[jboss-cvs] JBossAS SVN: r65383 - in trunk: build and 16 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Sep 13 18:03:02 EDT 2007


Author: anil.saldhana at jboss.com
Date: 2007-09-13 18:03:02 -0400 (Thu, 13 Sep 2007)
New Revision: 65383

Added:
   trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
   trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java
   trunk/security/src/main/org/jboss/security/integration/SecurityActions.java
   trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java
Modified:
   trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
   trunk/build/build-thirdparty.xml
   trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
   trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java
   trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java
   trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
   trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java
   trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java
   trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
   trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java
   trunk/server/src/etc/deployers/ejb-deployer-beans.xml
   trunk/server/src/etc/deployers/security-deployer-beans.xml
   trunk/server/src/main/org/jboss/ejb/Container.java
   trunk/server/src/main/org/jboss/ejb/EjbModule.java
   trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java
   trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
   trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
   trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java
   trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java
   trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java
   trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java
   trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java
   trunk/server/src/main/org/jboss/proxy/SecurityActions.java
   trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java
   trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java
   trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
Log:
JBAS-4721: Usage of SecurityContextFactory and SecurityContext plus injection of SecurityManagement into ejb/web deployers

Modified: trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java
===================================================================
--- trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/aspects/src/main/org/jboss/aspects/security/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -36,8 +36,8 @@
 import org.jboss.security.SecurityAssociation;
 import org.jboss.security.RunAsIdentity; 
 import org.jboss.security.SecurityContext;  
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
 
 /** A collection of privileged actions for this package
  * @author Scott.Stark at jboss.org
@@ -655,12 +655,12 @@
       AccessController.doPrivileged(action);
    }
    
-   static SecurityContext createSecurityContext()
+   static SecurityContext createSecurityContext() throws PrivilegedActionException
    {
-      return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction()
+      return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
       {
 
-         public Object run()
+         public Object run() throws Exception
          { 
             return SecurityContextFactory.createSecurityContext("CLIENT");
          }
@@ -680,7 +680,7 @@
    }
    
    static void establishSecurityContext(String domain, Principal p, Object cred,
-         Subject subject)
+         Subject subject) throws Exception
    { 
       SecurityContext sc = SecurityContextFactory.createSecurityContext(p, 
             cred, subject, domain); 

Modified: trunk/build/build-thirdparty.xml
===================================================================
--- trunk/build/build-thirdparty.xml	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/build/build-thirdparty.xml	2007-09-13 22:03:02 UTC (rev 65383)
@@ -84,18 +84,18 @@
     <componentref name="jaxen" version="1.1-brew"/>
     <componentref name="jboss/aop" version="2.0.0.beta1"/>
     <componentref name="jboss/cache" version="2.0.0.GA"/>
-    <componentref name="jboss/common-core" version="2.2.1.GA"/>
+    <componentref name="jboss/common-core" version="2.2.2.snapshot"/>
     <componentref name="jboss/common-logging-jdk" version="2.0.2.GA"/>
     <componentref name="jboss/common-logging-log4j" version="2.0.2.GA"/>
     <componentref name="jboss/common-logging-spi" version="2.0.2.GA"/>
     <componentref name="jboss/integration" version="5.0.0.Beta3"/>
     <componentref name="jboss/jaxr" version="1.2.0.GA"/>
     <componentref name="jboss/jboss-ejb3-cache" version="0.11-SNAPSHOT"/>
-    <componentref name="jboss/jboss-jaspi-api" version="1.0-SNAPSHOT"/>
+    <componentref name="jboss/jboss-jaspi-api" version="1.0-BETA1"/>
     <componentref name="jboss/jboss-javaee" version="5.0.0.Beta3"/>
-    <componentref name="jboss/jboss-security-spi" version="2.0.1-SNAPSHOT"/>
-    <componentref name="jboss/jbosssx" version="2.0.1-SNAPSHOT"/>
-    <componentref name="jboss/jbosssx-client" version="2.0.1-SNAPSHOT"/>    
+    <componentref name="jboss/jboss-security-spi" version="2.0.1-BETA1"/>
+    <componentref name="jboss/jbosssx" version="2.0.1-BETA1"/>
+    <componentref name="jboss/jbosssx-client" version="2.0.1-BETA1"/>    
     <componentref name="jboss/jbossts" version="4.2.3.SP5"/>
     <componentref name="jboss/jboss-vfs" version="2.0.0.Beta4"/>
     <componentref name="jboss/jbossws-jboss50" version="2.0.1.GA"/>    

Modified: trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,12 +23,16 @@
 
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
 import javax.security.auth.Subject;
 import javax.security.jacc.PolicyContext;
 
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityAssociation;
 import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
 
 /**
@@ -310,4 +314,14 @@
 
       void setContextClassLoader(Thread thread, ClassLoader cl);
    }
+   
+   public static SecurityContext createSecurityContext(final String securityDomain) throws PrivilegedActionException
+   {
+      return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
+      { 
+         public Object run() throws Exception
+         {
+            return SecurityContextFactory.createSecurityContext(securityDomain);
+         }});
+   }
 }

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -39,8 +39,7 @@
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SecurityRolesAssociation;
 import org.jboss.security.SimplePrincipal;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.security.plugins.SecurityContextAssociation; 
 
 /**
  * Authentication Interceptor
@@ -81,7 +80,7 @@
                Principal principal = (Principal)invocation.getMetaData("security", "principal");
                Subject subject = new Subject();
                String securityDomain = manager.getSecurityDomain();
-               SecurityContext sc = SecurityContextFactory.createSecurityContext(principal, null, subject, securityDomain);
+               SecurityContext sc = SecurityActions.createSecurityContext(principal, null, subject, securityDomain);
                SecurityContextAssociation.setSecurityContext(sc);
             }
          }

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -39,6 +39,7 @@
 import org.jboss.security.SecurityRolesAssociation;
 import org.jboss.security.SecurityUtil;
 import org.jboss.security.SimplePrincipal;
+import org.jboss.security.integration.JNDIBasedSecurityManagement;
 import org.jboss.security.integration.ejb.EJBAuthenticationHelper;
 
 //$Id$
@@ -113,6 +114,10 @@
                String unprefixed = SecurityUtil.unprefixSecurityDomain(domain.value());
                sc = SecurityActions.createSecurityContext(p, 
                      cred, null, unprefixed); 
+               
+               //TODO: Need to get the SecurityManagement instance
+               sc.setSecurityManagement(new JNDIBasedSecurityManagement());
+               
                //Set the security context
                SecurityActions.setSecurityContext(sc);
                sc.getUtil().setSecurityIdentity(invSC.getUtil().getSecurityIdentity());

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -30,8 +30,7 @@
 import org.jboss.logging.Logger;
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityContext;
-import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.security.plugins.SecurityContextAssociation; 
 
 /**
  * An interceptor that enforces the run-as identity declared by a bean.
@@ -105,7 +104,7 @@
          SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
          if(domain != null)
          {
-            sc = SecurityContextFactory.createSecurityContext(domain.value());
+            sc = SecurityActions.createSecurityContext(domain.value());
             SecurityContextAssociation.setSecurityContext(sc);
          }  
       }

Modified: trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java
===================================================================
--- trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/ejb3/src/main/org/jboss/ejb3/security/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -35,8 +35,8 @@
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityAssociation;
 import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
 
 
 /**
@@ -254,22 +254,23 @@
          }});
    }
    
-   static SecurityContext createSecurityContext(final String domainName)
+   static SecurityContext createSecurityContext(final String domainName) throws PrivilegedActionException
    {
-      return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction(){
+      return (SecurityContext)AccessController.doPrivileged(new PrivilegedExceptionAction(){
 
-         public Object run()
-         { 
-            return SecurityContextFactory.createSecurityContext(domainName);
-         }});
+      public Object run() throws Exception
+      { 
+        return SecurityContextFactory.createSecurityContext(domainName);
+      }
+     });
    }
    
    static SecurityContext createSecurityContext(final Principal p, final Object cred,
-         final Subject s, final String domainName)
+         final Subject s, final String domainName) throws PrivilegedActionException
    {
-      return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction(){
-
-         public Object run()
+      return (SecurityContext)AccessController.doPrivileged(new PrivilegedExceptionAction()
+      {
+         public Object run() throws Exception
          { 
             return SecurityContextFactory.createSecurityContext(p, cred,s,domainName);
          }});

Added: trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java	                        (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,260 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.security.integration;
+
+import java.lang.reflect.Constructor;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
+import org.jboss.security.plugins.SecurityDomainContext;
+import org.jboss.util.CachePolicy;
+import org.jboss.util.TimedCachePolicy;
+
+//$Id$
+
+/**
+ *  JNDI Based Security Management
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Sep 9, 2007 
+ *  @version $Revision$
+ */
+public class JNDIBasedSecurityManagement implements ISecurityManagement
+{
+   protected static Logger log = Logger.getLogger(JNDIBasedSecurityManagement.class);
+   
+   protected String BASE_CTX = SecurityConstants.JAAS_CONTEXT_ROOT; 
+   
+   protected String authenticationMgrClass = "org.jboss.security.plugins.JaasSecurityManager";
+   
+   protected String authorizationMgrClass = "org.jboss.security.plugins.JBossAuthorizationManager";
+   
+   protected String auditMgrClass = "org.jboss.security.plugins.audit.JBossAuditManager";
+   
+   protected String identityTrustMgrClass = "org.jboss.security.plugins.identitytrust.JBossIdentityTrustManager";
+   
+   protected String mappingMgrClass = "org.jboss.security.plugins.mapping.JBossMappingManager";
+   
+   protected CallbackHandler callBackHandler = new SecurityAssociationHandler();
+   
+   protected String cachePolicyName = TimedCachePolicy.class.getName();
+   
+   protected SecurityDomainContext securityDomainContext = null;
+   
+   public JNDIBasedSecurityManagement()
+   {
+   } 
+   
+   public AuditManager getAuditManager(String securityDomain)
+   {
+      AuditManager auditManager = null;
+      try
+      { 
+         auditManager = (AuditManager) lookUpJNDI(securityDomain + "/auditMgr");  
+      }
+      catch(Exception e)
+      {
+         log.trace("Exception in getting audit mgr", e); 
+      }
+      return auditManager;
+   }
+
+   public AuthenticationManager getAuthenticationManager(String securityDomain)
+   {
+      AuthenticationManager am = null;
+      try
+      {
+         am = (AuthenticationManager) lookUpJNDI(securityDomain + "/authenticationMgr");
+      }
+      catch(Exception e)
+      {
+         log.trace("Exception in getting authentication mgr", e);
+      }
+      return am;
+   }
+
+   public AuthorizationManager getAuthorizationManager(String securityDomain)
+   {
+      AuthorizationManager am = null;
+      try
+      {
+         am = (AuthorizationManager) lookUpJNDI(securityDomain + "/authorizationMgr");
+      }
+      catch(Exception e)
+      {
+         log.trace("Exception in getting authorization mgr", e);
+      }
+      return am;
+   }
+
+   public IdentityTrustManager getIdentityTrustManager(String securityDomain)
+   {
+      IdentityTrustManager am = null;
+      try
+      {
+         am = (IdentityTrustManager) lookUpJNDI(securityDomain + "/identityTrustMgr");
+      }
+      catch(Exception e)
+      {
+         log.trace("Exception in getting IdentityTrustManager", e);
+      }
+      return am;
+   }
+
+   public MappingManager getMappingManager(String securityDomain)
+   {
+      MappingManager am = null;
+      try
+      {
+         am = (MappingManager) lookUpJNDI(securityDomain + "/mappingMgr");
+      }
+      catch(Exception e)
+      {
+         log.trace("Exception in getting MappingManager", e);
+      }
+      return am;
+   }
+       
+   public void setAuthenticationMgrClass(String authenticationMgrClass)
+   {
+      this.authenticationMgrClass = authenticationMgrClass;
+   }
+
+   public void setAuthorizationMgrClass(String authorizationMgrClass)
+   {
+      this.authorizationMgrClass = authorizationMgrClass;
+   }
+
+   public void setAuditMgrClass(String auditMgrClass)
+   {
+      this.auditMgrClass = auditMgrClass;
+   }
+
+   public void setIdentityTrustMgrClass(String identityTrustMgrClass)
+   {
+      this.identityTrustMgrClass = identityTrustMgrClass;
+   }
+
+   public void setMappingMgrClass(String mappingMgrClass)
+   {
+      this.mappingMgrClass = mappingMgrClass;
+   }
+
+   public void setCallBackHandler(CallbackHandler callBackHandler)
+   {
+      this.callBackHandler = callBackHandler;
+   }
+
+   public void setBaseContext(String ctx)
+   {
+      if(ctx == null)
+         throw new IllegalArgumentException("ctx is null");
+      this.BASE_CTX = ctx;
+   }
+     
+   public void setCachePolicyName(String cachePolicyName)
+   {
+      this.cachePolicyName = cachePolicyName;
+   }
+   
+   public SecurityDomainContext createSecurityDomainContext(String domain) throws Exception
+   {
+     securityDomainContext = new SecurityDomainContext(createAuthenticationManager(domain), 
+            (CachePolicy)createObject(this.cachePolicyName)); 
+      
+      securityDomainContext.setAuthorizationManager(createAuthorizationManager(domain));
+      securityDomainContext.setAuditMgr(createAuditManager(domain));
+      securityDomainContext.setIdentityTrustMgr(createIdentityTrustManager(domain));
+      securityDomainContext.setMappingMgr(createMappingManager(domain));
+      return securityDomainContext;
+   }
+       
+   public SecurityDomainContext getSecurityDomainContext()
+   {
+      return securityDomainContext;
+   }
+ 
+   private Object lookUpJNDI(String ctxName) 
+   {
+      try
+      { 
+         Context ctx = new InitialContext();
+         return ctx.lookup(BASE_CTX + "/" + ctxName);  
+      }
+      catch(Exception e)
+      {
+         log.trace("Look up of JNDI for " + ctxName + " failed with "+ e.getLocalizedMessage());
+         return null;
+      }
+   }
+   
+   private AuthenticationManager createAuthenticationManager(String securityDomain) throws Exception
+   {
+      Class clazz = SecurityActions.getContextClassLoader().loadClass(authenticationMgrClass);
+      Constructor ctr = clazz.getConstructor(new Class[] { String.class, CallbackHandler.class});
+      return (AuthenticationManager) ctr.newInstance(new Object[]{ securityDomain, callBackHandler});
+   }
+   
+   private AuthorizationManager createAuthorizationManager(String securityDomain) throws Exception
+   {
+      Class clazz = SecurityActions.getContextClassLoader().loadClass(authorizationMgrClass);
+      Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+      return (AuthorizationManager) ctr.newInstance(new Object[]{ securityDomain});
+   }
+   
+   private AuditManager createAuditManager(String securityDomain) throws Exception
+   {
+      Class clazz = SecurityActions.getContextClassLoader().loadClass(auditMgrClass);
+      Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+      return (AuditManager) ctr.newInstance(new Object[]{ securityDomain});
+   }
+   
+   private MappingManager createMappingManager(String securityDomain) throws Exception
+   {
+      Class clazz = SecurityActions.getContextClassLoader().loadClass(mappingMgrClass);
+      Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+      return (MappingManager) ctr.newInstance(new Object[]{ securityDomain});
+   }
+   
+   private IdentityTrustManager createIdentityTrustManager(String securityDomain) throws Exception
+   {
+      Class clazz = SecurityActions.getContextClassLoader().loadClass(identityTrustMgrClass);
+      Constructor ctr = clazz.getConstructor(new Class[] { String.class});
+      return (IdentityTrustManager) ctr.newInstance(new Object[]{ securityDomain});
+   }
+   
+   private Object createObject(String fqn) throws Exception
+   {
+      Class clazz = SecurityActions.getContextClassLoader().loadClass(fqn);
+      return clazz.newInstance();
+   }
+}
\ No newline at end of file

Added: trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java	                        (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIContextEstablishment.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,94 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.security.integration;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.RefAddr;
+import javax.naming.Reference;
+import javax.naming.StringRefAddr;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+
+/**
+ *  Establishes the legacy java:/jaas/securityDomain
+ *  to provide the SubjectSecurityManager implementation
+ *  for legacy integration
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Sep 10, 2007 
+ *  @version $Revision$
+ */
+public class JNDIContextEstablishment
+{
+   private Logger log = Logger.getLogger(JNDIContextEstablishment.class);
+   
+   protected String BASE_CTX = SecurityConstants.JAAS_CONTEXT_ROOT;
+    
+   private String factoryName = SecurityDomainObjectFactory.class.getName();
+   
+   public JNDIContextEstablishment()
+   {
+      try
+      {
+         initialize();
+      }
+      catch (Exception e)
+      {
+         log.trace("Error in initialization of JNDIContextEstablishment",e);
+      }
+   }
+
+   public void setBaseContext(String ctx) throws Exception
+   {
+      if(ctx == null)
+         throw new IllegalArgumentException("ctx is null");
+      this.BASE_CTX = ctx;
+      initialize();
+   }
+    
+   public void setFactoryName(String factoryName)
+   {
+      this.factoryName = factoryName;
+      try
+      {
+         initialize();
+      }
+      catch (Exception e)
+      {
+         log.trace("Error in initialization of JNDIContextEstablishment",e);
+      }
+   }
+
+   private void initialize() throws Exception
+   {
+      Context ctx = new InitialContext(); 
+      
+      /* Create a mapping from the java:/jaas context to a SecurityDomainObjectFactory
+      so that any lookup against java:/jaas/domain returns an instance of our
+      security manager class.
+      */
+     RefAddr refAddr = new StringRefAddr("nns", "JSM");
+     Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
+     ctx.rebind(this.BASE_CTX, ref); 
+   } 
+}

Added: trunk/security/src/main/org/jboss/security/integration/SecurityActions.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/SecurityActions.java	                        (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,47 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.security.integration;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+//$Id$
+
+/**
+ *  Privileged Blocks
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Sep 10, 2007 
+ *  @version $Revision$
+ */
+public class SecurityActions
+{
+   public static ClassLoader getContextClassLoader()
+   {
+      return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
+      {
+         public Object run()
+         { 
+            return Thread.currentThread().getContextClassLoader();
+         }
+      });
+   }
+}

Added: trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java	                        (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/SecurityDomainObjectFactory.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -0,0 +1,136 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.security.integration;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.util.Hashtable;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.Name;
+import javax.naming.NameParser;
+import javax.naming.OperationNotSupportedException;
+import javax.naming.spi.ObjectFactory;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.plugins.SecurityDomainContext;
+
+//$Id$
+
+/**
+ *  A JNDI Object Factory for the legacy integration
+ *  to return an instance of SubjectSecurityManager
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Sep 10, 2007 
+ *  @version $Revision$
+ */
+public class SecurityDomainObjectFactory
+implements InvocationHandler, ObjectFactory
+{
+   private static ConcurrentHashMap securityMgrMap = new ConcurrentHashMap();
+   
+   private JNDIBasedSecurityManagement securityManagement = new JNDIBasedSecurityManagement();
+   
+   public void setSecurityManagement(JNDIBasedSecurityManagement sm)
+   {
+      this.securityManagement = sm;
+   }
+
+   /** Object factory implementation. This method returns a Context proxy
+   that is only able to handle a lookup operation for an atomic name of
+   a security domain.
+    */
+   public Object getObjectInstance(Object obj, Name name, Context nameCtx,
+         Hashtable environment)
+   throws Exception
+   {
+      ClassLoader loader = SecurityActions.getContextClassLoader();
+      Class[] interfaces = {Context.class};
+      Context ctx = (Context) Proxy.newProxyInstance(loader, interfaces, this);
+      return ctx;
+   }
+
+
+   /** This is the InvocationHandler callback for the Context interface that
+   was created by out getObjectInstance() method. We handle the java:/jaas/domain
+   level operations here.
+    */
+   public Object invoke(Object obj, Method method, Object[] args) throws Throwable
+   {
+      Context ctx = new InitialContext();
+      NameParser parser = ctx.getNameParser("");
+      String securityDomain = null;
+      Name name = null;
+      
+      
+      String methodName = method.getName();
+      if( methodName.equals("toString") == true )
+         return SecurityConstants.JAAS_CONTEXT_ROOT + " Context proxy";
+
+      if( methodName.equals("list") == true )
+         throw new OperationNotSupportedException();
+      
+      if(methodName.equals("bind") || methodName.equals("rebind"))
+      {
+         if( args[0] instanceof String )
+            name = parser.parse((String) args[0]);
+         else
+            name = (Name)args[0];
+         securityDomain = name.get(0);
+         Object val = (SecurityDomainContext)args[1];
+         this.securityMgrMap.put(securityDomain, val);   
+         return obj;
+      }
+      if( methodName.equals("lookup") == false )
+         throw new OperationNotSupportedException("Only lookup is supported, op="+method);
+      if( args[0] instanceof String )
+         name = parser.parse((String) args[0]);
+      else
+         name = (Name)args[0];
+      securityDomain = name.get(0);
+      SecurityDomainContext securityDomainCtx = lookupSecurityDomain(securityDomain);
+      //TODO: Legacy expectation was subjectsecuritymgr
+      Object binding = securityDomainCtx.getSecurityManager(); 
+      // Look for requests against the security domain context
+      if( name.size() == 2 )
+      {
+         String request = name.get(1);
+         binding = securityDomainCtx.lookup(request);
+      }
+      return binding; 
+   }
+   
+   private SecurityDomainContext lookupSecurityDomain(String securityDomain)
+   throws Exception
+   {
+      SecurityDomainContext sdc = (SecurityDomainContext) securityMgrMap.get(securityDomain);
+      if( sdc == null )
+      {
+         sdc = securityManagement.createSecurityDomainContext(securityDomain);
+         securityMgrMap.put(securityDomain, sdc); 
+      }
+      return sdc;
+   }
+}
\ No newline at end of file

Modified: trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthenticationHelper.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -26,6 +26,7 @@
 import javax.security.auth.Subject;
 
 import org.jboss.security.SecurityContext;
+import org.jboss.security.identitytrust.IdentityTrustManager;
 import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
 
 //$Id$
@@ -54,7 +55,8 @@
     
    public boolean isTrusted()
    {
-      TrustDecision td = securityContext.getIdentityTrustManager().isTrusted();
+      IdentityTrustManager itm = securityContext.getIdentityTrustManager();
+      TrustDecision td = itm.isTrusted(securityContext);
       if(td == TrustDecision.Deny)
          trustDenied = true;
       return td == TrustDecision.Permit;

Modified: trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/integration/ejb/EJBAuthorizationHelper.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -29,7 +29,7 @@
 import java.util.Set;
 
 import javax.security.auth.Subject;
-  
+
 import org.jboss.logging.Logger;
 import org.jboss.security.AuthorizationManager;
 import org.jboss.security.RealmMapping;
@@ -52,6 +52,7 @@
 public class EJBAuthorizationHelper
 { 
    private SecurityContext securityContext = null;
+   private String securityDomain = null;
    private static Logger log = Logger.getLogger(EJBAuthorizationHelper.class);
    
    public EJBAuthorizationHelper(SecurityContext sc)
@@ -61,6 +62,7 @@
       if(sc == null)
          throw new IllegalArgumentException("Security Context is null");
       this.securityContext = sc;
+      this.securityDomain = sc.getSecurityDomain();
    }
    
    /**
@@ -137,6 +139,9 @@
       boolean isAuthorized = false;
       AuthorizationManager am = securityContext.getAuthorizationManager();
       
+      if(am == null)
+         throw new IllegalStateException("AuthorizationManager is null");
+      
       HashMap<String,Object> map = new HashMap<String,Object>();
       map.put(ResourceKeys.EJB_NAME ,ejbName); 
       map.put(ResourceKeys.EJB_PRINCIPAL, ejbPrincipal); 
@@ -171,7 +176,7 @@
    { 
       contextMap.put("Source", getClass().getName());
       AuditEvent ae = new AuditEvent(level,contextMap,e); 
-      securityContext.getAuditManager().audit(ae); 
+      securityContext.getAuditManager().audit(ae);
    }
    
    public void authorizationAudit(String level, EJBResource resource, Exception e)

Modified: trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/AuthorizationManagerService.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -256,4 +256,9 @@
    {
       throw new RuntimeException("Not implemented"); 
    }  
+   
+   public String getSecurityDomain()
+   {
+      throw new RuntimeException("Call the method on the authorization manager");
+   }
 }

Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManager.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -21,6 +21,7 @@
 */
 package org.jboss.security.plugins;
 
+import java.io.Serializable;
 import java.lang.reflect.Method;
 import java.lang.reflect.UndeclaredThrowableException;
 import java.security.Principal;
@@ -39,6 +40,7 @@
 import org.jboss.logging.Logger; 
 import org.jboss.security.AuthorizationManager; 
 import org.jboss.security.RealmMapping; 
+import org.jboss.security.SecurityConstants;
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SecurityUtil;
 import org.jboss.security.SubjectSecurityManager;
@@ -63,7 +65,7 @@
  @version $Revision: 62860 $
 */
 public class JaasSecurityManager extends ServiceMBeanSupport
-   implements SubjectSecurityManager, RealmMapping
+   implements SubjectSecurityManager, RealmMapping, Serializable
 {
    /** The authentication cache object.
     */
@@ -205,7 +207,7 @@
    /** The JAAS callback handler to use in defaultLogin */
    private CallbackHandler handler;
    /** The setSecurityInfo(Principal, Object) method of the handler obj */
-   private Method setSecurityInfo;
+   private transient Method setSecurityInfo;
    /** The flag to indicate that the Subject sets need to be deep copied*/
    private boolean deepCopySubjectOption = false; 
    
@@ -412,7 +414,8 @@
     */
    public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
    { 
-      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain);
+      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain, 
+            SecurityConstants.JAAS_CONTEXT_ROOT);
       return am.doesUserHaveRole(principal, rolePrincipals); 
    } 
 
@@ -426,7 +429,8 @@
    */
    public Set getUserRoles(Principal principal)
    {
-      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain);
+      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
+            SecurityConstants.JAAS_CONTEXT_ROOT);
       return am.getUserRoles(principal);
    } 
    

Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -449,7 +449,8 @@
       RefAddr refAddr = new StringRefAddr("nns", "JSM");
       String factoryName = SecurityDomainObjectFactory.class.getName();
       Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
-      ctx.rebind(SECURITY_MGR_PATH, ref);
+      /*ctx.rebind(SECURITY_MGR_PATH, ref);
+      */
       log.debug("securityMgrCtxPath="+SECURITY_MGR_PATH);
 
       refAddr = new StringRefAddr("nns", "JSMCachePolicy");

Modified: trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/security/src/main/org/jboss/security/plugins/SecurityDomainContext.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -29,6 +29,9 @@
 import org.jboss.security.RealmMapping;
 import org.jboss.security.AuthenticationManager;
 import org.jboss.security.SubjectSecurityManager;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
 import org.jboss.util.CachePolicy;
 
 /** An encapsulation of the JNDI security context infomation
@@ -40,15 +43,22 @@
 public class SecurityDomainContext
 {
    static final String ACTIVE_SUBJECT = "subject";
-   static final String AUTHENTICATION_MGR = "securityMgr";
+   static final String AUTHENTICATION_MGR = "authenticationMgr";
+   static final String SECURITY_MGR = "securityMgr";
    static final String REALM_MAPPING = "realmMapping";
    static final String AUTHORIZATION_MGR = "authorizationMgr";
+   static final String AUDIT_MGR = "auditMgr";
+   static final String MAPPING_MGR = "mappingMgr";
+   static final String IDENTITY_TRUST_MGR = "identityTrustMgr";
    static final String AUTH_CACHE = "authenticationCache";
    static final String DOMAIN_CONTEXT = "domainContext";
 
    AuthenticationManager securityMgr;
    AuthorizationManager authorizationMgr;
    CachePolicy authenticationCache;
+   AuditManager auditMgr;
+   MappingManager mappingMgr;
+   IdentityTrustManager identityTrustMgr;
 
    /** Creates new SecurityDomainContextHandler */
    public SecurityDomainContext(AuthenticationManager securityMgr, 
@@ -66,12 +76,18 @@
 
       if( name.equals(ACTIVE_SUBJECT) )
          binding = getSubject();
-      else if( name.equals(AUTHENTICATION_MGR) )
+      else if( name.equals(AUTHENTICATION_MGR) || name.equals(SECURITY_MGR))
          binding = securityMgr;
       else if( name.equals(REALM_MAPPING) )
          binding = getRealmMapping();
       else if( name.equals(AUTHORIZATION_MGR) )
          binding = getAuthorizationManager();
+      else if( name.equals(AUDIT_MGR) )
+         binding = this.getAuditMgr();
+      else if( name.equals(MAPPING_MGR) )
+         binding = this.getMappingMgr();
+      else if( name.equals(IDENTITY_TRUST_MGR) )
+         binding = this.getIdentityTrustMgr();
       else if( name.equals(AUTH_CACHE) )
          binding = authenticationCache;
       else if( name.equals(DOMAIN_CONTEXT) )
@@ -116,9 +132,39 @@
    {
       return authorizationMgr;
    }
-   
+    
    public CachePolicy getAuthenticationCache()
    {
       return authenticationCache;
+   }
+
+   public AuditManager getAuditMgr()
+   {
+      return auditMgr;
+   }
+
+   public void setAuditMgr(AuditManager auditMgr)
+   {
+      this.auditMgr = auditMgr;
+   }
+
+   public MappingManager getMappingMgr()
+   {
+      return mappingMgr;
+   }
+
+   public void setMappingMgr(MappingManager mappingMgr)
+   {
+      this.mappingMgr = mappingMgr;
+   }
+
+   public IdentityTrustManager getIdentityTrustMgr()
+   {
+      return identityTrustMgr;
+   }
+
+   public void setIdentityTrustMgr(IdentityTrustManager identityTrustMgr)
+   {
+      this.identityTrustMgr = identityTrustMgr;
    } 
 }

Modified: trunk/server/src/etc/deployers/ejb-deployer-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/ejb-deployer-beans.xml	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/etc/deployers/ejb-deployer-beans.xml	2007-09-13 22:03:02 UTC (rev 65383)
@@ -31,6 +31,16 @@
        <!-- Specify an unauthenticated identity -->
        <property name="unauthenticatedIdentity">anonymous</property>
        
+       <!-- Specify a SecurityManagement Wrapper -->
+       <property name="securityManagement">
+         <inject bean="JNDIBasedSecurityManagement"/>
+       </property>
+       <!-- Specify a SecurityContext FQN class name -->
+       <property name="securityContextClassName">org.jboss.security.plugins.JBossSecurityContext</property>
+
+       <!-- Specify a SecurityDomain as fallback -->
+       <property name="defaultSecurityDomain">jboss-ejb-policy</property>
+
        <depends>SecurityDeployer</depends>
     </bean>
 </deployment>

Modified: trunk/server/src/etc/deployers/security-deployer-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/security-deployer-beans.xml	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/etc/deployers/security-deployer-beans.xml	2007-09-13 22:03:02 UTC (rev 65383)
@@ -16,4 +16,15 @@
           </set>
        </property>
    </bean>
+
+   <!-- JNDI Object Factory to establish SecurityDomainContext objects -->
+   <bean name="SecurityDomainObjectFactory" class="org.jboss.security.integration.SecurityDomainObjectFactory" />
+ 
+   <!-- JNDI Context legacy establishment of java:/jaas/securityDomain -->
+   <bean name="JBossSecurityJNDIContextEstablishment" class="org.jboss.security.integration.JNDIContextEstablishment"/>
+
+   <!-- JNDI Based Security Management -->
+   <bean name="JNDIBasedSecurityManagement" class="org.jboss.security.integration.JNDIBasedSecurityManagement">
+   </bean>
+
 </deployment>

Modified: trunk/server/src/main/org/jboss/ejb/Container.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/Container.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/Container.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -85,8 +85,8 @@
 import org.jboss.naming.NonSerializableFactory;
 import org.jboss.naming.Util;
 import org.jboss.security.AnybodyPrincipal;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.AuthorizationManager;
+import org.jboss.security.AuthenticationManager; 
+import org.jboss.security.ISecurityManagement;
 import org.jboss.security.RealmMapping;
 import org.jboss.system.ServiceMBeanSupport;
 import org.jboss.util.NestedError;
@@ -176,13 +176,19 @@
 
    /** This is the TransactionManager */
    protected TransactionManager tm;
+   
+   /** The Security Context FQN */
+   protected String securityContextClassName;
 
+   /** Security Domain to fall back on **/
+   protected String defaultSecurityDomain;
+   
+   /** SecurityManagement Instance - holder of all security managers */
+   protected ISecurityManagement securityManagement;
+   
    /** This is the SecurityManager */
-   protected AuthenticationManager sm;
+   protected AuthenticationManager sm; 
 
-   /** Authorization Manager */
-   protected AuthorizationManager authorizationManager;
-
    /** This is the realm mapping */
    protected RealmMapping rm;
 
@@ -316,28 +322,38 @@
    public AuthenticationManager getSecurityManager()
    {
       return sm;
+   } 
+   
+   public ISecurityManagement getSecurityManagement()
+   {
+      return securityManagement;
    }
 
-   /**
-    * Get the authorizationManager.
-    * 
-    * @return the authorizationManager.
-    */
-   public AuthorizationManager getAuthorizationManager()
+   public void setSecurityManagement(ISecurityManagement securityManagement)
    {
-      return authorizationManager;
+      this.securityManagement = securityManagement;
+   } 
+
+   public String getDefaultSecurityDomain()
+   {
+      return defaultSecurityDomain;
    }
 
-   /**
-    * Set the authorizationManager.
-    * 
-    * @param authorizationManager The authorizationManager to set.
-    */
-   public void setAuthorizationManager(AuthorizationManager authorizationManager)
+   public void setDefaultSecurityDomain(String defaultSecurityDomain)
    {
-      this.authorizationManager = authorizationManager;
+      this.defaultSecurityDomain = defaultSecurityDomain;
    }
+    
+   public String getSecurityContextClassName()
+   {
+      return securityContextClassName;
+   }
 
+   public void setSecurityContextClassName(String securityContextClassName)
+   {
+      this.securityContextClassName = securityContextClassName;
+   }
+
    public BeanLockManager getLockManager()
    {
       return lockManager;

Modified: trunk/server/src/main/org/jboss/ejb/EjbModule.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EjbModule.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/EjbModule.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -21,7 +21,6 @@
 */
 package org.jboss.ejb;
  
-import java.lang.reflect.Constructor;
 import java.lang.reflect.Method;
 import java.net.URL;
 import java.util.ArrayList;
@@ -35,7 +34,6 @@
 import java.util.Map;
 
 import javax.ejb.EJBLocalHome;
-import javax.ejb.TimerService;
 import javax.management.ObjectName;
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
@@ -63,15 +61,16 @@
 import org.jboss.metadata.MetaData;
 import org.jboss.metadata.SessionMetaData;
 import org.jboss.metadata.XmlLoadable;
-import org.jboss.mx.loading.RepositoryClassLoader;
 import org.jboss.mx.util.MBeanProxyExt;
 import org.jboss.mx.util.ObjectNameFactory;
 import org.jboss.security.AuthenticationManager;
 import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
 import org.jboss.security.RealmMapping;
 import org.jboss.security.SecurityConstants;
 import org.jboss.security.SecurityUtil;
 import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.plugins.SecurityDomainContext;
 import org.jboss.system.Registry;
 import org.jboss.system.ServiceControllerMBean;
 import org.jboss.system.ServiceMBeanSupport;
@@ -415,7 +414,12 @@
          VirtualFile xacmlFile = deploymentUnit.getMetaDataFile("jboss-xacml-policy.xml");
          if(xacmlFile != null)
          {  
-            AuthorizationManager authzmgr = SecurityUtil.getAuthorizationManager(securityDomain);
+            //Look up JNDI for the AuthorizationManager
+            InitialContext ic = new InitialContext();
+            String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + "/authorizationMgr";
+            AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+            /**AuthorizationManager authzmgr = 
+                org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
             if(authzmgr instanceof PolicyRegistration)
             {
                PolicyRegistration xam = (PolicyRegistration)authzmgr;
@@ -515,7 +519,12 @@
       String securityDomain = SecurityUtil.unprefixSecurityDomain(appMetaData.getSecurityDomain());
       if(securityDomain != null)
       {  
-         AuthorizationManager authzmgr = SecurityUtil.getAuthorizationManager(securityDomain);
+         //Look up JNDI for the AuthorizationManager
+         InitialContext ic = new InitialContext();
+         String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + "/authorizationMgr";
+         AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+         /**AuthorizationManager authzmgr = 
+             org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
          if(authzmgr instanceof PolicyRegistration)
          {
             PolicyRegistration xam = (PolicyRegistration)authzmgr;
@@ -582,8 +591,8 @@
          con.setTransactionManager(null);
          con.setSecurityManager(null);
          con.setRealmMapping(null);
-         con.setSecurityProxy(null);
-         con.setAuthorizationManager(null);
+         con.setSecurityProxy(null); 
+         con.setSecurityManagement(null);
          con.proxyFactories.clear();
       }
 
@@ -823,13 +832,22 @@
       {   // Either the application has a security domain or the container has security setup
          try
          {
+            String unprefixed = SecurityUtil.unprefixSecurityDomain(confSecurityDomain);
             log.debug("Setting security domain from: " + confSecurityDomain);
-            Object securityMgr = iniCtx.lookup(confSecurityDomain);
+            String domainCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + unprefixed + "/domainContext";
+            SecurityDomainContext sdc = (SecurityDomainContext) iniCtx.lookup(domainCtx);
+            Object securityMgr = sdc.getSecurityManager();
+            
+            //Object securityMgr = iniCtx.lookup(confSecurityDomain);
             AuthenticationManager ejbS = (AuthenticationManager) securityMgr;
             RealmMapping rM = (RealmMapping) securityMgr;
             container.setSecurityManager(ejbS);
-            container.setRealmMapping(rM); 
-            container.setAuthorizationManager(SecurityUtil.getAuthorizationManager(confSecurityDomain));
+            container.setRealmMapping(rM);   
+            
+            container.setSecurityManagement((ISecurityManagement) unit.getAttachment("EJB.securityManagement"));
+            
+            container.setDefaultSecurityDomain((String) unit.getAttachment("EJB.defaultSecurityDomain"));
+            container.setSecurityContextClassName((String) unit.getAttachment("EJB.securityContextClassName"));
          }
          catch (NamingException e)
          {

Modified: trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -39,6 +39,7 @@
 import org.jboss.metadata.BeanMetaData;
 import org.jboss.metadata.ConfigurationMetaData;
 import org.jboss.metadata.InvokerProxyBindingMetaData;
+import org.jboss.security.ISecurityManagement;
 import org.jboss.system.metadata.ServiceAttributeMetaData;
 import org.jboss.system.metadata.ServiceConstructorMetaData;
 import org.jboss.system.metadata.ServiceDependencyMetaData;
@@ -68,6 +69,9 @@
    private boolean callByValue;
 
    private String unauthenticatedIdentity = null;
+   private ISecurityManagement securityManagement;
+   private String securityContextClassName;
+   private String defaultSecurityDomain;
    
    /**
     * Create a new EjbDeployer.
@@ -148,7 +152,22 @@
    {
       this.unauthenticatedIdentity = unauthenticatedIdentity;
    }
+   
+   public void setDefaultSecurityDomain(String defaultSecurityDomain)
+   {
+      this.defaultSecurityDomain = defaultSecurityDomain;
+   }
 
+   public void setSecurityManagement(ISecurityManagement sm)
+   {
+      this.securityManagement = sm;
+   }
+  
+   public void setSecurityContextClassName(String securityContextClassName)
+   {
+      this.securityContextClassName = securityContextClassName;
+   }
+
    @Override
    public void deploy(VFSDeploymentUnit unit, ApplicationMetaData deployment)
       throws DeploymentException
@@ -157,8 +176,8 @@
       if (deployment.getEjbVersion() > 2) return; // let EJB3 deployer handle this
 
       // TODO What is this hack?
-      if(unit.getName().startsWith("jboss:") && unit.getName().contains("id="))
-         return;
+  //    if(unit.getName().startsWith("jboss:") && unit.getName().contains("id="))
+    //     return;
 
       ServiceMetaData ejbModule = new ServiceMetaData();
       ejbModule.setCode(EjbModule.class.getName());
@@ -274,6 +293,15 @@
       //Pass the unauthenticated identity
       if(this.unauthenticatedIdentity != null)
          unit.addAttachment("EJB.unauthenticatedIdentity", this.unauthenticatedIdentity, String.class);
+      //Pass the SecurityManagement Instance
+      if(this.securityManagement != null)
+         unit.addAttachment("EJB.securityManagement", securityManagement, ISecurityManagement.class);
+      //Pass the SecurityContextClassName 
+      if(this.securityContextClassName != null)
+         unit.addAttachment("EJB.securityContextClassName", securityContextClassName, String.class);
+      //Pass the Default SecurityDomain
+      if(this.defaultSecurityDomain != null)
+         unit.addAttachment("EJB.defaultSecurityDomain", defaultSecurityDomain, String.class);
    }
 
    @Override

Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -34,8 +34,8 @@
 
 import org.jboss.security.RunAs; 
 import org.jboss.security.SecurityContext;  
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
  
 
 /** A collection of privileged actions for this package
@@ -374,11 +374,12 @@
    
    
    
-   static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain)
+   static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain) 
+   throws PrivilegedActionException
    {
-      AccessController.doPrivileged(new PrivilegedAction(){
+      AccessController.doPrivileged(new PrivilegedExceptionAction(){
 
-         public Object run()
+         public Object run() throws Exception
          {
             SecurityContext sc = SecurityContextFactory.createSecurityContext(p, cred, null, domain);
             SecurityContextAssociation.setSecurityContext(sc);
@@ -387,11 +388,11 @@
    }
    
    static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain,
-         final Subject subject)
+         final Subject subject) throws PrivilegedActionException
    {
-      AccessController.doPrivileged(new PrivilegedAction(){
+      AccessController.doPrivileged(new PrivilegedExceptionAction(){
 
-         public Object run()
+         public Object run() throws Exception
          {
             SecurityContext sc = SecurityContextFactory.createSecurityContext(domain); 
             sc.getUtil().createSubjectInfo(p, cred, subject);

Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -21,38 +21,41 @@
 */
 package org.jboss.ejb.plugins;
 
-import static org.jboss.security.SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY; 
+import static org.jboss.security.SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
 
+import java.lang.reflect.Method;
+import java.security.CodeSource;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.ejb.TimedObject;
+import javax.ejb.Timer;
+import javax.security.auth.Subject;
+
 import org.jboss.ejb.Container;
-import org.jboss.invocation.Invocation;  
+import org.jboss.invocation.Invocation;
 import org.jboss.metadata.ApplicationMetaData;
 import org.jboss.metadata.AssemblyDescriptorMetaData;
 import org.jboss.metadata.BeanMetaData;
-import org.jboss.metadata.SecurityIdentityMetaData;   
+import org.jboss.metadata.SecurityIdentityMetaData;
 import org.jboss.security.AuthenticationManager;
 import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
 import org.jboss.security.RealmMapping;
 import org.jboss.security.RunAs;
-import org.jboss.security.RunAsIdentity;   
-import org.jboss.security.SecurityContext; 
-import org.jboss.security.SecurityRolesAssociation; 
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityRolesAssociation;
 import org.jboss.security.SecurityUtil;
 import org.jboss.security.audit.AuditEvent;
-import org.jboss.security.audit.AuditLevel;   
+import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.identitytrust.IdentityTrustManager;
 import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
 import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
-import org.jboss.system.Registry; 
+import org.jboss.system.Registry;
 
-import java.security.CodeSource;
-import java.security.Principal; 
-import java.util.HashMap; 
-import java.util.Map;
-import java.util.Set;
-import java.lang.reflect.Method;
-import javax.security.auth.Subject; 
-import javax.ejb.TimedObject;
-import javax.ejb.Timer;
-
 /**
  * The SecurityInterceptor is where the EJB 2.0 declarative security model
  * is enforced. This is where the caller identity propagation is controlled as well.
@@ -78,7 +81,7 @@
     */
    protected AuthenticationManager securityManager;
    
-   protected AuthorizationManager authorizationManager;
+   //protected AuthorizationManager authorizationManager;
 
    /** The authorization manager plugin
     */
@@ -114,6 +117,12 @@
     * for the use case of caller identity coming with run-as
     */
    protected boolean isUseCallerIdentity = false;
+   
+   /**
+    * Represents the holder of the various security managers
+    * configured at the container level
+    */
+   protected ISecurityManagement securityManagement = null;
     
    /** Called by the super class to set the container to which this interceptor
     belongs. We obtain the security manager and runAs identity to use here.
@@ -145,7 +154,7 @@
 
          securityManager = container.getSecurityManager();
          realmMapping = container.getRealmMapping();
-         authorizationManager = container.getAuthorizationManager();
+         //authorizationManager = container.getAuthorizationManager();
 
          try
          {
@@ -162,7 +171,8 @@
             appSecurityDomain = SecurityUtil.unprefixSecurityDomain(appSecurityDomain); 
          } 
          ejbName = beanMetaData.getEjbName();  
-         ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource(); 
+         ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource();
+         securityManagement = (ISecurityManagement) container.getSecurityManagement();
       }
    }
 
@@ -176,8 +186,11 @@
 
    public Object invokeHome(Invocation mi) throws Exception
    {  
+      if(this.shouldBypassSecurity(mi))
+         return getNext().invoke(mi);
+      
       RunAs callerRunAsIdentity = getCallerRunAsIdentity(mi); 
-      
+     
       if(SecurityActions.getSecurityContext() == null)
          throw new IllegalStateException("Security Context is null"); 
       
@@ -212,7 +225,10 @@
 
 
    public Object invoke(Invocation mi) throws Exception
-   {     
+   {  
+      if(this.shouldBypassSecurity(mi))
+         return getNext().invoke(mi);
+      
       RunAs callerRunAsIdentity = getCallerRunAsIdentity(mi); 
       if(SecurityActions.getSecurityContext() == null)
          throw new IllegalStateException("Security Context is null");
@@ -266,7 +282,12 @@
          //Add additional data on the security context for use
          callerSC.getData().put("INVOCATION_SECURE", inv.isSecure());
          callerSC.getData().put("INVOCATION_INTERVM", inv.isInterVM());
-         TrustDecision td = callerSC.getIdentityTrustManager().isTrusted();
+         if(callerSC.getSecurityManagement() == null)
+            callerSC.setSecurityManagement(securityManagement);
+         
+         //Use the container's securitymanagement
+         IdentityTrustManager itm = callerSC.getIdentityTrustManager();
+         TrustDecision td = itm.isTrusted(callerSC);
          if(td == TrustDecision.Deny)
             throw new SecurityException("Caller not trusted");
          trusted = td == TrustDecision.Permit;
@@ -371,7 +392,10 @@
      boolean isAuthorized = false;  
      Set<Principal> methodRoles = container.getMethodPermissions(ejbMethod, mi.getType());
         
-     EJBAuthorizationHelper eah = new EJBAuthorizationHelper(SecurityActions.getSecurityContext()); 
+     SecurityContext currentSC = SecurityActions.getSecurityContext();
+     if(currentSC.getSecurityManagement() == null)
+        currentSC.setSecurityManagement(securityManagement);
+     EJBAuthorizationHelper eah = new EJBAuthorizationHelper(currentSC); 
      isAuthorized = eah.authorize(ejbName, 
                                   ejbMethod, 
                                   mi.getPrincipal(), 
@@ -385,6 +409,23 @@
      if(!isAuthorized)
         throw new SecurityException(msg); 
   } 
+  
+  private boolean shouldBypassSecurity(Invocation mi) throws Exception
+  {
+     // If there is not a security manager then there is no authentication required
+     Method m = mi.getMethod();
+     boolean containerMethod = m == null || m.equals(ejbTimeout);
+     if ( containerMethod == true || securityManager == null || container == null )
+     {
+        // Allow for the progatation of caller info to other beans
+        SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
+              mi.getCredential(), "BYPASSED-SECURITY");
+        // Allow for the progatation of caller info to other beans
+        //SecurityActions.pushSubjectContext(mi.getPrincipal(), mi.getCredential(), null); 
+        return true;
+     } 
+     return false; 
+  }
    
   private RunAs getCallerRunAsIdentity(Invocation inv)
   {

Modified: trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -34,8 +34,8 @@
 
 import org.jboss.security.RunAs; 
 import org.jboss.security.SecurityContext; 
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
  
 
 /** A collection of privileged actions for this package
@@ -374,11 +374,12 @@
    
    
    
-   static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain)
+   static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain) 
+   throws PrivilegedActionException
    {
-      AccessController.doPrivileged(new PrivilegedAction(){
+      AccessController.doPrivileged(new PrivilegedExceptionAction(){
 
-         public Object run()
+         public Object run() throws Exception
          {
             SecurityContext sc = SecurityContextFactory.createSecurityContext(p, cred, null, domain);
             SecurityContextAssociation.setSecurityContext(sc);
@@ -387,11 +388,11 @@
    }
    
    static void createAndSetSecurityContext(final Principal p, final Object cred, final String domain,
-         final Subject subject)
+         final Subject subject) throws PrivilegedActionException
    {
-      AccessController.doPrivileged(new PrivilegedAction(){
+      AccessController.doPrivileged(new PrivilegedExceptionAction(){
 
-         public Object run()
+         public Object run() throws Exception
          {
             SecurityContext sc = SecurityContextFactory.createSecurityContext(domain); 
             sc.getUtil().createSubjectInfo(p, cred, subject);

Modified: trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -49,7 +49,7 @@
  */
 public class PreSecurityInterceptor extends AbstractInterceptor
 { 
-   private String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+   private String securityDomain = null;
    
    private String timedObjectMethod = null;
    
@@ -79,6 +79,11 @@
    @Override
    public Object invoke(Invocation mi) throws Exception
    { 
+      //No Security in the absence of SecurityDomain
+      if(securityDomain == null)
+         return getNext().invoke(mi);
+      
+      
       SecurityIdentity si = null;
       Method m = mi.getMethod();
       boolean isEjbTimeOutMethod =  m!= null && m.getName().equals(timedObjectMethod);
@@ -116,6 +121,10 @@
    @Override
    public Object invokeHome(Invocation mi) throws Exception
    { 
+      //No Security in the absence of SecurityDomain
+      if(securityDomain == null)
+         return getNext().invoke(mi);
+      
       SecurityIdentity si = null;
       Method m = mi.getMethod();
       boolean isEjbTimeOutMethod =  m!= null && m.getName().equals(timedObjectMethod);
@@ -148,13 +157,14 @@
       }
    }
    
-   private void establishSecurityContext(Invocation mi)
+   private void establishSecurityContext(Invocation mi) throws Exception
    { 
       //For Local EJB invocations, the security context needs
       //to be obtained from the thread local. For remote ejb
       //invocations, the SC is obtained in the invocation
       SecurityContext sc = mi.getSecurityContext(); 
-      SecurityContext newSC = SecurityActions.createAndSetSecurityContext(securityDomain);  
+      SecurityContext newSC = SecurityActions.createAndSetSecurityContext(securityDomain,
+            container.getSecurityContextClassName());  
       
       if(sc != null)
       {
@@ -167,5 +177,7 @@
          //Local EJB Invocation or some one created the Invocation object on the server side
          mi.setSecurityContext(newSC);
       }
+      //Set the SecurityManagement on the context
+      newSC.setSecurityManagement(container.getSecurityManagement());
    }
 }

Modified: trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/plugins/security/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,12 +23,14 @@
 
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 import org.jboss.security.RunAs;
 import org.jboss.security.SecurityContext;
 import org.jboss.security.SecurityIdentity;
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
 
 //$Id$
 
@@ -40,13 +42,14 @@
  */
 class SecurityActions
 {
-   public static SecurityContext createAndSetSecurityContext(final String domain)
+   public static SecurityContext createAndSetSecurityContext(final String domain,
+         final String fqnClassName) throws PrivilegedActionException
    {
-      return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction()
+      return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
       { 
-         public Object run()
+         public Object run() throws Exception
          {
-            SecurityContext sc =  SecurityContextFactory.createSecurityContext(domain); 
+            SecurityContext sc =  SecurityContextFactory.createSecurityContext(domain, fqnClassName); 
             setSecurityContext(sc);
             return sc;
          }}

Modified: trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/ejb/txtimer/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,11 +23,13 @@
 
 import java.security.PrivilegedAction;
 import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 import org.jboss.security.RunAs; 
 import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
 
 /** 
  * A collection of privileged actions for this package
@@ -146,11 +148,12 @@
       return TCLAction.UTIL.getContextClassLoader(thread);
    }
    
-   static SecurityContext createSecurityContext(final String securityDomain)
+   static SecurityContext createSecurityContext(final String securityDomain) 
+   throws PrivilegedActionException
    {
-      return (SecurityContext)AccessController.doPrivileged(new PrivilegedAction()
+      return (SecurityContext)AccessController.doPrivileged(new PrivilegedExceptionAction()
       { 
-         public Object run()
+         public Object run() throws Exception
          {
             SecurityContext sc = SecurityContextFactory.createSecurityContext(securityDomain); 
             SecurityContextAssociation.setSecurityContext(sc);

Modified: trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/jmx/connector/invoker/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -24,13 +24,15 @@
 import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction; 
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 import javax.security.auth.Subject;
  
 import org.jboss.security.SecurityAssociation;  
 import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
 
 /** Common PrivilegedAction used by classes in this package.
  * 
@@ -189,12 +191,13 @@
       }
    }
   
-   static SecurityContext createSecurityContext(final String domain)
+   static SecurityContext createSecurityContext(final String domain) 
+   throws PrivilegedActionException
    {
-      return (SecurityContext)AccessController.doPrivileged( new PrivilegedAction()
+      return (SecurityContext)AccessController.doPrivileged( new PrivilegedExceptionAction()
       {
 
-         public Object run()
+         public Object run() throws Exception
          {
             return SecurityContextFactory.createSecurityContext(domain); 
          }});

Modified: trunk/server/src/main/org/jboss/proxy/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/SecurityActions.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/proxy/SecurityActions.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -23,12 +23,14 @@
 
 import java.security.AccessController;
 import java.security.Principal;
-import java.security.PrivilegedAction;
+import java.security.PrivilegedAction; 
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 import org.jboss.security.RunAs;  
 import org.jboss.security.SecurityContext; 
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.plugins.SecurityContextAssociation;
-import org.jboss.security.plugins.SecurityContextFactory;
 
 //$Id$
 
@@ -97,7 +99,7 @@
       }
       
       public SecurityContext createSecurityContext(Principal p, Object cred, 
-            String sdomain)
+            String sdomain) throws Exception
       {
          return SecurityContextFactory.createSecurityContext(p,cred, null, sdomain);
       }
@@ -188,11 +190,11 @@
       }
       
       public SecurityContext createSecurityContext(final Principal p, final Object cred, 
-            final String sdomain)
+            final String sdomain) throws PrivilegedActionException
       {
-         return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction(){
-
-            public Object run()
+         return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
+         { 
+            public Object run() throws Exception
             {
                return SecurityContextFactory.createSecurityContext(p,cred, null, sdomain);
             }
@@ -208,7 +210,7 @@
    RunAs getCallerRunAsIdentity();
 
    SecurityContext createSecurityContext( Principal p,  Object cred, 
-         String sdomain);
+         String sdomain) throws Exception;
    
    SecurityContext getSecurityContext(); 
    

Modified: trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -97,7 +97,7 @@
     * @param invocation invocation instance
     * @return
     */
-   private SecurityContext createSecurityContext(Invocation invocation)
+   private SecurityContext createSecurityContext(Invocation invocation) throws Exception
    { 
       SecurityActions sa = SecurityActions.UTIL.getSecurityActions();
 

Modified: trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/web/AbstractWebDeployer.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -57,6 +57,7 @@
 import org.jboss.naming.NonSerializableFactory;
 import org.jboss.naming.Util;
 import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityConstants;
 import org.jboss.security.authorization.PolicyRegistration;
 import org.jboss.web.AbstractWebContainer.WebDescriptorParser;
 import org.omg.CORBA.ORB;
@@ -443,8 +444,12 @@
          String prefixedSecurityDomain = webApp.getMetaData().getSecurityDomain();
          if(prefixedSecurityDomain != null)
          {
-            AuthorizationManager authzmgr = 
-                org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);
+            //Look up JNDI for the AuthorizationManager
+            InitialContext ic = new InitialContext();
+            String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT + "/authorizationMgr";
+            AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+            /**AuthorizationManager authzmgr = 
+                org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
             if(authzmgr instanceof PolicyRegistration)
             {
                PolicyRegistration xam = (PolicyRegistration)authzmgr;

Modified: trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java	2007-09-13 21:48:41 UTC (rev 65382)
+++ trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java	2007-09-13 22:03:02 UTC (rev 65383)
@@ -56,6 +56,8 @@
 import org.jboss.naming.NonSerializableFactory;
 import org.jboss.naming.Util;
 import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityUtil;
 import org.jboss.security.authorization.PolicyRegistration;
 import org.jboss.web.WebApplication;
 import org.jboss.web.AbstractWebContainer.WebDescriptorParser;
@@ -360,8 +362,15 @@
       String prefixedSecurityDomain = webApp.getMetaData().getSecurityDomain();
       if(prefixedSecurityDomain != null)
       {
-         AuthorizationManager authzmgr = 
-             org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);
+         String unPrefixedDomain = SecurityUtil.unprefixSecurityDomain(prefixedSecurityDomain);
+         //Look up JNDI for the AuthorizationManager
+         InitialContext ic = new InitialContext();
+         String amCtx = SecurityConstants.JAAS_CONTEXT_ROOT +
+            "/" + unPrefixedDomain + "/authorizationMgr";
+                    
+         AuthorizationManager authzmgr = (AuthorizationManager)ic.lookup(amCtx);
+         /**AuthorizationManager authzmgr = 
+             org.jboss.security.SecurityUtil.getAuthorizationManager(prefixedSecurityDomain);*/
          if(authzmgr instanceof PolicyRegistration)
          {
             PolicyRegistration xam = (PolicyRegistration)authzmgr;




More information about the jboss-cvs-commits mailing list