[jboss-cvs] JBossAS SVN: r62680 - in trunk/server/src/main/org/jboss/ejb: txtimer and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue May 1 00:23:04 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-05-01 00:23:04 -0400 (Tue, 01 May 2007)
New Revision: 62680
Modified:
trunk/server/src/main/org/jboss/ejb/EntityContainer.java
trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java
trunk/server/src/main/org/jboss/ejb/SecurityActions.java
trunk/server/src/main/org/jboss/ejb/SessionContainer.java
trunk/server/src/main/org/jboss/ejb/txtimer/TimedObjectInvokerImpl.java
Log:
JBAS-4317: move the security context establishment to a separate interceptor
Modified: trunk/server/src/main/org/jboss/ejb/EntityContainer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EntityContainer.java 2007-05-01 04:22:55 UTC (rev 62679)
+++ trunk/server/src/main/org/jboss/ejb/EntityContainer.java 2007-05-01 04:23:04 UTC (rev 62680)
@@ -50,7 +50,6 @@
import org.jboss.metadata.ConfigurationMetaData;
import org.jboss.metadata.EntityMetaData;
import org.jboss.monitor.StatisticsProvider;
-import org.jboss.security.SecurityConstants;
import org.jboss.util.collection.SerializableEnumeration;
/**
@@ -496,23 +495,6 @@
public Object internalInvokeHome(Invocation mi) throws Exception
{
- //Validate that there is a security context on the invocation
- if(mi.getSecurityContext() == null)
- throw new IllegalStateException("Security Context in invocation is null");
-
- String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if(sm != null)
- securityDomain = sm.getSecurityDomain();
- if(mi.isLocal() == false)
- {
- SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
- mi.getCredential(), securityDomain, null);
- }
- SecurityActions.pushCallerRunAsIdentity(mi.getSecurityContext().getRunAs());
- //Place on the invocation
- if(mi.getSecurityContext() == null)
- mi.setSecurityContext(SecurityActions.getSecurityContext());
-
Method method = mi.getMethod();
if (method != null && method.getName().equals("remove"))
{
@@ -540,45 +522,14 @@
mi.setArguments(new Object[0]);
return getInterceptor().invoke(mi);
}
- try
- {
- // Invoke through interceptors
- return getInterceptor().invokeHome(mi);
- }
- finally
- {
- SecurityActions.popCallerRunAsIdentity();
- }
+ // Invoke through interceptors
+ return getInterceptor().invokeHome(mi);
}
public Object internalInvoke(Invocation mi) throws Exception
{
- //Validate that there is a security context on the invocation
- if(mi.getSecurityContext() == null)
- throw new IllegalStateException("Security Context in invocation is null");
-
- String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if(sm != null)
- securityDomain = sm.getSecurityDomain();
- if(mi.isLocal() == false)
- {
- SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
- mi.getCredential(), securityDomain, null);
- }
- SecurityActions.pushCallerRunAsIdentity(mi.getSecurityContext().getRunAs());
- //Place on the invocation
- if(mi.getSecurityContext() == null)
- mi.setSecurityContext(SecurityActions.getSecurityContext());
-
- try
- {
- // Invoke through interceptors
- return getInterceptor().invoke(mi);
- }
- finally
- {
- SecurityActions.popCallerRunAsIdentity();
- }
+ // Invoke through interceptors
+ return getInterceptor().invoke(mi);
}
// EJBObject implementation --------------------------------------
Modified: trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java 2007-05-01 04:22:55 UTC (rev 62679)
+++ trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java 2007-05-01 04:23:04 UTC (rev 62680)
@@ -40,8 +40,6 @@
import org.jboss.invocation.Invocation;
import org.jboss.metadata.MessageDrivenMetaData;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
import org.jboss.util.NullArgumentException;
/**
@@ -405,14 +403,6 @@
public Object internalInvoke(Invocation mi) throws Exception
{
// Invoke through interceptors
- String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if(sm != null)
- securityDomain = sm.getSecurityDomain();
- SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
- mi.getCredential(), securityDomain, null);
- //Place on the invocation
- if(mi.getSecurityContext() == null)
- mi.setSecurityContext(SecurityActions.getSecurityContext());
return getInterceptor().invoke(mi);
}
Modified: trunk/server/src/main/org/jboss/ejb/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/SecurityActions.java 2007-05-01 04:22:55 UTC (rev 62679)
+++ trunk/server/src/main/org/jboss/ejb/SecurityActions.java 2007-05-01 04:23:04 UTC (rev 62680)
@@ -37,14 +37,8 @@
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
-import org.jboss.mx.util.MBeanProxy;
-import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.mx.util.MBeanProxy;
+import org.jboss.security.SecurityContext;
/** A collection of privileged actions for this package
*
@@ -67,22 +61,8 @@
PolicyContext.setContextID(contextID);
return previousID;
}
- }
+ }
- private static class PeekRunAsRoleAction implements PrivilegedAction
- {
- int depth;
- PeekRunAsRoleAction(int depth)
- {
- this.depth = depth;
- }
- public Object run()
- {
- RunAsIdentity principal = SecurityAssociation.peekRunAsIdentity(depth);
- return principal;
- }
- }
-
/**
* Wrap the MBeanProxy proxy in a priviledged action so that method
* dispatch is done from a PrivilegedExceptionAction
@@ -182,12 +162,6 @@
PrivilegedAction action = new SetContextID(contextID);
String previousID = (String) AccessController.doPrivileged(action);
return previousID;
- }
- static RunAsIdentity peekRunAsIdentity(int depth)
- {
- PrivilegedAction action = new PeekRunAsRoleAction(depth);
- RunAsIdentity principal = (RunAsIdentity) AccessController.doPrivileged(action);
- return principal;
}
static Principal getCallerPrincipal(SecurityContext sc)
@@ -222,15 +196,7 @@
};
IdentityAction PRIVILEGED = new IdentityAction()
- {
- private final PrivilegedAction getCallerPrincipalAction = new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityAssociation.getCallerPrincipal();
- }
- };
-
+ {
public Principal getCallerPrincipal(final SecurityContext securityContext)
{
return (Principal)AccessController.doPrivileged(new PrivilegedAction(){
@@ -425,75 +391,5 @@
{
return PolicyContextActions.PRIVILEGED.getContextSubject();
}
- }
-
- static SecurityContext getSecurityContext()
- {
- return (SecurityContext)AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityContextAssociation.getSecurityContext();
- }
- }
- );
}
-
- static SecurityContext createSecurityContext(final String domain)
- {
- return (SecurityContext)AccessController.doPrivileged(
- new PrivilegedAction()
- {
- public Object run()
- {
- return SecurityContextFactory.createSecurityContext(domain);
- }
- }
- );
- }
-
-
- static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain,
- final Subject subject)
- {
- AccessController.doPrivileged(new PrivilegedAction(){
-
- public Object run()
- {
- SecurityContext sc = SecurityContextFactory.createSecurityContext(domain);
- sc.getUtil().createSubjectInfo(p, cred, subject);
- SecurityContextAssociation.setSecurityContext(sc);
- return null;
- }});
- }
-
-
- static void pushCallerRunAsIdentity(final RunAs ra)
- {
- AccessController.doPrivileged(new PrivilegedAction(){
- public Object run()
- {
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- throw new IllegalStateException("Security Context is null");
- sc.getUtil().setCallerRunAs(ra);
- return null;
- }
- });
- }
-
- static void popCallerRunAsIdentity()
- {
- AccessController.doPrivileged(new PrivilegedAction(){
- public Object run()
- {
- SecurityContext sc = SecurityContextAssociation.getSecurityContext();
- if(sc == null)
- throw new IllegalStateException("Security Context is null");
- sc.getUtil().setCallerRunAs(null);
- return null;
- }
- });
- }
}
Modified: trunk/server/src/main/org/jboss/ejb/SessionContainer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/SessionContainer.java 2007-05-01 04:22:55 UTC (rev 62679)
+++ trunk/server/src/main/org/jboss/ejb/SessionContainer.java 2007-05-01 04:23:04 UTC (rev 62680)
@@ -43,8 +43,7 @@
import org.jboss.invocation.Invocation;
import org.jboss.invocation.MarshalledInvocation;
-import org.jboss.metadata.SessionMetaData;
-import org.jboss.security.SecurityConstants;
+import org.jboss.metadata.SessionMetaData;
/**
* <p>
@@ -620,20 +619,6 @@
public Object internalInvokeHome(Invocation mi) throws Exception
{
- //Place on the invocation
- if(mi.getSecurityContext() == null)
- mi.setSecurityContext(SecurityActions.getSecurityContext());
-
- String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if(sm != null)
- securityDomain = sm.getSecurityDomain();
- if(mi.isLocal() == false)
- {
- SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
- mi.getCredential(), securityDomain, null);
- }
- SecurityActions.pushCallerRunAsIdentity(mi.getSecurityContext().getRunAs());
-
Method method = mi.getMethod();
if (method != null && method.getName().equals("remove"))
{
@@ -651,15 +636,8 @@
else
throw new RemoveException("EJBHome.remove(Object) not allowed for session beans");
}
- try
- {
- // Invoke through interceptors
- return getInterceptor().invokeHome(mi);
- }
- finally
- {
- SecurityActions.popCallerRunAsIdentity();
- }
+ // Invoke through interceptors
+ return getInterceptor().invokeHome(mi);
}
/**
@@ -669,29 +647,8 @@
*/
public Object internalInvoke(Invocation mi) throws Exception
{
- //Place on the invocation
- if(mi.getSecurityContext() == null)
- mi.setSecurityContext(SecurityActions.getSecurityContext());
-
- String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if(sm != null)
- securityDomain = sm.getSecurityDomain();
- if(mi.isLocal() == false)
- {
- SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
- mi.getCredential(), securityDomain, null);
- }
- SecurityActions.pushCallerRunAsIdentity(mi.getSecurityContext().getRunAs());
-
- try
- {
- // Invoke through interceptors
- return getInterceptor().invoke(mi);
- }
- finally
- {
- SecurityActions.popCallerRunAsIdentity();
- }
+ // Invoke through interceptors
+ return getInterceptor().invoke(mi);
}
// EJBObject implementation --------------------------------------
Modified: trunk/server/src/main/org/jboss/ejb/txtimer/TimedObjectInvokerImpl.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/txtimer/TimedObjectInvokerImpl.java 2007-05-01 04:22:55 UTC (rev 62679)
+++ trunk/server/src/main/org/jboss/ejb/txtimer/TimedObjectInvokerImpl.java 2007-05-01 04:23:04 UTC (rev 62680)
@@ -29,9 +29,7 @@
import org.jboss.invocation.InvocationType;
import org.jboss.invocation.PayloadKey;
import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
+import org.jboss.security.RunAsIdentity;
import org.jboss.metadata.BeanMetaData;
import org.jboss.metadata.SecurityIdentityMetaData;
import org.jboss.metadata.AssemblyDescriptorMetaData;
@@ -87,8 +85,7 @@
{
Invocation inv = new Invocation(timedObjectId.getInstancePk(), method, new Object[]{timer}, null, null, null);
inv.setValue(InvocationKey.INVOKER_PROXY_BINDING, null, PayloadKey.AS_IS);
- inv.setType(InvocationType.LOCAL);
- this.establishSecurityContext(inv);
+ inv.setType(InvocationType.LOCAL);
BeanMetaData bmd = container.getBeanMetaData();
SecurityIdentityMetaData ejbTimeoutIdentity = bmd.getEjbTimeoutIdentity();
@@ -113,22 +110,5 @@
SecurityActions.popRunAsIdentity();
SecurityActions.setContextClassLoader(callerClassLoader);
}
- }
-
- private void establishSecurityContext(Invocation inv)
- {
- SecurityContext sc = SecurityActions.getSecurityContext();
- if( sc == null)
- {
- String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if(container != null)
- {
- if(container.getSecurityManager() != null)
- securityDomain = container.getSecurityManager().getSecurityDomain();
- }
- sc = SecurityActions.createSecurityContext(securityDomain);
- SecurityActions.setSecurityContext(sc);
- }
- inv.setSecurityContext(sc);
- }
+ }
}
More information about the jboss-cvs-commits
mailing list