ }
+ return context;
+ }
+
SubjectContext pop()
{
ArrayList stack = (ArrayList) super.get();
Modified: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/CallerBean.java
===================================================================
--- branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/CallerBean.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/CallerBean.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource WebOS
+ * JBoss, Home of Professional Open Source
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -23,10 +23,10 @@
import org.jboss.test.security.interfaces.CalledSessionLocalHome;
import org.jboss.test.security.interfaces.CalledSessionLocal;
-/** A simple session bean that calls the CalleeBean
-
- @author Scott.Stark at jboss.org
- @version $Revision$
+/**
+ * A simple session bean that calls the CalleeBean
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
*/
public class CallerBean implements SessionBean
{
@@ -58,20 +58,21 @@
sessionContext = context;
}
- /** This method calls echo on a StatelessSessionLocal and asserts that
- * the caller is in the EchoCaller role.
+ /**
+ * This method calls echo on a StatelessSessionLocal and asserts that the
+ * caller is in the EchoCaller role.
*/
public String invokeEcho(String arg)
{
- log.debug("echo, arg="+arg);
+ log.debug("echo, arg=" + arg);
Principal p = sessionContext.getCallerPrincipal();
- log.debug("echo, callerPrincipal="+p);
+ log.debug("echo, callerPrincipal=" + p);
boolean isEchoCaller = sessionContext.isCallerInRole("EchoCaller");
- log.debug("echo, isCallerInRole('EchoCaller')="+isEchoCaller);
+ log.debug("echo, isCallerInRole('EchoCaller')=" + isEchoCaller);
boolean isInternalRole = sessionContext.isCallerInRole("InternalRole");
- log.debug("echo, isCallerInRole('InternalRole')="+isInternalRole);
-
- if( isEchoCaller == false && isInternalRole == false )
+ log.debug("echo, isCallerInRole('InternalRole')=" + isInternalRole);
+
+ if (isEchoCaller == false && isInternalRole == false)
throw new SecurityException("isEchoCaller == false && isInternalRole == false");
try
{
@@ -79,20 +80,33 @@
Context enc = (Context) ic.lookup("java:comp/env");
Object ref = enc.lookup("ejb/local/CalleeHome");
StatelessSessionLocalHome localHome = (StatelessSessionLocalHome) PortableRemoteObject.narrow(ref,
- StatelessSessionLocalHome.class);
+ StatelessSessionLocalHome.class);
StatelessSessionLocal localBean = localHome.create();
String echo2 = localBean.echo(arg);
- log.debug("echo, callee.echo="+echo2);
+ log.debug("echo#1, callee.echo=" + echo2);
+ echo2 = localBean.echo(arg);
+ log.debug("echo#2, callee.echo=" + echo2);
}
- catch(Exception e)
+ catch (Exception e)
{
log.error("Failed to invoke Callee.echo", e);
throw new EJBException("Failed to invoke Callee.echo", e);
}
+
+ isEchoCaller = sessionContext.isCallerInRole("EchoCaller");
+ log.debug("echo, isCallerInRole#2('EchoCaller')=" + isEchoCaller);
+ isInternalRole = sessionContext.isCallerInRole("InternalRole");
+ log.debug("echo, isCallerInRole#2('InternalRole')=" + isInternalRole);
+
+ if (isEchoCaller == false && isInternalRole == false)
+ throw new SecurityException("isEchoCaller == false && isInternalRole == false post calls");
+
return arg;
}
- /** This method should call invokeEcho on another CalledSession */
+ /**
+ * This method should call invokeEcho on another CalledSession
+ */
public void callEcho()
{
try
@@ -101,19 +115,22 @@
Context enc = (Context) ic.lookup("java:comp/env");
Object ref = enc.lookup("ejb/CallerHome");
CalledSessionHome home = (CalledSessionHome) PortableRemoteObject.narrow(ref,
- CalledSessionHome.class);
+ CalledSessionHome.class);
CalledSession bean = home.create();
- String echo2 = bean.invokeEcho("Level1");
- log.debug("echo, callee.invokeEcho="+echo2);
+ String echo = bean.invokeEcho("Level1");
+ log.debug("echo, callee.invokeEcho=" + echo);
}
- catch(Exception e)
+ catch (Exception e)
{
log.error("Failed to invoke Callee.invokeEcho", e);
throw new EJBException("Failed to invoke Callee.invokeEcho", e);
}
-
+
}
- /** This method should call invokeEcho on a CalledSession */
+
+ /**
+ * This method should call invokeEcho on a CalledSession
+ */
public String callLocalEcho(String arg)
{
try
@@ -122,23 +139,22 @@
Context enc = (Context) ic.lookup("java:comp/env");
Object ref = enc.lookup("ejb/CallerHome");
CalledSessionLocalHome home = (CalledSessionLocalHome) PortableRemoteObject.narrow(ref,
- CalledSessionLocalHome.class);
+ CalledSessionLocalHome.class);
CalledSessionLocal bean = home.create();
- String echo2 = bean.invokeEcho(arg+"Level1");
- log.debug("echo, callee.invokeEcho="+echo2);
+ String echo2 = bean.invokeEcho(arg + "Level1");
+ log.debug("echo, callee.invokeEcho=" + echo2);
return echo2;
}
- catch(Exception e)
+ catch (Exception e)
{
log.error("Failed to invoke Callee.invokeEcho", e);
throw new EJBException("Failed to invoke Callee.invokeEcho", e);
}
-
}
public void noop()
{
log.debug("noop");
}
-
+
}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/CallerFacadeBean.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/CallerFacadeBean.java)
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/FacadeTargetBean.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/FacadeTargetBean.java)
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852 (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852)
Deleted: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PrivateSessionBean.java
===================================================================
--- branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PrivateSessionBean.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PrivateSessionBean.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,69 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.test.security.ejb.jbas1852;
-
-import java.security.Principal;
-import javax.ejb.CreateException;
-import javax.ejb.SessionBean;
-import javax.ejb.SessionContext;
-
-/** An implmentation of the Session interface that should not
-be accessible by external users.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class PrivateSessionBean implements SessionBean
-{
- private SessionContext sessionContext;
-
- public void ejbCreate() throws CreateException
- {
- System.out.println("PrivateSessionBean.ejbCreate() called");
- }
-
- public void ejbActivate()
- {
- System.out.println("PrivateSessionBean.ejbActivate() called");
- }
-
- public void ejbPassivate()
- {
- System.out.println("PrivateSessionBean.ejbPassivate() called");
- }
-
- public void ejbRemove()
- {
- System.out.println("PrivateSessionBean.ejbRemove() called");
- }
-
- public void setSessionContext(SessionContext context)
- {
- sessionContext = context;
- }
-
- public String echo(String arg)
- {
- System.out.println("PrivateSessionBean.echo, arg="+arg);
- Principal p = sessionContext.getCallerPrincipal();
- System.out.println("PrivateSessionBean.echo, callerPrincipal="+p);
- System.out.println("PrivateSessionBean.echo, isCallerInRole('InternalUser')="+sessionContext.isCallerInRole("InternalUser"));
- return arg;
- }
- public void noop()
- {
- System.out.println("PrivateSessionBean.noop");
- Principal p = sessionContext.getCallerPrincipal();
- System.out.println("PrivateSessionBean.noop, callerPrincipal="+p);
- }
- public void restricted()
- {
- System.out.println("PrivateSessionBean.restricted");
- Principal p = sessionContext.getCallerPrincipal();
- System.out.println("PrivateSessionBean.restricted, callerPrincipal="+p);
- }
-}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PrivateSessionBean.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PrivateSessionBean.java)
Deleted: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionBean.java
===================================================================
--- branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionBean.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionBean.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,81 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.test.security.ejb.jbas1852;
-
-import java.security.Principal;
-import javax.ejb.CreateException;
-import javax.ejb.SessionBean;
-import javax.ejb.SessionContext;
-import javax.naming.InitialContext;
-
-/** An implmentation of the Session interface that delegates its
-echo method call to the PrivateSession bean to test run-as.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public class PublicSessionBean implements SessionBean
-{
- private SessionContext sessionContext;
-
- public void ejbCreate() throws CreateException
- {
- System.out.println("PublicSessionBean.ejbCreate() called");
- }
-
- public void ejbActivate()
- {
- System.out.println("PublicSessionBean.ejbActivate() called");
- }
-
- public void ejbPassivate()
- {
- System.out.println("PublicSessionBean.ejbPassivate() called");
- }
-
- public void ejbRemove()
- {
- System.out.println("PublicSessionBean.ejbRemove() called");
- }
-
- public void setSessionContext(SessionContext context)
- {
- sessionContext = context;
- }
-
- public String echo(String arg)
- {
- System.out.println("PublicSessionBean.echo, arg="+arg);
- Principal p = sessionContext.getCallerPrincipal();
- System.out.println("PublicSessionBean.echo, callerPrincipal="+p);
- System.out.println("PublicSessionBean.echo, isCallerInRole('EchoUser')="+sessionContext.isCallerInRole("EchoUser"));
- try
- {
- InitialContext ctx = new InitialContext();
- SessionHome home = (SessionHome) ctx.lookup("java:comp/env/ejb/PrivateSession");
- Session bean = home.create();
- System.out.println("PublicSessionBean.echo, created PrivateSession");
- arg = bean.echo(arg);
- }
- catch(Exception e)
- {
- }
- return arg;
- }
- public void noop()
- {
- System.out.println("PublicSessionBean.noop");
- Principal p = sessionContext.getCallerPrincipal();
- System.out.println("PublicSessionBean.noop, callerPrincipal="+p);
- }
- public void restricted()
- {
- System.out.println("PublicSessionBean.restricted");
- Principal p = sessionContext.getCallerPrincipal();
- System.out.println("PublicSessionBean.restricted, callerPrincipal="+p);
- }
-}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionBean.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionBean.java)
Deleted: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionFacade.java
===================================================================
--- branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionFacade.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionFacade.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,74 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.test.security.ejb.jbas1852;
-
-import java.security.Principal;
-import java.rmi.RemoteException;
-import javax.ejb.CreateException;
-import javax.ejb.SessionContext;
-import javax.ejb.SessionBean;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-
-/**
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-public class PublicSessionFacade implements SessionBean
-{
- private SessionContext sessionContext;
-
- public void ejbCreate() throws CreateException
- {
- System.out.println("PublicSessionBean.ejbCreate() called");
- }
-
- public void ejbActivate()
- {
- System.out.println("PublicSessionBean.ejbActivate() called");
- }
-
- public void ejbPassivate()
- {
- System.out.println("PublicSessionBean.ejbPassivate() called");
- }
-
- public void ejbRemove()
- {
- System.out.println("PublicSessionBean.ejbRemove() called");
- }
-
- public void setSessionContext(SessionContext context)
- {
- sessionContext = context;
- }
-
- public String callEcho(String arg)
- throws RemoteException
- {
- Principal user = sessionContext.getCallerPrincipal();
- String echoMsg = null;
- try
- {
- InitialContext ctx = new InitialContext();
- String jndiName = "java:comp/env/ejb/TargetEJB";
- SessionHome home = (SessionHome) ctx.lookup(jndiName);
- Session bean = home.create();
- echoMsg = bean.echo("Hello, arg="+arg);
- echoMsg = bean.echo("Hello 2, arg="+arg);
- }
- catch (NamingException e)
- {
- throw new RemoteException("callEcho failed", e);
- }
- catch (CreateException e)
- {
- throw new RemoteException("callEcho failed", e);
- }
- return echoMsg;
- }
-}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionFacade.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/PublicSessionFacade.java)
Deleted: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/Session.java
===================================================================
--- branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/Session.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/Session.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,22 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.test.security.ejb.jbas1852;
-
-import javax.ejb.*;
-import java.rmi.*;
-
-/** A simple stateless session bean interface used by the example beans.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public interface Session extends EJBObject
-{
- public String echo(String arg) throws RemoteException;
- public void noop() throws RemoteException;
- public void restricted() throws RemoteException;
-}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/Session.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/Session.java)
Deleted: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacade.java
===================================================================
--- branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacade.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacade.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,20 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.test.security.ejb.jbas1852;
-
-import javax.ejb.*;
-import java.rmi.*;
-
-/** A simple stateless session bean interface used by the example beans.
-
- at author Scott.Stark at jboss.org
- at version $Revision$
-*/
-public interface SessionFacade extends EJBObject
-{
- public String callEcho(String arg) throws RemoteException;
-}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacade.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacade.java)
Deleted: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacadeHome.java
===================================================================
--- branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacadeHome.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacadeHome.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,17 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.test.security.ejb.jbas1852;
-
-import javax.ejb.*;
-import java.rmi.*;
-
-/** The home interface for the example stateless session beans
-*/
-public interface SessionFacadeHome extends EJBHome
-{
- public SessionFacade create() throws RemoteException, CreateException;
-}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacadeHome.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionFacadeHome.java)
Deleted: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionHome.java
===================================================================
--- branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionHome.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionHome.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -1,17 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.test.security.ejb.jbas1852;
-
-import javax.ejb.*;
-import java.rmi.*;
-
-/** The home interface for the example stateless session beans
-*/
-public interface SessionHome extends EJBHome
-{
- public Session create() throws RemoteException, CreateException;
-}
Copied: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionHome.java (from rev 57274, branches/JBoss_4_0_2_JBAS-1852/testsuite/src/main/org/jboss/test/security/ejb/jbas1852/SessionHome.java)
Modified: branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/test/EJBSpecUnitTestCase.java
===================================================================
--- branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/test/EJBSpecUnitTestCase.java 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/main/org/jboss/test/security/test/EJBSpecUnitTestCase.java 2006-09-29 03:21:14 UTC (rev 57275)
@@ -41,6 +41,8 @@
import org.jboss.test.security.interfaces.StatelessSessionHome;
import org.jboss.test.security.interfaces.SecurityContext;
import org.jboss.test.security.interfaces.SecurityContextHome;
+import org.jboss.test.security.ejb.jbas1852.SessionFacade;
+import org.jboss.test.security.ejb.jbas1852.SessionFacadeHome;
import org.jboss.test.util.AppCallbackHandler;
import org.apache.log4j.Logger;
@@ -534,6 +536,41 @@
}
}
+ public void testRunAsSFSB() throws Exception
+ {
+ log.info("+++ testRunAsSFSB");
+ login();
+ Object obj = getInitialContext().lookup("spec.CallerFacadeBean-testRunAsSFSB");
+ obj = PortableRemoteObject.narrow(obj, CalledSessionHome.class);
+ CalledSessionHome home = (CalledSessionHome) obj;
+ log.debug("Found CallerFacadeBean-testRunAsSFSB Home");
+ CalledSession bean = home.create();
+ log.debug("Created spec.CallerFacadeBean-testRunAsSFSB");
+ bean.invokeEcho("testRunAsSFSB");
+ log.debug("Bean.invokeEcho() ok");
+ bean.remove();
+ }
+
+ /**
+ * Test the run-as side-effects raised in
+ * http://jira.jboss.com/jira/browse/JBAS-1852
+ *
+ * @throws Exception
+ */
+ public void testJBAS1852() throws Exception
+ {
+ log.info("+++ testJBAS1852");
+ login();
+ Object obj = getInitialContext().lookup("spec.PublicSessionFacade");
+ obj = PortableRemoteObject.narrow(obj, SessionFacadeHome.class);
+ SessionFacadeHome home = (SessionFacadeHome) obj;
+ log.debug("Found PublicSessionFacade home");
+ SessionFacade bean = home.create();
+ log.debug("Created PublicSessionFacade");
+ log.debug("Bean.callEcho('testJBAS1852') -> " + bean.callEcho("testJBAS1852"));
+ bean.remove();
+ }
+
/** Test that an MDB with a run-as identity is able to access secure EJBs
that require the identity.
*/
Modified: branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/ejb-jar.xml
===================================================================
--- branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/ejb-jar.xml 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/ejb-jar.xml 2006-09-29 03:21:14 UTC (rev 57275)
@@ -138,6 +138,74 @@
</security-role-ref>
</session>
<session>
+ <description>A secured echo session bean that calls its CalledSessionLocalHome
+ ejb-local-ref link invokeEcho method to test identity propagation.
+ testRunAsSFSB
+ CallerFacadeBean-testRunAsSFSB.invokeEcho()
+ CallerFacadeTargetSFSB.invokeEcho()
+ CallerFacadeTargetCallee.echo()
+ </description>
+ <ejb-name>CallerFacadeBean-testRunAsSFSB</ejb-name>
+ <home>org.jboss.test.security.interfaces.CalledSessionHome</home>
+ <remote>org.jboss.test.security.interfaces.CalledSession</remote>
+ <ejb-class>org.jboss.test.security.ejb.CallerFacadeBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Container</transaction-type>
+ <ejb-local-ref>
+ <description></description>
+ <ejb-ref-name>ejb/CalledSessionLocalHome</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <local-home>org.jboss.test.security.interfaces.CalledSessionLocalHome</local-home>
+ <local>org.jboss.test.security.interfaces.CalledSessionLocal</local>
+ <ejb-link>CallerFacadeTargetSFSB</ejb-link>
+ </ejb-local-ref>
+ </session>
+ <session>
+ <description>A secured echo session bean that calls its SessionLocalHome
+ ejb-local-ref link invokeEcho method to test identity propagation.
+ </description>
+ <ejb-name>CallerFacadeTargetSFSB</ejb-name>
+ <local-home>org.jboss.test.security.interfaces.CalledSessionLocalHome</local-home>
+ <local>org.jboss.test.security.interfaces.CalledSessionLocal</local>
+ <ejb-class>org.jboss.test.security.ejb.FacadeTargetBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <ejb-local-ref>
+ <description></description>
+ <ejb-ref-name>ejb/local/StatelessSessionLocalHome</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <local-home>org.jboss.test.security.interfaces.StatelessSessionLocalHome</local-home>
+ <local>org.jboss.test.security.interfaces.StatelessSessionLocal</local>
+ <ejb-link>CallerFacadeTargetCallee</ejb-link>
+ </ejb-local-ref>
+ <security-role-ref>
+ <role-name>EchoCaller</role-name>
+ <role-link>EchoLocal</role-link>
+ </security-role-ref>
+ <security-identity>
+ <description>Use a role that is not assigned to any users to
+ access restricted server side functionallity</description>
+ <run-as>
+ <role-name>InternalRole</role-name>
+ </run-as>
+ </security-identity>
+ </session>
+ <session>
+ <description>A secured echo session bean that is called by CallerFacadeTarget*
+ </description>
+ <ejb-name>CallerFacadeTargetCallee</ejb-name>
+ <local-home>org.jboss.test.security.interfaces.StatelessSessionLocalHome</local-home>
+ <local>org.jboss.test.security.interfaces.StatelessSessionLocal</local>
+ <ejb-class>org.jboss.test.security.ejb.CalleeBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EchoCaller</role-name>
+ <role-link>EchoLocal</role-link>
+ </security-role-ref>
+ </session>
+
+ <session>
<description>A secured echo session bean that calls a StatelessSessionLocal
when its invokeEcho method is called, and calls another CalledSession
invokeEcho when its callEcho method is called. This uses a run-as
@@ -424,6 +492,68 @@
<transaction-type>Container</transaction-type>
</session>
+ <session>
+ <description>A stateless session echo bean facade</description>
+ <ejb-name>PublicSessionFacade</ejb-name>
+ <home>org.jboss.test.security.ejb.jbas1852.SessionFacadeHome</home>
+ <remote>org.jboss.test.security.ejb.jbas1852.SessionFacade</remote>
+ <ejb-class>org.jboss.test.security.ejb.jbas1852.PublicSessionFacade</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Container</transaction-type>
+ <ejb-ref>
+ <ejb-ref-name>ejb/TargetEJB</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>org.jboss.test.security.ejb.jbas1852.SessionHome</home>
+ <remote>org.jboss.test.security.ejb.jbas1852.Session</remote>
+ <ejb-link>PublicSession</ejb-link>
+ </ejb-ref>
+ <security-role-ref>
+ <role-name>EchoUser</role-name>
+ <role-link>Echo</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity />
+ </security-identity>
+ </session>
+ <session>
+ <description>A trival stateless session echo bean</description>
+ <ejb-name>PublicSession</ejb-name>
+ <home>org.jboss.test.security.ejb.jbas1852.SessionHome</home>
+ <remote>org.jboss.test.security.ejb.jbas1852.Session</remote>
+ <ejb-class>org.jboss.test.security.ejb.jbas1852.PublicSessionBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Container</transaction-type>
+ <ejb-ref>
+ <ejb-ref-name>ejb/PrivateSession</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>org.jboss.test.security.ejb.jbas1852.SessionHome</home>
+ <remote>org.jboss.test.security.ejb.jbas1852.Session</remote>
+ <ejb-link>PrivateSession</ejb-link>
+ </ejb-ref>
+ <security-role-ref>
+ <role-name>EchoUser</role-name>
+ <role-link>Echo</role-link>
+ </security-role-ref>
+ <security-identity>
+ <run-as>
+ <role-name>InternalUser</role-name>
+ </run-as>
+ </security-identity>
+ </session>
+ <session>
+ <description>A trival stateful session echo bean</description>
+ <ejb-name>PrivateSession</ejb-name>
+ <home>org.jboss.test.security.ejb.jbas1852.SessionHome</home>
+ <remote>org.jboss.test.security.ejb.jbas1852.Session</remote>
+ <ejb-class>org.jboss.test.security.ejb.jbas1852.PrivateSessionBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>InternalUser</role-name>
+ <role-link>InternalUser</role-link>
+ </security-role-ref>
+ </session>
+
<entity>
<description>A trival echo entity bean</description>
<ejb-name>Entity</ejb-name>
@@ -691,6 +821,10 @@
<method-name>*</method-name>
</method>
<method>
+ <ejb-name>CallerFacadeBean-testRunAsSFSB</ejb-name>
+ <method-name>*</method-name>
+ </method>
+ <method>
<ejb-name>Level1CallerBean</ejb-name>
<method-name>*</method-name>
</method>
@@ -755,6 +889,10 @@
<method-intf>Local</method-intf>
<method-name>echo</method-name>
</method>
+ <method>
+ <ejb-name>CallerFacadeTargetSFSB</ejb-name>
+ <method-name>*</method-name>
+ </method>
</method-permission>
<!-- The methods the InternalRole role can access -->
@@ -782,6 +920,10 @@
<ejb-name>Level3CalleeBean</ejb-name>
<method-name>*</method-name>
</method>
+ <method>
+ <ejb-name>CallerFacadeTargetCallee</ejb-name>
+ <method-name>*</method-name>
+ </method>
</method-permission>
<method-permission>
@@ -846,6 +988,25 @@
</method>
</method-permission>
+ <method-permission>
+ <role-name>Echo</role-name>
+ <method>
+ <ejb-name>PublicSession</ejb-name>
+ <method-name>*</method-name>
+ </method>
+ <method>
+ <ejb-name>PublicSessionFacade</ejb-name>
+ <method-name>*</method-name>
+ </method>
+ </method-permission>
+ <method-permission>
+ <role-name>InternalUser</role-name>
+ <method>
+ <ejb-name>PrivateSession</ejb-name>
+ <method-name>*</method-name>
+ </method>
+ </method-permission>
+
<!-- No one can access the excluded() method of the
StatelessSession and StatelessSession2 beans -->
<exclude-list>
Modified: branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/jboss.xml
===================================================================
--- branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/jboss.xml 2006-09-29 03:05:56 UTC (rev 57274)
+++ branches/JBoss_4_0_2_CP/testsuite/src/resources/security-spec/META-INF/jboss.xml 2006-09-29 03:21:14 UTC (rev 57275)
@@ -57,6 +57,14 @@
<jndi-name>spec.CallerBean</jndi-name>
</session>
<session>
+ <ejb-name>CallerFacadeBean-testRunAsSFSB</ejb-name>
+ <jndi-name>spec.CallerFacadeBean-testRunAsSFSB</jndi-name>
+ </session>
+ <session>
+ <ejb-name>CallerFacadeTargetSFSB</ejb-name>
+ <jndi-name>spec.CallerFacadeTargetSFSB</jndi-name>
+ </session>
+ <session>
<ejb-name>Level1CallerBean</ejb-name>
<jndi-name>spec.Level1CallerBean</jndi-name>
</session>
@@ -129,6 +137,19 @@
<configuration-name>Domain2 Stateless SessionBean</configuration-name>
</session>
+ <session>
+ <ejb-name>PublicSessionFacade</ejb-name>
+ <jndi-name>spec.PublicSessionFacade</jndi-name>
+ </session>
+ <session>
+ <ejb-name>PublicSession</ejb-name>
+ <jndi-name>spec.PublicSession</jndi-name>
+ </session>
+ <session>
+ <ejb-name>PrivateSession</ejb-name>
+ <jndi-name>spec.PrivateSession</jndi-name>
+ </session>
+
<message-driven>
<ejb-name>RunAsMDB</ejb-name>
<destination-jndi-name>queue/A</destination-jndi-name>
More information about the jboss-cvs-commits
mailing list