[jboss-cvs] JBossAS SVN: r67471 - projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Nov 26 20:39:35 EST 2007
Author: anil.saldhana at jboss.com
Date: 2007-11-26 20:39:35 -0500 (Mon, 26 Nov 2007)
New Revision: 67471
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
Log:
SECURITY-94: EJBResource has methods rather than contextmap
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java 2007-11-27 01:39:35 UTC (rev 67471)
@@ -46,6 +46,7 @@
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
//$Id$
@@ -79,24 +80,36 @@
*/
public int authorize(Resource resource)
{
- //Get the contextual map
- Map map = resource.getMap();
+ if(resource instanceof EJBResource == false)
+ throw new IllegalArgumentException("resource is not an EJBResource");
+
+ EJBResource ejbResource = (EJBResource) resource;
+
+ //Get the context map
+ Map<String,Object> map = resource.getMap();
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
- if(map.size() == 0)
- throw new IllegalStateException("Map from the Resource is size zero");
AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
if(am == null)
throw new IllegalStateException("Authorization Manager is null");
if(am instanceof PolicyRegistration)
this.policyRegistration = (PolicyRegistration) am;
+
//Populate local variables from the resource
- this.callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
+ /*this.callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
this.ejbCS = (CodeSource)map.get(ResourceKeys.EJB_CODESOURCE);
this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
- this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);
+ this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);*/
+
+
+ this.callerSubject = ejbResource.getCallerSubject();
+ this.ejbCS = ejbResource.getCodeSource();
+ this.ejbMethod = ejbResource.getEjbMethod();
+ this.ejbName = ejbResource.getEjbName();
+ this.methodInterface = ejbResource.getEjbMethodInterface();
+
this.roleName = (String)map.get(ResourceKeys.ROLENAME);
//Get the Security Context Roles
if(am != null)
@@ -158,10 +171,10 @@
log.trace("Roles used for checking from the context:" + securityContextRoles);
if(securityContextRoles != null )
{
- Set principalsSet = new HashSet();
- Enumeration en = securityContextRoles.members();
+ Set<Principal> principalsSet = new HashSet<Principal>();
+ Enumeration<? extends Principal> en = securityContextRoles.members();
while(en.hasMoreElements())
- principalsSet.add((Principal)en.nextElement());
+ principalsSet.add(en.nextElement());
principals = new Principal[principalsSet.size()];
principalsSet.toArray(principals);
}
@@ -184,4 +197,4 @@
}
return gp;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java 2007-11-27 01:39:35 UTC (rev 67471)
@@ -39,6 +39,7 @@
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
//$Id$
@@ -55,12 +56,12 @@
private String ejbName = null;
private Method ejbMethod = null;
private Principal ejbPrincipal = null;
- private Set methodRoles = null;
+ private Set<Principal> methodRoles = null;
private String methodInterface = null;
private RunAsIdentity callerRunAsIdentity = null;
private String roleName = null;
private Boolean roleRefCheck = Boolean.FALSE;
- private Set securityRoleReferences = null;
+ private Set<SecurityRoleRef> securityRoleReferences = null;
public EJBPolicyModuleDelegate()
{
@@ -73,29 +74,41 @@
*/
public int authorize(Resource resource)
{
- //Get the contextual map
- Map map = resource.getMap();
+ if(resource instanceof EJBResource == false)
+ throw new IllegalArgumentException("resource is not an EJBResource");
+
+ EJBResource ejbResource = (EJBResource) resource;
+
+ //Get the context map
+ Map<String,Object> map = resource.getMap();
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
-
- if(map.size() == 0)
- throw new IllegalStateException("Map from the Resource is size zero");
+
AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
if(am == null)
throw new IllegalStateException("Authorization Manager is null");
if(am instanceof PolicyRegistration)
this.policyRegistration = (PolicyRegistration) am;
//Populate local variables from the resource
- this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
+ /*this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
this.ejbPrincipal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);
this.methodRoles = (Set)map.get(ResourceKeys.EJB_METHODROLES);
this.callerRunAsIdentity = (RunAsIdentity)map.get(ResourceKeys.RUNASIDENTITY);
+ this.securityRoleReferences = (Set)map.get(ResourceKeys.SECURITY_ROLE_REFERENCES);
+ */
this.roleName = (String)map.get(ResourceKeys.ROLENAME);
- this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
- this.securityRoleReferences = (Set)map.get(ResourceKeys.SECURITY_ROLE_REFERENCES);
+ this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
+ this.callerRunAsIdentity = ejbResource.getCallerRunAsIdentity();
+ this.ejbMethod = ejbResource.getEjbMethod();
+ this.ejbName = ejbResource.getEjbName();
+ this.ejbPrincipal = ejbResource.getPrincipal();
+ this.methodInterface = ejbResource.getEjbMethodInterface();
+ this.methodRoles = ejbResource.getMethodRoles();
+ this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
+
if(this.roleRefCheck == Boolean.TRUE)
return checkRoleRef();
else
@@ -110,12 +123,14 @@
* @return
*/
private int process()
- {
+ {
boolean allowed = true;
//Get the method permissions
if (methodRoles == null)
{
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
String method = this.ejbMethod.getName();
String msg = "No method permissions assigned to method=" + method
+ ", interface=" + methodInterface;
@@ -140,7 +155,10 @@
// Now actually check if the current caller has one of the required method roles
if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
{
- Set userRoles = am.getUserRoles(ejbPrincipal);
+ if(this.ejbMethod == null)
+ throw new IllegalStateException("ejbMethod is null");
+
+ Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
String method = this.ejbMethod.getName();
String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ ", ejbName=" + this.ejbName
@@ -193,10 +211,10 @@
// which will throw an exception in case no matching
// security ref is found.
boolean matchFound = false;
- Iterator it = this.securityRoleReferences.iterator();
+ Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
while ( it.hasNext())
{
- SecurityRoleRef meta = (SecurityRoleRef) it.next();
+ SecurityRoleRef meta = it.next();
if (meta.getName().equals(roleName))
{
roleName = meta.getLink();
@@ -209,7 +227,7 @@
log.trace("no match found for security role " + roleName +
" in the deployment descriptor for ejb " + this.ejbName);
- HashSet set = new HashSet();
+ HashSet<Principal> set = new HashSet<Principal>();
set.add(new SimplePrincipal(roleName));
boolean allowed = false;
@@ -220,4 +238,4 @@
return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java 2007-11-27 01:39:35 UTC (rev 67471)
@@ -33,6 +33,7 @@
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
import org.jboss.security.authorization.sunxacml.JBossXACMLUtil;
import com.sun.xacml.Policy;
@@ -64,22 +65,30 @@
*/
public int authorize(Resource resource)
{
- //Get the contextual map
- Map map = resource.getMap();
+ if(resource instanceof EJBResource == false)
+ throw new IllegalArgumentException("resource is not an EJBResource");
+
+ EJBResource ejbResource = (EJBResource) resource;
+
+ //Get the context map
+ Map<String,Object> map = resource.getMap();
if(map == null)
throw new IllegalStateException("Map from the Resource is null");
-
- if(map.size() == 0)
- throw new IllegalStateException("Map from the Resource is size zero");
+
AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
if(am == null)
throw new IllegalStateException("Authorization Manager is null");
if(am instanceof PolicyRegistration)
this.policyRegistration = (PolicyRegistration) am;
//Populate local variables from the resource
- this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
+ /*this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD);
- this.principal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
+ this.principal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);*/
+
+ this.ejbName = ejbResource.getEjbName();
+ this.ejbMethod = ejbResource.getEjbMethod();
+ this.principal = ejbResource.getPrincipal();
+
Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK));
if(roleRefCheck)
throw new IllegalStateException("SECURIY-50:Role Ref checks not implemented");
@@ -135,4 +144,4 @@
return Boolean.FALSE;
return bool;
}
-}
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java 2007-11-27 01:39:35 UTC (rev 67471)
@@ -113,15 +113,15 @@
return requestCtx;
}
- private Set getXACMLRoleSet(Set<Principal> roles) throws Exception
+ private Set<Attribute> getXACMLRoleSet(Set<Principal> roles) throws Exception
{
URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
- Set roleset = new HashSet();
+ Set<Attribute> roleset = new HashSet<Attribute>();
Iterator<Principal> iter = roles != null ? roles.iterator(): null;
while(iter != null && iter.hasNext())
{
- Principal role = (Principal)iter.next();
+ Principal role = iter.next();
Attribute roleAttr = new Attribute(roleURI,null,null,
new StringAttribute(role.getName()));
roleset.add(roleAttr);
More information about the jboss-cvs-commits
mailing list