[jboss-cvs] JBossAS SVN: r67471 - projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Nov 26 20:39:35 EST 2007


Author: anil.saldhana at jboss.com
Date: 2007-11-26 20:39:35 -0500 (Mon, 26 Nov 2007)
New Revision: 67471

Modified:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
Log:
SECURITY-94: EJBResource has methods rather than contextmap

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java	2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.java	2007-11-27 01:39:35 UTC (rev 67471)
@@ -46,6 +46,7 @@
 import org.jboss.security.authorization.Resource;
 import org.jboss.security.authorization.ResourceKeys;
 import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
  
 
 //$Id$
@@ -79,24 +80,36 @@
     */
    public int authorize(Resource resource)
    {
-      //Get the contextual map
-      Map map = resource.getMap();
+      if(resource instanceof EJBResource == false)
+         throw new IllegalArgumentException("resource is not an EJBResource");
+      
+      EJBResource ejbResource = (EJBResource) resource;
+      
+      //Get the context map
+      Map<String,Object> map = resource.getMap();
       if(map == null)
          throw new IllegalStateException("Map from the Resource is null");
     
-      if(map.size() == 0)
-         throw new IllegalStateException("Map from the Resource is size zero"); 
       AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
       if(am == null)
          throw new IllegalStateException("Authorization Manager is null");
       if(am instanceof PolicyRegistration)
          this.policyRegistration = (PolicyRegistration) am; 
+      
       //Populate local variables from the resource
-      this.callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
+      /*this.callerSubject = (Subject)map.get(ResourceKeys.CALLER_SUBJECT);
       this.ejbCS = (CodeSource)map.get(ResourceKeys.EJB_CODESOURCE);
       this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD); 
       this.ejbName = (String)map.get(ResourceKeys.EJB_NAME); 
-      this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);
+      this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);*/
+      
+      
+      this.callerSubject = ejbResource.getCallerSubject();
+      this.ejbCS = ejbResource.getCodeSource();
+      this.ejbMethod = ejbResource.getEjbMethod();
+      this.ejbName = ejbResource.getEjbName();
+      this.methodInterface = ejbResource.getEjbMethodInterface();
+      
       this.roleName = (String)map.get(ResourceKeys.ROLENAME);
       //Get the Security Context Roles 
       if(am != null)
@@ -158,10 +171,10 @@
          log.trace("Roles used for checking from the context:" + securityContextRoles);
       if(securityContextRoles != null )
       {
-         Set principalsSet = new HashSet();
-         Enumeration en = securityContextRoles.members();
+         Set<Principal> principalsSet = new HashSet<Principal>();
+         Enumeration<? extends Principal> en = securityContextRoles.members();
          while(en.hasMoreElements()) 
-            principalsSet.add((Principal)en.nextElement());
+            principalsSet.add(en.nextElement());
          principals = new Principal[principalsSet.size()];
          principalsSet.toArray(principals); 
       }
@@ -184,4 +197,4 @@
       } 
       return gp;
    }
-}
+}
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java	2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java	2007-11-27 01:39:35 UTC (rev 67471)
@@ -39,6 +39,7 @@
 import org.jboss.security.authorization.Resource;
 import org.jboss.security.authorization.ResourceKeys;
 import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
  
 
 //$Id$
@@ -55,12 +56,12 @@
    private String ejbName = null;
    private Method ejbMethod = null; 
    private Principal ejbPrincipal = null;
-   private Set methodRoles = null; 
+   private Set<Principal> methodRoles = null; 
    private String methodInterface = null; 
    private RunAsIdentity callerRunAsIdentity = null;
    private String roleName = null; 
    private Boolean roleRefCheck = Boolean.FALSE;
-   private Set securityRoleReferences = null;
+   private Set<SecurityRoleRef> securityRoleReferences = null;
    
    public EJBPolicyModuleDelegate()
    {
@@ -73,29 +74,41 @@
     */
    public int authorize(Resource resource)
    {
-      //Get the contextual map
-      Map map = resource.getMap();
+      if(resource instanceof EJBResource == false)
+         throw new IllegalArgumentException("resource is not an EJBResource");
+      
+      EJBResource ejbResource = (EJBResource) resource;
+      
+      //Get the context map
+      Map<String,Object> map = resource.getMap();
       if(map == null)
          throw new IllegalStateException("Map from the Resource is null");
-    
-      if(map.size() == 0)
-         throw new IllegalStateException("Map from the Resource is size zero");
+
       AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
       if(am == null)
          throw new IllegalStateException("Authorization Manager is null");
       if(am instanceof PolicyRegistration)
          this.policyRegistration = (PolicyRegistration) am; 
       //Populate local variables from the resource 
-      this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD); 
+      /*this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD); 
       this.ejbName = (String)map.get(ResourceKeys.EJB_NAME); 
       this.ejbPrincipal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
       this.methodInterface = (String)map.get(ResourceKeys.EJB_METHODINTERFACE);
       this.methodRoles = (Set)map.get(ResourceKeys.EJB_METHODROLES);
       this.callerRunAsIdentity = (RunAsIdentity)map.get(ResourceKeys.RUNASIDENTITY);
+      this.securityRoleReferences = (Set)map.get(ResourceKeys.SECURITY_ROLE_REFERENCES);
+      */
       this.roleName = (String)map.get(ResourceKeys.ROLENAME);
-      this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK);
-      this.securityRoleReferences = (Set)map.get(ResourceKeys.SECURITY_ROLE_REFERENCES);
+      this.roleRefCheck = (Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK); 
       
+      this.callerRunAsIdentity = ejbResource.getCallerRunAsIdentity();
+      this.ejbMethod = ejbResource.getEjbMethod();
+      this.ejbName = ejbResource.getEjbName();
+      this.ejbPrincipal = ejbResource.getPrincipal();
+      this.methodInterface = ejbResource.getEjbMethodInterface();
+      this.methodRoles = ejbResource.getMethodRoles();
+      this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
+      
       if(this.roleRefCheck == Boolean.TRUE)
          return checkRoleRef();
       else
@@ -110,12 +123,14 @@
     * @return
     */
    private int process() 
-   {  
+   {             
       boolean allowed = true;
       
       //Get the method permissions  
       if (methodRoles == null)
       {
+         if(this.ejbMethod == null)
+            throw new IllegalStateException("ejbMethod is null");
          String method = this.ejbMethod.getName();
          String msg = "No method permissions assigned to method=" + method
             + ", interface=" + methodInterface;
@@ -140,7 +155,10 @@
             // Now actually check if the current caller has one of the required method roles
             if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
             {
-               Set userRoles = am.getUserRoles(ejbPrincipal);
+               if(this.ejbMethod == null)
+                  throw new IllegalStateException("ejbMethod is null");
+               
+               Set<Principal> userRoles = am.getUserRoles(ejbPrincipal);
                String method = this.ejbMethod.getName(); 
                String msg = "Insufficient method permissions, principal=" + ejbPrincipal
                   + ", ejbName=" + this.ejbName
@@ -193,10 +211,10 @@
       //             which will throw an exception in case no matching
       //             security ref is found. 
       boolean matchFound = false;
-      Iterator it = this.securityRoleReferences.iterator();
+      Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
       while ( it.hasNext())
       {
-         SecurityRoleRef meta = (SecurityRoleRef) it.next();
+         SecurityRoleRef meta = it.next();
          if (meta.getName().equals(roleName))
          {
             roleName = meta.getLink();
@@ -209,7 +227,7 @@
          log.trace("no match found for security role " + roleName +
          " in the deployment descriptor for ejb " + this.ejbName);
 
-      HashSet set = new HashSet();
+      HashSet<Principal> set = new HashSet<Principal>();
       set.add(new SimplePrincipal(roleName));
 
       boolean allowed = false;
@@ -220,4 +238,4 @@
       
       return allowed ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
    }
-}
+}
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java	2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.java	2007-11-27 01:39:35 UTC (rev 67471)
@@ -33,6 +33,7 @@
 import org.jboss.security.authorization.Resource; 
 import org.jboss.security.authorization.ResourceKeys;
 import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.EJBResource;
 import org.jboss.security.authorization.sunxacml.JBossXACMLUtil; 
 
 import com.sun.xacml.Policy;
@@ -64,22 +65,30 @@
     */
    public int authorize(Resource resource)
    {
-      //Get the contextual map
-      Map map = resource.getMap();
+      if(resource instanceof EJBResource == false)
+         throw new IllegalArgumentException("resource is not an EJBResource");
+      
+      EJBResource ejbResource = (EJBResource) resource;
+      
+      //Get the context map
+      Map<String,Object> map = resource.getMap();
       if(map == null)
          throw new IllegalStateException("Map from the Resource is null");
-    
-      if(map.size() == 0)
-         throw new IllegalStateException("Map from the Resource is size zero");
+     
       AuthorizationManager am = (AuthorizationManager) map.get("authorizationManager");
       if(am == null)
          throw new IllegalStateException("Authorization Manager is null");
       if(am instanceof PolicyRegistration)
          this.policyRegistration = (PolicyRegistration) am; 
       //Populate local variables from the resource
-      this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
+      /*this.ejbName = (String)map.get(ResourceKeys.EJB_NAME);
       this.ejbMethod = (Method)map.get(ResourceKeys.EJB_METHOD); 
-      this.principal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);
+      this.principal = (Principal)map.get(ResourceKeys.EJB_PRINCIPAL);*/
+      
+      this.ejbName = ejbResource.getEjbName();
+      this.ejbMethod = ejbResource.getEjbMethod();
+      this.principal = ejbResource.getPrincipal();
+      
       Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK)); 
       if(roleRefCheck)
          throw new IllegalStateException("SECURIY-50:Role Ref checks not implemented");
@@ -135,4 +144,4 @@
          return Boolean.FALSE;
       return bool;
    } 
-}
+}
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java	2007-11-27 01:37:21 UTC (rev 67470)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.java	2007-11-27 01:39:35 UTC (rev 67471)
@@ -113,15 +113,15 @@
       return requestCtx;
    } 
    
-   private Set getXACMLRoleSet(Set<Principal> roles) throws Exception
+   private Set<Attribute> getXACMLRoleSet(Set<Principal> roles) throws Exception
    {
       URI roleURI = new URI(XACMLConstants.SUBJECT_ROLE_IDENTIFIER);
    
-      Set roleset = new HashSet();
+      Set<Attribute> roleset = new HashSet<Attribute>();
       Iterator<Principal> iter = roles != null ? roles.iterator(): null;
       while(iter != null && iter.hasNext())
       {
-         Principal role = (Principal)iter.next();
+         Principal role = iter.next();
          Attribute roleAttr = new Attribute(roleURI,null,null,
                new StringAttribute(role.getName()));
            roleset.add(roleAttr);  




More information about the jboss-cvs-commits mailing list