[jboss-cvs] JBossAS SVN: r59496 - trunk/server/src/main/org/jboss/ejb/plugins.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Jan 10 17:11:45 EST 2007 

Author: anil.saldhana at jboss.com
Date: 2007-01-10 17:11:44 -0500 (Wed, 10 Jan 2007)
New Revision: 59496

Added:
   trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionSecurityInterceptor.java
Modified:
   trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java
Log:
JBAS-3976: set principal on the context after security checks have been made

Modified: trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java	2007-01-10 20:43:30 UTC (rev 59495)
+++ trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java	2007-01-10 22:11:44 UTC (rev 59496)
@@ -133,7 +133,7 @@
       ctx.lock();
       
       // Set the current security information
-      ctx.setPrincipal(mi.getPrincipal());
+      //ctx.setPrincipal(mi.getPrincipal());
  
       AllowedOperationsAssociation.pushInMethodFlag(IN_EJB_HOME);
 
@@ -318,7 +318,7 @@
          }
 
          // Set the current security information
-         ctx.setPrincipal(mi.getPrincipal()); 
+         //ctx.setPrincipal(mi.getPrincipal()); 
 
          if (ejbTimeout.equals(mi.getMethod()))
             AllowedOperationsAssociation.pushInMethodFlag(IN_EJB_TIMEOUT);

Added: trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionSecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionSecurityInterceptor.java	2007-01-10 20:43:30 UTC (rev 59495)
+++ trunk/server/src/main/org/jboss/ejb/plugins/StatefulSessionSecurityInterceptor.java	2007-01-10 22:11:44 UTC (rev 59496)
@@ -0,0 +1,99 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2006, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.ejb.plugins;
+
+import javax.ejb.EJBObject; 
+
+import org.jboss.ejb.Container;
+import org.jboss.ejb.EnterpriseContext;
+import org.jboss.ejb.StatefulSessionContainer;
+import org.jboss.invocation.Invocation;
+import org.jboss.logging.Logger;
+
+//$Id$
+
+/**
+ *  Interceptor that handles security aspects after the security checks
+ *  have been made. Example: setting the principal on the EnterpriseContext
+ *  
+ *  This interceptor is needed because the security interceptor happens after
+ *  the instance interceptor in the case of SFSB due to the reason that 
+ *  security exceptions need to invalidate the session
+ *  @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ *  @since  Jan 10, 2007 
+ *  @version $Revision$
+ */
+public class StatefulSessionSecurityInterceptor extends AbstractInterceptor 
+{ 
+   /** Instance logger. */
+   protected Logger log = Logger.getLogger(this.getClass());
+  
+   protected StatefulSessionContainer container; 
+   
+   //Public -------------------------------------------------------
+   
+   public void setContainer(Container container)
+   {
+      this.container = (StatefulSessionContainer)container;
+   }
+   
+   public  Container getContainer()
+   {
+      return container;
+   }
+   
+   public Object invoke(Invocation mi) throws Exception
+   {
+      EnterpriseContext ctx = container.getInstancePool().get();
+      //Set the current security information
+      ctx.setPrincipal(mi.getPrincipal());
+      
+      try
+      {
+         // Invoke through interceptors
+         return getNext().invokeHome(mi);
+      }
+      finally
+      { 
+      }
+   }
+ 
+   public Object invokeHome(Invocation mi) throws Exception
+   {
+      //Invocation on the handle, we don't need a bean instance
+      if (EJBObject.class.getMethod("getEJBHome", new Class[0]).equals(mi.getMethod()))
+         return getNext().invokeHome(mi);
+      
+      EnterpriseContext ctx = container.getInstancePool().get();
+      //Set the current security information
+      ctx.setPrincipal(mi.getPrincipal());
+       
+      try
+      {
+         // Invoke through interceptors
+         return getNext().invokeHome(mi);
+      }
+      finally
+      { 
+      }
+   } 
+}

More information about the jboss-cvs-commits mailing list