[jboss-cvs] JBossAS SVN: r67100 - trunk/ejb3/src/main/org/jboss/ejb3/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Nov 14 17:23:43 EST 2007
Author: anil.saldhana at jboss.com
Date: 2007-11-14 17:23:43 -0500 (Wed, 14 Nov 2007)
New Revision: 67100
Modified:
trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
Log:
JBAS-3815: deployment level principal rolenames mapping
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2007-11-14 22:06:22 UTC (rev 67099)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2007-11-14 22:23:43 UTC (rev 67100)
@@ -171,14 +171,6 @@
{
if(sc != null)
SecurityActions.pushCallerRunAsIdentity(sc.getOutgoingRunAs());
-
- //Set a map of principal-roles that may be configured at deployment level
- if(container.getAssemblyDescriptor() != null)
- {
- // FIXME:
- log.fatal("FIXME: set the correct security roles");
- //SecurityRolesAssociation.setSecurityRoles(container.getAssemblyDescriptor().getPrincipalVersusRolesMap());
- }
return invocation.invokeNext();
}
finally
@@ -187,4 +179,4 @@
SecurityActions.getSecurityContext().getUtil().setSecurityIdentity(si);
}
}
-}
+}
\ No newline at end of file
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2007-11-14 22:06:22 UTC (rev 67099)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2007-11-14 22:23:43 UTC (rev 67100)
@@ -24,6 +24,7 @@
import java.lang.reflect.Method;
import java.security.CodeSource;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
import javax.annotation.security.DenyAll;
@@ -39,11 +40,13 @@
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.logging.Logger;
+import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
import org.jboss.remoting.InvokerLocator;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
@@ -149,12 +152,18 @@
throw new SecurityException(message);
}
+ //Specify any Deployment Level Mapping of Principal - role names
+ JBossAssemblyDescriptorMetaData jmd = container.getAssemblyDescriptor();
+ if(jmd != null)
+ {
+ Map<String,Set<String>> principalRoleMap = jmd.getPrincipalVersusRolesMap();
+ SecurityRolesAssociation.setSecurityRoles(principalRoleMap);
+ }
InvokerLocator locator = (InvokerLocator) invocation.getMetaData(InvokeRemoteInterceptor.REMOTING,
InvokeRemoteInterceptor.INVOKER_LOCATOR);
- String iface = (locator != null) ? "Remote" : "Local";
+ String iface = (locator != null) ? "Remote" : "Local";
-
RunAsIdentity callerRunAs = SecurityActions.peekRunAsIdentity();
EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
@@ -183,4 +192,4 @@
{
return getClass().getName();
}
-}
+}
\ No newline at end of file
Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2007-11-14 22:06:22 UTC (rev 67099)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2007-11-14 22:23:43 UTC (rev 67100)
@@ -28,18 +28,14 @@
import javax.naming.InitialContext;
import javax.naming.NamingException;
-import org.jboss.annotation.security.RunAsPrincipal;
import org.jboss.annotation.security.SecurityDomain;
import org.jboss.aop.Advisor;
import org.jboss.aop.advice.AspectFactory;
import org.jboss.aop.advice.Interceptor;
import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.metamodel.AssemblyDescriptor;
import org.jboss.ejb3.tx.NullInterceptor;
import org.jboss.logging.Logger;
import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
-import org.jboss.metadata.javaee.spec.SecurityRoleMetaData;
-import org.jboss.metadata.javaee.spec.SecurityRolesMetaData;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAsIdentity;
@@ -62,11 +58,7 @@
if (runAs == null)
return null;
- RunAsPrincipal rap = (RunAsPrincipal) container.resolveAnnotation(RunAsPrincipal.class);
- String runAsPrincipal = null;
- if (rap != null)
- runAsPrincipal = rap.value();
-
+ String runAsPrincipal = runAs.value();
Set<String> extraRoles = new HashSet<String>();
JBossAssemblyDescriptorMetaData ad = container.getAssemblyDescriptor();
@@ -116,4 +108,3 @@
return interceptor;
}
}
-
More information about the jboss-cvs-commits
mailing list