[jboss-cvs] JBossAS SVN: r62927 - trunk/server/src/main/org/jboss/ejb/plugins.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue May 8 23:10:34 EDT 2007 

Author: anil.saldhana at jboss.com
Date: 2007-05-08 23:10:34 -0400 (Tue, 08 May 2007)
New Revision: 62927

Removed:
   trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java
Log:
remove interceptor

Deleted: trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java	2007-05-09 03:10:15 UTC (rev 62926)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java	2007-05-09 03:10:34 UTC (rev 62927)
@@ -1,167 +0,0 @@
-/*
-  * JBoss, Home of Professional Open Source
-  * Copyright 2005, JBoss Inc., and individual contributors as indicated
-  * by the @authors tag. See the copyright.txt in the distribution for a
-  * full listing of individual contributors.
-  *
-  * This is free software; you can redistribute it and/or modify it
-  * under the terms of the GNU Lesser General Public License as
-  * published by the Free Software Foundation; either version 2.1 of
-  * the License, or (at your option) any later version.
-  *
-  * This software is distributed in the hope that it will be useful,
-  * but WITHOUT ANY WARRANTY; without even the implied warranty of
-  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  * Lesser General Public License for more details.
-  *
-  * You should have received a copy of the GNU Lesser General Public
-  * License along with this software; if not, write to the Free
-  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  */
-package org.jboss.ejb.plugins;
-
-import java.lang.reflect.Method;
-import java.security.CodeSource;
-import java.util.HashMap;
- 
-import javax.security.auth.Subject;
-
-import org.jboss.ejb.Container;
-import org.jboss.invocation.Invocation; 
-import org.jboss.metadata.BeanMetaData;
-import org.jboss.mx.util.MBeanProxyExt;
-import org.jboss.mx.util.MBeanServerLocator;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.Util;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.EJBResource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.plugins.AuthorizationManagerServiceMBean;
-
-//$Id$
-
-/**
- *  Authorization Interceptor that makes use of the Authorization
- *  Framework for access control decisions
- *  @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- *  @since  Jul 6, 2006 
- *  @version $Revision$
- */
-public class SecurityAuthorizationInterceptor extends AbstractInterceptor
-{  
-   protected boolean trace = false;
-   protected String ejbName = null; 
-   protected CodeSource ejbCS = null;
-   protected AuthorizationManagerServiceMBean authorizationManagerService = null;
-   protected String appSecurityDomain = null; 
-   //Fallback Security Domain
-   protected String defaultAuthorizationSecurityDomain = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
-   
-   
-   public SecurityAuthorizationInterceptor()
-   { 
-      trace = log.isTraceEnabled();
-      authorizationManagerService = (AuthorizationManagerServiceMBean)
-         MBeanProxyExt.create(AuthorizationManagerServiceMBean.class,
-               AuthorizationManagerServiceMBean.OBJECT_NAME,
-               MBeanServerLocator.locateJBoss()); 
-   }
-
-   /**
-    * @see AbstractInterceptor#setContainer(Container)
-    */
-   public void setContainer(Container container)
-   {
-      super.setContainer(container);
-      if (container != null)
-      {
-         BeanMetaData beanMetaData = container.getBeanMetaData();
-         appSecurityDomain = container.getBeanMetaData().getApplicationMetaData().getSecurityDomain();
-         ejbName = beanMetaData.getEjbName();  
-         ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource();
-      }
-   } 
-
-   /**
-    * @see AbstractInterceptor#invokeHome(Invocation)
-    */
-   public Object invokeHome(Invocation mi) throws Exception
-   {
-      // Authorize the call
-      checkAuthorization(mi);
-      Object returnValue = getNext().invokeHome(mi);
-      return returnValue;
-   }
-
-   /**
-    * @see AbstractInterceptor#invoke(Invocation)
-    */
-   public Object invoke(Invocation mi) throws Exception
-   {
-      // Authorize the call
-      checkAuthorization(mi);
-      Object returnValue = getNext().invoke(mi);
-      return returnValue;
-   }
-
-   /** Authorize the caller's access to the method invocation
-    */
-   private void checkAuthorization(Invocation mi)
-      throws Exception
-   {
-      Method ejbMethod = mi.getMethod();
-      // Ignore internal container calls
-      if( ejbMethod== null  )
-         return; 
-      // Get the caller
-      Subject caller = SecurityActions.getContextSubject(); 
-      
-      AuthorizationManager authzManager = this.getAuthorizationManager();
-      final HashMap map =  new HashMap();
-      map.put(ResourceKeys.EJB_NAME ,this.ejbName);
-      map.put(ResourceKeys.EJB_METHOD,ejbMethod); 
-      map.put(ResourceKeys.EJB_PRINCIPAL, mi.getPrincipal());
-      map.put(ResourceKeys.EJB_METHODINTERFACE, mi.getType().toInterfaceString());
-      map.put(ResourceKeys.EJB_CODESOURCE, ejbCS);
-      map.put(ResourceKeys.CALLER_SUBJECT, caller);
-      map.put(ResourceKeys.AUTHORIZATION_MANAGER,authzManager); 
-      map.put(ResourceKeys.RUNASIDENTITY, SecurityActions.peekRunAsIdentity());
-      map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
-      EJBResource ejbResource = new EJBResource(map); 
-      boolean isAuthorized = false;
-      try
-      {
-         int check = authzManager.authorize(ejbResource);
-         isAuthorized = (check == AuthorizationContext.PERMIT);
-      } 
-      catch (Exception e)
-      {
-         isAuthorized = false;
-         if(trace)
-            log.trace("Error in authorization:",e);
-         else
-            log.error("Error in authorization:"+e.getLocalizedMessage());
-      }
-      String msg = "Denied: caller=" + caller;
-      if(!isAuthorized)
-         throw new SecurityException(msg); 
-   }
-   
-   /**
-    * Get the Authorization Manager for the security domain
-    * @see SecurityConstants#DEFAULT_EJB_APPLICATION_POLICY
-    * @return authorization manager
-    * @throws Exception
-    */
-   private AuthorizationManager getAuthorizationManager() throws Exception
-   { 
-      String tempSecurityDomain = appSecurityDomain != null ? Util.unprefixSecurityDomain(appSecurityDomain) :
-                                                       defaultAuthorizationSecurityDomain; 
-      AuthorizationManager am =  authorizationManagerService.getAuthorizationManager(tempSecurityDomain);
-      if(trace)
-         log.trace(am.toString());
-      return am;
-   }  
-}

More information about the jboss-cvs-commits mailing list