[jboss-cvs] JBossAS SVN: r71921 - in projects/jboss-aspects/trunk: build and 13 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Apr 10 10:16:18 EDT 2008
Author: dimitris at jboss.org
Date: 2008-04-10 10:16:18 -0400 (Thu, 10 Apr 2008)
New Revision: 71921
Added:
projects/jboss-aspects/trunk/security/
projects/jboss-aspects/trunk/security/pom.xml
projects/jboss-aspects/trunk/security/src/
projects/jboss-aspects/trunk/security/src/main/
projects/jboss-aspects/trunk/security/src/main/org/
projects/jboss-aspects/trunk/security/src/main/org/jboss/
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptorFactory.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Exclude.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Permissions.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptorFactory.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAs.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptor.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptorFactory.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityActions.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataBinding.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataLoader.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClientInterceptor.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityConstructorConfig.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityContext.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityDomain.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityMethodConfig.java
projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Unchecked.java
projects/jboss-aspects/trunk/security/target/
projects/jboss-aspects/trunk/security/target/classes/
projects/jboss-aspects/trunk/security/target/classes/org/
projects/jboss-aspects/trunk/security/target/classes/org/jboss/
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/AuthenticationInterceptor.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/AuthenticationInterceptorFactory.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Exclude.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Permissions.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RoleBasedAuthorizationInterceptorFactory.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAs.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAsSecurityInterceptor.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAsSecurityInterceptorFactory.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ClearSecurityContextAction.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$1$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$GetSecurityContextAction.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$1$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$3.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$4.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$5.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$6.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$7.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$3.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$SetSecurityContextAction.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$1.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$3.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$4.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$UTIL.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClassMetaDataBinding.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClassMetaDataLoader.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClientInterceptor.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityConstructorConfig.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityContext.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityDomain.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityMethodConfig.class
projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Unchecked.class
Modified:
projects/jboss-aspects/trunk/build/pom.xml
Log:
Add the security module
Modified: projects/jboss-aspects/trunk/build/pom.xml
===================================================================
--- projects/jboss-aspects/trunk/build/pom.xml 2008-04-10 14:09:08 UTC (rev 71920)
+++ projects/jboss-aspects/trunk/build/pom.xml 2008-04-10 14:16:18 UTC (rev 71921)
@@ -34,7 +34,12 @@
<version.jboss.common.core>2.2.5.GA</version.jboss.common.core>
<version.jboss.logging.spi>2.0.5.GA</version.jboss.logging.spi>
<version.jboss.aop>2.0.0.CR8</version.jboss.aop>
+ <version.jboss.security.spi>2.0.2.Beta5</version.jboss.security.spi>
+ <version.jbosssx.client>2.0.2.Beta5</version.jbosssx.client>
+ <version.jboss.kernel>2.0.0.Beta11</version.jboss.kernel>
<version.org.jboss.test>1.0.5.GA</version.org.jboss.test>
+ <version.jboss.jaspi.api>1.0.0-SNAPSHOT</version.jboss.jaspi.api>
+ <version.jacc>1.0</version.jacc>
<version.junit>4.4</version.junit>
</properties>
@@ -177,8 +182,38 @@
<groupId>org.jboss.aop</groupId>
<artifactId>jboss-aop</artifactId>
<version>${version.jboss.aop}</version>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ <version>${version.jboss.security.spi}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-client</artifactId>
+ <version>${version.jbosssx.client}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.microcontainer</groupId>
+ <artifactId>jboss-kernel</artifactId>
+ <version>${version.jboss.kernel}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.security</groupId>
+ <artifactId>jacc</artifactId>
+ <version>${version.jacc}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jaspi-api</artifactId>
+ <version>${version.jboss.jaspi.api}</version>
+ </dependency>
+
<!-- test dependencies -->
<dependency>
<groupId>org.jboss</groupId>
Added: projects/jboss-aspects/trunk/security/pom.xml
===================================================================
--- projects/jboss-aspects/trunk/security/pom.xml (rev 0)
+++ projects/jboss-aspects/trunk/security/pom.xml 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,78 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.aspects</groupId>
+ <artifactId>jboss-aspects-build</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-security-aspects</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Security Aspects</name>
+ <url>http://www.jboss.org/jbossas/</url>
+ <description>JBoss Security Aspects</description>
+ <build>
+ <resources>
+ <resource>
+ <directory>src/resources/main</directory>
+ </resource>
+ </resources>
+ <testResources>
+ <testResource>
+ <directory>src/resources/tests</directory>
+ </testResource>
+ </testResources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+ <!-- Do not add version information here, use ../build/pom.xml instead -->
+ <dependencies>
+ <!-- Global dependencies -->
+
+ <dependency>
+ <groupId>org.jboss.aop</groupId>
+ <artifactId>jboss-aop</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.microcontainer</groupId>
+ <artifactId>jboss-kernel</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-client</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.security</groupId>
+ <artifactId>jacc</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.javaee</groupId>
+ <artifactId>jboss-jaspi-api</artifactId>
+ </dependency>
+
+ <!-- Test dependencies -->
+ </dependencies>
+</project>
\ No newline at end of file
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptor.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,156 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.security.Principal;
+import java.security.GeneralSecurityException;
+import javax.security.auth.Subject;
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.RunAsIdentity;
+
+/**
+ * The AuthenticationInterceptor authenticates the caller.
+ *
+ * @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>.
+ * @author <a href="bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 62573 $
+ */
+public class AuthenticationInterceptor implements org.jboss.aop.advice.Interceptor
+{
+ protected Logger log = Logger.getLogger(this.getClass());
+ protected AuthenticationManager authenticationManager;
+
+ public AuthenticationInterceptor(AuthenticationManager manager)
+ {
+ authenticationManager = manager;
+ }
+
+ public String getName()
+ {
+ return "AuthenticationInterceptor";
+ }
+
+ protected void handleGeneralSecurityException(GeneralSecurityException gse)
+ {
+ throw new SecurityException(gse.getMessage());
+ }
+
+ /**
+ * Authenticates the caller using the principal and credentials in the
+ * Infocation if thre is a security manager and an invcocation method.
+ */
+ public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
+ {
+ try
+ {
+ authenticate(invocation);
+ }
+ catch (GeneralSecurityException gse)
+ {
+ handleGeneralSecurityException(gse);
+ }
+
+ Object oldDomain = SecurityContext.currentDomain.get();
+ try
+ {
+ SecurityContext.currentDomain.set(authenticationManager);
+ return invocation.invokeNext();
+ }
+ finally
+ {
+ SecurityContext.currentDomain.set(oldDomain);
+
+ // so that the principal doesn't keep being associated with thread if the thread is pooled
+ // only pop if it's been pushed
+ RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
+ if (authenticationManager == null || callerRunAsIdentity == null)
+ {
+ SecurityActions.popSubjectContext();
+ }
+ if(authenticationManager != null)
+ SecurityActions.clearSecurityContext();
+
+ if (invocation.getMetaData("security", "principal") != null)
+ {
+ SecurityActions.setPrincipal(null);
+ SecurityActions.setCredential(null);
+ }
+ }
+ }
+
+ protected void authenticate(org.jboss.aop.joinpoint.Invocation invocation) throws Exception
+ {
+ Principal principal = (Principal) invocation.getMetaData("security", "principal");
+ Object credential = invocation.getMetaData("security", "credential");
+
+ if (principal == null)
+ {
+ principal = SecurityActions.getPrincipal();
+ }
+ if (credential == null)
+ {
+ credential = SecurityActions.getCredential();
+ }
+
+ if (authenticationManager == null)
+ {
+ SecurityActions.pushSubjectContext(principal, credential, null);
+ return;
+ }
+
+
+ // authenticate the current principal
+ RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
+ if (callerRunAsIdentity == null)
+ {
+ // Check the security info from the method invocation
+ Subject subject = new Subject();
+ if (authenticationManager.isValid(principal, credential, subject) == false)
+ {
+ /* todo support CSIV2 authenticationObserver
+ // Notify authentication observer
+ if (authenticationObserver != null)
+ authenticationObserver.authenticationFailed();
+ */
+ // Check for the security association exception
+ Exception ex = SecurityActions.getContextException();
+ if (ex != null)
+ throw ex;
+ // Else throw a generic SecurityException
+ String msg = "Authentication exception, principal=" + principal;
+ SecurityException e = new SecurityException(msg);
+ throw e;
+ }
+ else
+ {
+ SecurityActions.pushSubjectContext(principal, credential, subject);
+ SecurityActions.establishSecurityContext(authenticationManager.getSecurityDomain(),
+ principal, credential, subject);
+ if (log.isTraceEnabled())
+ {
+ log.trace("Authenticated principal=" + principal);
+ }
+ }
+ }
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptorFactory.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptorFactory.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/AuthenticationInterceptorFactory.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import org.jboss.aop.Advisor;
+import org.jboss.aop.InstanceAdvisor;
+import org.jboss.aop.advice.AspectFactory;
+import org.jboss.aop.joinpoint.Joinpoint;
+import org.jboss.security.AuthenticationManager;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+/**
+ * Comment
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 37406 $
+ */
+public class AuthenticationInterceptorFactory implements AspectFactory
+{
+ public Object createPerVM()
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerClass(Advisor advisor)
+ {
+ AuthenticationManager manager = (AuthenticationManager) advisor.getDefaultMetaData().getMetaData("security", "authentication-manager");
+ if (manager == null)
+ {
+ SecurityDomain domain = (SecurityDomain) advisor.resolveAnnotation(SecurityDomain.class);
+ if (domain == null) throw new RuntimeException("Unable to determine security domain");
+ try
+ {
+ manager = (AuthenticationManager) new InitialContext().lookup("java:/jaas/" + domain.value());
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e); //To change body of catch statement use Options | File Templates.
+ }
+ }
+ if (manager == null) throw new RuntimeException("Unable to find Security Domain");
+ return new AuthenticationInterceptor(manager);
+ }
+
+ public Object createPerInstance(Advisor advisor, InstanceAdvisor instanceAdvisor)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerJoinpoint(Advisor advisor, Joinpoint jp)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerJoinpoint(Advisor advisor, InstanceAdvisor instanceAdvisor, Joinpoint jp)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public String getName()
+ {
+ return getClass().getName();
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Exclude.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Exclude.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Exclude.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,38 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+/**
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 57757 $
+ */
+ at Retention(RetentionPolicy.RUNTIME)
+public @interface Exclude {}
+
+
+
+
+
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Permissions.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Permissions.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Permissions.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,38 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+/**
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 57757 $
+ */
+ at Retention(RetentionPolicy.RUNTIME)
+public @interface Permissions
+{
+ String[] value();
+}
+
+
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,169 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.logging.Logger;
+import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.NobodyPrincipal;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SimplePrincipal;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * The RoleBasedAuthorizationInterceptor checks that the caller principal is
+ * authorized to call a method by verifing that it contains at least one
+ * of the required roled.
+ *
+ * @author <a href="bill at jboss.org">Bill Burke</a>
+ * @author <a href="on at ibis.odessa.ua">Oleg Nitz</a>
+ * @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>.
+ * @author <a href="mailto:dain at daingroup.com">Dain Sundstrom</a>.
+ * @version $Revision: 46061 $
+ */
+public class RoleBasedAuthorizationInterceptor implements org.jboss.aop.advice.Interceptor
+{
+ protected Logger log = Logger.getLogger(this.getClass());
+ protected AuthenticationManager securityManager;
+ protected RealmMapping realmMapping;
+
+ public RoleBasedAuthorizationInterceptor(AuthenticationManager manager, RealmMapping realmMapping)
+ {
+ this.securityManager = manager;
+ this.realmMapping = realmMapping;
+ }
+
+ public String getName()
+ {
+ return "RoleBasedAuthorizationInterceptor";
+ }
+
+ protected Set getRoleSet(Invocation invocation)
+ {
+ Set roles = (Set) invocation.getMetaData("security", "roles");
+ if (roles == null) roles = getAnnotationRoleSet(invocation);
+ return roles;
+
+ }
+
+ protected Set getAnnotationRoleSet(Invocation invocation)
+ {
+ HashSet set = new HashSet();
+ Exclude exclude = (Exclude) invocation.resolveAnnotation(Exclude.class);
+ if (exclude != null)
+ {
+ set.add(NobodyPrincipal.NOBODY_PRINCIPAL);
+ return set;
+ }
+ Unchecked unchecked = (Unchecked) invocation.resolveAnnotation(Unchecked.class);
+ if (unchecked != null)
+ {
+ set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
+ return set;
+ }
+ Permissions permissions = (Permissions) invocation.resolveAnnotation(Permissions.class);
+ if (permissions == null)
+ {
+ // Default behavior is unchecked
+ set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
+ return set;
+ }
+ for (int i = 0; i < permissions.value().length; i++)
+ {
+ set.add(new SimplePrincipal(permissions.value()[i]));
+ }
+ return set;
+ }
+
+ /**
+ * Check if the principal is authorized to call the method by verifying that
+ * the it containes at least one of the required roles.
+ */
+ public Object invoke(Invocation invocation) throws Throwable
+ {
+ // If there is not a security manager then there is no authorization
+ // required
+ if (securityManager == null)
+ {
+ return invocation.invokeNext();
+ }
+
+ if (realmMapping == null)
+ {
+ throw new SecurityException("Role mapping manager has not been set");
+ }
+
+ Set roles = getRoleSet(invocation);
+ if (roles == null)
+ {
+ /*
+ REVISIT: for better message
+ String message = "No method permissions assigned. to " +
+ "method=" + invocation.getMethod().getName() +
+ ", interface=" + invocation.getType();
+ */
+ String message = "No method permissions assigned.";
+ log.error(message);
+ throw new SecurityException(message);
+ }
+
+ // Check if the caller is allowed to access the method
+ RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
+ if (roles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false)
+ {
+ // The caller is using a the caller identity
+ if (callerRunAsIdentity == null)
+ {
+ Principal principal = SecurityActions.getPrincipal();
+ // Now actually check if the current caller has one of the required method roles
+ if (realmMapping.doesUserHaveRole(principal, roles) == false)
+ {
+ Set userRoles = realmMapping.getUserRoles(principal);
+ String msg = "Insufficient permissions, principal=" + principal
+ + ", requiredRoles=" + roles + ", principalRoles=" + userRoles;
+ log.error(msg);
+ throw new SecurityException(msg);
+ }
+ }
+
+ // The caller is using a run-as identity
+ else
+ {
+ // Check that the run-as role is in the set of method roles
+ if (callerRunAsIdentity.doesUserHaveRole(roles) == false)
+ {
+ String msg = "Insufficient permissions, runAsPrincipal=" + callerRunAsIdentity.getName()
+ + ", requiredRoles=" + roles + ", runAsRoles=" + callerRunAsIdentity.getRunAsRoles();
+ log.error(msg);
+ throw new SecurityException(msg);
+ }
+ }
+ }
+ return invocation.invokeNext();
+ }
+
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptorFactory.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptorFactory.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RoleBasedAuthorizationInterceptorFactory.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import org.jboss.aop.Advisor;
+import org.jboss.aop.InstanceAdvisor;
+import org.jboss.aop.advice.AspectFactory;
+import org.jboss.aop.joinpoint.Joinpoint;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.RealmMapping;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+/**
+ * Comment
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 37406 $
+ *
+ **/
+public class RoleBasedAuthorizationInterceptorFactory implements AspectFactory
+{
+ public Object createPerVM()
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerClass(Advisor advisor)
+ {
+ AuthenticationManager manager = (AuthenticationManager)advisor.getDefaultMetaData().getMetaData("security", "authentication-manager");
+ RealmMapping mapping = (RealmMapping)advisor.getDefaultMetaData().getMetaData("security", "realm-mapping");
+ if (manager == null)
+ {
+ SecurityDomain domain = (SecurityDomain)advisor.resolveAnnotation(SecurityDomain.class);
+ if (domain == null) throw new RuntimeException("Unable to determine security domain");
+ try
+ {
+ manager = (AuthenticationManager)new InitialContext().lookup("java:/jaas/" + domain.value());
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e); //To change body of catch statement use Options | File Templates.
+ }
+ mapping = (RealmMapping)manager;
+ }
+ if (manager == null) throw new RuntimeException("Unable to find Security Domain");
+ return new RoleBasedAuthorizationInterceptor(manager, mapping);
+ }
+
+ public Object createPerInstance(Advisor advisor, InstanceAdvisor instanceAdvisor)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerJoinpoint(Advisor advisor, Joinpoint jp)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerJoinpoint(Advisor advisor, InstanceAdvisor instanceAdvisor, Joinpoint jp)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public String getName()
+ {
+ return getClass().getName();
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAs.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAs.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAs.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,40 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+/**
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 57757 $
+ */
+ at Retention(RetentionPolicy.RUNTIME)
+public @interface RunAs
+{
+ String value();
+}
+
+
+
+
+
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptor.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptor.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptor.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,93 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.RunAsIdentity;
+
+/**
+ * An interceptor that enforces the run-as identity declared by a bean.
+ *
+ * @author <a href="mailto:Scott.Stark at jboss.org">Scott Stark</a>.
+ * @author <a href="mailto:dain at daingroup.com">Dain Sundstrom</a>.
+ * @version $Revision: 65273 $
+ */
+public class RunAsSecurityInterceptor implements org.jboss.aop.advice.Interceptor
+{
+ private static final Logger log = Logger.getLogger(RunAsSecurityInterceptor.class);
+
+ protected AuthenticationManager securityManager;
+ protected RealmMapping realmMapping;
+
+ public RunAsSecurityInterceptor(AuthenticationManager manager, RealmMapping realmMapping)
+ {
+ this.securityManager = manager;
+ this.realmMapping = realmMapping;
+ }
+
+ public String getName() { return "RunAsSecurityInterceptor"; }
+
+ protected RunAsIdentity getRunAsIdentity(Invocation invocation)
+ {
+ RunAsIdentity identity = (RunAsIdentity)invocation.getMetaData("security", "run-as");
+ if (identity == null) identity = getAnnotationRunAsIdentity(invocation);
+ return identity;
+ }
+
+ protected RunAsIdentity getAnnotationRunAsIdentity(Invocation invocation)
+ {
+ RunAs runAs = (RunAs) invocation.resolveAnnotation(RunAs.class);
+ if (runAs == null)
+ {
+ runAs = (RunAs)invocation.resolveClassAnnotation(RunAs.class);
+ }
+ if (runAs == null) return null;
+ RunAsIdentity runAsRole = new RunAsIdentity(runAs.value(), null);
+ return runAsRole;
+ }
+ public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
+ {
+ RunAsIdentity runAsRole = getRunAsIdentity(invocation);
+ // If a run-as role was specified, push it so that any calls made
+ // by this bean will have the runAsRole available for declarative
+ // security checks.
+ if(runAsRole != null)
+ {
+ SecurityActions.pushRunAsIdentity(runAsRole);
+ }
+
+ try
+ {
+ return invocation.invokeNext();
+ }
+ finally
+ {
+ if(runAsRole != null)
+ {
+ SecurityActions.popRunAsIdentity();
+ }
+ }
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptorFactory.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/RunAsSecurityInterceptorFactory.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import org.jboss.aop.Advisor;
+import org.jboss.aop.InstanceAdvisor;
+import org.jboss.aop.advice.AspectFactory;
+import org.jboss.aop.joinpoint.Joinpoint;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.RealmMapping;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+/**
+ * Comment
+ *
+ * @author <a href="mailto:bdecoste at jboss.com">William DeCoste</a>
+ * @version $Revision: 37406 $
+ *
+ **/
+public class RunAsSecurityInterceptorFactory implements AspectFactory
+{
+ public Object createPerVM()
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerClass(Advisor advisor)
+ {
+ AuthenticationManager manager = (AuthenticationManager)advisor.getDefaultMetaData().getMetaData("security", "authentication-manager");
+ RealmMapping mapping = (RealmMapping)advisor.getDefaultMetaData().getMetaData("security", "realm-mapping");
+ if (manager == null)
+ {
+ SecurityDomain domain = (SecurityDomain)advisor.resolveAnnotation(SecurityDomain.class);
+ if (domain == null) throw new RuntimeException("Unable to determine security domain");
+ try
+ {
+ manager = (AuthenticationManager)new InitialContext().lookup("java:/jaas/" + domain.value());
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e); //To change body of catch statement use Options | File Templates.
+ }
+ mapping = (RealmMapping)manager;
+ }
+ if (manager == null) throw new RuntimeException("Unable to find Security Domain");
+ return new RunAsSecurityInterceptor(manager, mapping);
+ }
+
+ public Object createPerInstance(Advisor advisor, InstanceAdvisor instanceAdvisor)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerJoinpoint(Advisor advisor, Joinpoint jp)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public Object createPerJoinpoint(Advisor advisor, InstanceAdvisor instanceAdvisor, Joinpoint jp)
+ {
+ throw new RuntimeException("PER_VM not supported for this interceptor factory, only PER_CLASS");
+ }
+
+ public String getName()
+ {
+ return getClass().getName();
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityActions.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityActions.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityActions.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,690 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.security.Principal;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.lang.reflect.UndeclaredThrowableException;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityAssociation;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SecurityContextAssociation;
+
+/** A collection of privileged actions for this package
+ * @author Scott.Stark at jboss.org
+ * @author <a href="mailto:alex at jboss.org">Alexey Loubyansky</a>
+ * @version $Revison: $
+ */
+class SecurityActions
+{
+ private static final Logger log = Logger.getLogger(SecurityActions.class);
+
+ interface PrincipalInfoAction
+ {
+ PrincipalInfoAction PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(final Principal principal, final Object credential,
+ final Subject subject)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ return null;
+ }
+ }
+ );
+ }
+ public void pop()
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.popSubjectContext();
+ return null;
+ }
+ }
+ );
+ }
+
+ public Principal getPrincipal()
+ {
+ return (Principal)AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.getPrincipal();
+ }
+ }
+ );
+ }
+
+ public void setPrincipal(final Principal principal)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.setPrincipal(principal);
+ return null;
+ }
+ }
+ );
+ }
+
+ public Principal getCallerPrincipal()
+ {
+ return (Principal)AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.getCallerPrincipal();
+ }
+ }
+ );
+ }
+
+ public Object getCredential()
+ {
+ return AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.getCredential();
+ }
+ }
+ );
+ }
+
+ public void setCredential(final Object credential)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.setCredential(credential);
+ return null;
+ }
+ }
+ );
+ }
+ };
+
+ PrincipalInfoAction NON_PRIVILEGED = new PrincipalInfoAction()
+ {
+ public void push(Principal principal, Object credential, Subject subject)
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ }
+ public void pop()
+ {
+ SecurityAssociation.popSubjectContext();
+ }
+ public Principal getPrincipal()
+ {
+ return SecurityAssociation.getPrincipal();
+ }
+ public void setPrincipal(Principal principal)
+ {
+ SecurityAssociation.setPrincipal(principal);
+ }
+ public Principal getCallerPrincipal()
+ {
+ return SecurityAssociation.getPrincipal();
+ }
+ public Object getCredential()
+ {
+ return SecurityAssociation.getCredential();
+ }
+ public void setCredential(Object credential)
+ {
+ SecurityAssociation.setCredential(credential);
+ }
+ };
+
+ void push(Principal principal, Object credential, Subject subject);
+ void pop();
+ Principal getPrincipal();
+ void setPrincipal(Principal principal);
+ Principal getCallerPrincipal();
+ Object getCredential();
+ void setCredential(Object credential);
+ }
+
+
+ interface RunAsIdentityActions
+ {
+ RunAsIdentityActions PRIVILEGED = new RunAsIdentityActions()
+ {
+ private final PrivilegedAction peekAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.peekRunAsIdentity();
+ }
+ };
+
+ private final PrivilegedAction popAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.popRunAsIdentity();
+ }
+ };
+
+ public RunAsIdentity peek()
+ {
+ return (RunAsIdentity)AccessController.doPrivileged(peekAction);
+ }
+
+ public void push(final RunAsIdentity id)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ SecurityAssociation.pushRunAsIdentity(id);
+ return null;
+ }
+ }
+ );
+ }
+
+ public RunAsIdentity pop()
+ {
+ return (RunAsIdentity)AccessController.doPrivileged(popAction);
+ }
+ };
+
+ RunAsIdentityActions NON_PRIVILEGED = new RunAsIdentityActions()
+ {
+ public RunAsIdentity peek()
+ {
+ return SecurityAssociation.peekRunAsIdentity();
+ }
+
+ public void push(RunAsIdentity id)
+ {
+ SecurityAssociation.pushRunAsIdentity(id);
+ }
+
+ public RunAsIdentity pop()
+ {
+ return SecurityAssociation.popRunAsIdentity();
+ }
+ };
+
+ RunAsIdentity peek();
+
+ void push(RunAsIdentity id);
+
+ RunAsIdentity pop();
+ }
+
+ interface ContextInfoActions
+ {
+ static final String EX_KEY = "org.jboss.security.exception";
+ ContextInfoActions PRIVILEGED = new ContextInfoActions()
+ {
+ private final PrivilegedAction exAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return SecurityAssociation.getContextInfo(EX_KEY);
+ }
+ };
+ public Exception getContextException()
+ {
+ return (Exception)AccessController.doPrivileged(exAction);
+ }
+ };
+
+ ContextInfoActions NON_PRIVILEGED = new ContextInfoActions()
+ {
+ public Exception getContextException()
+ {
+ return (Exception)SecurityAssociation.getContextInfo(EX_KEY);
+ }
+ };
+
+ Exception getContextException();
+ }
+
+ interface PolicyContextActions
+ {
+ /** The JACC PolicyContext key for the current Subject */
+ static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
+ PolicyContextActions PRIVILEGED = new PolicyContextActions()
+ {
+ private final PrivilegedExceptionAction exAction = new PrivilegedExceptionAction()
+ {
+ public Object run() throws Exception
+ {
+ return (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
+ }
+ };
+ public Subject getContextSubject()
+ throws PolicyContextException
+ {
+ try
+ {
+ return (Subject) AccessController.doPrivileged(exAction);
+ }
+ catch(PrivilegedActionException e)
+ {
+ Exception ex = e.getException();
+ if( ex instanceof PolicyContextException )
+ throw (PolicyContextException) ex;
+ else
+ throw new UndeclaredThrowableException(ex);
+ }
+ }
+ };
+
+ PolicyContextActions NON_PRIVILEGED = new PolicyContextActions()
+ {
+ public Subject getContextSubject()
+ throws PolicyContextException
+ {
+ return (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
+ }
+ };
+
+ Subject getContextSubject()
+ throws PolicyContextException;
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ return TCLAction.UTIL.getContextClassLoader();
+ }
+
+ static void setContextClassLoader(ClassLoader loader)
+ {
+ TCLAction.UTIL.setContextClassLoader(loader);
+ }
+
+ static Principal getCallerPrincipal()
+ {
+ if (System.getSecurityManager() == null)
+ {
+ return PrincipalInfoAction.NON_PRIVILEGED.getCallerPrincipal();
+ }
+ else
+ {
+ return PrincipalInfoAction.PRIVILEGED.getCallerPrincipal();
+ }
+ }
+
+ static Principal getPrincipal()
+ {
+ if (System.getSecurityManager() == null)
+ {
+ return PrincipalInfoAction.NON_PRIVILEGED.getPrincipal();
+ }
+ else
+ {
+ return PrincipalInfoAction.PRIVILEGED.getPrincipal();
+ }
+ }
+
+ static void setPrincipal(Principal principal)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.setPrincipal(principal);
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.setPrincipal(principal);
+ }
+ }
+
+ static Object getCredential()
+ {
+ if (System.getSecurityManager() == null)
+ {
+ return PrincipalInfoAction.NON_PRIVILEGED.getCredential();
+ }
+ else
+ {
+ return PrincipalInfoAction.PRIVILEGED.getCredential();
+ }
+ }
+
+ static void setCredential(Object credential)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.setCredential(credential);
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.setCredential(credential);
+ }
+ }
+
+ static void pushSubjectContext(Principal principal, Object credential,
+ Subject subject)
+ {
+ if(System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.push(principal, credential, subject);
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.push(principal, credential, subject);
+ }
+ }
+ static void popSubjectContext()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ PrincipalInfoAction.NON_PRIVILEGED.pop();
+ }
+ else
+ {
+ PrincipalInfoAction.PRIVILEGED.pop();
+ }
+ }
+
+ static RunAsIdentity peekRunAsIdentity()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ return RunAsIdentityActions.NON_PRIVILEGED.peek();
+ }
+ else
+ {
+ return RunAsIdentityActions.PRIVILEGED.peek();
+ }
+ }
+
+ static void pushRunAsIdentity(RunAsIdentity principal)
+ {
+ if(System.getSecurityManager() == null)
+ {
+ RunAsIdentityActions.NON_PRIVILEGED.push(principal);
+ }
+ else
+ {
+ RunAsIdentityActions.PRIVILEGED.push(principal);
+ }
+ }
+
+ static RunAsIdentity popRunAsIdentity()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ return RunAsIdentityActions.NON_PRIVILEGED.pop();
+ }
+ else
+ {
+ return RunAsIdentityActions.PRIVILEGED.pop();
+ }
+ }
+
+ static Exception getContextException()
+ {
+ if(System.getSecurityManager() == null)
+ {
+ return ContextInfoActions.NON_PRIVILEGED.getContextException();
+ }
+ else
+ {
+ return ContextInfoActions.PRIVILEGED.getContextException();
+ }
+ }
+
+ static Subject getContextSubject()
+ throws PolicyContextException
+ {
+ if(System.getSecurityManager() == null)
+ {
+ return PolicyContextActions.NON_PRIVILEGED.getContextSubject();
+ }
+ else
+ {
+ return PolicyContextActions.PRIVILEGED.getContextSubject();
+ }
+ }
+
+
+
+
+
+
+ interface TCLAction
+ {
+ class UTIL
+ {
+ static TCLAction getTCLAction()
+ {
+ return System.getSecurityManager() == null ? NON_PRIVILEGED : PRIVILEGED;
+ }
+
+ static ClassLoader getContextClassLoader()
+ {
+ return getTCLAction().getContextClassLoader();
+ }
+
+ static ClassLoader getContextClassLoader(Thread thread)
+ {
+ return getTCLAction().getContextClassLoader(thread);
+ }
+
+ static void setContextClassLoader(ClassLoader cl)
+ {
+ getTCLAction().setContextClassLoader(cl);
+ }
+
+ static void setContextClassLoader(Thread thread, ClassLoader cl)
+ {
+ getTCLAction().setContextClassLoader(thread, cl);
+ }
+ }
+
+ TCLAction NON_PRIVILEGED = new TCLAction()
+ {
+ public ClassLoader getContextClassLoader()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+
+ public ClassLoader getContextClassLoader(Thread thread)
+ {
+ return thread.getContextClassLoader();
+ }
+
+ public void setContextClassLoader(ClassLoader cl)
+ {
+ Thread.currentThread().setContextClassLoader(cl);
+ }
+
+ public void setContextClassLoader(Thread thread, ClassLoader cl)
+ {
+ thread.setContextClassLoader(cl);
+ }
+ };
+
+ TCLAction PRIVILEGED = new TCLAction()
+ {
+ private final PrivilegedAction getTCLPrivilegedAction = new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ };
+
+ public ClassLoader getContextClassLoader()
+ {
+ return (ClassLoader)AccessController.doPrivileged(getTCLPrivilegedAction);
+ }
+
+ public ClassLoader getContextClassLoader(final Thread thread)
+ {
+ return (ClassLoader)AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return thread.getContextClassLoader();
+ }
+ });
+ }
+
+ public void setContextClassLoader(final ClassLoader cl)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ Thread.currentThread().setContextClassLoader(cl);
+ return null;
+ }
+ }
+ );
+ }
+
+ public void setContextClassLoader(final Thread thread, final ClassLoader cl)
+ {
+ AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ thread.setContextClassLoader(cl);
+ return null;
+ }
+ }
+ );
+ }
+ };
+
+ ClassLoader getContextClassLoader();
+
+ ClassLoader getContextClassLoader(Thread thread);
+
+ void setContextClassLoader(ClassLoader cl);
+
+ void setContextClassLoader(Thread thread, ClassLoader cl);
+ }
+
+
+ private static class GetSecurityContextAction implements PrivilegedAction
+ {
+ GetSecurityContextAction()
+ {
+ }
+ public Object run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ }
+
+ private static class SetSecurityContextAction implements PrivilegedAction
+ {
+ private SecurityContext securityContext;
+ SetSecurityContextAction(SecurityContext sc)
+ {
+ this.securityContext = sc;
+ }
+
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(securityContext);
+ return null;
+ }
+ }
+
+ private static class ClearSecurityContextAction implements PrivilegedAction
+ {
+ ClearSecurityContextAction()
+ {
+ }
+ public Object run()
+ {
+ SecurityContextAssociation.clearSecurityContext();
+ return null;
+ }
+ }
+
+ static void clearSecurityContext()
+ {
+ ClearSecurityContextAction action = new ClearSecurityContextAction();
+ AccessController.doPrivileged(action);
+ }
+
+ static SecurityContext createSecurityContext() throws PrivilegedActionException
+ {
+ return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ {
+
+ public Object run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext("CLIENT");
+ }
+ });
+ }
+
+ static SecurityContext getSecurityContext()
+ {
+ GetSecurityContextAction action = new GetSecurityContextAction();
+ return (SecurityContext)AccessController.doPrivileged(action);
+ }
+
+ static void setSecurityContext(SecurityContext sc)
+ {
+ SetSecurityContextAction action = new SetSecurityContextAction(sc);
+ AccessController.doPrivileged(action);
+ }
+
+ static void establishSecurityContext(String domain, Principal p, Object cred,
+ Subject subject) throws Exception
+ {
+ SecurityContext sc = SecurityContextFactory.createSecurityContext(p,
+ cred, subject, domain);
+ SecurityActions.setSecurityContext(sc);
+ }
+
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataBinding.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataBinding.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataBinding.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+/**
+ *
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 42937 $
+ *
+ */
+public class SecurityClassMetaDataBinding extends org.jboss.aop.metadata.ClassMetaDataBinding
+{
+ protected ArrayList securityRoles = new ArrayList();
+ protected ArrayList methodPermissions = new ArrayList();
+ protected ArrayList methodExcludeList = new ArrayList();
+ protected ArrayList constructorPermissions = new ArrayList();
+ protected ArrayList constructorExcludeList = new ArrayList();
+ protected HashMap fieldPermissions = new HashMap();
+ protected ArrayList fieldExcludeList = new ArrayList();
+ protected String runAs;
+ protected String securityDomain;
+
+ public SecurityClassMetaDataBinding(org.jboss.aop.metadata.ClassMetaDataLoader loader, String name, String group, String expr)
+ {
+ super(loader, name, group, expr);
+ }
+
+ public String getSecurityDomain() { return securityDomain; }
+ public void setSecurityDomain(String domain) { securityDomain = domain; }
+
+ public ArrayList getSecurityRoles() { return securityRoles; }
+ public void setSecurityRoles(ArrayList roles) { securityRoles = roles; }
+
+ public ArrayList getMethodPermissions() { return methodPermissions; }
+ public void setMethodPermissions(ArrayList permissions) { methodPermissions = permissions; }
+
+ public ArrayList getMethodExcludeList() { return methodExcludeList; }
+ public void setMethodExcludeList(ArrayList list) { methodExcludeList = list; }
+
+ public HashMap getFieldPermissions() { return fieldPermissions; }
+ public void setFieldPermissions(HashMap permissions) { fieldPermissions = permissions; }
+
+ public ArrayList getFieldExcludeList() { return fieldExcludeList; }
+ public void setFieldExcludeList(ArrayList list) { fieldExcludeList = list; }
+
+ public ArrayList getConstructorPermissions() { return constructorPermissions; }
+ public void setConstructorPermissions(ArrayList permissions) { constructorPermissions = permissions; }
+
+ public ArrayList getConstructorExcludeList() { return constructorExcludeList; }
+ public void setConstructorExcludeList(ArrayList list) { constructorExcludeList = list; }
+
+ public String getRunAs() { return runAs; }
+ public void setRunAs(String as) { runAs = as; }
+
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataLoader.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataLoader.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClassMetaDataLoader.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,750 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import javassist.CtConstructor;
+import javassist.CtField;
+import javassist.CtMethod;
+import javassist.NotFoundException;
+import org.jboss.aop.Advisor;
+import org.jboss.aop.metadata.ClassMetaDataBinding;
+import org.jboss.aop.util.PayloadKey;
+import org.jboss.aop.util.XmlHelper;
+import org.jboss.security.AnybodyPrincipal;
+import org.jboss.security.NobodyPrincipal;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SimplePrincipal;
+import org.w3c.dom.Element;
+
+import javax.naming.InitialContext;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * This interceptor handles authentication creation and the initial
+ * population of class metadata
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 65273 $
+ */
+public class SecurityClassMetaDataLoader implements org.jboss.aop.metadata.ClassMetaDataLoader
+{
+ public org.jboss.aop.metadata.ClassMetaDataBinding importMetaData(Element element, String name, String group, String classExpr) throws Exception
+ {
+ SecurityClassMetaDataBinding data = new SecurityClassMetaDataBinding(this, name, group, classExpr);
+ ArrayList securityRoles = loadSecurityRoles(element);
+ ArrayList methodPermissions = loadMethodPermissions(element);
+ ArrayList methodExcludeList = loadMethodExcludeList(element);
+ HashMap fieldPermissions = loadFieldPermissions(element);
+ ArrayList fieldExcludeList = loadFieldExcludeList(element);
+ ArrayList constructorPermissions = loadConstructorPermissions(element);
+ ArrayList constructorExcludeList = loadConstructorExcludeList(element);
+ String runAs = loadRunAs(element);
+
+ String securityDomain = XmlHelper.getOptionalChildContent(element, "security-domain");
+ if (securityDomain == null) throw new RuntimeException("you must define a security-domain");
+ data.setSecurityDomain(securityDomain);
+ data.setSecurityRoles(securityRoles);
+ data.setMethodPermissions(methodPermissions);
+ data.setMethodExcludeList(methodExcludeList);
+ data.setFieldPermissions(fieldPermissions);
+ data.setFieldExcludeList(fieldExcludeList);
+ data.setConstructorPermissions(constructorPermissions);
+ data.setConstructorExcludeList(constructorExcludeList);
+ data.setRunAs(runAs);
+ return data;
+ }
+
+ public void bind(Advisor advisor, org.jboss.aop.metadata.ClassMetaDataBinding data, Method[] methods, Field[] fields, Constructor[] constructors) throws Exception
+ {
+ SecurityClassMetaDataBinding meta = (SecurityClassMetaDataBinding) data;
+ try
+ {
+ String securityDomain = "java:/jaas/" + meta.getSecurityDomain();
+ Object domain = new InitialContext().lookup(securityDomain);
+ advisor.getDefaultMetaData().addMetaData("security", "authentication-manager", domain, PayloadKey.TRANSIENT);
+ advisor.getDefaultMetaData().addMetaData("security", "realm-mapping", domain, PayloadKey.TRANSIENT);
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("failed to load security domain: " + meta.getSecurityDomain(), ex);
+ }
+
+ for (int i = 0; i < methods.length; i++)
+ {
+ Set permissions = getMethodPermissions(methods[i], meta);
+ if (permissions != null)
+ {
+ advisor.getMethodMetaData().addMethodMetaData(methods[i], "security", "roles", permissions, PayloadKey.TRANSIENT);
+ }
+ }
+
+ for (int i = 0; i < fields.length; i++)
+ {
+ Set permissions = getFieldPermissions(fields[i], meta);
+ if (permissions != null)
+ {
+ advisor.getFieldMetaData().addFieldMetaData(fields[i], "security", "roles", permissions, PayloadKey.TRANSIENT);
+ }
+ }
+
+ for (int i = 0; i < constructors.length; i++)
+ {
+ Set permissions = getConstructorPermissions(constructors[i], meta);
+ if (permissions != null)
+ {
+ advisor.getConstructorMetaData().addConstructorMetaData(constructors[i], "security", "roles", permissions, PayloadKey.TRANSIENT);
+ }
+ }
+
+ if (meta.getRunAs() != null)
+ {
+ advisor.getDefaultMetaData().addMetaData("security", "run-as", new RunAsIdentity(meta.getRunAs(), null), PayloadKey.TRANSIENT);
+ }
+ }
+
+ public Set getMethodPermissions(Method method, SecurityClassMetaDataBinding meta)
+ {
+ Set result = new HashSet();
+ // First check the excluded method list as this takes priority
+ // over all other assignments
+ Iterator iterator = meta.getMethodExcludeList().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityMethodConfig m = (SecurityMethodConfig) iterator.next();
+ if (m.patternMatches(method))
+ {
+ /* No one is allowed to execute this method so add a role that
+ fails to equate to any Principal or Principal name and return.
+ We don't return null to differentiate between an explicit
+ assignment of no access and no assignment information.
+ */
+ result.add(NobodyPrincipal.NOBODY_PRINCIPAL);
+ return result;
+ }
+ }
+
+ // Check the permissioned methods list
+ iterator = meta.getMethodPermissions().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityMethodConfig m = (SecurityMethodConfig) iterator.next();
+ if (m.patternMatches(method))
+ {
+ // If this is an unchecked method anyone can access it so
+ // set the result set to a role that equates to any Principal
+ // or Principal name and return.
+ if (m.isUnchecked())
+ {
+ result.clear();
+ result.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
+ break;
+ }
+ // Else, add all roles
+ else
+ {
+ Iterator rolesIterator = m.getRoles().iterator();
+ while (rolesIterator.hasNext())
+ {
+ String roleName = (String) rolesIterator.next();
+ result.add(new SimplePrincipal(roleName));
+ }
+ }
+ }
+ }
+
+ // If no permissions were assigned to the method return null to
+ // indicate no access
+ if (result.isEmpty())
+ {
+ result = null;
+ }
+
+ return result;
+ }
+
+
+ public Set getFieldPermissions(Field field, SecurityClassMetaDataBinding meta)
+ {
+ String fieldName = field.getName();
+ Set result = new HashSet();
+ // First check the excluded method list as this takes priority
+ // over all other assignments
+ Iterator iterator = meta.getFieldExcludeList().iterator();
+ while (iterator.hasNext())
+ {
+ String expr = (String) iterator.next();
+ if (expr.equals("*") || expr.equals(fieldName))
+ {
+ /* No one is allowed to execute this method so add a role that
+ fails to equate to any Principal or Principal name and return.
+ We don't return null to differentiate between an explicit
+ assignment of no access and no assignment information.
+ */
+ result.add(NobodyPrincipal.NOBODY_PRINCIPAL);
+ return result;
+ }
+ }
+
+ // Check the permissioned methods list
+ iterator = meta.getFieldPermissions().keySet().iterator();
+ while (iterator.hasNext())
+ {
+ String expr = (String) iterator.next();
+
+ if (expr.equals("*") || expr.equals(fieldName))
+ {
+ Object permission = meta.getFieldPermissions().get(expr);
+ // If this is an unchecked method anyone can access it so
+ // set the result set to a role that equates to any Principal
+ // or Principal name and return.
+ if (permission instanceof Boolean)
+ {
+ result.clear();
+ result.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
+ break;
+ }
+ // Else, add all roles
+ else
+ {
+ Set roles = (Set) permission;
+ Iterator rolesIterator = roles.iterator();
+ while (rolesIterator.hasNext())
+ {
+ String roleName = (String) rolesIterator.next();
+ result.add(new SimplePrincipal(roleName));
+ }
+ }
+ }
+ }
+
+ // If no permissions were assigned to the method return null to
+ // indicate no access
+ if (result.isEmpty())
+ {
+ result = null;
+ }
+
+ return result;
+ }
+
+
+ protected String loadRunAs(Element element)
+ throws Exception
+ {
+ Element securityIdentityElement = XmlHelper.getOptionalChild(element,
+ "security-identity");
+ if (securityIdentityElement == null) return null;
+ Element callerIdent = XmlHelper.getOptionalChild(securityIdentityElement, "use-caller-identity");
+ Element runAs = XmlHelper.getOptionalChild(securityIdentityElement, "run-as");
+ if (callerIdent == null && runAs == null)
+ throw new RuntimeException("security-identity: either use-caller-identity or run-as must be specified");
+ if (callerIdent != null && runAs != null)
+ throw new RuntimeException("security-identity: only one of use-caller-identity or run-as can be specified");
+
+ String runAsRoleName = null;
+ if (runAs != null)
+ {
+ runAsRoleName = XmlHelper.getElementContent(XmlHelper.getUniqueChild(runAs, "role-name"));
+ }
+ return runAsRoleName;
+ }
+
+
+ protected ArrayList loadSecurityRoles(Element assemblyDescriptor) throws Exception
+ {
+ ArrayList securityRoles = new ArrayList();
+ // set the security roles (optional)
+ Iterator iterator = XmlHelper.getChildrenByTagName(assemblyDescriptor, "security-role");
+ while (iterator.hasNext())
+ {
+ Element securityRole = (Element) iterator.next();
+ try
+ {
+ String role = XmlHelper.getUniqueChildContent(securityRole, "role-name");
+ securityRoles.add(role);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Error in metadata " +
+ "for security-role: ", e);
+ }
+ }
+ return securityRoles;
+ }
+
+ protected ArrayList loadMethodPermissions(Element assemblyDescriptor) throws Exception
+ {
+ ArrayList permissionMethods = new ArrayList();
+ // set the method permissions (optional)
+ Iterator iterator = XmlHelper.getChildrenByTagName(assemblyDescriptor,
+ "method-permission");
+ while (iterator.hasNext())
+ {
+ Element methodPermission = (Element) iterator.next();
+ // Look for the unchecked element
+ Element unchecked = XmlHelper.getOptionalChild(methodPermission,
+ "unchecked");
+
+ boolean isUnchecked = false;
+ Set roles = null;
+ if (unchecked != null)
+ {
+ isUnchecked = true;
+ }
+ else
+ {
+ // Get the role-name elements
+ roles = new HashSet();
+ Iterator rolesIterator = XmlHelper.getChildrenByTagName(methodPermission, "role-name");
+ while (rolesIterator.hasNext())
+ {
+ roles.add(XmlHelper.getElementContent((Element) rolesIterator.next()));
+ }
+ if (roles.size() == 0)
+ throw new RuntimeException("An unchecked " +
+ "element in security metadata or one or more role-name elements " +
+ "must be specified in method-permission");
+ }
+
+ // find the methods
+ Iterator methods = XmlHelper.getChildrenByTagName(methodPermission,
+ "method");
+ while (methods.hasNext())
+ {
+ // load the method
+ SecurityMethodConfig method = new SecurityMethodConfig();
+ method.importXml((Element) methods.next());
+ if (isUnchecked)
+ {
+ method.setUnchecked();
+ permissionMethods.add(0, method);
+ }
+ else
+ {
+ method.setRoles(roles);
+ permissionMethods.add(method);
+ }
+ }
+ }
+ return permissionMethods;
+ }
+
+ protected ArrayList loadMethodExcludeList(Element assemblyDescriptor) throws Exception
+ {
+ ArrayList excluded = new ArrayList();
+ // Get the exclude-list methods
+ Element excludeList = XmlHelper.getOptionalChild(assemblyDescriptor,
+ "exclude-list");
+ if (excludeList != null)
+ {
+ Iterator iterator = XmlHelper.getChildrenByTagName(excludeList, "method");
+ while (iterator.hasNext())
+ {
+ Element methodInf = (Element) iterator.next();
+ // load the method
+ SecurityMethodConfig method = new SecurityMethodConfig();
+ method.importXml(methodInf);
+ method.setExcluded();
+ excluded.add(method);
+ }
+ }
+ return excluded;
+ }
+
+ protected HashMap loadFieldPermissions(Element assemblyDescriptor) throws Exception
+ {
+ HashMap permissionFields = new HashMap();
+ // set the field permissions (optional)
+ Iterator iterator = XmlHelper.getChildrenByTagName(assemblyDescriptor,
+ "field-permission");
+ while (iterator.hasNext())
+ {
+ Element fieldPermission = (Element) iterator.next();
+ // Look for the unchecked element
+ Element unchecked = XmlHelper.getOptionalChild(fieldPermission,
+ "unchecked");
+
+ boolean isUnchecked = false;
+ Set roles = null;
+ if (unchecked != null)
+ {
+ isUnchecked = true;
+ }
+ else
+ {
+ // Get the role-name elements
+ roles = new HashSet();
+ Iterator rolesIterator = XmlHelper.getChildrenByTagName(fieldPermission, "role-name");
+ while (rolesIterator.hasNext())
+ {
+ roles.add(XmlHelper.getElementContent((Element) rolesIterator.next()));
+ }
+ if (roles.size() == 0)
+ throw new RuntimeException("An unchecked " +
+ "element in security metadata or one or more role-name elements " +
+ "must be specified in field-permission");
+ }
+
+ // find the fields
+ Iterator fields = XmlHelper.getChildrenByTagName(fieldPermission,
+ "field");
+ while (fields.hasNext())
+ {
+ // load the field
+ Element field = (Element) fields.next();
+ String fieldName = XmlHelper.getElementContent(XmlHelper.getUniqueChild(field, "field-name"));
+
+ if (isUnchecked)
+ {
+ permissionFields.put(fieldName, Boolean.TRUE); // mark as unchecked
+ }
+ else
+ {
+
+ Object permission = permissionFields.get(fieldName);
+ if (permission != null && permission instanceof Boolean) //unchecked
+ {
+ continue;
+ }
+ if (permission != null)
+ {
+ Set curr = (Set) permission;
+ curr.addAll(roles);
+ }
+ else
+ {
+ permissionFields.put(fieldName, new HashSet(roles));
+ }
+ }
+ }
+ }
+ return permissionFields;
+ }
+
+ protected ArrayList loadFieldExcludeList(Element assemblyDescriptor) throws Exception
+ {
+ ArrayList excluded = new ArrayList();
+ // Get the exclude-list fields
+ Element excludeList = XmlHelper.getOptionalChild(assemblyDescriptor,
+ "exclude-list");
+ if (excludeList != null)
+ {
+ Iterator iterator = XmlHelper.getChildrenByTagName(excludeList, "field");
+ while (iterator.hasNext())
+ {
+ Element fieldInf = (Element) iterator.next();
+ String fieldName = XmlHelper.getElementContent(XmlHelper.getUniqueChild(fieldInf, "field-name"));
+ excluded.add(fieldName);
+ }
+ }
+ return excluded;
+ }
+
+ protected ArrayList loadConstructorPermissions(Element assemblyDescriptor) throws Exception
+ {
+ ArrayList permissionConstructors = new ArrayList();
+ // set the constructor permissions (optional)
+ Iterator iterator = XmlHelper.getChildrenByTagName(assemblyDescriptor,
+ "constructor-permission");
+ while (iterator.hasNext())
+ {
+ Element constructorPermission = (Element) iterator.next();
+ // Look for the unchecked element
+ Element unchecked = XmlHelper.getOptionalChild(constructorPermission,
+ "unchecked");
+
+ boolean isUnchecked = false;
+ Set roles = null;
+ if (unchecked != null)
+ {
+ isUnchecked = true;
+ }
+ else
+ {
+ // Get the role-name elements
+ roles = new HashSet();
+ Iterator rolesIterator = XmlHelper.getChildrenByTagName(constructorPermission, "role-name");
+ while (rolesIterator.hasNext())
+ {
+ roles.add(XmlHelper.getElementContent((Element) rolesIterator.next()));
+ }
+ if (roles.size() == 0)
+ throw new RuntimeException("An unchecked " +
+ "element in security metadata or one or more role-name elements " +
+ "must be specified in constructor-permission");
+ }
+
+ // find the constructors
+ Iterator constructors = XmlHelper.getChildrenByTagName(constructorPermission,
+ "constructor");
+ while (constructors.hasNext())
+ {
+ // load the constructor
+ SecurityConstructorConfig constructor = new SecurityConstructorConfig();
+ constructor.importXml((Element) constructors.next());
+ if (isUnchecked)
+ {
+ constructor.setUnchecked();
+ permissionConstructors.add(0, constructor);
+ }
+ else
+ {
+ constructor.setRoles(roles);
+ permissionConstructors.add(constructor);
+ }
+ }
+ }
+ return permissionConstructors;
+ }
+
+ protected ArrayList loadConstructorExcludeList(Element assemblyDescriptor) throws Exception
+ {
+ ArrayList excluded = new ArrayList();
+ // Get the exclude-list constructors
+ Element excludeList = XmlHelper.getOptionalChild(assemblyDescriptor,
+ "exclude-list");
+ if (excludeList != null)
+ {
+ Iterator iterator = XmlHelper.getChildrenByTagName(excludeList, "constructor");
+ while (iterator.hasNext())
+ {
+ Element constructorInf = (Element) iterator.next();
+ // load the constructor
+ SecurityConstructorConfig constructor = new SecurityConstructorConfig();
+ constructor.importXml(constructorInf);
+ constructor.setExcluded();
+ excluded.add(constructor);
+ }
+ }
+ return excluded;
+ }
+
+ public Set getConstructorPermissions(Constructor constructor, SecurityClassMetaDataBinding meta)
+ {
+ Set result = new HashSet();
+ // First check the excluded constructor list as this takes priority
+ // over all other assignments
+ Iterator iterator = meta.getConstructorExcludeList().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityConstructorConfig m = (SecurityConstructorConfig) iterator.next();
+ if (m.patternMatches(constructor))
+ {
+ /* No one is allowed to execute this constructor so add a role that
+ fails to equate to any Principal or Principal name and return.
+ We don't return null to differentiate between an explicit
+ assignment of no access and no assignment information.
+ */
+ result.add(NobodyPrincipal.NOBODY_PRINCIPAL);
+ return result;
+ }
+ }
+
+ // Check the permissioned constructors list
+ iterator = meta.getConstructorPermissions().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityConstructorConfig m = (SecurityConstructorConfig) iterator.next();
+ if (m.patternMatches(constructor))
+ {
+ // If this is an unchecked constructor anyone can access it so
+ // set the result set to a role that equates to any Principal
+ // or Principal name and return.
+ if (m.isUnchecked())
+ {
+ result.clear();
+ result.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
+ break;
+ }
+ // Else, add all roles
+ else
+ {
+ Iterator rolesIterator = m.getRoles().iterator();
+ while (rolesIterator.hasNext())
+ {
+ String roleName = (String) rolesIterator.next();
+ result.add(new SimplePrincipal(roleName));
+ }
+ }
+ }
+ }
+
+ // If no permissions were assigned to the constructor return null to
+ // indicate no access
+ if (result.isEmpty())
+ {
+ result = null;
+ }
+
+ return result;
+ }
+
+
+ /**
+ * This is minimal stuff as Instrumentor requires that ClassMetadata be bound at least at the group
+ * level for every class, method, field, and constructor so that annotated joinpoints can be done
+ *
+ * @param advisor
+ * @param data
+ * @param methods
+ * @param fields
+ * @param constructors
+ * @throws Exception
+ */
+ public void bind(Advisor advisor, ClassMetaDataBinding data, CtMethod[] methods, CtField[] fields, CtConstructor[] constructors) throws Exception
+ {
+ SecurityClassMetaDataBinding meta = (SecurityClassMetaDataBinding) data;
+ for (int i = 0; i < methods.length; i++)
+ {
+ boolean permissions = getMethodPermissions(methods[i], meta);
+ if (permissions)
+ {
+ advisor.getMethodMetaData().addMethodMetaData(methods[i], "security", "roles", Boolean.TRUE, PayloadKey.TRANSIENT);
+ }
+ }
+
+ for (int i = 0; i < fields.length; i++)
+ {
+ boolean permissions = getFieldPermissions(fields[i], meta);
+ if (permissions)
+ {
+ advisor.getFieldMetaData().addFieldMetaData(fields[i].getName(), "security", "roles", Boolean.TRUE, PayloadKey.TRANSIENT);
+ }
+ }
+
+ for (int i = 0; i < constructors.length; i++)
+ {
+ boolean permissions = getConstructorPermissions(constructors[i], meta);
+ if (permissions)
+ {
+ //Use getMethodInfo2() to avoid frozen check
+ advisor.getConstructorMetaData().addConstructorMetaData(constructors[i].getMethodInfo2().getDescriptor(), "security", "roles", Boolean.TRUE, PayloadKey.TRANSIENT);
+ }
+ }
+ }
+
+ /**
+ * Remember we only need to map in the "security" group tag for annotated joinpoint resolution
+ *
+ * @param method
+ * @param meta
+ * @return
+ * @throws Exception
+ */
+ public boolean getMethodPermissions(CtMethod method, SecurityClassMetaDataBinding meta) throws Exception
+ {
+ // First check the excluded method list as this takes priority
+ // over all other assignments
+ Iterator iterator = meta.getMethodExcludeList().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityMethodConfig m = (SecurityMethodConfig) iterator.next();
+ if (m.patternMatches(method))
+ {
+ return true;
+ }
+ }
+
+ // Check the permissioned methods list
+ iterator = meta.getMethodPermissions().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityMethodConfig m = (SecurityMethodConfig) iterator.next();
+ if (m.patternMatches(method))
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+
+ public boolean getFieldPermissions(CtField field, SecurityClassMetaDataBinding meta)
+ {
+ String fieldName = field.getName();
+ // First check the excluded method list as this takes priority
+ // over all other assignments
+ Iterator iterator = meta.getFieldExcludeList().iterator();
+ while (iterator.hasNext())
+ {
+ String expr = (String) iterator.next();
+ if (expr.equals("*") || expr.equals(fieldName))
+ {
+ return true;
+ }
+ }
+
+ // Check the permissioned methods list
+ iterator = meta.getFieldPermissions().keySet().iterator();
+ while (iterator.hasNext())
+ {
+ String expr = (String) iterator.next();
+
+ if (expr.equals("*") || expr.equals(fieldName))
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+
+ public boolean getConstructorPermissions(CtConstructor constructor, SecurityClassMetaDataBinding meta) throws NotFoundException
+ {
+ // First check the excluded constructor list as this takes priority
+ // over all other assignments
+ Iterator iterator = meta.getConstructorExcludeList().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityConstructorConfig m = (SecurityConstructorConfig) iterator.next();
+ if (m.patternMatches(constructor))
+ {
+ return true;
+ }
+ }
+
+ // Check the permissioned constructors list
+ iterator = meta.getConstructorPermissions().iterator();
+ while (iterator.hasNext())
+ {
+ SecurityConstructorConfig m = (SecurityConstructorConfig) iterator.next();
+ if (m.patternMatches(constructor))
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClientInterceptor.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClientInterceptor.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityClientInterceptor.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.security.Principal;
+import java.io.ObjectStreamException;
+
+import org.jboss.security.SecurityContext;
+
+/**
+ * The AuthenticationInterceptor authenticates the caller.
+ *
+ * @author <a href="bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 64740 $
+ */
+public final class SecurityClientInterceptor implements org.jboss.aop.advice.Interceptor, java.io.Serializable
+{
+ private static final long serialVersionUID = -6366165968174741107L;
+
+ public static final SecurityClientInterceptor singleton = new SecurityClientInterceptor();
+ public String getName() { return "SecurityClientInterceptor"; }
+
+ /**
+ * Authenticates the caller using the principal and credentials in the
+ * Infocation if thre is a security manager and an invcocation method.
+ */
+ public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
+ {
+ // Get Principal and credentials
+ Principal principal = SecurityActions.getPrincipal();
+ if (principal != null) invocation.getMetaData().addMetaData("security", "principal", principal);
+
+ Object credential = SecurityActions.getCredential();
+ if (credential != null) invocation.getMetaData().addMetaData("security", "credential", credential);
+
+ //Get the security context
+ SecurityContext sc = SecurityActions.getSecurityContext();
+ if(sc == null)
+ {
+ sc = SecurityActions.createSecurityContext();
+ SecurityActions.setSecurityContext(sc);
+ }
+ invocation.getMetaData().addMetaData("security", "context", sc);
+ try
+ {
+ return invocation.invokeNext();
+ }
+ finally
+ {
+ //Place the previous context
+ SecurityActions.setSecurityContext(sc);
+ }
+ }
+
+ Object readResolve() throws ObjectStreamException {
+ return singleton;
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityConstructorConfig.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityConstructorConfig.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityConstructorConfig.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.util.Set;
+
+public class SecurityConstructorConfig extends org.jboss.aop.metadata.ConstructorConfig
+{
+ /** The unchecked element specifies that a constructor is not checked for
+ * authorization by the container prior to invocation of the constructor.
+ * Used in: constructor-permission
+ */
+ private boolean unchecked = false;
+ /** The exclude-list element defines a set of constructors which the Assembler
+ * marks to be uncallable. It contains one or more constructors. If the constructor
+ * permission relation contains constructors that are in the exclude list, the
+ * Deployer should consider those constructors to be uncallable.
+ */
+ private boolean excluded = false;
+ private Set permissions;
+
+ // Static --------------------------------------------------------
+
+ // Constructors --------------------------------------------------
+ public SecurityConstructorConfig()
+ {
+ }
+
+ // Public --------------------------------------------------------
+
+ public boolean isUnchecked()
+ {
+ return unchecked;
+ }
+
+ public boolean isExcluded()
+ {
+ return excluded;
+ }
+
+ public Set getRoles()
+ {
+ return permissions;
+ }
+
+ public void setRoles(Set perm)
+ {
+ permissions = perm;
+ }
+
+ public void setUnchecked()
+ {
+ unchecked = true;
+ }
+
+ public void setExcluded()
+ {
+ excluded = true;
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityContext.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityContext.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityContext.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,109 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import org.jboss.security.RealmMapping;
+import org.jboss.security.RunAsIdentity;
+import org.jboss.security.SimplePrincipal;
+
+import java.security.Principal;
+import java.util.HashSet;
+
+/**
+ * Obtain security information based on the current security domain.
+ *
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 54985 $
+ */
+public class SecurityContext
+{
+ protected static ThreadLocal currentDomain = new ThreadLocal();
+
+ public static ThreadLocal getCurrentDomain()
+ {
+ return currentDomain;
+ }
+
+ /**
+ * Get the caller's principal
+ * @return
+ */
+ public static Principal getCallerPrincipal()
+ {
+ return SecurityActions.getCallerPrincipal();
+ }
+
+ /**
+ * Get the current principal. Could be run-as, or propagated
+ * @return
+ */
+ public static Principal getCurrentPrincipal()
+ {
+ return SecurityActions.getPrincipal();
+ }
+
+ /**
+ * Is the caller's security identity within the role
+ *
+ * Does not include current run-as
+ * @param roleName
+ * @return
+ */
+ public static boolean isCallerInRole(String roleName)
+ {
+ return isInRole(getCallerPrincipal(), roleName);
+ }
+
+ /**
+ * Checks current identity is within roleName
+ *
+ * Does include current run-as
+ *
+ * @param roleName
+ * @return
+ */
+ public static boolean isCurrentInRole(String roleName)
+ {
+ return isInRole(getCurrentPrincipal(), roleName);
+ }
+
+ private static boolean isInRole(Principal principal, String roleName)
+ {
+ RealmMapping rm = (RealmMapping)currentDomain.get();
+ if (rm == null) return false;
+
+ HashSet set = new HashSet();
+ set.add(new SimplePrincipal(roleName));
+
+ if (principal instanceof RunAsIdentity)
+ {
+ return ((RunAsIdentity)principal).doesUserHaveRole(set);
+ }
+ else
+ {
+ return rm.doesUserHaveRole(principal, set);
+ }
+ }
+
+
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityDomain.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityDomain.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityDomain.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.jboss.beans.metadata.api.annotations.Dependency;
+
+/**
+ * JDK 1.4 annotation for JBoss security domain
+ *
+ * See JBoss J2EE Security documentation for more info on security domains.
+ * Basically it specifies the repository where usernames, passwords, and
+ * user/role associtations are stored.
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 70929 $
+ *
+ **/
+ at Target({ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME)
+ at Dependency(name="value")
+public @interface SecurityDomain
+{
+ String value();
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityMethodConfig.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityMethodConfig.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/SecurityMethodConfig.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.util.Set;
+
+public class SecurityMethodConfig extends org.jboss.aop.metadata.MethodConfig
+{
+ /** The unchecked element specifies that a method is not checked for
+ * authorization by the container prior to invocation of the method.
+ * Used in: method-permission
+ */
+ private boolean unchecked = false;
+ /** The exclude-list element defines a set of methods which the Assembler
+ * marks to be uncallable. It contains one or more methods. If the method
+ * permission relation contains methods that are in the exclude list, the
+ * Deployer should consider those methods to be uncallable.
+ */
+ private boolean excluded = false;
+ private Set permissions;
+
+ // Static --------------------------------------------------------
+
+ // Constructors --------------------------------------------------
+ public SecurityMethodConfig()
+ {
+ }
+
+ // Public --------------------------------------------------------
+
+ public boolean isUnchecked()
+ {
+ return unchecked;
+ }
+
+ public boolean isExcluded()
+ {
+ return excluded;
+ }
+
+ public Set getRoles()
+ {
+ return permissions;
+ }
+
+ public void setRoles(Set perm)
+ {
+ permissions = perm;
+ }
+
+ public void setUnchecked()
+ {
+ unchecked = true;
+ }
+
+ public void setExcluded()
+ {
+ excluded = true;
+ }
+}
Added: projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Unchecked.java
===================================================================
--- projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Unchecked.java (rev 0)
+++ projects/jboss-aspects/trunk/security/src/main/org/jboss/aspects/security/Unchecked.java 2008-04-10 14:16:18 UTC (rev 71921)
@@ -0,0 +1,38 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aspects.security;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+/**
+ *
+ * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
+ * @version $Revision: 57757 $
+ */
+ at Retention(RetentionPolicy.RUNTIME)
+public @interface Unchecked {}
+
+
+
+
+
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/AuthenticationInterceptor.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/AuthenticationInterceptor.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/AuthenticationInterceptorFactory.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/AuthenticationInterceptorFactory.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Exclude.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Exclude.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Permissions.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Permissions.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RoleBasedAuthorizationInterceptorFactory.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RoleBasedAuthorizationInterceptorFactory.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAs.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAs.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAsSecurityInterceptor.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAsSecurityInterceptor.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAsSecurityInterceptorFactory.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/RunAsSecurityInterceptorFactory.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ClearSecurityContextAction.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ClearSecurityContextAction.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$1$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$1$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$ContextInfoActions.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$GetSecurityContextAction.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$GetSecurityContextAction.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$1$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$1$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PolicyContextActions.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$3.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$3.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$4.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$4.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$5.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$5.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$6.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$6.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$7.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1$7.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$PrincipalInfoAction.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$3.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1$3.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$RunAsIdentityActions.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$SetSecurityContextAction.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$SetSecurityContextAction.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$1.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$1.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$3.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$3.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$4.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2$4.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$2.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$UTIL.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction$UTIL.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions$TCLAction.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityActions.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClassMetaDataBinding.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClassMetaDataBinding.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClassMetaDataLoader.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClassMetaDataLoader.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClientInterceptor.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityClientInterceptor.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityConstructorConfig.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityConstructorConfig.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityContext.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityContext.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityDomain.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityDomain.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityMethodConfig.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/SecurityMethodConfig.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Unchecked.class
===================================================================
(Binary files differ)
Property changes on: projects/jboss-aspects/trunk/security/target/classes/org/jboss/aspects/security/Unchecked.class
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
More information about the jboss-cvs-commits
mailing list