[jboss-cvs] JBossAS SVN: r67100 - trunk/ejb3/src/main/org/jboss/ejb3/security.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Nov 14 17:23:43 EST 2007


Author: anil.saldhana at jboss.com
Date: 2007-11-14 17:23:43 -0500 (Wed, 14 Nov 2007)
New Revision: 67100

Modified:
   trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
Log:
JBAS-3815: deployment level principal rolenames mapping

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-11-14 22:06:22 UTC (rev 67099)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-11-14 22:23:43 UTC (rev 67100)
@@ -171,14 +171,6 @@
       { 
          if(sc != null)
            SecurityActions.pushCallerRunAsIdentity(sc.getOutgoingRunAs());
-         
-         //Set a map of principal-roles that may be configured at deployment level
-         if(container.getAssemblyDescriptor() != null)
-         {
-            // FIXME:
-            log.fatal("FIXME: set the correct security roles");
-            //SecurityRolesAssociation.setSecurityRoles(container.getAssemblyDescriptor().getPrincipalVersusRolesMap());
-         }
          return invocation.invokeNext();  
       }
       finally
@@ -187,4 +179,4 @@
             SecurityActions.getSecurityContext().getUtil().setSecurityIdentity(si);
       }
    }  
-}
+}
\ No newline at end of file

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java	2007-11-14 22:06:22 UTC (rev 67099)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java	2007-11-14 22:23:43 UTC (rev 67100)
@@ -24,6 +24,7 @@
 import java.lang.reflect.Method;
 import java.security.CodeSource;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 import javax.annotation.security.DenyAll;
@@ -39,11 +40,13 @@
 import org.jboss.ejb3.Container;
 import org.jboss.ejb3.EJBContainer;
 import org.jboss.logging.Logger;
+import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
 import org.jboss.remoting.InvokerLocator;
 import org.jboss.security.AnybodyPrincipal;
 import org.jboss.security.NobodyPrincipal;
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
 import org.jboss.security.SimplePrincipal;
 import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
 
@@ -149,12 +152,18 @@
                throw new SecurityException(message);
             }
             
+            //Specify any Deployment Level Mapping of Principal - role names
+            JBossAssemblyDescriptorMetaData jmd = container.getAssemblyDescriptor();
+            if(jmd != null)
+            {
+               Map<String,Set<String>> principalRoleMap = jmd.getPrincipalVersusRolesMap();
+               SecurityRolesAssociation.setSecurityRoles(principalRoleMap);
+            }
             InvokerLocator locator = (InvokerLocator) invocation.getMetaData(InvokeRemoteInterceptor.REMOTING, 
                   InvokeRemoteInterceptor.INVOKER_LOCATOR);
 
-            String iface = (locator != null) ? "Remote" : "Local";
+            String iface = (locator != null) ? "Remote" : "Local"; 
             
-            
             RunAsIdentity callerRunAs = SecurityActions.peekRunAsIdentity();
             
             EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
@@ -183,4 +192,4 @@
    { 
       return getClass().getName();
    } 
-}
+}
\ No newline at end of file

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java	2007-11-14 22:06:22 UTC (rev 67099)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java	2007-11-14 22:23:43 UTC (rev 67100)
@@ -28,18 +28,14 @@
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
 
-import org.jboss.annotation.security.RunAsPrincipal;
 import org.jboss.annotation.security.SecurityDomain;
 import org.jboss.aop.Advisor;
 import org.jboss.aop.advice.AspectFactory;
 import org.jboss.aop.advice.Interceptor;
 import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.metamodel.AssemblyDescriptor;
 import org.jboss.ejb3.tx.NullInterceptor;
 import org.jboss.logging.Logger;
 import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
-import org.jboss.metadata.javaee.spec.SecurityRoleMetaData;
-import org.jboss.metadata.javaee.spec.SecurityRolesMetaData;
 import org.jboss.security.AuthenticationManager;
 import org.jboss.security.RealmMapping;
 import org.jboss.security.RunAsIdentity;
@@ -62,11 +58,7 @@
       if (runAs == null)
          return null;
       
-      RunAsPrincipal rap = (RunAsPrincipal) container.resolveAnnotation(RunAsPrincipal.class);
-      String runAsPrincipal = null;
-      if (rap != null) 
-         runAsPrincipal = rap.value();
-      
+      String runAsPrincipal = runAs.value(); 
       Set<String> extraRoles = new HashSet<String>();
       
       JBossAssemblyDescriptorMetaData ad = container.getAssemblyDescriptor();
@@ -116,4 +108,3 @@
       return interceptor;
    }  
 }
-




More information about the jboss-cvs-commits mailing list