[jboss-cvs] JBossAS SVN: r64795 - trunk/ejb3/src/main/org/jboss/ejb3/security.

Thu Aug 23 01:26:30 EDT 2007

Author: anil.saldhana at jboss.com
Date: 2007-08-23 01:26:30 -0400 (Thu, 23 Aug 2007)
New Revision: 64795

Added:
   trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java
Modified:
   trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
Log:
EJBTHREE-1036: ejbTimeOut callback should bypass security as it has zero security ctx

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================

--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-08-23 04:39:03 UTC (rev 64794)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-08-23 05:26:30 UTC (rev 64795)
@@ -52,11 +52,11 @@
 public class Ejb3AuthenticationInterceptorv2 implements Interceptor
 { 
    protected Logger log = Logger.getLogger(this.getClass()); 
-   private EJBContainer container;
+   private EJBContainer container; 
    
    public  Ejb3AuthenticationInterceptorv2(Container container)
    { 
-     this.container = (EJBContainer) container;
+     this.container = (EJBContainer) container; 
    }
    
    public String getName()
@@ -66,6 +66,11 @@
 
    public Object invoke(Invocation invocation) throws Throwable
    { 
+      //Check for ejbTimeOut
+      SecurityHelper shelper = new SecurityHelper();
+      if(shelper.isEJBTimeOut(((MethodInvocation) invocation).getMethod())) 
+         return invocation.invokeNext();
+      
       SecurityIdentity si = null;
       SecurityContext sc = SecurityActions.getSecurityContext();
       SecurityContext invSC = (SecurityContext) invocation.getMetaData("security","context"); 

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java	2007-08-23 04:39:03 UTC (rev 64794)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java	2007-08-23 05:26:30 UTC (rev 64795)
@@ -119,6 +119,11 @@
    public Object invoke(Invocation invocation) throws Throwable
    {
       MethodInvocation mi = (MethodInvocation)invocation;
+      //Check for ejbTimeOut
+      SecurityHelper shelper = new SecurityHelper();
+      if(shelper.isEJBTimeOut(mi.getMethod())) 
+         return invocation.invokeNext();
+      
       try
       {
          SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java	2007-08-23 04:39:03 UTC (rev 64794)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java	2007-08-23 05:26:30 UTC (rev 64795)
@@ -89,6 +89,11 @@
    
    public Object invoke(Invocation invocation) throws Throwable
    { 
+      //Check for ejbTimeOut
+      SecurityHelper shelper = new SecurityHelper();
+      if(shelper.isEJBTimeOut(((MethodInvocation) invocation).getMethod())) 
+         return invocation.invokeNext();
+      
       SecurityContext sc = SecurityActions.getSecurityContext();
       /**
        * If Existing SecurityContext is null, it means that we have not gone

Added: trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java	                        (rev 0)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java	2007-08-23 05:26:30 UTC (rev 64795)
@@ -0,0 +1,59 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.ejb3.security;
+
+import java.lang.reflect.Method;
+
+import javax.ejb.TimedObject;
+import javax.ejb.Timer;
+
+//$Id$
+
+/**
+ *  Helper class for the EJB3 Security Interceptors
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Aug 23, 2007 
+ *  @version $Revision$
+ */
+public class SecurityHelper
+{
+   /**
+    * Check if the method is an EJBTimeOut method
+    * @param m
+    * @return
+    */
+   public boolean isEJBTimeOut(Method m)
+   {
+      /** The TimedObject.ejbTimeout callback */
+      Method ejbTimeout = null;
+      
+      try
+      {
+         // Get the timeout method
+         ejbTimeout = TimedObject.class.getMethod("ejbTimeout", new Class[]{Timer.class});
+      }
+      catch (NoSuchMethodException ignore)
+      {
+      } 
+      return m == ejbTimeout; 
+   } 
+}


