[jboss-cvs] JBossAS SVN: r64968 - trunk/ejb3/src/main/org/jboss/ejb3/security.

Thu Aug 30 10:16:18 EDT 2007

Author: anil.saldhana at jboss.com
Date: 2007-08-30 10:16:17 -0400 (Thu, 30 Aug 2007)
New Revision: 64968

Modified:
   trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/JaccAuthorizationInterceptor.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java
Log:
check domain value as well as refactor a method out

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================

--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-08-30 13:53:59 UTC (rev 64967)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-08-30 14:16:17 UTC (rev 64968)
@@ -31,11 +31,9 @@
 import org.jboss.aop.advice.Interceptor;
 import org.jboss.aop.joinpoint.Invocation;
 import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
 import org.jboss.ejb3.Container;
 import org.jboss.ejb3.EJBContainer;
 import org.jboss.logging.Logger;
-import org.jboss.remoting.InvokerLocator;
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SecurityIdentity;
 import org.jboss.security.SimplePrincipal;
@@ -80,16 +78,20 @@
       SecurityContext invSC = (SecurityContext) invocation.getMetaData("security","context"); 
       
       SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
+      
+      boolean domainExists = domain != null && domain.value() != null 
+                    && domain.value().length() > 0;
+       
       /**
        * TODO: Decide if you want to allow zero security based on non-availability
        * of a security domain, as per the configuration on the container
        */
-      if(domain != null)
+      if(domainExists)
       { 
          Principal p = null;
          Object cred = null;
          
-         if(isLocalCall((MethodInvocation) invocation))
+         if(shelper.isLocalCall(mi))
          {
             if(sc == null)
                throw new IllegalStateException("Security Context null on Local call");
@@ -170,15 +172,8 @@
       }
       finally
       {
-         if(isLocalCall((MethodInvocation) invocation) && si != null)
+         if(shelper.isLocalCall(mi) && si != null)
             SecurityActions.getSecurityContext().getUtil().setSecurityIdentity(si);
       }
-   } 
-   
-   private boolean isLocalCall(MethodInvocation mi)
-   {
-      InvokerLocator locator = (InvokerLocator) mi.getMetaData(InvokeRemoteInterceptor.REMOTING, 
-            InvokeRemoteInterceptor.INVOKER_LOCATOR);
-      return locator == null; 
-   }
+   }  
 }

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/JaccAuthorizationInterceptor.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/JaccAuthorizationInterceptor.java	2007-08-30 13:53:59 UTC (rev 64967)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/JaccAuthorizationInterceptor.java	2007-08-30 14:16:17 UTC (rev 64968)
@@ -23,13 +23,13 @@
 
 import java.lang.reflect.Method;
 import java.security.CodeSource;
+
 import javax.security.jacc.EJBMethodPermission;
+
 import org.jboss.aop.advice.Interceptor;
 import org.jboss.aop.joinpoint.Invocation;
 import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
 import org.jboss.logging.Logger;
-import org.jboss.remoting.InvokerLocator;
 import org.jboss.security.RealmMapping;
 import org.jboss.security.jacc.DelegatingPolicy;
 
@@ -97,11 +97,11 @@
       //BeanMetaDataPolicyContextHandler.setMetaData(null);
 
       Method m = mi.getMethod();
+      
+      SecurityHelper shelper = new SecurityHelper();
+      
+      String iface = !shelper.isLocalCall(mi) ? "Remote" : "Local";
 
-      InvokerLocator locator = (InvokerLocator) mi.getMetaData(InvokeRemoteInterceptor.REMOTING, InvokeRemoteInterceptor.INVOKER_LOCATOR);
-
-      String iface = (locator != null) ? "Remote" : "Local";
-
       EJBMethodPermission methodPerm = new EJBMethodPermission(ejbName, iface, m);
       if(realmMapping != null)
       { 

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java	2007-08-30 13:53:59 UTC (rev 64967)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityHelper.java	2007-08-30 14:16:17 UTC (rev 64968)
@@ -27,7 +27,10 @@
 import javax.ejb.Timeout;
 import javax.ejb.Timer;
 
+import org.jboss.aop.joinpoint.MethodInvocation;
+import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
 import org.jboss.ejb3.EJBContainer;
+import org.jboss.remoting.InvokerLocator;
 
 //$Id$
 
@@ -40,6 +43,18 @@
 public class SecurityHelper
 {
    /**
+    * Check whether an invocation is local or remote
+    * @param mi method invocation
+    * @return true - local call
+    */
+   public boolean isLocalCall(MethodInvocation mi)
+   {
+      InvokerLocator locator = (InvokerLocator) mi.getMetaData(InvokeRemoteInterceptor.REMOTING, 
+            InvokeRemoteInterceptor.INVOKER_LOCATOR);
+      return locator == null; 
+   }
+   
+   /**
     * Check if the method is an EJBTimeOut method
     * @param m method
     * @return true if it is a ejb timeout callback


