[jboss-cvs] JBossAS SVN: r62927 - trunk/server/src/main/org/jboss/ejb/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue May 8 23:10:34 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-05-08 23:10:34 -0400 (Tue, 08 May 2007)
New Revision: 62927
Removed:
trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java
Log:
remove interceptor
Deleted: trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java 2007-05-09 03:10:15 UTC (rev 62926)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityAuthorizationInterceptor.java 2007-05-09 03:10:34 UTC (rev 62927)
@@ -1,167 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb.plugins;
-
-import java.lang.reflect.Method;
-import java.security.CodeSource;
-import java.util.HashMap;
-
-import javax.security.auth.Subject;
-
-import org.jboss.ejb.Container;
-import org.jboss.invocation.Invocation;
-import org.jboss.metadata.BeanMetaData;
-import org.jboss.mx.util.MBeanProxyExt;
-import org.jboss.mx.util.MBeanServerLocator;
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.Util;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.EJBResource;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.plugins.AuthorizationManagerServiceMBean;
-
-//$Id$
-
-/**
- * Authorization Interceptor that makes use of the Authorization
- * Framework for access control decisions
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Jul 6, 2006
- * @version $Revision$
- */
-public class SecurityAuthorizationInterceptor extends AbstractInterceptor
-{
- protected boolean trace = false;
- protected String ejbName = null;
- protected CodeSource ejbCS = null;
- protected AuthorizationManagerServiceMBean authorizationManagerService = null;
- protected String appSecurityDomain = null;
- //Fallback Security Domain
- protected String defaultAuthorizationSecurityDomain = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
-
-
- public SecurityAuthorizationInterceptor()
- {
- trace = log.isTraceEnabled();
- authorizationManagerService = (AuthorizationManagerServiceMBean)
- MBeanProxyExt.create(AuthorizationManagerServiceMBean.class,
- AuthorizationManagerServiceMBean.OBJECT_NAME,
- MBeanServerLocator.locateJBoss());
- }
-
- /**
- * @see AbstractInterceptor#setContainer(Container)
- */
- public void setContainer(Container container)
- {
- super.setContainer(container);
- if (container != null)
- {
- BeanMetaData beanMetaData = container.getBeanMetaData();
- appSecurityDomain = container.getBeanMetaData().getApplicationMetaData().getSecurityDomain();
- ejbName = beanMetaData.getEjbName();
- ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource();
- }
- }
-
- /**
- * @see AbstractInterceptor#invokeHome(Invocation)
- */
- public Object invokeHome(Invocation mi) throws Exception
- {
- // Authorize the call
- checkAuthorization(mi);
- Object returnValue = getNext().invokeHome(mi);
- return returnValue;
- }
-
- /**
- * @see AbstractInterceptor#invoke(Invocation)
- */
- public Object invoke(Invocation mi) throws Exception
- {
- // Authorize the call
- checkAuthorization(mi);
- Object returnValue = getNext().invoke(mi);
- return returnValue;
- }
-
- /** Authorize the caller's access to the method invocation
- */
- private void checkAuthorization(Invocation mi)
- throws Exception
- {
- Method ejbMethod = mi.getMethod();
- // Ignore internal container calls
- if( ejbMethod== null )
- return;
- // Get the caller
- Subject caller = SecurityActions.getContextSubject();
-
- AuthorizationManager authzManager = this.getAuthorizationManager();
- final HashMap map = new HashMap();
- map.put(ResourceKeys.EJB_NAME ,this.ejbName);
- map.put(ResourceKeys.EJB_METHOD,ejbMethod);
- map.put(ResourceKeys.EJB_PRINCIPAL, mi.getPrincipal());
- map.put(ResourceKeys.EJB_METHODINTERFACE, mi.getType().toInterfaceString());
- map.put(ResourceKeys.EJB_CODESOURCE, ejbCS);
- map.put(ResourceKeys.CALLER_SUBJECT, caller);
- map.put(ResourceKeys.AUTHORIZATION_MANAGER,authzManager);
- map.put(ResourceKeys.RUNASIDENTITY, SecurityActions.peekRunAsIdentity());
- map.put(ResourceKeys.EJB_METHODROLES, container.getMethodPermissions(ejbMethod, mi.getType()));
- EJBResource ejbResource = new EJBResource(map);
- boolean isAuthorized = false;
- try
- {
- int check = authzManager.authorize(ejbResource);
- isAuthorized = (check == AuthorizationContext.PERMIT);
- }
- catch (Exception e)
- {
- isAuthorized = false;
- if(trace)
- log.trace("Error in authorization:",e);
- else
- log.error("Error in authorization:"+e.getLocalizedMessage());
- }
- String msg = "Denied: caller=" + caller;
- if(!isAuthorized)
- throw new SecurityException(msg);
- }
-
- /**
- * Get the Authorization Manager for the security domain
- * @see SecurityConstants#DEFAULT_EJB_APPLICATION_POLICY
- * @return authorization manager
- * @throws Exception
- */
- private AuthorizationManager getAuthorizationManager() throws Exception
- {
- String tempSecurityDomain = appSecurityDomain != null ? Util.unprefixSecurityDomain(appSecurityDomain) :
- defaultAuthorizationSecurityDomain;
- AuthorizationManager am = authorizationManagerService.getAuthorizationManager(tempSecurityDomain);
- if(trace)
- log.trace(am.toString());
- return am;
- }
-}
More information about the jboss-cvs-commits
mailing list